The analysis further assumed that certain fundamental physical security and accounting procedures were already in place.
Concluded that it would take only one person, with a sophisticated technical knowledge and timely access to the software that runs the voting machines, to change the outcome.
All three voting systems have significant security and reliability vulnerabilities, which pose a real danger to the integrity of national, state, and local elections.
The most troubling vulnerabilities of each system can be substantially remedied if proper countermeasures are implemented at the state and local level.
Few jurisdictions have implemented any of the key countermeasures that could make the least difficult attacks against voting systems much more difficult to execute successfully.
For all three types of voting systems:
1. When the goal is to change the outcome of a close statewide election, attacks that involve the insertion of Software Attack Programs or other corrupt software are the least difficult attacks.
2. Voting machines that have wireless components are significantly more vulnerable to a wide array of attacks.
DREs without voter-verified paper trails do not have available to them a powerful countermeasure to software attacks: post-election Automatic Routine Audits that compare paper records to electronic records.
For DREs w/VVPT and PCOS:
1. The voter-verified paper record, by itself, is of questionable security value. The paper record has significant value only if an Automatic Routine Audit is performed (and a well-designed chain of custody and physical security procedures is followed).
2. Even if jurisdictions routinely conduct audits of voter-verified paper records, DREs w/VVPT and PCOS are vulnerable to certain software attacks or errors.
*******************
COMPUWARE CORP. DRE Technical Security Assessment Report for Ohio, NOV. 2003. Confidential report prepared for Ohio Secretary of State Ken Blackwell, and later published on the web. High risks include:
With access to the supervisor card, someone could guess the four digit PIN. The four digit PIN is a factory default from Diebold and cannot be changed. In our test it was guessed in less than two minutes of testing.
Smart Card Writer - with access to the small handheld writer, someone could use a voting card more than once while at the voting booth.
In 2004, Rady Ananda began contributing to the Web, as part of the growing community of citizen journalists. Focusing mainly on elections, her blogs also address religious, gender, sexual and racial equality, as well as environmental issues; and are sprinkled with book and film reviews on various topics. She currently serves as a senior editor at OpEdNews.
All material offered here is the property of Rady Ananda, copyright 2006, 2007, 2008. Permission is granted to repost, with proper attribution including the original link.
In a time of universal deceit, telling the truth is a revolutionary act. Tell the truth anyway. Sign this petition: http://www.electiondefensealliance.org/ny_levers_petition
This is an exceedingly useful resource. I hope that you will be able to update it soon with the latest NIST Draft, and then its bastard brother, the amended follow up report. And other reports as they come in.
by
Nancy Tobi (69 articles, 4 quicklinks, 0 diaries, 53 comments)
on Wednesday, January 3, 2007 at 3:24:50 PM
