Research
Protecting
Elections in an Electronic World (June 2006)
In June of 2006, the
Brennan Center released this comprehensive security analysis of the three most
common voting systems in use in the US. The task force that prepared this
analysis included internationally renowned scientists, voting machine experts
and security professionals from government, academia and the private-sector.
The report, 162 pages in total, outlines clearly the potential vulnerabilities
of paperless DRE's, DRE's with a paper trail, and Optical Scan systems and
discusses the relative value of various measures used to minimize these
vulnerabilities.
Of particular
note, this study recommends
Automatic Routine Audits
of voter-verified
paper records compared to electronic vote tallies as the key security
measure that should be instituted after all elections.
Read
the Report
The Brennan Center also
published a follow up report, titled,
Voting
System Security, Accessibility, Usability and Cost
This
key document, prepared by scientists at the National Institute of Standards and
Technology (NIST), recommends that new standards for voting systems (VVSG, 2007)
should require “software independence”.
Paperless touchscreen machines would not meet this standard; OpScan systems,
among others, would.
Read the
Report
For more
information on the STS, TGDC, VVSG2007 and the concept of 'software
independence, try
this.
The concept of
software independence is amplified in a supplemental paper, found
here.
In addition to the software
independence requirement, the STS has submitted another
paper that discusses some of the problems with the current generation
of DRE with VVPAT systems.
Another
paper recommends new, more stringent restrictions on the use of
radio-based wireless communications devices in voting systems. The use of
infrared-based wireless communications would be permitted only under some
narrowly defined circumstances.
Entitled, “Security
Analysis of the Diebold AccuVote-TS Voting Machine”, this study demonstrates
how the security vulnerabilities of the
machines used in Maryland could
be exploited to rig an election without detection.
Key points include:
1. Malicious software running on a single voting machine can steal
votes with little if any risk of detection. The malicious software can
modify all of the records, audit logs, and counters kept by the voting machine,
so that even careful forensic examination of these records will find nothing
amiss.
2. Anyone who has physical access to a voting machine, or to a memory card
that will later be inserted into a machine, can install said malicious software
using a simple method that takes as little as one minute.
3.
AccuVote-TS machines are susceptible to voting-machine viruses that can
spread malicious software automatically and invisibly from machine to machine
during normal pre- and post-election activity.
Read the Report
View
the 9-minute video demonstrating these vulnerabilities here
This report detailed flaws in voting
system security, access, and hardware controls, weak security management
practices by vendors, and identified multiple examples of failures in real
elections.
Voting system vulnerabilities and problems found include:
- Cast ballots, ballot definition files, and audit logs could
be modified;
- Supervisor functions were protected with weak or easily
guessed passwords;
- Systems had easily picked locks and power switches that were
exposed and unprotected;
- Local jurisdictions misconfigured their electronic voting
systems, leading to election day problems;
- Voting systems experienced operational failures during
elections;
- Vendors installed uncertified software;
- Some electronic voting systems did not encrypt cast ballots
or system audit logs, and it was possible to alter both without being
detected;
- It was possible to alter the files that define how a ballot
looks and works so that the votes for one candidate could be recorded for a
different candidate.
Read
the Report
The Hursti Hack, referred to as “the mother of all security holes” was first exposed
in a formal report on July 4, 2005. This
hack highlights the importance of having an independent audit mechanism
for any software-based system.
Read the Report
In
the fall of 2003, the MD General Assembly’s Department of Legislative Services
(DLS) was asked to conduct an independent review of the issues concerning the
purchase of the voting system and to examine and assess security and voting
verification issues related to the voting system.
A Columbia, MD, consulting firm, RABA Technologies, was contracted to do
the study. It confirmed the
findings of the Rubin and SAIC reports, and found additional vulnerabilities.
Read the Report
Read SBE's Response to
DLS'
Trusted Agent Report on Diebold AccuVote-TS Voting System (updated July 22,
2004)
Another
related article:
“Computer security experts hired to hack electronic voting machines
manufactured by Diebold Election Systems found that flaws in the machines could
result in malicious insiders or outsiders stealing an election.”
http://www.wired.com/news/business/0,1367,62109,00.html
This technical security assessment examined 4 voting systems,
Diebold Election Systems
AccuVote-TS, the Election Systems and Software (ES&S) iVotronic, the Hart
InterCivic eSlate 3000, and the Sequoia Voting Systems AVC Edge, and found
similar vulnerabilities with the Diebold system that MD uses.
Read the
Report
In
early August 2003 the state of Maryland hired a third-party consulting firm (SAIC)
to perform an analysis of Diebold’s AccuVote-TS voting system. A redacted
version of SAIC’s report stated: “The system, as
implemented in policy, procedure, and technology, is at high risk of
compromise.”
Read the Report
Read the MD
State
Board of Election's (SBE) Response to the Risk Assessment Report (above)
Read
the SBE's
Letter Accompanying the Voting System Action Plan
Avi Rubin, et al.
This is the report
that started it all. It is an
analysis of the source code of a Diebold touch-screen voting system that was
found on an unsecured internet site by Bev Harris of Black Box Voting.
From the abstract: “Our analysis shows that this voting system is far
below even the most minimal security standards applicable in other contexts,”
and, “We conclude that this voting system is unsuitable for use in a general
election. Any paperless electronic voting system might suffer similar flaws,
despite any 'certification' it could have otherwise received.”
Read
the Report
|
