Tags for This Article:

USA United States Of America (7149)  Voting Integrity (2490)  Voting Technology (1733)  Voting Machines (1322)  California (1259)  Florida (873)  New York (644)  Ohio (636)  Fraud (440)  Privacy (415)  Connecticut (247)  France (171)  Germany (169)  Cuyahoga (51)  Netherlands (22)  Bibliography (4) 

Populum Tag Cloud
       Control Panel
Fine tune your search to access content
Articles Links
Diaries Products
Events All
All time
Last 6 mos
Last month
Last week
Last 24 hrs 		From:
Month  Day   Year

To:
Month  Day   Year
Alphabet
Popularity 		Count ON
Count OFF
This Level
 Sub-levels

 

 

 

 Tag(s): ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;
Add to My Group
December 10, 2007 at 16:08:24

2007 Technology Tests of Computerized Voting Systems

by Rady Ananda     Page 6 of 8 page(s)

www.opednews.com
 

Tell A Friend

(0.0 from 0 ratings) View Ratings | Rate It

Data and smart card passwords can now be set by election workers. The authentication protocol is not secure, allowing an attacker to create counterfeit, validating smart cards, including voter cards. 

There is no integrity protection of stored electronic ballots and ballots are stored sequentially.  This defeats voter privacy by allowing a voter’s selections to be tied to a voter’s name. 

Audit logs are not cryptographically protected and data transmitted over communication lines is neither authenticated nor encrypted. 

A custom, malicious bootloader is possible if the terminal is delivered to a polling place in “debug mode.”  If not in debug mode, an attacker can open the case and move a hardware switch to enable this attack.    An attacker can hide preloaded votes on a forged memory card that the terminal will recognize. 

FLORIDA: Software Review and Security Analysis of the Diebold Voting Machine Software Supplemental Report, Security and Assurance in Information Technology (SAIT) Laboratory Florida State University, August 2007.  

This report reflects the narrow investigative scope requested by FLDoS (Florida Department of State). These results are not comprehensive in any sense, nor is this report an endorsement of the system’s overall security. We examined only a small subset of the flaws from the SAIT Diebold Report.

All other flaws identified in that report remain in the code base, including vulnerability to a sleepover attack that may allow an intruder to manipulate vote computation or worse.

Significant, critical vulnerability remains in this code base independent of repairs documented in this report. 

Until voting systems are developed for “high assurance”, election officials face an unnecessarily high risk and must exercise significantly expanded election security procedures to mitigate known and unknown software vulnerability. 

The signature flaw was fixed.  This makes it much more difficult for preloaded votes to be hidden. 

(Note: Other flaws reported to have been fixed were not detailed above. ~ RA)  

KENTUCKY 2007 Voting Expert Letter to KY Attorney General, public version posted at Review of Diebold/Premier, Hart InterCivic, and ES&S. 

The review relies on the completeness and accuracy of the testing by the Independent Testing Authorities (ITA) for conformance to voluntary Federal guidelines (Voting systems Standards 2002). However, it has been well established that the ITAs do not adequately perform this role. 

The ITA reports used for Federal certification and included in the review packages used by the SBE certifiers are cursory…. (as) reinforced by the fact that none of the ITAs identified the flaws found by the California or Florida source code review teams. 

Because the ITA reports are of limited value, the quality examination of the machines as part of the certification processes is crucial, but it too can best be described as cursory. 

The security of all of the machines appears to be extremely dependent on their never coming in contact with malicious code, as once that occurs there are few defenses or recovery mechanisms. This is sometimes referred to as the “M&M model of security”: there is a hard crunchy exterior that protects a soft chewy interior. 

 1  |  2  |  3  |  4  |  5  |  6  |  7  |  8

 

http://www.re-mediaetc.org/

In 2004, Rady Ananda began contributing to the Web, as part of the growing community of citizen journalists. Focusing mainly on elections, her blogs also address religious, gender, sexual and racial equality, as well as environmental issues; and are sprinkled with book and film reviews on various topics. She currently serves as a senior editor at OpEdNews. All material offered here is the property of Rady Ananda, copyright 2006, 2007, 2008. Permission is granted to repost, with proper attribution including the original link. In a time of universal deceit, telling the truth is a revolutionary act. Tell the truth anyway. Sign this petition: http://www.electiondefensealliance.org/ny_levers_petition

Contact Author
Contact Editor
View Other Articles by Author

 

Bookmark this page: (what's this?)

