More Voting Machine News
Ohio just completed a major study of voting machines. (Here’s the report, a gigantic pdf.) And, like the California study earlier this year, they found all sorts of problems:
While some tests to compromise voting systems took higher levels of sophistication, fairly simple techniques were often successfully deployed.
“To put it in every-day terms, the tools needed to compromise an accurate vote count could be as simple as tampering with the paper audit trail connector or using a magnet and a personal digital assistant,” Brunner said.
The New York Times writes:
“It was worse than I anticipated,” the official, Secretary of State Jennifer Brunner, said of the report. “I had hoped that perhaps one system would test superior to the others.”
At polling stations, teams working on the study were able to pick locks to access memory cards and use hand-held devices to plug false vote counts into machines. At boards of election, they were able to introduce malignant software into servers.
Note the lame defense from one voting machine manufacturer:
Chris Riggall, a Premier spokesman, said hardware and software problems had been corrected in his company’s new products, which will be available for installation in 2008.
“It is important to note,” he said, “that there has not been a single documented case of a successful attack against an electronic voting system, in Ohio or anywhere in the United States.”
I guess he didn’t read the part of the report that talked about how these attacks would be undetectable. Like this one:
They found that the ES&S tabulation system and the voting machine firmware were rife with basic buffer overflow vulnerabilities that would allow an attacker to easily take control of the systems and “exercise complete control over the results reported by the entire county election system.”
They also found serious security vulnerabilities involving the magnetically switched bidirectional infrared (IrDA) port on the front of the machines and the memory devices that are used to communicate with the machine through the port. With nothing more than a magnet and an infrared-enabled Palm Pilot or cell phone they could easily read and alter a memory device that is used to perform important functions on the ES&S iVotronic touch-screen machine—such as loading the ballot definition file and programming the machine to allow a voter to cast a ballot. They could also use a Palm Pilot to emulate the memory device and hack a voting machine through the infrared port (see the picture above right).
They found that a voter or poll worker with a Palm Pilot and no more than a minute’s access to a voting machine could surreptitiously re-calibrate the touch-screen so that it would prevent voters from voting for specific candidates or cause the machine to secretly record a voter’s vote for a different candidate than the one the voter chose. Access to the screen calibration function requires no password, and the attacker’s actions, the researchers say, would be indistinguishable from the normal behavior of a voter in front of a machine or of a pollworker starting up a machine in the morning.
Elsewhere in the country, Colorado has decertified most of its electronic voting machines:
The decertification decision, which cited problems with accuracy and security, affects electronic voting machines in Denver and five other counties. A number of electronic scanners used to count ballots were also decertified.
Coffman would not comment Monday on what his findings mean for past elections, despite his conclusion that some equipment had accuracy issues.
“I can only report,” he said. “The voters in those respective counties are going to have to interpret” the results.
Coffman announced in March that he had adopted new rules for testing electronic voting machines. He required the four systems used in Colorado to apply for recertification.
The systems are manufactured by Premier Election Solutions, formerly known as Diebold Election Systems; Hart InterCivic; Sequoia Voting Systems; and Election Systems and Software. Only Premier had all its equipment pass the recertification.
California is about to give up on electronic voting machines, too. This probably didn’t help:
More than a hundred computer chips containing voting machine software were lost or stolen during transit in California this week.
Carlo Graziani • December 24, 2007 2:17 PM
One positive development is that at least some state election officials no longer seem to be in denial.
It’s quite a change from even a year ago, when officials in, yes, Ohio and California, would parrot the manufacturers security claims, asserting that problems identified by computer security researchers were “theoretical only”, and that the people complaining about them knew nothing about the conduct of “real” elections. At the time, they seemed to feel that a knowledge of election procedure was all that was necessary to assess the security of electronic voting systems, whereas an elementary understanding of computer security was entirely superfluous. It’s good to see that the cluebat pounding they sustained had a salutory effect on their outlook.