Summary of next three articles:

The FBI is investigating the possible theft of software developed by the nation's leading maker of electronic voting equipment, said a former Maryland legislator who this week received three computer disks that apparently contain key portions of programs created by Diebold Election Systems. Cheryl C. Kagan, a former Democratic delegate who has long questioned the security of electronic voting systems, said the disks were delivered anonymously to her office in Olney on Tuesday and that the FBI contacted her Thursday. The package contained an unsigned letter critical of Maryland State Board of Elections Administrator Linda H. Lamone

Former delegate gets purported Diebold code

FBI is contacted over anonymous package

By Melissa Harris, Baltimore Sun reporter

Originally published October 20, 2006

Diebold Election Systems Inc. expressed alarm and state election officials contacted the FBI yesterday after a former legislator received an anonymous package containing what appears to be the computer code that ran Maryland's polls in 2004.

Cheryl C. Kagan, a longtime critic of Maryland's elections chief, says the fact that the computer disks were sent to her - along with an unsigned note criticizing the management of the state elections board - demonstrates that Maryland's voting system faces grave security threats.

A spokesman for Diebold, which manufactures the state's touch-screen voting machines, said the company is treating the software Kagan received as "stolen" and not as "picked up" at the State Board of Elections, as the anonymous note claimed. Lawyers for the company are seeking its return.

The disclosure comes amid heightened concerns nationwide about the security of the November elections and the ability of the state to keep tight controls on the thousands of machines that will be used next month.

Maryland's September primary - which used voting machines and electronic check-in equipment made by Diebold - suffered a series of mistakes, and the outcomes of some contests were not known for weeks.

In the wake of the problems, Gov. Robert L. Ehrlich Jr. and other politicians renewed their call to jettison the equipment. The governor has urged state voters to request absentee ballots, although use of the paper alternative raises different concerns about fraud.

A spokesman for the governor said the apparent distribution of the voting-machine software was troubling.

"This raises yet another unanswered question with regard to Diebold technology," said Henry Fawell, an Ehrlich spokesman.

The availability of the code - the written instructions that tell the machines what to do - is important because some computer scientists worry that the machines are vulnerable to malicious and virtually undetectable vote-switching software. An examination of the instructions would enable technology experts to identify flaws, but Diebold says the code is proprietary and does not allow public scrutiny of it.

Diebold has not confirmed that the code received by Kagan is authentic, said Mike Morrill, a spokesman for the company in Maryland. But Johns Hopkins University computer scientist Aviel Rubin reviewed one of the disks and said he believed it was genuine. If it wasn't, he said, "someone went to great lengths to make it look like it was."

"My feeling is that it may have come out of the testing labs, which means that if that's true, their procedures for protecting their clients' valuable proprietary information have failed," said Rubin, who in 2003 published a report on Diebold security flaws after discovering a copy of the code on the Internet.

"If it came out of Diebold, it's like Coca-Cola having their recipe exposed and then not learning their lesson," he said. "If it came out of the testing labs, then it's hard to blame the manufacturer."

Kagan, a former state Democratic delegate from Montgomery County who is now executive director of the Carl M. Freeman Foundation, said the disks were delivered to her office Wednesday.

An accompanying letter refers to the State Board of Elections and calls Kagan "the proud recipient of an 'abandoned baby Diebold source code' right from SBE accidentally picked up in this envelope, right in plain view at SBE. ... You have the software because you are a credible person who can save the state from itself. You must alert the media and save democracy."

Kagan called the attorney general's office, and word of the disks began to spread. Learning of the development, Linda H. Lamone, the state's elections chief, reported Kagan's possession of the code to the FBI yesterday.

Kagan said she had been contacted by an FBI investigator but had not met with him. "I intend to cooperate" with the inquiry, Kagan said, adding that she believed evidence of a serious security breach had to be revealed.

An FBI spokeswoman could not confirm yesterday the nature of the bureau's interest.

Morrill, the Diebold spokesman, said it was unlikely that the code was obtained in the manner outlined in the letter.

The codes, which were delivered to Kagan in three versions on separate disks, are proprietary - meaning there are restrictions on their use and duplication. Violators of those restrictions could be charged with crimes.

Based on their labels, the disks appear to be created by two companies that test the software - Wyle Laboratories and Ciber Inc., whose teams are based in Huntsville, Ala. Maryland law requires such independent testing before the equipment's use.

The disks have the testing authorities' names on them, as well as other identifying features. Anyone who had permission to handle these disks would have received passwords from Diebold, enabling investigators to trace those authorized to use them.

Morrill said two of three disks were never used and that the third was version 4.3.15c, which was used in Maryland during the 2004 primary.

Ross Goldstein, the state's deputy elections administrator, said Maryland now uses version 4.6 and that the public should be confident that their votes are secure.

The disks contain "nothing that's being used in this election," Goldstein said.

Diebold marketing director Mark Radke said the company is investigating the chain of custody of the disks and is asking its testing companies to pull their logs.

