In part one I referenced today’s LA Times report. In this post I quote from the Sec of State’s contract with the University of California at Davis which established three teams to conduct testing of the three “electronic voting systems currently certified in California.”
Sequoia. “The testers were able to gain access to the internals of the system by, for example, unscrewing screws to bypass locks. The screws were not protected by seals. Similarly, plastic covers that were protected by seals could be pried open enough to insert tools that could manipulate the protected buttons without damaging the seals or leaving any evidence that the security of the system had been compromised. The next section reports that “the testers discovered numerous ways to overwrite the firmware of the Sequoia Edge system, using (for example) malformed font files and doctored update cartridges.”
Diebold. “The testers were able to penetrate the GEMS server system by exploiting vulnerabilities in the Windows operating system as delivered and installed by Diebold. Once this access was obtained, they were able to bypass the GEMS server to access the data directly. Further, the testers were able to take security-related actions that the GEMS server did not record in its audit logs.
In the next category they “were able to bypass the physical controls on the AccuVote Optical Scanner using ordinary objects.”
The last machine tested was the Hart system. “Hart software security settings provide a restricted, Hart-defined environment that the testers bypassed, allowing them to run the Hart software in a standard Windows environment. They also found an undisclosed account on the Hart software that an attacker who penetrated the host operating system could exploit to gain unauthorized access to the Hart election management database.” The evaluation continues by stating that “the testers were able to overwrite the eScan software. The team also accessed menus that should have been locked with passwords. Other attacks allowed the team to alter vote totals; these attacks used ordinary objects.”
Without providing the entire report do you feel that your vote is safe and secure?
The test conditions were hardly real-life – any system can be compromised if you put it outside and let anyone have a go at it.
Ever heard of stuffing the ballot box – cetainly a lot easier to cheat with paper ballots than to go to work on an electronics box. If I can bank on-line with safety everyday then there’s no reason why voting can’t be made secure.
1:04 p.m. Anonymous. Are you an expert in the hardware or software of any of the three firms whose products were tested?
Please share with our readers what credentials you possess that qualifies you to discredit the analysis conducted by UC Davis?
That said, I am not one of those who are paranoid and claimed that Bush stole the 2000 election.
There is no conspiracy in this post. However,this product evaluation does point out that abuses can occur in the high tech 21st Century world we live in.
Larry … “Anonymous” is not far wrong. One of the first principles in computer/software security is that if the bad guy has access to the hardware, that part of the system is not secure.
In an absolute sense, the voting machine is insecure, and always will be. You can to a limited degree make the box harder to crack, but not absolutely secure.
The UC Davis study can show something about the degree of difficulty in cracking a box. The publicity might be useful in motivating change (and we do need change). Anyone reasonably acquainted with the design of secure systems would expect this result.
Even with voting machines that are (to varying degrees) insecure, it is still possible to make the entire voting process secure. Building secure systems from insecure components is a regular area of study.
Went on a bit longer elsewhere…
More reliable voting
Getting the issues with “e-voting” completely wrong
In the elections I’ve attended since the E-slates (Hart) have been used in Orange County, the problem rate at the polls have not been any higher than the problem rate with the punch card system used before.
Now the problem rate with paper ballot has gone up, most notable are the problems with absentee ballots.
I don’t know how it became acceptable for absentee ballots to be sent to political campaign offices for collection and delivery to the ROV office. Who got that past the smell test?
The ROV shows that 44 percent of the absentee ballots are missing for Yorba Linda Special Municipal Election of 06-05-07. The missing number of paper absentee ballots in other elections are very high too. (ROV’s web site only list the last election mailed/returned numbers)
Security problems with ballots? 44% missing screams quite loud I think.
Yes, with the push to use absentee ballots, there is a bigger problem than with the voting machines. Nothing secure or reliable about absentee ballots.
Wondered a bit about this after the last election.
Missing absentee ballots – error or malice?
Based on the above comments I guess we now face the issue. “Paper or plastic.” No, not at the supermarket. Plastic being the voting machine’s molded cases. While no system is 100 percent secure, and I would not have detailed the UC Davis findings other than the reality that they are readily available on the web for all to read. I am confident that the Sec of State’s staff is not asleep in addressing corrective action by any of the current voting machine suppliers if they wish to retain our business. They surely have seen the analysis, responded, and are implementing required fixes as my fingers hit this keyboard.
Landed in Bruce Schneier’s weblog:
California Voting Machine Audit Results
For reference – Bruce Schneier wrote the book “Applied Cryptography” (among others) – a book likely owned by most of the folk with an interest in building secure computer/software systems. At the time “Applied Cryptography” first came out, use of cryptography was both risky and (to the farsighted) necessary. His views are always worth reading (if perhaps not always right).
There is a long backstory here. The U.S. government used to treat cryptography like nuclear weapons parts. The restrictions on the use of cryptography were quite severe. Building a secure computer/software system in practically all cases requires some use of cryptography. Count this as a couple decades where the software written was much less secure, due to no longer useful government regulations. Much of that software is still in use.
I ran into this in the mid-1980’s. Got tasked with writing security software, did the research, and figured out what needed done. Had to call the government for permission. Got an unexpected call back. The NSA flew out 3 very nice, helpful folk who made it plain we would have to build something less secure.
8-1-07 Email response
Subj: Demand Secure and Fair Elections
Date: 8/1/2007 12:50:48 PM Pacific Daylight Time
From: rjacobs@couragecampaign.org
Reply-to: info@couragecampaign.org
To: lgpwr@aol.com
Sent from the Internet (Details)
Dear Larry:
I don’t know about you, but when I vote, I want to know that my vote is counted. Some in California seem to think hacking of electronic voting machines is just fine. Grassroots champion Secretary of State Debra Bowen doesn’t think it’s fine. Do you?
Secretary Bowen must decide by this Friday, August 3, whether to decertify suspect electronic voting machines. Sign here today to support Secretary of State Bowen in demanding the sanctity of each and every vote.
http://www.couragecampaign.org/SecureElections
We just cannot afford to wonder whether our votes are accurately counted in California elections. Not here. Not in the largest state in the union. But that’s just what some county election officials say should happen. Secretary Bowen has come up with a comprehensive review1 that makes clear that some electronic voting machines are easily hacked — but some county election officials question the need for any security review of those machines2. Some county election officials don’t seem to care that voters lack faith in electronic voting systems. No wonder people say, “why bother to vote? They won’t count it anyway.” Now, we hear of Registrars that say there’s not enough time to make sure that every vote counts. This is pretty simple: if we have time to vote, we damn well want those officials to make the time to count our votes.
http://www.couragecampaign.org/SecureElections
Remember Ohio in 2004? Or Florida in 2000? If not for a hanging chad or hackable machine, would Al Gore be president now? Or John Kerry? Californians face a February primary that can decide who will be the nominee for each party. And then a set of elections in June that will decide who figures out our budget in Sacramento and maybe even who can and can’t get married. And then in November we’ll decide, along with other states, who will be President.
Demand secure elections!
Support grassroots champion Debra Bowen’s plan. Join our friends across the state who have led on this issue. Make every vote count.
Thanks for all you do!
Rick Jacobs
Chair
Courage Campaign
http://www.sos.ca.gov/elections/elections_vsr.htm
http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2007/07/28/MNGP6R8TJO1.DTL