Many in Georgia dismiss Jekot and her Web-based acolytes as blinded partisans, conspiracy nuts, or even "wack-jobs."

But if you dismiss Roxanne Jekot as a wack-job, you still have to deal with her friends. Jekot represents only the most strident quarter of an emerging national movement aimed at slowing the spread of the kind of touch-screen systems that were first used in Georgia. While the movement counts as members some of the most shrill partisans on the Web, it also includes some of the most well-regarded computer scientists in the world -- and together, these groups have been unexpectedly successful in changing the national perceptions of touch-screen machines.

Until just about a year ago, these systems were considered the natural replacement to the punch-card machines that so roiled the last presidential election. The new machines are easy to maintain, they can accommodate multiple languages, they can be used by people with disabilities, and they have the backing of influential groups like the League of Women Voters and the ACLU. The Help America Vote Act of 2002, which doles out a total of $650 million in federal money to state and local officials who upgrade their aging voting systems, has already prompted dozens of counties and a handful of states to deploy the touch-screen systems.

The activists have upended the process. Fear of the voting machines is now a red-meat issue not just for online lefties but also for libertarians, for many on the right, and, increasingly, for the establishment. National newspapers run Op-Eds on the issue, network news shows feature the movement's proponents, and officials like Shelley, in California, have been pressed to change their positions on the systems.

If you spend much time in the world of the activists, you'll understand why. In the fall, I sat with Jim March, an anti-Diebold tech expert in Sacramento, Calif., while he showed me on his home PC how to steal an election. March, an ardent libertarian whose apartment is decorated with political posters -- "Politicians Prefer an Unarmed Populace," one announces -- spent months investigating security flaws in touch-screen systems. Thanks to his network of fellow geek-activists, he'd found flaws in the system Diebold used to tally election results, a program called GEMS. The GEMS software runs on a standard PC that's usually housed in a county election office. The system stores its votes in a format recognizable by Microsoft Access, a common office database program. If you've got a copy of Access and can get physical access to the county machine -- or, some activists say, if you discover the county's number and call into the machine over a phone line -- the vote is yours to steal.

While I sat at his computer, March helped me open a file containing actual results from a March 2002 primary election held in San Luis Obispo County, Calif. -- a file that March says would be accessible to anyone who worked in the county elections office on Election Day. Following March's direction, I changed the vote count with a few clicks. Then, he explained how to alter the "audit log," erasing all evidence that we'd tampered with the results. I saved the file. If it had been a real election, I would have been carrying out an electronic coup. It was a chilling realization.

The person who discovered the problems with the GEMS program -- she's singularly responsible for almost every bit of attention recently paid to electronic voting machines, and for almost every juicy detail uncovered about the vote in Georgia -- is a middle-aged publicist-turned-investigative-journalist in Seattle named Bev Harris. Harris began thinking about voting machines in late 2002, when, after reading some claims on the Web that the election equipment firms were being infiltrated by foreign nationals, she decided, almost on a lark, to investigate the matter.

Harris had no journalistic experience, but she'd always harbored fantasies of uncovering something big. She turned out to be exceptionally talented at reporting. Within a few weeks of her investigation, she'd dug up many compelling nuggets. She found, for instance, that in the early 1990s, before he was elected to office, Sen. Chuck Hagel, the Nebraska Republican, served as the president of American Information Systems, the company that built most of the voting machines used in his state. Harris also discovered that Diebold, the firm that produced the machines used in Georgia, had left the software used to run its systems on a public server online. Harris downloaded these files and looked through them. She saw that she had the company's source code as well as several other curiously named files -- one, for example, was called "rob-georgia.zip."

Before Bev Harris found the files used in Georgia, the software in the machines had essentially been secret. Although the code had been reviewed by government testing authorities, nobody outside those labs had been allowed to see the programs, which is a standard provision in most electronic voting systems. When the computing public got a peek at the files Harris found, experts were not kind.

In July, a team of four computer scientists at Johns Hopkins University and Rice University announced that they'd uncovered major security flaws in the machines used in Georgia's elections. "Our analysis shows that this voting system is far below even the most minimal security standards applicable in other contexts," the team wrote. Diebold has long boasted that votes in its system are stored in an encrypted manner, hidden to anyone who didn't have a valid password; the computer scientists found that Diebold's programmers left the "key" to decrypt the votes written into the code, which is a bit like locking your door and placing the key on the welcome mat. The Hopkins/Rice scientists also said that they saw no adequate mechanism to prevent voters from casting multiple ballots, viewing partial election results, or terminating an election early.

On Jan. 19, a team of computer scientists working with RABA Technologies set up a red-team exercise -- a one-day attempt to hack into Diebold machines configured as they would be on Election Day. They were successful. In a short time, the hackers managed to guess the passwords securing the voting system, allowing them to cast multiple ballots. They found that with a standard lock-pick set, they could inconspicuously open up each machine -- sometimes in less than 10 seconds -- and remove or attach various pieces of hardware, letting them erase or change electronic ballots. They concluded that Diebold's touch-screen machines contain "considerable security risks," and they suggested that Maryland put in place stringent safeguards before its March 2 primary, and that the state overhaul the system before the presidential election.

Diebold fiercely disputes that its technology is vulnerable to attacks. Mark Radke, a spokesman for Diebold, says that the RABA study pointed out some areas in which Maryland could improve its voting procedures, and he's pleased that Maryland is instituting those changes. As for the Hopkins study, Radke says the scientists who looked at the system erred in their assessment by examining only a small bit of the code and by neglecting the "checks and balances" that occur in an actual election. He pointed to a study of the company's system that was performed by Science Applications International Corp., a consulting firm, at the behest of the state of Maryland. The SAIC report gives Diebold a clean bill of health, and Georgia officials say it proves their system is safe. (The study is available here in PDF format.)

There is no evidence that someone tampered with the votes in Georgia. But certainly it is not beyond the bounds of possibility that someone could do so in the future. The history of American democracy is replete with allegations of vote fixing and stolen elections -- from Rutherford Hayes' disputed victory over Samuel Tilden in 1876 to Illinois in 1960 (there were vote fraud allegations against both Richard Nixon and John F. Kennedy) to the Florida debacle in 2000. Leaving the security of such a crucial government function in the hands of private companies motivated primarily by a desire to make a quick buck seems like a loopy idea to many people. And the more one listens to the activists' complaints about how Diebold does business, the more one comes to understand their worries about election security.

Recent Stories