Former Senator Francisco “Kit” Tatad today called urgent attention to a Princeton University report showing that voting machines in the United States could be corrupted to commit fraud without leaving any trace of it, and demanded that the suppliers of the voting machines for the May 10 elections demonstrate and guarantee to the public that their machines are free from the same defect.
At the Kapihan sa Maynila, Tatad, who is seeking reelection to the Senate, cited a paper by three Princeton University scientists—Ariel Feldman, J. Alex Halderman and Edward Felten—accompanied by a security demonstration on You Tube, which showed how the Diebold Accu Vote-TS Voting Machine, reputedly the most widely deployed electronic voting platform in the United States, could be easily corrupted by a malicious software.
Although the Precinct Count Optical Scan (PCOS) machines to be used by the Comelec in the May elections are different from the paperless Direct Recording Electronic (DRE) machine studied by the Princeton scientists, their internal infrastructure, which reads and records the vote, appears to be the same, and probably with the same vulnerabilities.
“The public may need an iron-clad guarantee, and the most convincing scientific demonstration from Smartmatic that the PCOS machines are not as vulnerable as the Accu Vote-TS machines,” Tatad said.
Experiments conducted by the three scientists, using a demonstration software that carries out a vote-stealing attack, and a demonstration virus that spreads from machine to machine, showed the following:
1) Malicious software running on a single voting machine can steal votes with little if any risk of detection. The malicious software can modify all of the records, audit logs, and counters kept by the voting machine, so that even careful forensic examination of these records will find nothing amiss.
2) Anyone who has physical access to a voting machine, or a memory card that will later be inserted into a machine, can install said malicious software using a simple method that takes as little as one minute. In practice, poll workers and others often have unsupervised access to machines.
3) AccVote-TS machines are susceptible to voting-machine viruses – computer viruses that can spread malicious software automatically and invisibly from machine to machine during normal pre- and post-election activity.
After injecting a vote-stealing software inside the machine, the scientists simulated an election with George Washington and Benedict Arnold as candidates. Four voters voted for Washington, and one voted for Arnold. When the machine printed out the results, however, Arnold got three votes, and Washington two.
And because the vote-stealing software was constructed to delete itself after the operation, nothing could be found inside the machine to show that the count was fraudulent or wrong, the Princeton study showed.
“The Comelec should take note of the findings of the study which showed that the machine could perform well during logic and accuracy tests when fed with “pretend ballots” in a “pretend election”, but that anybody could inject a malicious software into the memory card to corrupt the machine without leaving any sign that the memory card had been replaced,” Tatad said.
Tatad had earlier called on the Comelec to institute a double-track tally of the election results—one automated, the other manual, to serve as a possible backup in case of failure of the automated system, and to form part of the records to help settle possible questions concerning the accuracy of the automated count. The senatorial candidate expressed full confidence in the board of election inspectors in every precinct to carry out the job.