Sometimes it’s better to do things the old-fashioned way—at least partly.
Perhaps that’s the lesson to be learned from a
report released by Princeton University
that outlines security concerns surrounding an electronic voting
machine used in New Jersey.
With the U.S.
presidential election looming, the report states it is possible to hack the
Sequoia AVC Advantage 9.00H DRE (direct-recording
electronic) voting machine in 7 minutes by loading fraudulent firmware.
By replacing the Z80 processor chip in the machine or removing one ROM chip
from its socket and putting in a new one, a hacker can potentially siphon votes
from one candidate and give them to another.
“The fraudulent firmware can steal votes during an election, just as its
criminal designer programs it to do,” the report states. “The fraud cannot
practically be detected. There is no paper audit trail on this machine; all
electronic records of the votes are under control of the firmware, which can
manipulate them all simultaneously.”
The subject of the voting machines entered the legal arena in 2004, when the
Coalition for Peace Action, a Princeton-based civic group, sued the state over
its use of the machines. The case was dismissed by the trial court in January
2005 and then reinstated in 2006 by the Appellate Court. While the appeal was
pending in the summer of 2005, a bill was passed requiring that any voting
system in New Jersey produce a
voter-verified paper ballot as of Jan. 1, 2008. The state was given a six-month extension
to comply on two occasions.
Twitter, Google and Yahoo tailor Web services for the presidential election. Click here to learn more.
Having a verifiable paper ballot, the report’s authors say, is the only way
for voters to be safe. A paper record of every vote cast should be generated
and be viewable to the voter at the time the vote is cast. Seems logical
enough, and such a system would provide an extra check for auditing purposes.
However, it also should be noted that no election has ever been overturned in New
Jersey due to the machine, and 7 minutes is a rather
long window for someone to be left alone with a voting machine.
For its part, Sequoia
has responded to the Princeton study with a report
of its own, rebutting many of the claims in the Princeton
report. Whether or not the Princeton findings are valid,
one thing is clear: Going back to the 19th century during election time isn’t
going to work. As any election worker can tell you, handwritten ballots come
with their own set of problems, like misspellings and illegible penmanship.
A print-out of a digital ballot and perhaps some additional security for the
sake of chain of custody of the machines—as well as to ensure they are
properly stored—seems like a fair trade-off.
“Software independence does not mean that computers (and computerized voting
machines) cannot be involved in elections,” the Princeton
report states. “It means that any calculations done by the computers must be
verifiable independently of the computer program. In fact, it is reasonable and
often desirable to have computers involved in elections, as long as software
independence can be achieved.”
/ 4 
IT Security & Network Security News & Reviews News & Reviews 
