backtop


Print 76 comment(s) - last by iNGEN.. on Aug 4 at 12:51 PM

Criticizing the criticisms in an ongoing e-voting saga

Representatives from three voting machine companies expressed their criticisms against a California state-sponsored “top-to-bottom review” that found “very real” vulnerabilities in their products.

The study was lead by UC Davis professor Matt Bishop, who discussed the study at a hearing held by Secretary of State Debra Bowen, whose office is currently deciding whether or not to allow the machines’ use during the Feb. 5 presidential primary.

Under a contract with UC Davis and Bowen’s office, Bishop’s study examined machines from Diebold Election Systems, Hart Intercivic, and Sequoia Voting Systems. The conclusions, partially released last week, included findings that the voting systems posed difficulties for voters with disabilities and were vulnerable to intrusion. "It may be that all of [the vulnerabilities] can be protected against. It may be that some cannot,” said Bishop.  According to Secretary Bowen, a fourth company, Election Systems & Software, was also to be included in the review but was omitted because it was late in providing needed information to her office.

According to state law, Bowen has until Friday to set the rules for the upcoming primary election.  "I intend to go through a methodical process to determine what to do next," she said.

Sequoia Systems, in a statement released Monday on their web site, called the study’s findings “implausible,” objecting to the fact that the study was conducted in a closed lab environment over a period of weeks as opposed to a true election environment or in accordance with ISO criteria. “None of the attacks described … are capable of success,” said Sequoia sales executive Steven Bennett to a panel of officials from the Secretary of State’s office.

Diebold and Sequoia further pointed out that the study evaluated outdated versions of the voting machines and their software. “While it cannot be guaranteed that all of the extremely improbable vulnerabilities identified are prevented by subsequent product development and updates, many are specifically addressed,” said Sequoia. However, Sequoia acknowledged that it is working to insure that the “few system vulnerabilities” found could not be used to tamper with election results.

“Voting system reliability is something we're always working at improving … security is never finished,” said Sequoia spokeswoman Michelle Schafer.

Hart Intercivic also objected to the study’s laboratory environment, stressing it was not a considerable substitute for real-world “people, processes, procedures, policies, and technology” and, in the company’s official statement, suggested that a better study might “define a realistic threat that faces all layers of security in an election.”

Even members of the security community have questioned the study’s approach: “While the goals of this effort were laudable, our organization is concerned about its execution,” writes Jim March of watchdog group Black Box Voting, to Secretary Bowen. “Your agency's review only partially examines the risks of inside manipulation with these systems. Procedural remedies can be circumvented by those with some level of inside access. In fact, we would contend that the most high risk scenario of all is that of inside manipulation, and we would also contend that the systems used in California cannot be secured from inside tampering.”

Since their inception, voting machines in the US have received a bad rap amidst a storm of negative press, mishaps, and concern about their ability to be tampered with:

In September 2006, Princeton researchers were able to hack Diebold’s AccuVote-TS machine, going so far as to write a computer virus that spread between other Diebold machines. Later, voting machines from Sequoia were also found to have similar vulnerabilities. “You can’t detect it,” explained Princeton Professor Andrew Appel.

In the same month, a team of untrained 54-year-old women from Black Box Voting, using 4 minutes’ worth of time and $12 in tools, were able to circumvent tamper-proof seals on a Diebold vote scanner, and were able to replace the device’s memory card.

Also in September 2006, a consulting firm working for Ohio’s Cuyahoga County -- which includes Cleveland -- found huge discrepancies between the electronic and paper records kept by Diebold voting machines. Ohio was a key swing state for the tight 2004 presidential election, and its electoral votes help decide the result.

Earlier that year in August, Diebold voting machines botched the Alaska preliminaries in several precincts as they failed to connect to their dial-up servers to upload vote results, slowing the election considerably. Officials had to hand-count votes and manually upload the totals to the central server.

In December 2005, a Diebold whistleblower under the name of “Dieb-throat,” who was once a “staunch supporter of electronic voting’s potential” gave a scathing interview to The Raw Story accusing Diebold of mismanagement and burying known backdoors in their own products, including one that made the Department of Homeland Security’s National Cyber Alert System for the first week of September 2004.

In 2004, Black Box Voting released a video demonstrating that a chimp, given an hour of training, was able to hack a Diebold voting machine. “What you saw was a staged production ... analogous to a magic show,” said Diebold spokesman David Bear, in response.

These findings, as well as others both negative and positive, culminated in a March 2007 warning from the US Government Audit Office as it testified before the Subcommittee on Financial Services and General Government: “[E-voting] security and reliability concerns are legitimate and thus merit the combined and focused attention of federal, state, and local authorities responsible for election administration.”



