Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


What the U.S. Is Doing Wrong with E-Voting



 By: Lisa Vaas
2007-07-30
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


  Table of Contents:
  1. What the U.S. Is Doing Wrong with E-Voting
  2. ' Poor Design Choices '
  3. ' Source Code Disclosure '

Rate This Article:
Poor Best
What the U.S. Is Doing Wrong with E-Voting
( Page 1 of 3 )

Updated: The latest U.S. e-voting embarrassment is three systems flunking a California security examination.Another body blow was struck to the already lousy reputation of U.S. e-voting when the office of California Secretary of State Debra Bowen on July 30 published investigation results showing that three major e-voting systems are liable to having their accuracy, security and/or integrity compromised.

Three systems flunked in the hastily conducted examinations: Diebolds GEMS 1.18.24/AccuVote, Hart Intercivic System 6.2.1 and Sequoias WinEDS version 3.1.012/Edge/Insight/400-C. Each machine is either an optical scan system or a DRE that uses Voter Verified Paper Audit Trail

Each system stores votes in its own way. If they can be compromised, the votes that the systems record may not be accurate. For example, if an attacker were to successfully execute arbitrary programs on one of the systems, the systems could be caused to misrecord votes even with the presence of a paper audit trail.

The full report is here.

The news is just the latest in a string of bad press earned by e-voting in the United States of America, where a mishmash of disparate systems is subject to exploit due to wireless communications capabilities and/or inherent flaws in commercial off-the-shelf software thats exempt from testing.

Resource Library:
Members of the Technical Guidance Development Commission of the Election Assistance Commission, which grew out of President George W. Bushs Help America Vote Act of 2002, have said that they were aware of significant flaws in voting machines that could allow attackers to change election outcomes on the national or local level even while the TGDC drafted federal guidelines for the design and testing of those machines.

But as the 2008 election looms, the burning question is: Can we get it right?

Other countries have, after all, figured this stuff out.

Brazils been e-voting since 1996 (albeit with fraud still having crept in). The star of the international e-voting scene is arguably Australia, which is e-voting on machines that are based on Linux, using specs set by independent election officials that were posted on the Internet for one and all to vet—an open-source approach for which U.S. activists clamor.

"From what I have read, the U.S. systems are primitive compared [with those of] Australia," said Tom Worthington, a visiting fellow at the department of computer science at Australian National University, in Canberra, Australia, and an expert on e-voting technology, in an e-mail exchange with eWEEK.

Its worthwhile to pause and clarify what we mean when we use the term "e-voting." Electronic voting systems have actually been in use since the 1960s, with the advent of punch-card systems. The term "e-voting" nowadays refers to one of a medley of newer technologies. One e-voting system used on a large scale in India, the Netherlands, Venezuela and the United States is a newer optical scan system that reads a voters ballot mark and then collects and tabulates votes on a single machine.

Then theres Internet voting, which has been used in the United Kingdom, Estonia, Switzerland, Canada, the United States and France.

Then too there are hybrid systems, such as those that flunked the California review. They include an electronic ballot-marking device thats often a touch-screen system similar to a DRE voting system or other technology that prints a voter-verifiable paper ballot, paired with a separate machine to tabulate votes.

Security experts such as Bruce Schneier, writing in a 2006 report for the Brennan Center Task Force on Voting System Security titled "The Machinery of Democracy: Protecting Elections in an Electronic World," have said that the many types of attacks possible against newfangled e-voting systems include wireless exploits that could take advantage of unplanned vulnerabilities in the system software or hardware to plant a Trojan horse onto a machine.

Click here to read about why it is easy to break forensics software used for data recover during legal investigations.

"For this type of attack, a Trojan horse would not have to be inserted in advance of Election Day," according to the report. "Instead, an attacker aware of a vulnerability in the voting systems software or firmware could simply show up at the polling station and beam her Trojan horse into the machine using a wireless-enabled personal digital assistant."

Note that there have been no documented security breaches of e-voting systems in this country. New electronic machines that caused long reporting delays were used in a Cleveland county during the states 2006 primary election; that election resulted in the entire board of elections of Cuyahoga County being removed, but the two felony convictions had to do with what prosecutors called a rigged recount as opposed to any of the machines having been tampered with. When experts warn of potential holes, the emphasis is on potential.

Next Page: Poorly Designed in the USA.





