[link to index of press clippings]

The Tampa Tribune

E-Ballot Threat Nullified Earlier

Sep 30, 2004

TALLAHASSEE - Hillsborough County Elections Supervisor Buddy Johnson said Wednesday that steps had been taken earlier this year to reduce a security risk in the county's touch-screen voting system detailed in a Tampa Tribune article this week.

The flaw could have enabled vote totals to be manipulated, leaving little trace, according to computer security experts.

Johnson said security measures were installed to diminish the risk in Hillsborough County after a widely distributed report commissioned by Ohio elections officials late last year first identified the potential problem. ...


The report, and another by computer science Professor Douglas W. Jones for Miami-Dade County, warns that computers equipped with elements of the popular Microsoft Office suite software package can be used to manipulate vote totals without leaving a record because it shares the same database format as the touch-screen voting equipment.

Because of that risk, Ohio forbids computers equipped with the software to be used in election-night headquarters where votes from touch-screen machines are being tabulated. The report describes the likelihood of anyone abusing the security weakness as ``low'' but rates its potential effect as ``high.''


Among the measures implemented in Hillsborough County to guard against the risk, Johnson said in an interview, are allowing many onlookers inside the ``clean room'' where the computers are used to tabulate votes on election night and limiting access to supervisory functions on the computers.


The Ohio report identified Microsoft Access, its flagship database program, as the focus of its concern.

A Sequoia spokesman said the company believes security measures taken by Johnson are sufficient to guard against the danger.

Jones, a member of Iowa's voting systems certification team and a consultant in jurisdictions scattered throughout the nation, said he would prefer that Microsoft Office suite and Access in particular be removed from computers used to tabulate votes.

In conversations with the newspaper last week, Johnson said the Microsoft Office suite security concern was a surprise to him and he would have to research the issue before addressing it.

Johnson also criticized the newspaper's use of the report commissioned by Miami-Dade because it applies to a voting system produced by Omaha, Neb.-based Electronic Systems and Software Inc.

Jones, the author of that report, said his comments on the Microsoft Office suite danger apply equally to systems produced by Sequoia Voting Systems such as the one in Hillsborough.

Reporter Garrett Therolf can be reached at (850) 222-8382.