There's No Place Like Home: Plan L for NY Elections

"When I finally saw the results of our [EVEREST] tests, I thought I was going to throw up. I didn't think it would be that bad.  And it was - it was awful.  I looked at it on a Saturday morning, and that night I went to bed and woke up [just before 4:00 on] Sunday morning going, 'Oh my God.'  I never wake up on the weekends - trust me." 

When discussing its study, Project EVEREST researchers reported:  

"The second key finding of the review was the apparent vulnerability of the system to malware infection and manipulation. If a properly skilled and resourced attacker can gain access to any of several components in the system at any time during their life-cycle, there exists a large possibility that they could implement malicious programming (malware) into the system with little chance of detection. Once the malware was in place on the system, it could perform a variety of tampering and could likely spread from component to component throughout the system.   

"The ability of malware to affect the integrity and availability of the elections process is profound and disturbing, but the lack of capability to detect and report potential malware attacks against the system makes it the single largest threat."  

-- Ohio Secretary of State. Project EVEREST: ES&S System MicroSolved, Inc. Executive Summary Report. n.d. (December 2007).                

2. In July, 2007 the state of California undertook a top to bottom review of all voting machines in use in the state and found: "An attack could plausibly be accomplished by a single skilled individual with temporary access to a single voting machine.  The damage could be extensive – malicious code could spread to every voting machine in polling places and to county election servers."  

-- Calandrino, Joseph A., Ariel J. Feldman, J. Alex Halderman, David Wagner, Harlan Yu, and William P. Zeller. Source Code Review of the Diebold Voting System. University of California, Berkeley under contract to the California Secretary of State, Top to Bottom Review, July 20, 2007 commissioned by the Secretary of State.  

3. "The current certification process may have been appropriate when a 900 lb lever voting machine was deployed. The machine could be tested every which way, and if it met the criteria, it could be certified because it was not likely to change. But software is different. The software lifecycle is dynamic...[Y]ou cannot certify an electronic voting machine the way you certify a lever machine.... [W]e absolutely expect that vulnerabilities will be discovered all the time....  

"Software is designed to be upgraded, and patch management systems are the norm. A certification system that requires freezing a version in stone is doomed to failure because of the inherent nature of software."  

-- Rubin, Avi (Professor of Computer Science at Johns Hopkins University). Secretary Bowen's Clever Insight. Avi Rubin's Blog, August 7, 2007.    

4. [W]hile 'logic-and-accuracy testing' can sometimes detect flaws, it will never be comprehensive; important flaws will always escape any amount of testing."  

-- Wallach, Dan S. Testimony to National Institute of Standards and Technology and Election Assistance Commission Technical Guidelines Development Committee, September 20, 2004. 

"This is a classic computer security problem. Whoever gets into the machine first wins. So if the Trojan horse software is in there first, you ask it to test itself -- it will always lie to you and tell you everything is fine. And no matter what testing code you try to add after the fact, it's too late. It can now create a world where the testing software can't tell that the machine has been compromised, even though it has...."  

 1  |  2  |  3  |  4