Officials Probing Possible Theft of Voting Software in Md.
Friday, October 20, 2006
The FBI is investigating the possible theft of software developed by the nation's leading maker of electronic voting equipment, said a former Maryland legislator who this week received three computer disks that apparently contain key portions of programs created by Diebold Election Systems.
Cheryl C. Kagan, a former Democratic delegate who has long questioned the security of electronic voting systems, said the disks were delivered anonymously to her office in Olney on Tuesday and that the FBI contacted her yesterday. The package contained an unsigned letter critical of Maryland State Board of Elections Administrator Linda H. Lamone that said the disks were "right from SBE" and had been "accidentally picked up."
Lamone's deputy, Ross Goldstein, said "they were not our disks," but he acknowledged that the software was used in Maryland in the 2004 elections. Diebold said in a statement last night that it had never created or received the disks.
The disks bear the logos of two testing companies that send such disks to the Maryland board after using the software to conduct tests on Diebold equipment. A Ciber Inc. spokeswoman said the disks had not come from Ciber, and Wyle Laboratories Inc. said it was not missing any disks.
Diebold spokesman Mark Radke and Goldstein said that the labels on the disks referred to versions of the software that are no longer in use in Maryland, although the Diebold statement said the version of one program apparently stored on the disks is still in use in "a limited number of jurisdictions" and is protected by encryption. The statement also said the FBI is investigating the disks' chain of custody.
Michelle Crnkovich, an FBI spokeswoman in Baltimore, said she had no knowledge of an investigation.
In an unrelated development, Maryland state auditors said in a report yesterday that the State Board of Elections is not properly controlling access to a new statewide database of registered voters or verifying what changes are made to it. The report comes at a time of heightened concern over the security and effectiveness of electronic voting systems.
Legislative auditor Bruce Myers said it was unusual to allow "across-the-board access" by local election officials to a sensitive database, but Lamone defended the board's practices. In a letter released with the Office of Legislative Audits report, she wrote that the board "is unaware of any allegations of the falsification of additions or deletions to the system."
The FBI investigation into the disks could focus further scrutiny on the security of Maryland's electronic voting system.
The disks delivered to Kagan's office bear labels indicating that they hold "source code" -- the instructions that constitute the core of a software program -- for Diebold's Ballot Station and Global Election Management System (GEMS) programs. The former guides the operation of the company's touch-screen voting machines; the latter is in part a tabulation program used to tally votes after an election.
Three years ago, Diebold was embarrassed when an activist obtained some of its confidential software by searching the Internet. The company vowed to improve its security procedures to prevent another lapse.
The release of such software poses a risk, computer scientists say, because it could allow someone to discover security vulnerabilities or to write a virus that could be used to manipulate election results.