The New York Times The New York Times Technology  

NYTimes: Home - Site Index - Archive - Help

Welcome, mindswell0 - Member Center - Log Out
Site Search:  

Marty Katz for The New York Times
Professor Aviel D. Rubin has taught his students about the security of computer-based voting systems by hacking them.

Email This Article E-Mail This Article
Printer Friendly Format Printer-Friendly Format
Most E-mailed Articles Most E-Mailed Articles
Reprints & Permissions Reprints & Permissions
Single Page Format Single-Page Format


. Forum: Join a Discussion on Technology in the News



Colleges and Universities

Computer Security

Johns Hopkins University

Electronic Frontier Foundation

Getty Images
Diebold Inc. has said sales of its election machines, like this one, are slowing, in part, because of security concerns.

New Rochelle, NY
Mediterranean Tuscan home
Beautiful gardens

View this and many other homes in Westchester county.
Community page

Who Hacked the Voting System? The Teacher


Published: May 3, 2004

BALTIMORE, April 29 - The fix was in, and it was devilishly hard to detect. Software within electronic voting machines had been corrupted with malicious code squirreled away in images on the touch screen. When activated with a specific series of voting choices, the rogue program would tip the results of a precinct toward a certain candidate. Then the program would disappear without a trace.


Luckily, the setting was not an election but a classroom exercise; the conspirators were students of Aviel D. Rubin, a professor at Johns Hopkins University. It might seem unusual to teach computer security through hacking, but a lot of what Professor Rubin does is unusual. He has become the face of a growing revolt against high-technology voting systems. His critiques have earned him a measure of fame, the enmity of the companies and their supporters among election officials, and laurels: in April, the Electronic Frontier Foundation gave him its Pioneer Award, one of the highest honors among the geekerati.

The push has had an effect on a maker of electronic voting machines, Diebold Inc., as well. California has banned the use of more than 14,000 electronic voting machines made by Diebold in the November election because of security and reliability concerns. Also, the company has warned that sales of election systems this year are slowing.

In April, the company said its first-quarter earnings rose 13 percent compared with the same quarter a year earlier. It also reported $29.2 million in revenue on nearly $500 million in sales in the latest period. But it lowered expectations for election systems sales for this year to a range of $80 million to $95 million from $100 million in sales a year earlier.

Professor Rubin took center stage in the national voting scene last July, when he published the first in-depth security analysis of Diebold's touch-screen voting software. The software had been pulled off an unprotected Diebold Internet site by Bev Harris, a publicist-turned-muckraker who posted the software and other documents she found as part of her campaign against what she calls "black box voting."

Professor Rubin and his colleagues at Hopkins and Rice University in Houston subjected the 49,000 lines of code to a deep review over a two-week period. Their report painted a grim picture: "Our analysis shows that this voting system is far below even the most minimal security standards applicable in other contexts," they wrote. "We conclude that, as a society, we must carefully consider the risks inherent in electronic voting, as it places our very democracy at risk."

That shot across the bow was met with outrage from the industry and from election officials who had spent tens of millions of dollars on Diebold machines. Mr. Rubin was denounced as irresponsible and uninformed.

"I think when he's talking about computers, he's very good and knows what he's doing," said Britain J. Williams, a professor emeritus of computer science at Kennesaw State University in Georgia, and a consultant on voting systems. "When he's talking about elections, he doesn't know what he's talking about."

Typically, Professor Rubin decided to confront the issue of whether he had experience with elections by taking part in one. During the March presidential primary, he signed up to become an election judge and found himself sitting all day at a precinct in a church at Lutherville, Md., helping voters use the same Diebold touch-screen machines that he had criticized so roundly. He then went home and wrote a full account and posted it to the Internet.

Over the day, he wrote, "I started realizing that some of the attacks described in our initial paper were actually quite unrealistic, at least in a precinct with judges who worked as hard as ours did and who were as vigilant. At the same time, I found that I had underestimated some of the threats before."

Ultimately, he said, "I continue to believe that the Diebold voting machines represent a huge threat to our democracy."

When asked to comment on Professor Rubin's work, the company issued a statement that did not mention him by name. "Our collective goal should always be to provide voters with the assurance that their vote is important, voting systems are accurate and their individual vote counts," the company said.

Subscribe Today: Home Delivery of The Times from $2.90/wk.
1 | 2 | Next>>

. File Sharing Pits Copyright Against Free Speech  (November 3, 2003)  $
. Hackers Steal Data on 55,000 at U. of Texas  (March 7, 2003)  $
. BULLETIN BOARD; Walking a Cyberspace Beat  (August 21, 2002) 
Find more results for Colleges and Universities and Computer Security

. How John Doerr, the Old Prospector, Finally Struck Google
. Who Hacked the Voting System? The Teacher
. New Internet Site Turns Critical Eyes and Ears to the Right
. Hoping to Attract Callers to the Internet
Go to Technology

Get Oracle Database for less than Microsoft SQL Server.