Voting Machines Stolen in Georgia
In 2000 five out of six Georgians cast a paper ballot that could be recounted on ES&S systems. In January 2001, in a speech to the Democratic-controlled legislature, Georgia Secretary of State Cathy Cox, a Democrat who is expected to run for governor in 2006, declared that considering all the recent problems down in Florida, Georgia should adopt one “uniform electronic voting system by November 2004.” Upon Cox’s fervent recommendation of the just-born Diebold Election Systems, in May 2002 Georgia agreed to pay Diebold $54 million for 19,000 DRE voting systems. The counties and cities of Georgia had chosen their own voting machines for the last time, and, less obviously, Georgians had lost their ability to recount their votes in contested elections.
At once Diebold set to manufacturing 282 of its AccuVote TS voting systems a day. Some of the earliest ones arriving in Georgia, sent out for use in the training of election workers, were left in a hotel conference room overnight, stolen and never recovered. Late that June the secret vote-counting codes inside nine to fourteen more of the Diebold machines were stolen. Diebold made an uncounted number of apparently illegal changes in the election-conducting code between June and November. The memory cards on which the votes on each of the computers were recorded on election day all over Georgia had no encryption. According to Rob Behler, who served as Diebold’s production deployment manager in Georgia during the first half of that summer, those cards could be used to change the results manually, precinct by precinct.
Incumbent US Senator Max Cleland and incumbent Governor Roy Barnes, both Democrats, were odds-on favorites to win re-election. A week before the voting an Atlanta Journal-Constitution poll showed Cleland ahead by five points, 49-44, but on election day he lost to his Republican opponent, Saxby Chambliss, by seven points, 53-46, a twelve-point swing. The loss of Governor Barnes to Sonny Perdue was even more remarkable: a one-week switch of fourteen percentage points. These were suspicious anomalies, and subsequently in a Peach State Poll one in eight Georgia voters were “not very confident” or “not at all confident” that the DREs had produced accurate results; another 32 percent were only “somewhat confident.”
In his front parlor at home in Georgia, Rob Behler told me that just before or just as he took over the Atlanta warehouse for Diebold, some of the voting machines had been sent out to “do demos,” and in one southern county “somebody broke in and stole…[nine or] fourteen of the machines and, I think, one of the servers.” He says the vote-counting programs in the stolen computers could have been completely reconstructed by reverse engineering and employed to jimmy the election.
“Quality-checking” the AccuVote machines as they arrived from Diebold at a warehouse in Atlanta, Behler and his crew found problems, he says, with “every single one” of them and about a fifth of them were shoved aside as unusable. When Diebold’s programmers wanted “patches,” that is, changes, inserted into the voting-system software, Behler says, they sent them to him via the company’s open, insecure File Transfer Protocol (FTP) site in cyberspace. On his own unsecured laptop (resting on his desk as he spoke), Behler made twenty-two or twenty-three of the cards that were used to change the programs in the machines.
The night of the November 2002 election, sixty-seven of the memory cards used in Fulton County (Atlanta) disappeared. Running his laptop with a dual battery, Behler says, in six or seven hours he could have changed the totals on those sixty-seven cards. “There’s no technical problem. There was absolutely zero protection on the card itself. You throw the card in, you just drill down into its files.”
Brit Williams, a computer consultant at Kennesaw State University who runs Georgia’s testing of voting systems, confirmed to me that the memory cards were not encrypted and all had the same password (1111), but each one, he contended, was “unique to its machine.” He snapped, “We had 22,000 voting stations. How would you like to be in charge of 22,000 passwords?” Williams said the sixty-seven missing memory cards in Atlanta had been left in the machines by forgetful workers and were recovered.
The Georgia election of 2002 illustrates how serious risks of technical malfunctions and malicious tampering can occur without anyone outside the voting business finding out about them. No doubt in part because of the hasty start-up, Diebold’s “security,” though approved by the independent testing authorities and the state, was in fact farcical. Both of the losing Democrats had backed installation of the DRE systems statewide, so they could hardly call for recounts that their own state party had made literally impossible.