Entries Tagged "voting"

Page 16 of 18

Open Voting Foundation Releases Huge Diebold Voting Machine Flaw

It’s on their website:

“Diebold has made the testing and certification process practically irrelevant,” according to Dechert. “If you have access to these machines and you want to rig an election, anything is possible with the Diebold TS—and it could be done without leaving a trace. All you need is a screwdriver.” This model does not produce a voter verified paper trail so there is no way to check if the voter’s choices are accurately reflected in the tabulation.

Open Voting Foundation is releasing 22 high-resolution close up pictures of the system. This picture, in particular, shows a “BOOT AREA CONFIGURATION” chart painted on the system board.

The most serious issue is the ability to choose between “EPROM” and “FLASH” boot configurations. Both of these memory sources are present. All of the switches in question (JP2, JP3, JP8, SW2 and SW4) are physically present on the board. It is clear that this system can ship with live boot profiles in two locations, and switching back and forth could change literally everything regarding how the machine works and counts votes. This could be done before or after the so-called “Logic And Accuracy Tests”.

If this is true, this is an enormously big deal.

Posted on August 4, 2006 at 11:27 AMView Comments

The League of Women Voters Supports Voter-Verifiable Paper Trails

For a long time, the League of Women Voters (LWV) had been on the wrong side of the electronic voting machine issue. They were in favor of electronic machines, and didn’t see the need for voter-verifiable paper trails. (They use to have a horrid and misleading Q&A about the issue on their website, but it’s gone now. Barbara Simons published a rebuttal, which includes their original Q&A.)

The politics of the LWV are byzantine, but basically there are local leagues under state leagues, which in turn are under the national (LWVUS) league. There is a national convention once every other year, and all sorts of resolutions are passed by the membership. But the national office can do a lot to undercut the membership and the state leagues. The politics of voting machines is an example of this.

At the 2004 convention, the LWV membership passed a resolution on electronic voting called “SARA,” which stood for “Secure, Accurate, Recountable, and Accessible.” Those in favor of the resolution thought that “recountable” meant auditable, which meant voter-verifiable paper trails. But the national LWV office decided to spin SARA to say that recountable does not imply paper. While they could no longer oppose paper outright, they refused to say that paper was desirable. For example, they held Georgia’s system up as a model, and Georgia uses paperless Diebold DRE machines. It makes you wonder if the LWVUS leadership is in someone’s pocket.

So at the 2006 convention, the LWV membership passed another resolution. This one was much more clearly worded: designed to make it impossible for the national office to pretend that the LWV was not in favor of voter-verified paper trails.

Unfortunately, the League of Women Voters has not issued a press release about this resolution. (There is a press release by VerifiedVoting.org about it.) I’m sure that the national office simply doesn’t want to acknowledge the membership’s position on the issue, and wishes the issue would just go away quietly. It’s a pity; the resolution is a great one and worth publicizing.

Here’s the text of the resolution:

Resolution Related to Program Requiring a Voter-Verifiable Paper Ballot or Paper Record with Electronic Voting Machines

Motion to adopt the following resolution related to program requiring a voter-verified paper ballot or paper record with electronic voting systems.

Whereas: Some LWVs have had difficulty applying the SARA Resolution (Secure, Accurate, Recountable and Accessible) passed at the last Convention, and

Whereas: Paperless electronic voting systems are not inherently secure, can malfunction, and do not provide a recountable audit trail,

Therefore be it resolved that:

The position on the Citizens’ Right to Vote be interpreted to affirm that LWVUS supports only voting systems that are designed so that:

  1. they employ a voter-verifiable paper ballot or other paper record, said paper being the official record of the voter¹s intent; and
  2. the voter can verify, either by eye or with the aid of suitable devices for those who have impaired vision, that the paper ballot/record accurately reflects his or her intent; and
  3. such verification takes place while the voter is still in the process of voting; and
  4. the paper ballot/record is used for audits and recounts; and
  5. the vote totals can be verified by an independent hand count of the paper ballot/record; and
  6. routine audits of the paper ballot/record in randomly selected precincts can be conducted in every election, and the results published by the jurisdiction.

By the way, the 2006 LWV membership also voted on a resolution in favor of net neutrality (the Connecticut league issued a press release, because they spearheaded the issue), and one against the death penalty. The national LWV office hasn’t issued a press release about those two issues, either.

