Tags for This Article:

USA United States Of America (7159)  Voting Integrity (2512)  Voting Technology (1756)  Voting Machines (1341)  California (1278)  Florida (878)  New York (648)  Ohio (647)  Fraud (449)  Privacy (423)  Connecticut (248)  France (171)  Germany (171)  Cuyahoga (53)  Netherlands (23)  Bibliography (5) 

Populum Tag Cloud
       Control Panel
Fine tune your search to access content
Articles Links
Diaries Products
Events All
All time
Last 6 mos
Last month
Last week
Last 24 hrs 		From:
Month  Day   Year

To:
Month  Day   Year
Alphabet
Popularity 		Count ON
Count OFF
This Level
 Sub-levels

 

 

 

 Tag(s): ; ; ; ; ; ; ; ; ; ; (more...) ; ; ; ; ;  (less...)
Add to My Group
December 10, 2007 at 16:08:24

2007 Technology Tests of Computerized Voting Systems

by Rady Ananda     Page 5 of 8 page(s)

www.opednews.com
 

Tell A Friend

(0.0 from 0 ratings) View Ratings | Rate It

The paper concludes that the standards structurally encourage and reward election system vendors for using less exacting database design standards. 

FLORIDA: Software Review and Security Analysis of the Diebold Voting Machine Software, Security and Assurance in Information Technology (SAIT) Laboratory Florida State University, July 2007.  

The two primary systems analyzed consist of the Diebold Optical Scan, firmware version 1.96.8, and Touch Screen, firmware version 4.6.5.  We also examined the Diebold Touch Screen bootloader version 1.3.6 as well as GEMS server software version 1.18.25. 

We considered flaws in previous versions of the software for all parts of the system, including those found in the AccuBasic interpreters.   

Our analysis focuses on two attacker categories… voters and poll workers.  Attacks by elections officials and voting system vendors are largely outside the scope of this review.  We did not conduct penetration or red team testing for these systems.

Our analysis examined only those flaws previously reported in the cited literature. 

Flaws in the Optical Scan software enable an unofficial memory card to be inserted into an active terminal. Such a card can be preprogrammed to swap the electronically tabulated votes for two candidates, reroute all of a candidate’s votes to a different candidate, or tabulate votes for several candidates of choice toward a different candidate. 

Data on optical scan memory cards is neither encrypted nor authenticated, leading to many potential attacks that could manipulate vote counts on a memory card prior to or during the voting day. 

Unsupervised access allows an attacker to place the Optical Scan terminal into diagnostics mode and obtain all or most of the data on the memory card, or to reset the machine clock. 

The hand-coded RSA signature verification is insecure and can be forged. This applies to both the optical scan and touch screen systems. With technical knowledge and unsupervised access, an attacker can copy or dump the memory card contents by connecting a laptop or modem to the optical scanner. 

The system uses the same cryptographic key for multiple purposes and is tied to publicly-known machine serial numbers.  Its value is never changed after being created.  The security key cards are insecurely protected, the same as all other smart cards, which allows anyone to read all data from them. 

The public key is hard-coded into the source code. Such key-reuse is discouraged by the cryptographic community since such reuse introduces vulnerability. Supervisor PIN is not cryptographically protected. 

System configuration information is unprotected.  The “protected” counter is stored in a mutable file, and the ballot definition file is unprotected.  Since stored votes are only associated with a candidate number and not a name, the ability to create custom ballot definition files allows one to alter or switch candidate names without any record in the vote counts or electronically stored ballots. 

In the Touch Screen software, flaws allow an adversary to prepare official, activated voter smart cards that would enable voters to cast multiple ballots in a ballot-stuffing attack.  Once an adversary obtained the necessary information, smart cards could be created and used in any precinct through a county.  Even if detected, this attack is not correctable: the malicious ballots, either in electronic or paper form, are essentially unidentifiable and thus cannot be removed. 

Memory card update file is unprotected. The file assure.ini remains unencrypted and unauthenticated and is subject to malicious manipulation.  Removal of a memory card allows an attacker to create valid voter cards. 

If the authentication key necessary to validate voter cards is the same across precincts, as we understand to be common practice in Florida, these cards could easily be modified to be used at any other precinct within a county. 

 1  |  2  |  3  |  4  |  5  |  6  |  7  |  8

 

http://www.re-mediaetc.org/

In 2004, Rady Ananda began contributing to the Web, as part of the growing community of citizen journalists. Focusing mainly on elections, her blogs also address religious, gender, sexual and racial equality, as well as environmental issues; and are sprinkled with book and film reviews on various topics. She spent most of her working life as a legal investigator for lawfirms, and about 5 years as an editor. She currently serves as a senior editor at OpEdNews. All material offered here is the property of Rady Ananda, copyright 2006, 2007, 2008. Permission is granted to repost, with proper attribution including the original link. In a time of universal deceit, telling the truth is a revolutionary act. Tell the truth anyway. Sign this petition: http://www.electiondefensealliance.org/ny_levers_petition

Contact Author
Contact Editor
View Other Articles by Author

 

Bookmark this page: (what's this?)

