|
|
(more...)
, (less...)
Add to My Group(s)
Add to My Group(s)
By Rady Ananda (about the author)
Become a Fan (2 fans) -- Page 3 of 10 page(s)
The most troubling vulnerabilities of each system can be substantially remedied if proper countermeasures are implemented at the state and local level.
Few jurisdictions have implemented any of the key countermeasures that could make the least difficult attacks against voting systems much more difficult to execute successfully.
For all three types of voting systems:
1. When the goal is to change the outcome of a close statewide election, attacks that involve the insertion of Software Attack Programs or other corrupt software are the least difficult attacks.
2. Voting machines that have wireless components are significantly more vulnerable
to a wide array of attacks.
DREs without voter-verified paper trails do not have available to them a powerful countermeasure to software attacks: post-election Automatic Routine Audits that compare paper records to electronic records.
For DREs w/VVPT and PCOS:
1. The voter-verified paper record, by itself, is of questionable security value. The paper record has significant value only if an Automatic Routine Audit is performed (and a well-designed chain of custody and physical security procedures is followed).
2. Even if jurisdictions routinely conduct audits of voter-verified paper records, DREs w/VVPT and PCOS are vulnerable to certain software attacks or errors.
COMPUWARE CORP. DRE Technical Security Assessment Report for Ohio, November 2003. Confidential report prepared for Ohio Secretary of State Ken Blackwell, and later published on the web. High risks include:
With access to the supervisor card, someone could guess the four digit PIN. The four digit PIN is a factory default from Diebold and cannot be changed. In our test it was guessed in less than two minutes of testing.
Smart Card Writer - with access to the small handheld writer, someone could use a voting card more than once while at the voting booth.
Diebold's voting system uses MS Access as the database to store the Ballot definition, Audit logs and Tally results. The Database has no password protection. The audit logs and the tally results can be changed.
CONGRESSIONAL RESEARCH SERVICE, Election Reform and Electronic Voting Systems (DREs): Analysis of Security Issues. (Order Code RL32139) November 4, 2003. click here
This is a comprehensive report on several expert studies of electronic voting systems. Problems noted include:
There appears to be an emerging consensus that in general, current DREs do not adhere sufficiently to currently accepted security principles for computer systems, especially given the central importance of voting systems to the functioning of democratic government.
Become a Fan (2 fans) -- Page 3 of 10 page(s)
Few jurisdictions have implemented any of the key countermeasures that could make the least difficult attacks against voting systems much more difficult to execute successfully.
For all three types of voting systems:
1. When the goal is to change the outcome of a close statewide election, attacks that involve the insertion of Software Attack Programs or other corrupt software are the least difficult attacks.
2. Voting machines that have wireless components are significantly more vulnerable
to a wide array of attacks.
DREs without voter-verified paper trails do not have available to them a powerful countermeasure to software attacks: post-election Automatic Routine Audits that compare paper records to electronic records.
For DREs w/VVPT and PCOS:
1. The voter-verified paper record, by itself, is of questionable security value. The paper record has significant value only if an Automatic Routine Audit is performed (and a well-designed chain of custody and physical security procedures is followed).
2. Even if jurisdictions routinely conduct audits of voter-verified paper records, DREs w/VVPT and PCOS are vulnerable to certain software attacks or errors.
COMPUWARE CORP. DRE Technical Security Assessment Report for Ohio, November 2003. Confidential report prepared for Ohio Secretary of State Ken Blackwell, and later published on the web. High risks include:
With access to the supervisor card, someone could guess the four digit PIN. The four digit PIN is a factory default from Diebold and cannot be changed. In our test it was guessed in less than two minutes of testing.
Smart Card Writer - with access to the small handheld writer, someone could use a voting card more than once while at the voting booth.
Diebold's voting system uses MS Access as the database to store the Ballot definition, Audit logs and Tally results. The Database has no password protection. The audit logs and the tally results can be changed.
CONGRESSIONAL RESEARCH SERVICE, Election Reform and Electronic Voting Systems (DREs): Analysis of Security Issues. (Order Code RL32139) November 4, 2003. click here
This is a comprehensive report on several expert studies of electronic voting systems. Problems noted include:
There appears to be an emerging consensus that in general, current DREs do not adhere sufficiently to currently accepted security principles for computer systems, especially given the central importance of voting systems to the functioning of democratic government.
In 2004, Rady Ananda joined the growing community of citizen journalists. Initially focused on elections, she investigated the 2004 Ohio election, organizing, training and leading several forays into counties to photograph the 2004 ballots. She officially served at three recounts, including the 2004 recount. She also organized and led the team that audited Franklin County Ohio's 2006 election, proving the number of voter signatures did not match official results. Her work appears in three books.
Her blogs also address religious, gender, sexual and racial equality, as well as environmental issues; and are sprinkled with book and film reviews on various topics. She spent most of her working life as a researcher or investigator for private lawyers, and five years as an editor.
She graduated from The Ohio State University's School of Agriculture in December 2003 with a B.S. in Natural Resources.
All material offered here is the property of Rady Ananda, copyright 2006, 2007, 2008, 2009. Permission is granted to repost, with proper attribution including the original link.
"In a time of universal deceit, telling the truth is a revolutionary act." Tell the truth anyway.
The views expressed in this article are the sole responsibility of the author
and do not necessarily reflect those of this website or its editors.
 Contact Author |
Contact Editor |
 View Authors' Articles |
Comments
The time limit for entering new comments on this article has expired.
This limit can be removed. Our paid membership program is designed to give you many benefits, such as removing this time limit. To learn more, please click here.
| 2 comments |
To view all comments:
(Or you can set your preferences to show all comments, always)
Hand Count Paper Ballots
by Michael Richardson on Thursday, Jan 18, 2007 at 3:56:08 PM
I would add...
by Charlie L on Thursday, Jan 18, 2007 at 6:20:23 PM