Posted on July 5, 2006 at 1:32 PMView Comments

Brennan Center Report on Security of Voting Systems

I have been participating in the Brennan Center’s Task Force on Voting Security. Last week we released a report on the security of voting systems.

From the Executive Summary:

In 2005, the Brennan Center convened a Task Force of internationally renowned government, academic, and private-sector scientists, voting machine experts and security professionals to conduct the nation’s first systematic analysis of security vulnerabilities in the three most commonly purchased electronic voting systems. The Task Force spent more than a year conducting its analysis and drafting this report. During this time, the methodology, analysis, and text were extensively peer reviewed by the National Institute of Standards and Technology (“NIST”).

[…]

The Task Force examined security threats to the technologies used in Direct Recording Electronic voting systems (“DREs”), DREs with a voter verified auditable paper trail (“DREs w/ VVPT”) and Precinct Count Optical Scan (“PCOS”) systems. The analysis assumes that appropriate physical security and accounting procedures are all in place.

[…]

Three fundamental points emerge from the threat analysis in the Security Report:

  • All three voting systems have significant security and reliability vulnerabilities, which pose a real danger to the integrity of national, state, and local elections.
  • The most troubling vulnerabilities of each system can be substantially remedied if proper countermeasures are implemented at the state and local level.
  • Few jurisdictions have implemented any of the key countermeasures that could make the least difficult attacks against voting systems much more difficult to execute successfully.

[…]

There are a number of steps that jurisdictions can take to address the vulnerabilities identified in the Security Report and make their voting systems significantly more secure. We recommend adoption of the following security measures:

  1. Conduct automatic routine audits comparing voter verified paper records to the electronic record following every election. A voter verified paper record accompanied by a solid automatic routine audit of those records can go a long way toward making the least difficult attacks much more difficult.
  2. Perform “parallel testing” (selection of voting machines at random and testing them as realistically as possible on Election Day.) For paperless DREs, in particular, parallel testing will help jurisdictions detect software-based attacks, as well as subtle software bugs that may not be discovered during inspection and other testing.
  3. Ban use of voting machines with wireless components. All three voting systems are more vulnerable to attack if they have wireless components.
  4. Use a transparent and random selection process for all auditing procedures. For any auditing to be effective (and to ensure that the public is confident in
    such procedures), jurisdictions must develop and implement transparent and random selection procedures.

  5. Ensure decentralized programming and voting system administration. Where a single entity, such as a vendor or state or national consultant, performs key tasks for multiple jurisdictions, attacks against statewide elections become easier.
  6. Institute clear and effective procedures for addressing evidence of fraud or error. Both automatic routine audits and parallel testing are of questionable security value without effective procedures for action where evidence of machine malfunction and/or fraud is discovered. Detection of fraud without an appropriate response will not prevent attacks from succeeding.

    The report is long, but I think it’s worth reading. If you’re short on time, though, at least read the Executive Summary.

    The report has generated some press. Unfortunately, the news articles recycle some of the lame points that Diebold continues to make in the face of this kind of analysis:

    Voting machine vendors have dismissed many of the concerns, saying they are theoretical and do not reflect the real-life experience of running elections, such as how machines are kept in a secure environment.

    “It just isn’t the piece of equipment,” said David Bear, a spokesman for Diebold Election Systems, one of the country’s largest vendors. “It’s all the elements of an election environment that make for a secure election.”

    “This report is based on speculation rather than an examination of the record. To date, voting systems have not been successfully attacked in a live election,” said Bob Cohen, a spokesman for the Election Technology Council, a voting machine vendors’ trade group. “The purported vulnerabilities presented in this study, while interesting in theory, would be extremely difficult to exploit.”

    I wish The Washington Post found someone to point out that there have been many, many irregularities with electronic voting machines over the years, and the lack of convincing evidence of fraud is exactly the problem with their no-audit-possible systems. Or that the “it’s all theoretical” argument is the same on that software vendors used to use to discredit security vulnerabilities before the full-disclosure movement forced them to admit that their software had problems.

    Posted on July 5, 2006 at 6:12 AMView Comments

    Diebold Doesn't Get It

    This quote sums up nicely why Diebold should not be trusted to secure election machines:

    David Bear, a spokesman for Diebold Election Systems, said the potential risk existed because the company’s technicians had intentionally built the machines in such a way that election officials would be able to update their systems in years ahead.