"These disks contain codes used for testing purposes," Radke said. "They were shipped from the testing authority. Diebold was never in the chain of custody."

Older versions of Diebold's computer code have long been in public circulation, including the copy discovered by Rubin.

This year, a team of Princeton University computer scientists obtained a slightly older version of the code than that sent to Kagan and found that a programmer with access to the voting machines and their passwords could install malicious software or viruses.

Some of the flaws could be remedied with quick fixes, the researchers said, but others were "architectural in nature" and could not be easily corrected without redesigning the machines.

"In any case, subsequent versions of the software should be assumed insecure until fully independent examination proves otherwise," the researchers wrote.

Diebold has consistently resisted pressures from computer and political scientists to make their software available to experts for critiques, a process called open-source software development.

Not doing that is "a mistake" on Diebold's part, said Donald F. Norris, a professor at the University of Maryland, Baltimore County and director of the university's National Center for the Study of Elections.

Computer Voting Disks Likely Made For Testers

Md. Assembly Sought Security Check in 2003

By Cameron W. Barr

Washington Post Staff Writer
Saturday, October 21, 2006; Page B01

A Maryland election official said yesterday that possibly stolen computer disks believed to be electronic voting software were "apparently produced" for use by a testing firm hired by the Maryland legislature in November 2003.

Ross Goldstein, deputy administrator of the Maryland State Board of Elections, said documents indicate that the disks were sent to Maryland so Raba Technologies Inc. could assess the security of the state's electronic voting system, which is provided by Diebold Election Systems. A receptionist at Raba, based in Columbia, declined to comment yesterday after consulting with her supervisor.

Labels on the disks indicate that they contain the versions of two Diebold programs that powered electronic voting machines in Maryland in 2004, Goldstein said Thursday. Diebold said one version of one program is still in use in some jurisdictions elsewhere in the United States.

Cheryl C. Kagan, a former Maryland delegate who has questioned the security of electronic voting systems, said the disks were delivered anonymously to her office in Olney on Tuesday.

State elections administrator Linda H. Lamone has asked the FBI to investigate the apparent theft and leaking of proprietary voting software.

Critics of electronic voting said the most recent incident in Maryland casts doubt on Lamone's claim that Maryland has the nation's most secure voting system. "There now may be numerous copies of the Diebold software floating around in unauthorized hands," said Linda Schade, co-founder of TrueVoteMD, which has pressed for a system that provides a verifiable paper record of each vote.

Yesterday, Henry Fawell, a spokesman for Gov. Robert L. Ehrlich Jr. (R), said the suspected leak "raises yet another unanswered question about the Diebold technology on which our election system depends." Ehrlich initially supported the Diebold technology but in recent years has said Maryland should switch to a system that provides a paper trail.

Some computer scientists said the incident shows why the makers of voting systems should publicly disclose their software. "It's hard to keep a secret like this for a long time," said Edward Felten, a Princeton University computer scientist who demonstrated in September how Diebold's machines could easily be hacked. The company called Felten's work inaccurate and unrealistic.

The Washington Post, which obtained copies of the disks Wednesday to verify them, agreed yesterday to Diebold's request to return them.

Kagan said that she expects to meet with FBI agents next week and that she was prepared to grant the FBI's request to turn over the disks.

The disks bear logos from two other testing companies, Ciber Inc. and Wyle Laboratories, which Diebold hired to test its voting system. Maryland retained Raba in 2003 to conduct a security assessment after an academic study revealed vulnerabilities in Diebold's system, said Karl S. Aro, executive director of the Department of Legislative Services.

Aro said he believes that Diebold made its own arrangements to transmit the software to Raba. "To my knowledge, [Aro's staff] never touched those disks," Aro said.

Diebold spokesman Mark Radke said: "We contacted Ciber and Wyle and asked them to send the software directly to someone in Maryland." He said he could not confirm if the recipient was Raba or an intermediary.

Felten, the Princeton computer scientist, said public disclosure of the core instructions or "source code" that powers electronic voting machines would enhance security by allowing experts to find flaws that could then be corrected.

David Jefferson, a computer scientist at Lawrence Livermore National Laboratory who advises California's secretary of state on election matters, said the source code should be public precisely because it is part of voting systems. "Our democratic process has to be completely open, and we cannot conduct transparent elections on top of secret software," he said.

Michael I. Shamos, a computer scientist at Carnegie Mellon University, said the appearance of the disks in Kagan's office is "essentially meaningless." He said electronic voting source code should be disclosed because of the public's strong interest in the credibility of voting systems. "Since the disclosure of source code is a good thing," he asked, "why should we be complaining when some gets disclosed?"

"Anything that happens to convince the makers of voting software to drop the nonsensical claim of 'trade secrets' is a good thing," Shamos said.

Radke said the company was not averse to disclosing its code if the law were changed to require it. But he said disclosure would dampen innovation in the field.

