ITAA blasts e-voting critic

The appearance of a computer science professor and electronic-voting security critic before the U.S. Election Assistance Commission this week has prompted the Information Technology Association of America to label his testimony “misleading, at best.”

The ITAA, which represents several electronic voting machine vendors, questioned the testimony of Avi Rubin, a computer science professor at Johns Hopkins University in Baltimore and co-author of a February paper critiquing the security of Diebold’s e-voting machines. Rubin called the security of e-voting machines “close to terrible” at the hearing Wednesday.

But Harris Miller, president of the ITAA, shot back late Wednesday, saying the professor’s statements don’t make sense. After serving as an election judge in Baltimore County, Md., in March, Rubin said some of the attacks described in his paper were unlikely, and Miller questioned Rubin’s Wednesday statements describing a continuing lack of security in e-voting machines. Rubin’s description of his day as an election judge is at his Web site.

Miller, in an e-mailed statement, compared Rubin’s testimony Wednesday to yelling “fire” in a crowded theater when there’s no fire.

“Election officials around the country should base their decisions to use electronic voting technologies based on their outstanding track record and the fact that they are the most accurate, secure method available,” Miller said. “We cannot allow something as important as the accuracy of our elections to be imperiled by the false claims of a small vocal minority. And Dr. Rubin’s statement to the media that no computer security experts disagree with him is misleading at best and insulting to those who support electronic voting.”

Rubin disagreed, saying he stands by his statements. Voters “loved” the Diebold machines used in Baltimore County, he said, but although some of the attacks his February paper described were unlikely to work in Baltimore County, his day as an election judge raised new security concerns, he said. At the end of the day, all vote tallies were loaded onto one e-voting machine, that a malicious coder could take over to change the totals, he told the election commission.

Rubin, in an e-mail response to the ITAA statements, noted his paper was accepted and published at a highly regarded security conference, the IEEE Security and Privacy Symposium. “That is a demonstration that the computer security community is in agreement with our conclusions,” he wrote.

The ITAA should look at his entire statement following his day as an election judge, Rubin said, not pick out pieces of his writing that support the e-voting vendors. “The trade group representing the companies selling the machines says that people should distrust the computer security experts and listen to the vendors,” Rubin said. “What’s wrong with that picture? … They are really off base here.”