    “For there to be a problem here, you’re basically assuming a premise where you have some evil and nefarious election officials who would sneak in and introduce a piece of software,” he said. “I don’t believe these evil elections people exist.”

    If you can’t get the threat model right, you can’t hope to secure the system.

    Posted on May 22, 2006 at 3:22 PMView Comments

    Election Machine Conflict of Interests

    From EPIC:

    EPIC FOIA Notes #11: No-Bid Contracts Go to Vendors with Close Ties to Election Advisory Group

    Documents obtained by EPIC from the Election Assistance Commission describe two no-bid contracts for work on voting system standards given to vendors with ties to the Commission’s technical advisory committee.

    From a security perspective, this seems like a really bad idea.

    Posted on January 26, 2006 at 7:35 AMView Comments

    Wisconsin Voting Machines

    Here’s an impressive piece of common sense:

    Among the 15 bills governor Jim Doyle signed into law on Wednesday will require the software of touch-screen voting machines used in elections to be open-source.

    Municipalities that use electronic voting machines are responsible for providing to the public, on request, the code used.

    Any voting machines to be used in the state already had to pass State Elections Board tests. Electronic voting machines, in particular, already were required to maintain their results tallies even if the power goes out, and to produce paper ballots that could be used in case of a recount. The new law also requires the paper ballots to be presented to voters for verification before being stored.

    I wrote about electronic voting here (2004), here (2003), and here (2000).

    Posted on January 6, 2006 at 7:15 AMView Comments

    Leon County, FL Dumps Diebold Voting Machines

    Finnish security expert Harri Hursti demonstrated how easy it is to hack the vote:

    A test election was run in Leon County on Tuesday with a total of eight ballots. Six ballots voted “no” on a ballot question as to whether Diebold voting machines can be hacked or not. Two ballots, cast by Dr. Herbert Thompson and by Harri Hursti voted “yes” indicating a belief that the Diebold machines could be hacked.

    At the beginning of the test election the memory card programmed by Harri Hursti was inserted into an Optical Scan Diebold voting machine. A “zero report” was run indicating zero votes on the memory card. In fact, however, Hursti had pre-loaded the memory card with plus and minus votes.

    The eight ballots were run through the optical scan machine. The standard Diebold-supplied “ender card” was run through as is normal procedure ending the election. A results tape was run from the voting machine.

    Correct results should have been: Yes:2 ; No:6

    However, just as Hursti had planned, the results tape read: Yes:7 ; No:1

    The results were then uploaded from the optical scan voting machine into the GEMS central tabulator, a step cited by Diebold as a protection against memory card hacking. The central tabulator is the “mother ship” that pulls in all votes from voting machines. However, the GEMS central tabulator failed to notice that the voting machines had been hacked.

    The results in the central tabulator read:

    Yes:7 ; No:1

    This is my 2004 essay on the problems with electronic voting machines. The solution is straightforward: machines need voter-verifiable paper audit trails, and all software must be open to public scrutiny. This is not a partisan issue: election irregularities have affected people in both parties.

    Posted on December 14, 2005 at 3:30 PMView Comments

    GAO Report on Electronic Voting

    The full report, dated September 2005, is 107-pages long. Here’s the “Results in Brief” section:

    While electronic voting systems hold promise for a more accurate and efficient election process, numerous entities have raised concerns about their security and reliability, citing instances of weak security controls, system design flaws, inadequate system version control, inadequate security testing, incorrect system configuration, poor security management, and vague or incomplete voting system standards, among other issues. For example, studies found (1) some electronic voting systems did not encrypt cast ballots or system audit logs, and it was possible to alter both without being detected; (2) it was possible to alter the files that define how a ballot looks and works so that the votes for one candidate could be recorded for a different candidate; and (3) vendors installed uncertified versions of voting system software at the local level. It is important to note that many of the reported concerns were drawn from specific system makes and models or from a specific jurisdiction’s election, and that there is a lack of consensus among election officials and other experts on the pervasiveness of the concerns. Nevertheless, some of these concerns were reported to have caused local problems in federal elections—resulting in the loss or miscount of votes—and therefore merit attention.