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

I'm sorry
By FITCamaro on 8/1/2007 7:23:40 AM , Rating: 4
But how hard is it to make a voting machine? It requires no complex logic. You have a few gui screens where the person identifies themselves, picks their candidate, and then they hit submit.

At the end of the day it sends out a quick, encrypted, data burst to a central server with the results. Or hell, just a print out of the final tallies and then all the different people who voted for different candidates and that can be uploaded manually.

Put it inside a steel chassis thats attached from the bottom (its more of a shell) so a person would have to lift the casing off to get to anything important. Hardly unnoticeable.




RE: I'm sorry
By Rotkiv on 8/1/2007 7:48:43 AM , Rating: 2
I realize that this not really the same thing but if it did not work for Thomas Edison it probably wont work here.


RE: I'm sorry
By Master Kenobi (blog) on 8/1/2007 7:48:48 AM , Rating: 5
That would make too much sense. We can't do that.


RE: I'm sorry
By jay401 on 8/2/2007 9:18:14 AM , Rating: 2
yup. For one, it would put them outta business. For another, it would be too hard to "influence" election results if/when the government decides to do so.


RE: I'm sorry
By Bluestealth on 8/1/2007 7:52:32 AM , Rating: 2
These voting machines are really quite comical, perhaps eventually we will get someone to come out with a voting machine that actually works and is secure and we can move on with life?


RE: I'm sorry
By Moishe on 8/1/2007 8:46:49 AM , Rating: 5
There is far too much FUD and politics mixed up in this.

We can make a solid trustworthy voting machine, but we don't... Not sure why, but it's rather upsetting and makes me really doubt that we'll ever have a completely trustworthy election.

Like another poster said, we can do it like with ATMs. ATMs just work and they leave a paper trail.


RE: I'm sorry
By Some1ne on 8/1/2007 4:02:40 PM , Rating: 1
So I can withdraw $20 the next time I have to vote on sometihng? Cool.


RE: I'm sorry
By clemedia on 8/2/2007 12:36:00 AM , Rating: 6
Not without a $1.50 surcharge. :)


RE: I'm sorry
By rtrski on 8/2/2007 2:46:24 PM , Rating: 2
I can see that leading to a class action civil suit about a Poll Tax. :)


RE: I'm sorry
By TwistyKat on 8/2/2007 2:12:43 PM , Rating: 3
Right. If I'm going to vote on computer I want a receipt with a transaction ID, a timestamp and who I voted for. I would be responsible for that receipt and if I lost it, my loss.

If the voting machine companies can't do that, I'd suspect they can't create a real voting machine in the first place.


RE: I'm sorry
By JeffDM on 8/4/2007 10:54:57 AM , Rating: 2
I think ATMs are occasionally compromised but I think there is a valid point in that they are still far better handled, better designed and offer you a paper trail, I think a second copy is kept inside the machine too. I've heard that slot machine systems are usually far better regulated as well.

But maybe that's not entirely fair. ATMs and slot machines have been around for a lot longer and are more mature products.

Personally, I am worried about lone hackers getting to the machines, but that's not the big threat, and I think the makers are trying to distract people in their arguments. I don't want machines that can be rigged to rig elections. Some people have direct access to them and there's a chance that it can be used to rig elections or completely miscount them. That's why the machine should keep its own paper trails.


RE: I'm sorry
By omnicronx on 8/1/2007 9:14:24 AM , Rating: 2
If its so easy, maybe you should be seeking the next contract ;) but something gives me a feeling its a little more complex than you think. Remember it is a lot more than just voting, i bet half the system is protection against cheating or the manipulation of votes.


RE: I'm sorry
By BMFPitt on 8/1/2007 11:49:31 AM , Rating: 2
It is incredibly easy to create a hack proof voting system (at least to the point where it is as secure as a paper ballot) if you assume minimally competent people running the polling places. It is incredibly hard to create a cheap hack proof voting system.

At a bare minimum, there should have to be a paper receipt that states in human-readable form who was voted for. The votes should only be tallied from the paper receipt. A random sample of at least 5-10% of them should have to be fully tested to assure that they are read correctly. There should be a screen that states what the tallies are at all times when feeding into the machine, so that any person doing the feeding can notice something hat doesn't match.

Under this system, it doesn't matter if you give everyone open access to the machine and the code. As long as people look at the receipt to see that it is correct, you can't fudge the results.


