>>9957

The same could be said of the customers. Election administrators were often unsophisticated county employees who had been in the job forever. "If we work with Bank of America and they want to roll out 1,000 ATMs, they'll have 25 professional project managers," says Swidarski. "You go to a meeting at a county and you're looking at two people."

It didn't help that Global's touch-screen system, the AccuVote-TS, was flawed from the start. It had purchased the technology from a small company called I-Mark, whose founders had designed it as an unattended voting terminal that could be used in places like shopping malls or supermarkets. "The only problem was they weren't looking at security," says Douglas Jones, a computer science professor at University of Iowa who has been testing voting machines since 1994.

Not quite the only problem. Because there was little demand for touch-screen systems before 2001, Global hadn't spent much on software development. (Jones thinks they needed to start over.)

So the system voters used in 2002 was bug-ridden. Diebold machines crashed early and often, and there was insufficient trained staff to cope with the inevitable problems. (One problem: "vote hopping," where, due to an uncalibrated touch screen, pressing one candidate counted the one next to it.) Even so, after the election, press accounts largely glossed over the problems as isolated hiccups. Orders continued to roll in. And then things fell apart.

Until recently, hardly anyone gave a thought to the mechanics of voting. Even fewer thought about hackers. But in the wake of 2000, the mechanics of voting became politicized.

One key moment came when Bev Harris heard her suburban Seattle county was considering switching to electronic touch-screen machines. Curious, she started trawling the Internet for information - and late one night in January 2003, she discovered a cache of files on an unprotected Diebold server. In it were e-mails between programmers discussing the system's problems.

"Distributing this software is extremely dangerous," a programmer wrote in 2001. "Our smart-card format has absolutely no security, so if someone were to get a copy of this software and a reader, they could stand at the ballot station and quietly burn new voters cards all day.... I can see the cover of USA Today in my head. Consider everyone warned." (Diebold says the problem was fixed before the 2002 elections.)

Digging further, Harris found a version of the company's secret software that ran the machines. She passed it to Avi Rubin, a computer science professor at Johns Hopkins University in Baltimore. Within an hour, Rubin says, he discovered that the software's encryption system was one "everyone knew was broken since 1998." That same day, he found that the administrative password to all the machines was the same: 1-1-1-1.