    Federal organizations and nongovernmental groups have issued recommended practices and guidance for improving the election process, including electronic voting systems, as well as general practices for the security and reliability of information systems. For example, in mid-2004, EAC issued a compendium of practices recommended by election experts, including state and local election officials. This compendium includes approaches for making voting processes more secure and reliable through, for example, risk analysis of the voting process, poll worker security training, and chain of custody controls for election day operations, along with practices that are specific to ensuring the security and reliability of different types of electronic voting systems. As another example, in July 2004, the California Institute of Technology and the Massachusetts Institute of Technology issued a report containing recommendations pertaining to testing equipment, retaining audit logs, and physically securing voting systems. In addition to such election-specific practices, numerous recommended practices are available that can be applied to any information system. For instance, we, NIST, and others have issued guidance that emphasizes the importance of incorporating security and reliability into the life cycle of information systems through practices related to security planning and management, risk management, and procurement. The recommended practices in these election-specific and information technology (IT) focused documents provide valuable guidance that, if implemented effectively, should help improve the security and reliability of voting systems.

    Since the passage of HAVA in 2002, the federal government has begun a range of actions that are expected to improve the security and reliability of electronic voting systems. Specifically, after beginning operations in January 2004, EAC has led efforts to (1) draft changes to the existing federal voluntary standards for voting systems, including provisions related to security and reliability, (2) develop a process for certifying, decertifying, and recertifying voting systems, (3) establish a program to accredit the national independent testing laboratories that test electronic voting systems against the federal voluntary standards, and (4) develop a software library and clearinghouse for information on state and local elections and systems. However, these actions are unlikely to have a significant effect in the 2006 federal election cycle because the changes to the voluntary standards have not yet been completed, the system certification and laboratory accreditation programs are still in development, and the software library has not been updated or improved since the 2004 elections. Further, EAC has not defined tasks, processes, and time frames for completing these activities. As a result, it is unclear when the results will be available to assist state and local election officials. In addition to the federal government’s activities, other organizations have actions under way that are intended to improve the security and reliability of electronic voting systems. These actions include developing and obtaining international acceptance for voting system standards, developing voting system software in an open source environment (i.e., not proprietary to any particular company), and cataloging and analyzing reported problems with electronic voting systems.

    To improve the security and reliability of electronic voting systems, we are recommending that EAC establish tasks, processes, and time frames for improving the federal voluntary voting system standards, testing capabilities, and management support available to state and local election officials.

    EAC and NIST provided written comments on a draft of this report (see apps. V and VI). EAC commissioners agreed with our recommendations and stated that actions on each are either under way or intended. NIST’s director agreed with the report’s conclusions. In addition to their comments on our recommendations, EAC commissioners expressed three concerns with our use of reports produced by others to identify issues with the security and reliability of electronic voting systems. Specifically, EAC sought (1) additional clarification on our sources, (2) context on the extent to which voting system problems are systemic, and (3) substantiation of claims in the reports issued by others. To address these concerns, we provided additional clarification of sources where applicable. Further, we note throughout our report that many issues involved specific system makes and models or circumstances in the elections of specific jurisdictions. We also note that there is a lack of consensus on the pervasiveness of the problems, due in part to a lack of comprehensive information on what system makes and models are used in jurisdictions throughout the country. Additionally, while our work focused on identifying and grouping problems and vulnerabilities identified in issued reports and studies, where appropriate and feasible, we sought additional context, clarification, and corroboration from experts, including election officials, security experts, and key reports’ authors. EAC commissioners also expressed concern that we focus too much on the commission, and noted that it is one of many entities with a role in improving the security and reliability of voting systems. While we agree that EAC is one of many entities with responsibilities for improving the security and reliability of voting systems, we believe that our focus on EAC is appropriate, given its leadership role in defining voting system standards, in establishing programs both to accredit laboratories and to certify voting systems, and in acting as a clearinghouse for improvement efforts across the nation. EAC and NIST officials also provided detailed technical corrections, which we incorporated throughout the report as appropriate.

    Posted on December 2, 2005 at 3:08 PMView Comments

    Vote Someone Else's Shares

    Do you own shares of a Janus mutual fund? Can you vote your shares through a website called vote.proxy-direct.com? If so, you can vote the shares of others.

    If you have a valid proxy number, you can add 1300 to the number to get another valid proxy number. Once entered, you get another person’s name, address, and account number at Janus! You could then vote their shares too.

    It’s easy.

    Probably illegal.

    Definitely a great resource for identity thieves.

    Certainly pathetic.

    Posted on November 24, 2005 at 10:41 AMView Comments

    1 14 15 16 17 18

    Sidebar photo of Bruce Schneier by Joe MacInnis.