Professor to try to hack voting machines
Share with others:
If you can hack into a touch-screen voting machine undetected, Michael Shamos will give you $10,000.
Dr. Shamos, a professor of computer science at Carnegie Mellon University who has spent more than two decades testing electronic voting equipment, first made that offer several years ago. To this day, no one has tried to collect.
"Because they know they can't do it," he said last week.
But Dr. Shamos, one of two official examiners for Pennsylvania, has to try. Tomorrow and Wednesday, he'll be in Harrisburg to test the Sequoia AVC Advantage, an electronic unit that Allegheny County plans to buy.
By the professor's own admission, thousands of computer scientists, including some of his Carnegie Mellon colleagues, are expressing serious doubts about the safety and reliability of high-tech voting systems, just as local election departments nationwide are preparing to spend millions of dollars on computerized machinery to meet the strict standards of the Help America Vote Act, known as HAVA.
Dr. Shamos says almost all of those scientists, who want to see some kind of paper play a prominent part in any voting system, lack his experience in the details of how elections actually work.
He has performed more than a hundred tests on voting systems in five states. He has been an examiner for Pennsylvania's Department of State since 1980. And he is confident that he can identify flawed voting machines.
The stakes are high. To meet HAVA's requirements, all Pennsylvania counties need to have updated equipment in place by the May 16 primary election, or they could forfeit substantial aid packages from the federal government.
If Dr. Shamos discovers problems with the Advantage, he'll urge Pennsylvania's secretary of state not to certify it, forcing Allegheny County to scramble for a new system just a few weeks before the primary. That would put the county at risk of losing a $12 million federal grant.
During an interview last week, Dr. Shamos appeared undaunted by his seemingly unenviable task. The 58-year-old professor, a native of the Bronx, N.Y., spoke with a New Yorker's sense of urgency and self-assuredness.
"If the system meets the requirements of Pennsylvania law, I'll recommend it. If it doesn't, I'll have no hesitation in recommending against certification, even though it would throw elections in this county into a tizzy," he said in his fourth-floor office at Carnegie Mellon's Newell-Simon Hall.
Dr. Shamos has been programming computers since he was a high school student, but his interests go far beyond the digital world. He once was an avid bagpiper. He's written four books on pool, including "The New Illustrated Encyclopedia of Billiards."
He also has a law degree from Duquesne University, a qualification that he said pushed him to apply for a job as one of a handful of Pennsylvania voting machine examiners in 1980, when the state first started allowing systems besides lever machines and paper ballots.
Two decades later, Dr. Shamos was ready to leave the testing business, but the 2000 presidential election debacle in Florida brought an unprecedented level of scrutiny to how voting technology works. It also pushed Congress to create HAVA.
In 2005, Pennsylvania hired Dr. Shamos to test a new generation of machines as the state tried to get in line with federal law.
Sequoia, based in Oakland, Calf., has already sent the professor a packet of information about its Advantage, including a disk containing the machine's computer coding.
This isn't the first time Dr. Shamos has tested the Advantage, a "full-face" machine that allows voters to see the entire ballot at once and has been used in many states for years. But Dr. Shamos needs to evaluate changes Sequoia has made to meet HAVA's requirements.
"It's not a foregone conclusion by any means," he said of the certification process.
Before testing gets under way, Dr. Shamos will give Sequoia representatives a chance to make a presentation. Then he'll spend as many as nine hours trying to probe every possible weakness, from security flaws to confusing voting mechanisms.
After the testing, he'll use a video recording of the session to help him write a report. The Department of State will then decide to accept or reject his recommendations.
The entire process, Dr. Shamos said, likely will be completed by the second week in April.
In Allegheny County, a determined group of voting activists has pushed repeatedly for the county to reconsider its purchase. They echo the concerns of the Verified Voting Foundation, a California-based organization that has taken a leading role in calling for voting machines with paper trails that voters can check before leaving the polling place.
The organization's founder is Dr. David L. Dill, a professor of computer science at Stanford University and one of Dr. Shamos' former students.
Both men diverge sharply on the security of electronic voting. Dr. Dill prefers the use of systems like optical scanners, which read fill-in-the-bubble sheets.
Dr. Shamos says those ballots, like all paper voting systems, are susceptible to human error and tampering. While there have been many examples of malfunctions in computerized voting machines, there has never been any evidence of fraud.
That's not enough, said Pamela Smith, nationwide coordinator for Verified Voting.
"You have to have a way to prove for certain, and you cannot prove for certain without an independent record that the voter can check," she said.
More than 30 states already use or have legislation requiring some form of voter-verified paper trail for electronic machines, but similar legislation has stalled in Pennsylvania's state Legislature.
So far, Dr. Shamos has not approved any paper trail add-ons for voting machines because the units are either poorly constructed or violate state laws calling for secret ballots. Several optical scan systems have been certified.
Dr. Shamos has come to accept persistent criticism of his work.
"It's not personal in the way you might expect," he said. "I think there's a lack of mutual respect."
One critic, Dr. David A. Eckhardt, a lecturer in computer science at Carnegie Mellon, readily acknowledges Dr. Shamos' expertise.
"It would basically take me about five years to assess a machine as competently as he could," Dr. Eckhardt said. Yet, "when the smartest people on the planet look at the most critical systems, they don't find all the bugs. Even a system that appears to work fine can be riddled with security flaws."Darrell Sapp, Post-Gazette
Click photo for larger image.
First Published March 27, 2006 12:00 am