Tags for This Article:

USA United States Of America (7159)  Voting Integrity (2516)  Voting Technology (1759)  Voting Machines (1344)  California (1280)  Florida (880)  Ohio (650)  New York (648)  Fraud (452)  Privacy (423)  Connecticut (248)  France (172)  Germany (172)  Cuyahoga (53)  Netherlands (23)  Bibliography (5) 

Populum Tag Cloud
       Control Panel
Fine tune your search to access content
Articles
Diaries Products
Events All
All time
Last 6 mos
Last month
Last week
Last 24 hrs
From:
Month  Day   Year

To:
Month  Day   Year
Alphabet
Popularity
Count ON
Count OFF
This Level
Sub-levels

 

 

 

Tag(s): ; ; ; ; ; ; ; ; ; ; (more...) ; ; ; ; ;  (less...)
Add to My Group
December 10, 2007 at 16:08:24

2007 Technology Tests of Computerized Voting Systems

by Rady Ananda     Page 3 of 8 page(s)

www.opednews.com

 

Tell A Friend

(0.0 from 0 ratings) View Ratings | Rate It

Below is a partial reproduction of Dr. Hoke’s summary of California’s TTBR:

Election management/tabulation software For all voting systems (“VS”), the system architecture depends on a commercial operating system known to have security vulnerabilities. All vendors failed to secure this system properly. System architecture had not been designed with either basic or sophisticated security protections. All systems failed to follow standard security design principles.  

All systems were susceptible to viruses that could be introduced from a number of vectors, including from voting device memory cards. (Viruses and other rogue programming can, e.g., “flip” votes among candidates, scramble tabulation data, delete voting data, and cause system programming to fail.)  

Viruses could infect the central computer and then be spread to all the voting devices when their memory cards are prepared for the next election.  

System logs of operator activity (“audit logs”) could be overwritten or erased, meaning that insider attackers could manipulate voting data and results, and then erase the logging inventories that would show the access and activity; or, could be used to frame a different employee. 

Systems permitted relatively easy bypassing of passwords, thus permitting broader access than authorized.  

In each VS, many other security holes exist that could compromise the system’s ability to report accurate election results -- or any results.  

Voting Devices  

All systems failed to follow standard security design principles, and lacked even basic security protections. All systems’ devices (DREs and precinct-based optical scanners) were subject to easy, undetectable attacks that could occur during the normal time that a voter would be at a voting machine casting a ballot.  

Some devices permitted the researchers to introduce malicious code onto a voting machine in under a minute, while appearing to be in the process of voting.  

All DRE touchscreen voting units permit a voter to generate and cast multiple ballots during a normal time voting could occur, in ways that would be largely undetectable to poll workers unless they were specially trained and closely supervising the voter’s activity at the unit (voter privacy might still be compromised).  

Some DRE devices permitted the researchers to damage the Voter-Verified Paper Audit Trail (VVPAT) covertly, so the voters could verify that their votes were printed correctly, but after the election the VVPAT could not be read.  

Other DRE devices could be modified to store votes incorrectly, but print them on the VVPAT correctly (for example, a voter’s choice of John Adams results in the VVPAT printing “John Adams” but the DRE stores the vote as a vote for “Thomas Jefferson”).  

Documentation Review  

The NASED “qualification” (certification) of all systems was based on testing lab (“ITA”) studies that were seriously flawed. While the ITA reports varied significantly, generally it was not possible to ascertain whether the lab had conducted the independent tests needed to determine VS satisfaction of FEC 2002 standards.

Often the ITA would test a device but not the voting system as a whole, despite the guidelines’ requirements for system testing to determine whether the various components worked accurately and reliably in concert.  

 1  |  2  |  3  |  4  |  5  |  6  |  7  |  8

 

http://www.re-mediaetc.org/

In 2004, Rady Ananda began contributing to the Web, as part of the growing community of citizen journalists. Focusing mainly on elections, her blogs also address religious, gender, sexual and racial equality, as well as environmental issues; and are sprinkled with book and film reviews on various topics. She spent most of her working life as a legal investigator for lawfirms, and about 5 years as an editor. She currently serves as a senior editor at OpEdNews. All material offered here is the property of Rady Ananda, copyright 2006, 2007, 2008. Permission is granted to repost, with proper attribution including the original link. In a time of universal deceit, telling the truth is a revolutionary act. Tell the truth anyway. Sign this petition: http://www.electiondefensealliance.org/ny_levers_petition

Contact Author
Contact Editor
View Other Articles by Author

 

Bookmark this page: (what's this?)

NETSCAPE      DIGG THIS      Add This Page to Mr Wong!           NEWSVINE      DEl.ICIO.US      Looksmart Furl      My Web      Tag!RawSugar      Blink List     (More...)
Comments: Expand   Shrink   Hide  
5 comments

Bachelors of Science Degree in Computer Science and Business Administration with 25 years of experience working in the Independent Software Vendor Industry.
RunnerBachelors of Science Degree in Computer Science and Business Administration with 25 years of experience working in the Independent Software Vendor Industry.

Excellent article! - One More Vulnerability to Mention

Excellent article! There is one more area of vulnerability that you did not mention in your summary of voting machine problems - Anonymous, unchecked and un-sworn contract programmers who write ballot definition software for each election have the first and best opportunity to hack the vote.

Ballot definition software is constructed for each voting precinct for each specific election and contains all the ballot details for that election. The DRE touch-screen and optical ballot scan machines use the ballot definitions to determine how selections on the touch-screen or paper ballot are interpreted and recorded in the vote database, and how election results are tallied. The BALLOT DEFINITION SOFTWARE is loaded on voting machines in the county elections office warehouse before the machines are even sealed with security tape.