Avi Rubin, a computer scientist at Johns Hopkins University who reviewed the software Wednesday at the request of The Post, said he was all but certain that the material on the disks was Diebold software.

Officials Probing Possible Theft of Voting Software in Md.

Ex-Delegate Says FBI Contacted Her About Disks She Received

By Cameron W. Barr

Washington Post Staff Writer
Friday, October 20, 2006; Page B01

The FBI is investigating the possible theft of software developed by the nation's leading maker of electronic voting equipment, said a former Maryland legislator who this week received three computer disks that apparently contain key portions of programs created by Diebold Election Systems.

Cheryl C. Kagan, a former Democratic delegate who has long questioned the security of electronic voting systems, said the disks were delivered anonymously to her office in Olney on Tuesday and that the FBI contacted her yesterday. The package contained an unsigned letter critical of Maryland State Board of Elections Administrator Linda H. Lamone that said the disks were "right from SBE" and had been "accidentally picked up."

Lamone's deputy, Ross Goldstein, said "they were not our disks," but he acknowledged that the software was used in Maryland in the 2004 elections. Diebold said in a statement last night that it had never created or received the disks.

The disks bear the logos of two testing companies that send such disks to the Maryland board after using the software to conduct tests on Diebold equipment. A Ciber Inc. spokeswoman said the disks had not come from Ciber, and Wyle Laboratories Inc. said it was not missing any disks.

Diebold spokesman Mark Radke and Goldstein said that the labels on the disks referred to versions of the software that are no longer in use in Maryland, although the Diebold statement said the version of one program apparently stored on the disks is still in use in "a limited number of jurisdictions" and is protected by encryption. The statement also said the FBI is investigating the disks' chain of custody.

Michelle Crnkovich, an FBI spokeswoman in Baltimore, said she had no knowledge of an investigation.

In an unrelated development, Maryland state auditors said in a report yesterday that the State Board of Elections is not properly controlling access to a new statewide database of registered voters or verifying what changes are made to it. The report comes at a time of heightened concern over the security and effectiveness of electronic voting systems.

Legislative auditor Bruce Myers said it was unusual to allow "across-the-board access" by local election officials to a sensitive database, but Lamone defended the board's practices. In a letter released with the Office of Legislative Audits report, she wrote that the board "is unaware of any allegations of the falsification of additions or deletions to the system."

The FBI investigation into the disks could focus further scrutiny on the security of Maryland's electronic voting system.

The disks delivered to Kagan's office bear labels indicating that they hold "source code" -- the instructions that constitute the core of a software program -- for Diebold's Ballot Station and Global Election Management System (GEMS) programs. The former guides the operation of the company's touch-screen voting machines; the latter is in part a tabulation program used to tally votes after an election.

Three years ago, Diebold was embarrassed when an activist obtained some of its confidential software by searching the Internet. The company vowed to improve its security procedures to prevent another lapse.

The release of such software poses a risk, computer scientists say, because it could allow someone to discover security vulnerabilities or to write a virus that could be used to manipulate election results.

In September, computer scientists at Princeton University who had obtained a Diebold voting machine demonstrated how a program they had created could secretly alter the votes cast on the machine. Diebold President Dave Byrd called the demonstration "unrealistic and inaccurate" and said it ignored the "physical security" measures used to safeguard voting machines.

The Washington Post obtained copies of the disks Wednesday and allowed Avi Rubin, a computer scientist at Johns Hopkins University, along with a colleague and a graduate student, to review the software on the condition that they make no copies of it.

"I would be stunned if it's not real," Rubin said.

Rubin, who has said that electronic voting systems that do not produce a paper record of each vote cannot be secured, led a team that produced an analysis that pointed out security vulnerabilities in the Diebold software found on the Internet in 2003.

Sam Small, the graduate student, said the version of Ballot Station "was consistent with what we've seen previously." Small could not gain access to the GEMS software because the material on two of the disks was protected by a password.

Radke, the Diebold spokesman, said the versions of Ballot Station released since the version identified on the disks have many new security features. The Diebold statement said "it would take years for a knowledgeable scientist" to break the encryption used on the software apparently contained on the disks delivered to Kagan. But Rubin said "the data and files were not encrypted" on the Ballot Station disk he reviewed.

The Office of Legislative Audits report also said the Maryland elections board has paid bills submitted by contractors without proper documentation and has not taken appropriate steps to safeguard its computer network and Web site.

Lamone said, "It seems inappropriate to base findings on a partially implemented system," referring to the new MDVOTERS database, which Maryland has established to comply with federal law.

She said it is appropriate for local election workers to have access to the database and said procedures are in place to verify changes. Lamone concurred with the auditors' criticism of her staff's accounting practices and said they had "obtained nearly all necessary documentation" for contractors' bills.

Providing the sort of local oversight envisioned by the auditors, she said, "simply cannot be conducted with existing resources."

Staff writer Eric Rich contributed to this report.