NETSCAPE      DIGG THIS      Add This Page to Mr Wong!           NEWSVINE      DEl.ICIO.US      Looksmart Furl      My Web      Tag!RawSugar      Blink List     (More...)
Comments: Expand   Shrink   Hide  
5 comments

Bachelors of Science Degree in Computer Science and Business Administration with 25 years of experience working in the Independent Software Vendor Industry.
RunnerBachelors of Science Degree in Computer Science and Business Administration with 25 years of experience working in the Independent Software Vendor Industry.

Excellent article! - One More Vulnerability to Mention

Excellent article! There is one more area of vulnerability that you did not mention in your summary of voting machine problems - Anonymous, unchecked and un-sworn contract programmers who write ballot definition software for each election have the first and best opportunity to hack the vote.

Ballot definition software is constructed for each voting precinct for each specific election and contains all the ballot details for that election. The DRE touch-screen and optical ballot scan machines use the ballot definitions to determine how selections on the touch-screen or paper ballot are interpreted and recorded in the vote database, and how election results are tallied. The BALLOT DEFINITION SOFTWARE is loaded on voting machines in the county elections office warehouse before the machines are even sealed with security tape.

The process of creating the ballot definition and vote tallying software is so complex that most counties contract the work to voting machine vendors. Voting machine vendors themselves do not maintain a staff of programmers large enough to write all the ballot definition software for all the voting precincts of all its county election administration customers across the U.S. Therefore, Voting machine vendors themselves must contract out the programming of ballot definition and vote tallying software for its customers.

Elections Systems & Software, Inc. (ES&S) for example has a consulting partner, DecisionOne, who provides nationwide support services for ES&S’ voting systems including software installations, upgrades, retrofits, repair, and preventive maintenance for 1,700 election jurisdictions in 34 states. Yet other consultants write the last minute ballot definition software.

Who checks the credentials of all these various sub-contractors that write and install the "last minute" ballot software? Who asks if contract programmers also work for a political party or candidate up for election or if they have criminal records or work for a foreign government? Who performs detailed audits of the software they write and install on voting machines just before each election? The frightening answer to all questions is - no one!

Election officials appointed to safeguard election integrity, who have sworn an oath to safeguard election integrity, never see or even test the ballot definition and vote tallying software that is loaded onto their voting machines. Even if local election officials wanted to inspect the ballot software they are not computer scientists; They can neither adequately assess the competence and veracity of local temporary contractor programmers hired to work on voting machines nor review and assess the accuracy of software installed on their eVoting machines. In actuality, local election officials cannot verify that a contractor programmer's work is free of critical coding errors or that they did not nefariously write a few extra lines of software code that activates only on election day to flip votes or rig vote totals on a central tabulator and then self delete at the end of the election day.

DRE touch-screen and optical scan ballot counting machine "physical access security procedures" and "security seals" can never guard against incorrectly written ballot definition software. The frightening truth is ballot software is seldom tested by election office officials and can never be tested by polling place election judges and citizen observers to ensure that the ballot definition software is free of error, either inadvertent or malicious. The more that software is used in the administration of elections, the more we, as a nation, hand control of elections over to anonymous, unchecked and un-sworn contract programmers who may not even be American citizens living and working in the USA. One has to be a U.S. citizen to caste a vote, but anyone in the world can write the ballot software that controls our democracy.

In November 2006 there were 1,142 counties using DRE voting machines and 1,752 counties using optical scanners. This tabulates to 2,894 counties and 161,111 voting precincts that depend on ballot definition software written in weeks and days just before the election last November. That adds up to a lot programmers writing a lot of "last minute" ballot definition software that election officials never visually audited or tested by election officials.

It would be so easy for a political partisan to entice or plant a few willing temporary contractor programmers working with voting machine vendors or directly for key local election offices to stuff the software ballot box as they perform their legitimate programming duties. Even just a few motivated partisan programmers each working independently could easily throw an election and no one would ever know, unless the ballot definition software was inspected line-by-line.

by Runner (9 articles, 34 quicklinks, 47 diaries, 33 comments) on Tuesday, December 11, 2007 at 10:43:46 AM
 

In 2004, Rady Ananda began contributing to the Web, as part of the growing community of citizen journalists. Focusing mainly on elections, her blogs also address religious, gender, sexual and racial equality, as well as environmental issues; and are sprinkled with book and film reviews on various topics. She spent most of her working life as a legal investigator for lawfirms, and about 5 years as an editor. She currently serves as a senior editor at OpEdNews.