RE: I'm sorry
By Rovemelt on 8/1/2007 12:06:26 PM , Rating: 1
I agree, it doesn't need to be difficult if the voting machine is basically a kiosk that simply prints out a readable ballot on paper. The voter can visually confirm the vote and put the paper ballot in a box. Sounds pretty secure to me and relatively easy to achieve.

quote:
“Voting system reliability is something we're always working at improving … security is never finished,” said Sequoia spokeswoman Michelle Schafer.


So I guess this means Sequoia is committed to a voting process that is forever in question. This is an example of why I can't trust our democracy to these companies.


RE: I'm sorry
By rcc on 8/1/2007 4:57:53 PM , Rating: 2
Right!!!

Oh, but wait. If we fought using WWI technology. Or did forenics the way they did it in the civil war......

Dude, security is always an on-going project.

And frankly, have you considered how secure a ballot box really is?


RE: I'm sorry
By Flunk on 8/1/2007 9:50:27 AM , Rating: 3
Maybe I should start my own voteing machine company. We'll do things that make sense like encrypted commication and verfying votes on the server side (But not linking who the person voted for to the person of course). Keeping the important logic off of the terminal should be the 1st priority.

How hard is it to properly implement this dataflow:

Voteing terminal -> Vote Server -> Database


RE: I'm sorry
By tdp2000 on 8/1/2007 12:20:12 PM , Rating: 2
What is the matter with pencil and paper and a human being to tally the votes? I don't understand this rush to "modernize" our voting system. It probably doesn't make any difference because money, not machines, elect the likes of GW Bush.


RE: I'm sorry
By BMFPitt on 8/1/2007 12:26:36 PM , Rating: 2
quote:
What is the matter with pencil and paper and a human being to tally the votes?
2000 election?


RE: I'm sorry
By The Sword 88 on 8/1/2007 1:43:03 PM , Rating: 2
Okay I lived in Jacksonville, Florida then. It was not hard to vote. People are just idiots. The butterfly ballot was not confusing. You just punched the hole next to your candidate. Sure there were names on both sides and the punch boxes were in the middle but it was not confusing. As for the hanging chad thing. If you accidently voted for 2 candidates for the same office your vote should have been thrown out.


RE: I'm sorry
By BMFPitt on 8/1/2007 1:55:46 PM , Rating: 2
quote:
As for the hanging chad thing. If you accidently voted for 2 candidates for the same office your vote should have been thrown out.
Yet this is still left up to interpretation, and every count yielded different results. This would not be possible with a printed receipt.


RE: I'm sorry
By Lightning III on 8/1/2007 12:40:10 PM , Rating: 3
Dooofus

thats not the problem they dont want to add a simple recpt printer to the devices that will print out your choices with a place for a thumb print

that way after the election they can randomly choose a machine and verify that one of the largest rebublican campaign contributor's (DIEBOLD)isn't electronicly trying sway the election


RE: I'm sorry
By davidsarmstrong on 8/3/2007 8:24:21 AM , Rating: 2
Excellent point!


RE: I'm sorry
By Oregonian2 on 8/1/2007 2:57:24 PM , Rating: 2
Well, the funny thing is that "testing" of such systems usually finds faults that depend upon physical access to the box for a significant period of time. Paper ballots are VERY easily modified when physical access is allowed. So usually my response is 'duh'.

As to design, I actually participated in the design of an electronic voting machine in the mid 1970's. Company I worked for (in North Carolina back then) designed and manufactured it for another company. It would have been essentially unbreakable due to the low-tech that was used (the screens were rear-projected filmstrip-projector based, with rows of switches on the front. No networking was involved (so it was break-in proof in that regard) and the totally unique custom data storage had to be physically transported. Had a tiny printer that printed what I recall to look like giberish generic markings which was used for an auditrail. In any case, preventing physical access is the key to security -- that makes everything else less important, especially if it's not networked at all (at least when being used).


RE: I'm sorry
By theConfusedOne on 8/2/2007 4:03:37 AM , Rating: 2
I'm seeing a lot of interesting and enlightening viewpoints here.

I think it is indeed more complicating than not. Making sure that the GUI works for those of us that are colorblind. Making sure that the usability is not complicated for those not used to a computer (but very knowledgeable in philosophy, politics, etc... or not knowledgeable but eager to participate and to vote). If the machine sends the results in bulk, how and where is it stored? Is it secure? How can we check that it's not tampered with? How can we check that the creator was not bribed by one party or another to make a "special" machine?

I think the issue is complex, the outcome unimaginably important. I think the only way to trust the outcome, is to know as much as we can about the process. Is anybody thinking open source? The more contributors, the more wisdom, the merrier. I think.


"Can anyone tell me what MobileMe is supposed to do?... So why the f*** doesn't it do that?" -- Steve Jobs

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki