Emery County: Ex-clerk at center of machine politics
Emery County's former and would-be future county clerk, Bruce Funk, is many things to many people.
To electronic elections giant Diebold Election Systems, Funk is a nuisance in an obscure rural Utah county who asks embarrassing questions.
To the Utah Lieutenant Governor's Office, he is a renegade election official who put a pothole in the $27 million transition to electronic voting.
To anti-electronic voting activists, the 23-year veteran clerk, forced out of office in March after he allowed independent computer experts to examine an Emery County voting machine, is nothing less than a martyr to democracy.
To shocked computer experts and electronic voting certification officials from California to Pennsylvania, Funk is a whistle-blower who uncovered a severe security problem in Diebold's machines.
One thing appears certain: Funk is the only election official in the country skeptical - Diebold would say, credulous - enough to invite computer scientists from Black Box Voting, a Washington state-based nonprofit group critical of electronic voting, to examine one of his units. Data gathered during that examination in tiny Emery County has generated concern by some computer experts, whose findings have been reported in The New York Times and Washington Post. Election officials in California and Pennsylvania have called for an immediate security fix.
That's not the case in Utah, where voters in the June 27 primary will be using the new Diebold machines. State election officials say there is no reason to suspect the integrity of the balloting and they are not demanding any corrective action by the company.
Michael Shamos, a Carnegie-Mellon computer science professor who certifies voting machines for the state of Pennsylvania, says the security gap Funk uncovered is the most serious ever discovered in an electronic voting system.
Shamos and voting officials in California have called on Diebold to fix this "back door" to their software that could allow tampering. The officials say the potential for affecting an election is slight, but that the opening exists at all undermines confidence in the vote.
The problem and its solution are not particularly complicated, agree computer scientists, including those at Diebold. All electronic machines must allow software updating, if only to adapt to new voting laws in each state. With more than 100,000 electronic machines in the country, software updating must be simple and fast.
"Most of the vendors use a process that is secure. You need authorized media, passwords and other security," Shamos says. "With Diebold's machines, you don't need any of that." Updating - or manipulating - Diebold software requires a plug-in memory card and a knowledge of computer code to change the software, experts say. After Black Box issued its report on the Emery County machine, Diebold acknowledged it had a "theoretical security vulnerability." Diebold spokesman David Bear says the so-called security hole is really a "functionality" that allows the software to be efficiently updated. What critics call a fix, Bear prefers to call a "redundant enhancement." "Keep in mind, this is not a vulnerability," Bear says. "[Election officials] are just asking for an enhancement to the existing system." The machines are already well-protected through standard procedures, including integrity tests, seals and, of course, honest elections officials, Bear says.
"It's only a vulnerability to those who would commit a felony [tampering with an election]," he says, adding, "You are not going to take advantage of it on a thousand machines and it go unnoticed." Stanford University computer professor David Dill, who served on a California electronic elections task force and founded the Verified Voting Foundation, is not assuaged.
"Diebold will lie about anything," Dill says. "It's an obvious and dangerous vulnerability. It indicates a complete negligence of security issues." He acknowledges tampering wouldn't be "easy. You have to know source code. . . . But that's not unusual for hackers." In any case, it must be fixed before Pennsylvania certifies any more Diebold machines, Shamos says, adding it is the consensus of computer scientists nationwide that "there is not enough security in the Diebold system as it is now. We have told Diebold to close that gap." Diebold acknowledges that adding what they call "redundant" levels of encryption and other security protection is not difficult. The company will add such enhancements, Bear said, but the soonest it could be in place would be the November general elections because of time-consuming federal certification.
Until then, company and Utah election officials say the integrity of Diebold touch screen elections will be ensured by the normal vigilance of voting officials.
So far, the only officeholder affected by the alleged Diebold security gap has been Bruce Funk, who says he opened his machines to activists because neither Diebold nor the Utah lieutenant governor's office took his concerns seriously.
During a turbulent meeting that followed his unilateral decision to allow Black Box Voting to inspect a machine, Funk told state, Diebold and Emery County commissioners he would resign.
But Funk retracted his words within hours, and instead put in writing that he intended to finish his term to ensure the integrity of local elections.
County officials countered that they had accepted the oral resignation and changed locks on Funk's office.
"I was elected by the people of Emery County and only they can tell me to go," Funk says.
The commissioners have appointed a replacement for Funk, while lawyers wrangle over the dispute.
"The way I see it is, the citizens' vote is their most prized possession and I've got to watch over it," Funk says. "It's time for the state and Diebold to admit something is wrong and fix it." If state officials have their way, Funk will not even rate a footnote in Utah elections law. County clerks such as Funk who let unauthorized people tamper with their machines, they maintain, are a much bigger threat to voting security than any electronic vulnerability.
"No other county clerk gave anyone that kind of access - that's how ridiculous his behavior was," says Joe Demma, Lt. Gov. Gary Herbert's chief of staff. "We don't believe there is a - quote-unquote - 'back door.' Sure, you could set the system on fire and ruin the vote. Each county clerk is in place to keep that from happening." But Carnegie-Mellon's Shamos, who is reluctant to enter into a political fray in faraway Utah, finds Funk an unlikely villain.
"He should not be punished for bringing this to light," Shamos says. "He made noises that brought pressure from Diebold." Dill agrees, "Bruce Funk is the only person who has tried to protect the voters. No one else flagged this flaw that has resulted in alerts being issued in several states. He is being removed from office for embarrassing Diebold." While Shamos is a strong advocate of electronic voting, once the vulnerabilities are corrected, Dill is skeptical about any voting entirely dependent on computers. The Funk controversy has only scratched the surface of the problem, he says, "I look at this as one of an unending series of security flaws."