Reports warn of tampering risks in New Jersey’s electronic voting

By Greg Forester, Staff Writer
   Nearly 10,000 electronic voting machines ready for use in New Jersey polling places in the upcoming presidential election are highly vulnerable to tampering, according to a Princeton University report made public Friday.
   State officials and Sequoia Voting Systems, which produces the machines, disputed the report’s findings, pointing to studies compiled by their own experts that were also released Friday.
   Researchers compiling the university report found that would-be hackers could install “vote-stealing” software in the machines in as little as eight minutes. Also, anyone at a polling place can easily change or eliminate votes, by either purposefully or accidentally pressing particular buttons located on the electronic, touch screen-equipped machines, according to the report.
   ”You can easily change the outcome of an election in a very low-tech way, said Professor Penny Venetis of the Rutgers University Constitutional Litigation Clinic, which has led the four-year legal challenge of the machines.
   Friday’s release is the latest development in a landmark lawsuit filed on behalf of several Mercer County officials and organizations — including Democratic Assemblyman Reed Gusciora of Princeton and the Princeton-based Coalition for Peace Action.
   A key element of the challenge is the fact that Sequoia’s voting machines do not provide paper verification of voting decisions to voters.
   Princeton University computer science professor Andrew Appel and other researchers compiled the report at the behest of Superior Court Judge Linda Feinberg. The judge took what litigants called an unprecedented step when she ruled the machines were subject to independent testing, after inconsistencies emerged in six counties where the machines were in use following the 2008 presidential primary.
   Professor Appel is a computer security expert currently teaching a computer class on voting machines.
   Sequoia released statements strongly disputing the results of the testing, declaring security and safety features currently utilized in the Sequoia’s AVC Advantage machines were not present in the machines tested by the researchers who compiled by the report.
   ”Throughout our report response, we show how simple, established, and previously used accuracy and security protections — removed from the Advantages studied in the report published by the plaintiffs — make the items in their report next to impossible,” said Edwin Smith, a vice president at Sequoia Voting Systems, in a statement.
   Sequoia officials said Princeton researchers had an entire month of “unfettered” access to the machines, unlike the real conditions someone would have to work in to effectively tamper with voting machines.
   Sequoia’s position was similar to that of state officials named as defendants in the original lawsuit, including Gov. Jon S. Corzine and Attorney General Anne Milgram.
   The state’s position relied on another report released Friday, compiled by Michael Shamos, another computer expert, who teaches at Carnegie Mellon University.
   Mr. Shamos, like Sequoia, challenged the observations in Professor Appel’s report on the laboratory conditions in which the machines underwent testing.
   ”The Appel Report does not even purport to articulate any standard by which the security of a voting system can or should be judged,” wrote Mr. Shamos. “Therefore its conclusion that ‘The AVC Advantage is too insecure to use in New Jersey’ is not supported by any of the observations described in the Report.”
   However, the litigants who filed the suit said the reports were a vindication of their position on the vulnerabilities of the machines.
   ”We’re ecstatic,” said Ms. Venetis. “But what’s tragic is that Professor Appel had this hypothesis (on the machines) four years ago and he was right.”