Honest Voting

Note to Ohio:

Dear Ohio,

If the condition of electronic voting machines in your state continues to be so parlous that your state is written up in Scientific American as a bad example, wouldn’t you think it behooves you to get more of a move on? (Political play on words not really intended; it’s just a bonus.) I mean, Scientific American, folks. That’s like having your sweet old scientist grandmother pick you up at school after you were sent to the principal’s office.

I don’t really mean to lecture Ohio’s secretary of state, Jennifer Brunner, who isn’t dawdling. Along with the spot attack of suing Premier (the rebranded Diebold)*, Brunner last year commissioned Project EVEREST, a comprehensive security review of the electronic voting technology used throughout Ohio, to identify any problems that might make elections vulnerable to tampering.

Larry Greenemeier writes for Scientific American that during the 10-week project, teams of academic researchers from Pennsylvania State University, the University of Pennsylvania and WebWise Security (a security firm formed in 2005 by faculty and students from the University of California, Santa Barbara’s security research group) examined DRE touch-screen and optical-scan voting systems from Premier (the rebranded Diebold)*, Election Systems and Software (ES&S) in Omaha, Neb., and Austin, Tex.–based Hart InterCivic as well as the software that manages these systems.

Patrick McDaniel, a Penn State professor of information security, led the EVEREST testing.

A lot of the attacks that McDaniel and his team tested could be carried out at a polling place or county elections office in a matter of seconds. An example: when researchers placed a piece of white tape over part of an e-voting system’s scanner, they were able to effectively block it from reading the entire ballot. In other words, a person could put the tape in a place that kept the system from counting votes for a particular candidate. The team also found that the keys to unlock Hart’s ballot box could also be used to open the ballot boxes on the Premier systems.In a more serious attack, McDaniel found that his researchers could replace the memory card in some of the e-voting systems. “Any software you put on your card would [be] uploaded into the system’s computer,” he says.

Later, at the apocalyptically named Last HOPE conference:

University of Pennsylvania researchers who led EVEREST’s analysis of ES&S e-voting technology described exploitable security vulnerabilities in almost every hardware and software component of ES&S’s touch-screen and optical-scan systems. Some of these flaws, [EVEREST researcher Sandy] Clark said, could allow a single voter or poll worker with bad intentions to alter countywide election results, possibly without election officials ever knowing that the results had been tampered with. “There wasn’t an attack that we tried that we weren’t able to carry out,” she added. “We learned that every current e-voting system has serious exploitable vulnerabilities.”

It might not be too late to convert to paper ballots, Secretary Brunner.

_____
*I’m considering making this the standard form for referring to the beleaguered and doubtless felonious voting machine manufacturer, just as the much missed SPY magazine of the 1980s used to always refer to Donald Trump as a “short-fingered vulgarian” and Lynne Cheney as a “bosomy dirty-book writer”.

Trackback URI | Comments RSS