FALL 2008
 
FEATURES
 
  To the Point—New Athletic Director Mark Massari Lets Us in on His Game Plan
  Olympics Roundup: Gauchos Bring Home Medals
  A Vote of No Confidence - UCSB Security Group’s Experiment Brings Integrity of Electronic Voting Into Question
By Rob Kuznia
  Getting Schooled on Gaucho Mettle - Sports talk show host and alum Jim Rome defines UCSB spirit
 
DEPARTMENTS
  Editor’s Column:
Our Place in UCSB’s Sustainability Blitz
  Research Roundup:
Nanoscale Process Will Help Computers Run Faster and More Efficiently
  Sports Roundup:
Men’s Soccer Players Share Their Secrets with AYSO Teams
  Around Storke Tower:
News & Notes From the Campus
  Alumni Authors:
Delving into the Conflicts
of Peoples, Nations and Children
  Milestones:
’50s to the Present
   
COVER
  Using ingenuity and recycled materials, UCSB art students transformed a shipping container into a livable structure.
Cover photo by UCSB Professor of Art Kim Yasuda
 
ADVERTISING RATES
COASTLINES HOME
ALUMNI HOME
A Vote of No Confidence - UCSB Security Group’s Experiment Brings Integrity of Electronic Voting Into Question
By Rob Kuznia
Remember the term “hanging chad”?

Not long after the infamous election debacle of 2000 managed to turn that combination of words into a household phrase, voters in California and across America began to notice the emergence of touch-screen voting machines at their local polling stations.

That’s because the widespread confusion and chaos surrounding the election of George W. Bush over Al Gore helped to touch off a mad scramble among tech entrepreneurs nationwide to build a better voting mousetrap, spurred by federal election reform funding.

But on Election Day, the vast majority of voters across California will have performed their democratic duty the old-fashioned way: By filling out bubbles with a pen, instead of by touching the name of their preferred candidate on a computer screen, as they had been doing before this year.

This owes largely to the work of a team of computer scientists at UCSB who were able to demonstrate that the machines built by Sequoia, one of California’s primary vendors of direct-recording electronic voting machines (also known as touch-screen machines), were relatively easy to hack into, leaving them vulnerable to voter fraud.

The group filmed a 16-minute video of their experiment, which in September was posted onto YouTube, and has since been viewed by tens of thousands of people. (It can now be found at www.wikio.com/video/428819.)

Led by Richard Kemmerer and Giovanni Vigna, the UCSB team was part of an elite crew across the UC system recruited by Secretary of State Debra Bowen, who had based much of her campaign platform in 2006 on cleaning up potential bugs in the emerging electronic voting system since it had shown signs of unreliability in other states such as Ohio.

Kemmerer, UCSB’s Computer Science Leadership chairman and professor, said most surprising to him was how easy it was to hack into the system.

“This for the most part wasn’t even a challenge,” he said. “Prior to doing this, I had never imagined how insecure they are.”

All told, more than three-dozen computer science experts from the University of California and other institutions were part of the testing team, which was overseen by computer science experts at UC Berkeley and UC Davis.

Also shown to be insecure were computer touch-screen machines made by the other major vendors in California: Premier, ES&S and Hart InterCivic.

As a result of their work, Bowen—who named the campaign to investigate the voting system the “Top To Bottom Review”—summarily mandated the machines be put out to pasture, with an exception: Every polling place in the state is allowed to keep one touch-screen computer on the premises for the benefit of disabled citizens.

By the 2006 election, 16 of California’s 58 counties had completely converted to the touch-screen machines. By February of 2008, thanks to the study, the vast majority of voters in California were back to using the fill-in-the-bubble paper ballots.

The recently released video shows that the touch-screen Sequoia machines could be corrupted by the introduction of a simple USB drive, also known as a thumb drive. By swapping the one meant to prepare the system with a thumb drive containing malicious code, “the malicious software exploits a vulnerability in the terminal loading procedure and installs a modified firmware, effectively ‘brainwashing’ the terminal,” the UCSB group said in a report.

The video goes on to show how the fraudulent code on the thumb drive can be subtle enough to avoid detection. The most disturbing portion of the movie shows a researcher touching the screen in favor of one candidate, but with the vote being cast for the other.

The work of the UCSB scientists—and Bowen’s swift reaction to it—indicates that the race among tech companies to build a better voting device in the wake of the 2000 election may have produced machines too hastily, leaving the election process even more prone to systemic failure than before.

As such, the UCSB team praises Bowen for her move, arguing that, in this case, returning to the past—that is, to the method of filling out the bubbles with a pen—actually represents an important step forward.

“Suppose I tell you I built a new car that can go 400 kilometers an hour, but you are going to die 10 percent of the time,” said Vigna, an associate professor. “Would you consider going back to your normal car a step backwards or a step forward?”

But while the computer scientists credit Bowen, they lament that few other states have followed California's lead in undergoing such an extensive review. For instance, at least 16 other states are using the Sequoia machines, which the UCSB team considers faulty, Vigna said.

Although touch-screen computer voting systems were around before 2000, the industry was kicked into high gear by the failings of that election season, Kemmerer said. This was spurred in no small part by the 2002 Help America Vote Act, which set aside about $3.8 billion in federal spending on election reform. Much of that money was given to states for the purpose of replacing punch card and lever voting machines with modernized voting equipment, such as the Sequoia machines, he said.

Vigna said he believes the stakes in computerized voting are high enough to warrant the same degree of scrutiny experienced by programs for, say, air traffic controllers. 

“This for some reason doesn’t happen to voting systems,” he said. “We are going to vote for the president of the United States, and there are a lot of people who are going to be voting on machines that, in my opinion, are completely sub-standard, or definitely insecure.”