  Reader Comments: What the U.S. Is Doing Wrong with E-Voting
>>> Be the FIRST to comment on this article!
 


 
 
>>> More Network Security & Hardware Articles          >>> More By Lisa Vaas
 


xr㶲0;; ʷ♵ER%Z,/K3^:U*$ER$gy 7]hɗdq2DFh4$ W7-gB)ٟЧG,zIj}݇@AezNULsJԶn\7n[3P/!kL|Aშ bH %SjMA]k|f{F}_f2F7\3ѢgbގP$ȁ_MM9JD?֥E!mG$oqX}:[S=2r3ݛXBTuK$!1QcDOȟ}g^ԡcF 4-n돇dd-vuH`Uƞfn=Ƌ! A=c9p= vuI%۝I!Dv`4EOGmCc7Ppm׃T*KTkQ3c}fـY'H>1P?wIV@ æӸב/*! lV=Dϋz=Ķ|h{'s@q,r _ƷH7n'pCw %Q,q"U-wS>dRr[dq=ʲnLw3a[mlطGZ.h5E9*VKtp,^/[,,ypg?//ir_vίr$QPwÑ;@ږuPt;'׽~t@.{Q@. X_d}+5UE`ZG$/ Z@N׳P? u5}(D~㖯[JEMюR;2,gfVҘ gUUY;AK~1/NMNl,/aZ4 2V*]鮙ȏwAurqӹlnwMZOvY᳻i ɗV:['=:$~~z>54Y01\]V+HjgdZ6 I|S<֠Eu>^Cj ݖeB_,D\KŗG)HY03ǚ -#4ɌSHzPN@Y*F`KS73I 뮞;nZK0[=RF\ Дa#|dMab&DJH7ӔR^{e ,}ВEtBAͨ4 .+J!"xN3t BD4?CC7=aL+i,h.2eM,Dwެuմ޹-~ӒKsI|nHwnoaUb}ƺƻKEhYf7-$ꨦU++eYE@U~ _p-~aj2B cLt/젠lA`::~g#|>G$!|Бd6ml8-ƹ" ,70}Hg@z¤ wX8=ZcO6%_¤>< v&ztD۠h&r=5$'ʖ/Cf@B뎂9{׻ޚ~nH>X^0 6O`\@$8ʼ }¢1Op-{f`sDowe#0(s@8dN˵K (G))*?]HPw9J B!\0H#`P aR .<BICvn<K){TKh!+K@fsfh(4{~4 cbB|#'bXr`Y \h+|^h)lc lԨ˶V)jXi(P^s0 =WVeEU`HL˦o90后3t @wO8Â[z9s|{< Z|' 6MT2u&f+Lo>L>hQoĘ'c>Xl~te l4TfFfO ~5lwanB9\w,_{t\21 4fWܷ fd50egYA3'|(@]4>+WuPÃ"`"+42[=! = PȭT)w^YY䞅J^S, H@gmdz?;Oq)23f$,4tOWݡ~@ˋ~MkC'h@r6r^{2Kmyo@x# dX{+/,7èkA+_ii tùfXG6X}iМ^edTR iMC@v:=5}nVUOӟLYV<'ZYSꑦTjR)vn g%A qsGIݔ6 [IFbt |ꝸs kQDsOflnlphBJmHw>u- cOѭ,h4)4jkzF of`׆ K ؈㜑ҵgsKwEeIMip!jd>n '[!B`Va T30`-e?n"ϧ=)W}fOaU5clq-Z ;vm۽Ϧ sq,bjt-g @6QQo>U\!EX+LbEad[s6/r^ɂN4:E80Ge#f+[mǙNl*I-iۻ(Sܧ&;alâ˘_/pFFM@X 3$6/Pk 0!/P\QT1.#_L_LU1(TOnQE^aq VKŴ谢Xx}Sː 0gtWed-΀VjLirhU-WJjZ9_VЅ_sTG"Mϩ1pA֌M:+l.TY̘wvPa7oQ*\ ,УǸ'~"Ǥ|e2-tn1c%[´x[2|'@dѪ%3NQ&grf>Ja;9Qo@Hms1 `>;G=!