All material offer...

to see more of bio, click on member name
Rady AnandaIn 2004, Rady Ananda began contributing to the Web, as part of the growing community of citizen journalists. Focusing mainly on elections, her blogs also address religious, gender, sexual and racial equality, as well as environmental issues; and are sprinkled with book and film reviews on various topics. She spent most of her working life as a legal investigator for lawfirms, and about 5 years as an editor. She currently serves as a senior editor at OpEdNews.

All material offer...

to see more of bio, click on member name

Got citations?

this is a fantastic collection of information.  If cited, it can be used in the future.  Shall I attribute it to "Runner" ?

by Rady Ananda (95 articles, 244 quicklinks, 19 diaries, 689 comments) on Tuesday, December 11, 2007 at 1:30:15 PM
 

Currently I'm a cartoonist and contributing writer for The New Orleans Levee.
Mr MCurrently I'm a cartoonist and contributing writer for The New Orleans Levee.

If voting could change things - they'd make it illegal.

In a world where what you buy is tagged and tracked, where we are brought-up to ask for a receipt for every transaction, it is just incomprehensible to imagine why we can't do a simple thing like count someones vote.

It has to be obvious to even a half-wit that there is a reason why the powers that be don't want fair elections and it's the same reason we need to fight tooth and nail to see that we do.

by Mr M (4 articles, 0 quicklinks, 9 diaries, 1253 comments) on Tuesday, December 11, 2007 at 12:11:57 PM
 

Currently I'm a cartoonist and contributing writer for The New Orleans Levee.
Mr MCurrently I'm a cartoonist and contributing writer for The New Orleans Levee.

BTW

Again Rady a fantastic read. You're always at the top your game in being one of the best researchers I've had the pleasure to find. Keep it up!

by Mr M (4 articles, 0 quicklinks, 9 diaries, 1253 comments) on Tuesday, December 11, 2007 at 12:15:49 PM
 

In 2004, Rady Ananda began contributing to the Web, as part of the growing community of citizen journalists. Focusing mainly on elections, her blogs also address religious, gender, sexual and racial equality, as well as environmental issues; and are sprinkled with book and film reviews on various topics. She spent most of her working life as a legal investigator for lawfirms, and about 5 years as an editor. She currently serves as a senior editor at OpEdNews.

All material offer...

to see more of bio, click on member name
Rady AnandaIn 2004, Rady Ananda began contributing to the Web, as part of the growing community of citizen journalists. Focusing mainly on elections, her blogs also address religious, gender, sexual and racial equality, as well as environmental issues; and are sprinkled with book and film reviews on various topics. She spent most of her working life as a legal investigator for lawfirms, and about 5 years as an editor. She currently serves as a senior editor at OpEdNews.

All material offer...

to see more of bio, click on member name

thanks for the kudos

and more to come... I keep finding more reports!

by Rady Ananda (95 articles, 244 quicklinks, 19 diaries, 689 comments) on Tuesday, December 11, 2007 at 2:10:30 PM
 

 

5 comments

 

Tell A Friend

 

Copyright © OpEdNews, 2002-2008

Blog Ads

 

 

 

 

Most Popular Articles
in the Last 2 Days
(by Recommend Emails)

Sarah Palin, A Wolf in Moose Clothing by Anthony Wade

Democrats, Conservatives, AND Sarah Palin Being Played by Karl Rove by Greg Purcell "Wordmeister at Large"

FBI/police ordered to curtail protests: Explains Amy Goodman's arrest? by Kathryn Smith

Sarah Palin: Small Mind In A Big Little Town by Judy Swindler

Video: Is Bristol Palin Baby Trig's Mother? Evidence & Pictures by theWeb

Republicans Are Mean by Mary Lyon

Limbaugh Watch: Palin Pregnancy Talking Points by Dean Powers

GOP Convention Day One – Let the Deception Begin for Team McBush by Anthony Wade

BREAKING NEWS: Palin took millions in earmarks as mayor and governor. by Ed Tubbs

Why Trig Palin's parentage is a national security matter. by John Toradze

Popularity Navigation
Control Panel:

Select Time
6 hrs 12 hrs
1 Day 2 Days
3 Days 1 Week
2 Weeks 1 Month
2 Months 3 Months
6 Months Last Year
Select Content
Articles Diaries
Polls Events
All Op-Eds
News Life/Arts/Science
Select Popularity
Page Views
# of Comments
Recommend Emails
  

Go To Top 50 Most Popular