Is It Possible for One Person to Vote Multiple Times in the Same Election on an Electronic Voting Machine?



PRO (yes)

Brad Friedman, author of the Brad Blog, explained in his Nov. 2, 2006 entry "New Vulnerabilities Discovered on Touch-Screen Systems Made by One of Country's Largest Voting Machine Companies Will Affect Elections in Dozens of States":

"There's a little button on the back of every touch-screen computer made by Sequoia Voting Systems that allows any voter, or poll worker, or precinct inspector to set the system into 'Manual Mode' allowing them to cast as many votes as they want. Concerns about the flaw were first reported some thirty days ago to California Secretary of State (SoS) Bruce McPherson's office by Ron Watt, a Tehama County, CA precinct inspector...

Sequoia technicians had been in the SoS office and had confirmed the vulnerability."

Nov. 11, 2006 - Brad Friedman 



Tova Andrea Wang, Executive Director of The Century Foundation's Post-2004 Election Reform Working Group, wrote in her article "Understanding the Debate Over Electronic Voting Machines," published on the organization's website on May 26, 2004:

"Since the voting system relies on a smart-card chip to ensure that each person casts only one ballot, someone could create a specially programmed smart card and use it in the voting booth to cast multiple ballots."

May 26, 2004 - Tova Andrea Wang, JD 



Aviel Rubin, PhD, Technical Director at Johns Hopkins University Information Security Institute, in his 2003 technical report "Analysis of an Electronic Voting System" Johns Hopkins University Information Security Institute Technical Paper TR-2003-19, July 23, 2003, stated:

"In the Diebold system, a voter begins the voting process by inserting a smartcard into the voting terminal...Since an adversary can make perfectly valid smartcards, the adversary could bring a stack of active cards to the voting booth. Doing so gives the adversary that ability to vote multiple times. More simply, instead of bringing multiple cards to the voting booth, the adversary could program a smartcard to ignore the voting terminal's deactivation command. Such an adversary could use one card to vote multiple times. Note here that the voter could be a regular voter and not an election insider."

July 23, 2003 - Aviel D. Rubin, PhD 



RABA Technologies, at the request of the State of Maryland, prepared a Jan. 20, 2004 report titled "Trusted Agent Report: Diebold AccuVote-TS Voting System" which stated:

"Red Team members were able to guess [the smart card] passwords. Indeed, the passwords used to protect both types of smart cards provided to the team appear in the source code that the Hopkins team evaluated. Initial guesses on the team's part provided instant access to the cards' contents.

Given access to the cards' contents, it became an easy matter to duplicate them, to change a voter card to a supervisor card (and vice versa) and to reinitialize a voter card so that it could be used to vote multiple times."

Jan. 20, 2004 - RABA Technologies 



CON (no)

Sequoia Voting Systems, a manufacturer of electronic voting machines, released a paper on its website on July 30, 2003 titled "Sequoia Discusses Safeguards of Electronic Voting," which stated:

"When a smart card is inserted, the AVC Edge [a model of electronic voting machine] first validates the [encrypted] signature then decrypts the data. Then the card is verified to ensure it has not already been used to cast a ballot (prevents duplicate voting)...

Each voting machine keeps track of the valid cards used to access a ballot on the machine. If a duplicate, 'cloned' card is presented, it will be rejected as invalid, and the data on the card changed to the 'voted' state. This last step prevents anyone from using a cloned card to cast an additional ballot."

July 30, 2003 - Sequoia Voting Systems 



The Maryland State Board of Elections released a pamphlet titled "Electronic Voting: Myth vs. Fact," available on their website (accessed Apr. 28, 2006). The pamphlet identified as a myth "A single person could cast multiple votes," and provided the following rebuttals of that claim:

"A voter must have an access card specifically activated for a voting unit in the polling place. Only election judges can activate voter access cards. After a voter casts a ballot, the access card cannot be used again until an election judge reactivates the card.

A combination of physical security (and visual oversight of the voting process at the precinct), software, and system features would make casting multiple votes extremely difficult and highly unlikely."

Apr. 28, 2006 - Maryland State Board of Elections 



Diebold Election Systems, Inc. released a paper titled "Checks and Balances in Elections Equipment and Procedures Prevent Alleged Fraud Scenarios" on July 30, 2003 on its website as a direct response to the Aviel Rubin et al. paper "Analysis of an Electronic Voting System." The Diebold article stated:

"The assertion that 'the adversary could program a smartcard to ignore the voting terminal's deactivation command' is incorrect. We are not aware of a way to program the smartcard in such a way that the card will not be canceled. The authors provide no explanation as to how they believe this could be accomplished."

July 30, 2003 - Diebold Election Systems, Inc. 



The Election Technology Council's "Frequently Asked Questions" section of their website (accessed Oct. 2005) stated:

"Manufacturers use digital signatures and other forms of encryption to make the chances of voting card counterfeiting remote. Other protections include the use of time, place, and election specific internal checks to assure card validity and to prevent cards from being used more than once."

Oct. 2005 - Election Technology Council