^Xmu*eR)Yi 1ctYse}l^?nH#o ߪ 齦yt* fHLfѮ%H6o,sqI[MLցh 0>0Rlʪ+> 2&iZQRk/s'&8=._EQd:)nQ==ՍћY GL)߭~*9WI拑T)iZ b[-W+>"]4!`T=<1<ʢ'Kr]N6._Tj vQ *s>P YOo -"ԄtLaV*S7xo~.Rȓ#+cI` |ʍce"nxb*n gF Dccb^n{q?X?h5eQbsE1 7Ԇk{J~Zg^pR t(Е䏽n:!)jlw9NC{%b{l:g56|v>724Hv4|7Ny}ֹ_x.z\$1AJ`'My9o48nTMF"zkds;f7쐶Cվ[k,SVXKr!֒j,49Aϐa6n4lCꏽ5/Q֭ Bf-,3bB!BFgG4wD\8#, LwF]Ydasnoœ ׾~/ ?--8cPXSω%٘&BERPUln$jYpJe_Vr{ѩc+N ^d1.P2vA J `ȞxqKwbRJ?A|}& y]f+w)TRw}o}VZtC.qD &d/.%/e ju OK =F~~5o14Ll*z7=}=3ӨO6;x1t?0G Ofxfw9g˓\AIip~nnwkJbjl <Qbh,p9٦hr[vm0\9f>c \_'2>Yl뎟2d] =Em[Բr ~]%J4EU 9n?̩+XtΩ{ e̜o0hҵ&<i7^A} 1(&h?geVLܽ1`Ji=~Lj($ۉԖnK,tҧ,kC|C7׃*9Oၚ8CӜ(lV@0ʳ{h8YX&p(2}%m̺(o0OF?){ݑW}:6<7eee#N4Q%gD?K2X2%Me".CYF1PCG<+d(΀,SAX=NQ<3$fXE'<:~/n! ,*OOe\Jo(xlx.j0n)1 sg'2,&\dGJ4Z91Z/?:\G͂f &k@[fd'PBbSQ'=A<ݩkx%ؒIqy'H?b[PQ1T=$LyWv ˵lGӗ۟\LF!` \FT:BŐtzx^{MK Q4!M/հODׅ7ށT$&䱶 О8R #f.u)ᎁ *]O$[b~P;ό]'f.8a__:;2JJy[( S0 ɥ^HW:,[tIaU&l13x¼r*O8,`0Xb Yfwrؽ_ىr ڶUz tΉIcݶJK@g0W(bIDG5 kGZ,OUw+;qVMRRږ,` #^yob9d6S l/p/Q{ ] /ֱLD?p>c=CX̏ a*E`:خޮZFZy")t&}ڑ I $t4"4Uha+FFU;A"u{IJe[&Š)+3tb kq2B1 W۠Sfpv-kvHN(a;y5DXC$jpK9r*5^cwum\428HFҋSSSS;XbSc}^մԎYbEFWzV1Ict#s=9@9z$2S7ݷ065'T2F[+Aҧwd7 Gx~E;ݷa?jք9<sqxX/6`'sqǰZz&|) Tk -|ʩP&Aΰ.,_ar ǘ8Y% fl`0I3)JËI%{.m/{KV+}!Ȃo6U»$&<x[SFc1H6q!"A$1D./G%{/xyK+ϱ? ^bN-0 –x]B |i솪lNc#1<tHbxJ:;ǘs+F;$$~vod<ѿ/bjy<11p%h>Gr)@y'mzزFZR%<ўu= !~7r$]nޚ>b Xc g$%?[ްWl=qV[3Xݹnʅ[_WH^'˸}y2^8MH$o{q TZsh~Ȅl7|6.{ڶ/hG P|F0-c SZ(X=~s@VE6W*eX -}-$w򥴬;{R6dfph6_fHl$8&wQqD3' $Xy"L,+)u:z4}d3|Ms-E ~/^K{%Ge^Lm/ Irt'/A1D+b@/^j }'t˜oW.ts#XT^IƀT8!&9p˽a =ʵm~|]"EEF7oi.BJ[e9LYnGN$(c AzYxԁ0-`wvᮥƣ0Ɣ8N N"Y?P㽻՘m% DXc%NHZth&nUZt\NuzϋT[B}Fh|Q3{^m9z.z{!ǸUX ˴xfV-j5!V㬤{4K".@HQ)q2>sKr1$bN Ki~RBJMTxЯDΡgg=x+fqQa9.