The process of creating the ballot definition and vote tallying software is so complex that most counties contract the work to voting machine vendors. Voting machine vendors themselves do not maintain a staff of programmers large enough to write all the ballot definition software for all the voting precincts of all its county election administration customers across the U.S. Therefore, Voting machine vendors themselves must contract out the programming of ballot definition and vote tallying software for its customers.

Elections Systems & Software, Inc. (ES&S) for example has a consulting partner, DecisionOne, who provides nationwide support services for ES&S’ voting systems including software installations, upgrades, retrofits, repair, and preventive maintenance for 1,700 election jurisdictions in 34 states. Yet other consultants write the last minute ballot definition software.

Who checks the credentials of all these various sub-contractors that write and install the "last minute" ballot software? Who asks if contract programmers also work for a political party or candidate up for election or if they have criminal records or work for a foreign government? Who performs detailed audits of the software they write and install on voting machines just before each election? The frightening answer to all questions is - no one!

Election officials appointed to safeguard election integrity, who have sworn an oath to safeguard election integrity, never see or even test the ballot definition and vote tallying software that is loaded onto their voting machines. Even if local election officials wanted to inspect the ballot software they are not computer scientists; They can neither adequately assess the competence and veracity of local temporary contractor programmers hired to work on voting machines nor review and assess the accuracy of software installed on their eVoting machines. In actuality, local election officials cannot verify that a contractor programmer's work is free of critical coding errors or that they did not nefariously write a few extra lines of software code that activates only on election day to flip votes or rig vote totals on a central tabulator and then self delete at the end of the election day.

DRE touch-screen and optical scan ballot counting machine "physical access security procedures" and "security seals" can never guard against incorrectly written ballot definition software. The frightening truth is ballot software is seldom tested by election office officials and can never be tested by polling place election judges and citizen observers to ensure that the ballot definition software is free of error, either inadvertent or malicious. The more that software is used in the administration of elections, the more we, as a nation, hand control of elections over to anonymous, unchecked and un-sworn contract programmers who may not even be American citizens living and working in the USA. One has to be a U.S. citizen to caste a vote, but anyone in the world can write the ballot software that controls our democracy.

In November 2006 there were 1,142 counties using DRE voting machines and 1,752 counties using optical scanners. This tabulates to 2,894 counties and 161,111 voting precincts that depend on ballot definition software written in weeks and days just before the election last November. That adds up to a lot programmers writing a lot of "last minute" ballot definition software that election officials never visually audited or tested by election officials.

It would be so easy for a political partisan to entice or plant a few willing temporary contractor programmers working with voting machine vendors or directly for key local election offices to stuff the software ballot box as they perform their legitimate programming duties. Even just a few motivated partisan programmers each working independently could easily throw an election and no one would ever know, unless the ballot definition software was inspected line-by-line.

by Runner (9 articles, 34 quicklinks, 47 diaries, 33 comments) on Tuesday, December 11, 2007 at 10:43:46 AM
 


Currently I'm a cartoonist and contributing writer for The New Orleans Levee.
Mr MCurrently I'm a cartoonist and contributing writer for The New Orleans Levee.

If voting could change things - they'd make it illegal.

In a world where what you buy is tagged and tracked, where we are brought-up to ask for a receipt for every transaction, it is just incomprehensible to imagine why we can't do a simple thing like count someones vote.

It has to be obvious to even a half-wit that there is a reason why the powers that be don't want fair elections and it's the same reason we need to fight tooth and nail to see that we do.

by Mr M (4 articles, 0 quicklinks, 9 diaries, 1262 comments) on Tuesday, December 11, 2007 at 12:11:57 PM
 


Currently I'm a cartoonist and contributing writer for The New Orleans Levee.
Mr MCurrently I'm a cartoonist and contributing writer for The New Orleans Levee.

BTW

Again Rady a fantastic read. You're always at the top your game in being one of the best researchers I've had the pleasure to find. Keep it up!

by Mr M (4 articles, 0 quicklinks, 9 diaries, 1262 comments) on Tuesday, December 11, 2007 at 12:15:49 PM
 

 

5 comments

 

Tell A Friend

 


Copyright © OpEdNews, 2002-2008

Blog Ads

 

 

 

 

Most Popular Articles
in the Last 2 Days
(by Recommend Emails)

Anne Kilkenny Full Email on Sarah Palin by Rady Ananda

John McCain: Morally, Mentally, and Emotionally Unfit by Jim Fetzer

Iran War ~ How It Will Unfold by Lord Stirling

High Treason: 'Pentagon Lied to the 911 Commission' ; Bush's Theory Falls Apart by Len Hart

Librarians Against Palin Founder a Mystery by Judy Swindler

What Sarah Palin Didn't Tell Us by Mary Shaw

Did Sarah Palin REALLY call Barack Obama "Sambo"? by syQodem

Is McCain Campaign Interfering In Alaska Troopergate Investigation of Palin? by Rob Kall

Sarah Palin, A Wolf in Moose Clothing by Anthony Wade

Protester who interrupted McCain's speech is an Iraq War Veteran by Mary MacElveen

Popularity Navigation
Control Panel:

Select Time
6 hrs 12 hrs
1 Day 2 Days
3 Days 1 Week
2 Weeks 1 Month
2 Months 3 Months
6 Months Last Year
Select Content
Articles Diaries
Polls Events
All Op-Eds
News Life/Arts/Science
Select Popularity
Page Views
# of Comments
Recommend Emails
  

Go To Top 50 Most Popular