&3~Z*F6#ZMixOW1H7Øxa1aV eզٝ$7yg\^}ĭbA)[Yb!_E`_剖}݄[s2oB`(x#]QWyU+'=:hx|tـjE~E:tdHm*~NP_zԓGč)׀g"xRW7 UlNh$~b s2uFf."T( 5aI}n\M=aȈ].P_[yta#o#a(41wOQ) CO 2+蒀wCG~q#. ?I {/F\oX|J7o9fH s 5_/ʁR0F$u2DFt8Z83*%i&P9 dU 79|_LiJ% #a k(E$7׳@ƞ;#H 1b10ma9`3bw'3yyb?:WLQXj*{3wأP(/ c{IFK3t(( oI_YPOXPϏB5DSJn67XNp_𒿅2h0u>"(S[]ă0>]QPO:gAfVYpRpy6t0^U |{#0u sSRC´vxHT+==& .ycI 8^yN4xPܘ/!oX1e2{xCbRSJ9|5"3ʰL`ę~K<> AgYQL,c/\4W )WTx s#cvFC{^h`z:>1s;|lͫwM&ՠӻ$ }¶|G ^Ii}uݹ31F;6/M&JrdeAN/6Sr?ԙpm.4 "G}ɂw]%}U X\mӂ(? ..!jbTͩ4M7?zuײr:OПxs3oK_99q DЦ?hJc>sUN>Mp4ħEd@z\#4[EEF/PKFPkF5_o.?i63{P(GNl.o Z(?\~ 9͠G(kw6wZFQu2CL2dK?Q?o.akt3Ƨ f Y v> t݌w?f'eF/?As(?(# ݌rˌ̐Kˌ {z_?2 ޿x:~F~F  # 埲ʡ2 )~7P~U{7MF77$)cf5pv%sQ^53\}~)PP* g  ~2*ΕbόW~ y>} kJ+ťW*7YKxM}%k{[F1nvdtbCat5KHe^M*!#(<8%Y}MJ 4tk 7b[yDYQI{R}tEI>tp]"&JR˯-cENikr(%s<2g)h{dZ+mFDuL0QU#|,y|e2 'GYkwe,xĻ+Lݞ܃8*nC7}v#ycćAx`?&7S=.wpyk;ُϋGkwյC5Af_b 5y?'OxVf:;osLx #Ä,EZcm%^#%&aBc M=X` /F{xrh2݅r&S)6Y`_GFbЗ3+&3Vk*q8w ivca:4]ߒ8 "s k!vz+2ju"vHߵ=8\+Ľ;W ^{#D3dư0`DcБ2SSX^AG}FV垓$g_7b Fe&b3@tgYl)VNҟHQ۝cNm% 1o)%&miw[1Oe;BI<ŗ>,R2GdYe,XoϨTx֒_/gwysԷeEQ&PLŽc)Jqk+yHRݤO[=$sDs݅ ߠ(b/<% *`>'}5\qJm?'.}Nu;UCvy j7; OeG亖9cbV)qdFӧ-["@ e`0v4aehDSL/Tvy* *>=slqYANlM[JmjN_]U$zlz$_Ox~Saxr=&=d M-IS`#ނ4ܨNaeVb0yMvSF} dtE#b[p!@>pMg*QTD KQ)Ybd㜙FVC9 3 &u@EqDPvx'mm<^|:ym뎮EOfuݍ拑mӵxqm'k$~El=fuVڕ+zYLn2?Zb @Jܡ >D73Tt3 `GYu`+r O8ǩk[mx{ }uke!.,0:7f˟]챾Wqٮ7G,cӰ+`j7E]EtA<;==v{sbSΜ67tU  ᘭ=e_qxN|L/ع9uUt g)d̅2 !δ^xyu~ҕ^)If`cQd+8*)ؐsm5G0X1'(NRGQv7`N*)Asa#El ;ApN7\29LgѸGgd#ࠂ>.^sƠ{e75wSF #= `5>gvCy{w:~0~cr8Lt4Q3|JKm)3 {ς ixf XZ#`*F"Q=V;~v?;w~m a% ѨT\ߴ;g5'u Fn/g׽-)h,=R$Du $RzWVsy%ȕ/2F#xoUA5̺Uj"<&o#iQg8&r&JVR۽E^8%ܖmJHU&s)#KM\eZ)M39Q2kEsk&|idLp -ͱeRZ`l/Z6?̞>+