NETSCAPE      DIGG THIS      Add This Page to Mr Wong!           NEWSVINE      DEl.ICIO.US      Looksmart Furl      My Web      Tag!RawSugar      Blink List     (More...)
Comments: Expand   Shrink   Hide  
5 comments

Bachelors of Science Degree in Computer Science and Business Administration with 25 years of experience working in the Independent Software Vendor Industry.
RunnerBachelors of Science Degree in Computer Science and Business Administration with 25 years of experience working in the Independent Software Vendor Industry.

Excellent article! - One More Vulnerability to Mention

Excellent article! There is one more area of vulnerability that you did not mention in your summary of voting machine problems - Anonymous, unchecked and un-sworn contract programmers who write ballot definition software for each election have the first and best opportunity to hack the vote.

Ballot definition software is constructed for each voting precinct for each specific election and contains all the ballot details for that election. The DRE touch-screen and optical ballot scan machines use the ballot definitions to determine how selections on the touch-screen or paper ballot are interpreted and recorded in the vote database, and how election results are tallied. The BALLOT DEFINITION SOFTWARE is loaded on voting machines in the county elections office warehouse before the machines are even sealed with security tape.

The process of creating the ballot definition and vote tallying software is so complex that most counties contract the work to voting machine vendors. Voting machine vendors themselves do not maintain a staff of programmers large enough to write all the ballot definition software for all the voting precincts of all its county election administration customers across the U.S. Therefore, Voting machine vendors themselves must contract out the programming of ballot definition and vote tallying software for its customers.

Elections Systems & Software, Inc. (ES&S) for example has a consulting partner, DecisionOne, who provides nationwide support services for ES&S’ voting systems including software installations, upgrades, retrofits, repair, and preventive maintenance for 1,700 election jurisdictions in 34 states. Yet other consultants write the last minute ballot definition software.

Who checks the credentials of all these various sub-contractors that write and install the "last minute" ballot software? Who asks if contract programmers also work for a political party or candidate up for election or if they have criminal records or work for a foreign government? Who performs detailed audits of the software they write and install on voting machines just before each election? The frightening answer to all questions is - no one!

Election officials appointed to safeguard election integrity, who have sworn an oath to safeguard election integrity, never see or even test the ballot definition and vote tallying software that is loaded onto their voting machines. Even if local election officials wanted to inspect the ballot software they are not computer scientists; They can neither adequately assess the competence and veracity of local temporary contractor programmers hired to work on voting machines nor review and assess the accuracy of software installed on their eVoting machines. In actuality, local election officials cannot verify that a contractor programmer's work is free of critical coding errors or that they did not nefariously write a few extra lines of software code that activates only on election day to flip votes or rig vote totals on a central tabulator and then self delete at the end of the election day.

DRE touch-screen and optical scan ballot counting machine "physical access security procedures" and "security seals" can never guard against incorrectly written ballot definition software. The frightening truth is ballot software is seldom tested by election office officials and can never be tested by polling place election judges and citizen observers to ensure that the ballot definition software is free of error, either inadvertent or malicious. The more that software is used in the administration of elections, the more we, as a nation, hand control of elections over to anonymous, unchecked and un-sworn contract programmers who may not even be American citizens living and working in the USA. One has to be a U.S. citizen to caste a vote, but anyone in the world can write the ballot software that controls our democracy.

In November 2006 there were 1,142 counties using DRE voting machines and 1,752 counties using optical scanners. This tabulates to 2,894 counties and 161,111 voting precincts that depend on ballot definition software written in weeks and days just before the election last November. That adds up to a lot programmers writing a lot of "last minute" ballot definition software that election officials never visually audited or tested by election officials.

It would be so easy for a political partisan to entice or plant a few willing temporary contractor programmers working with voting machine vendors or directly for key local election offices to stuff the software ballot box as they perform their legitimate programming duties. Even just a few motivated partisan programmers each working independently could easily throw an election and no one would ever know, unless the ballot definition software was inspected line-by-line.

by Runner (9 articles, 34 quicklinks, 47 diaries, 33 comments) on Tuesday, December 11, 2007 at 10:43:46 AM
 

In 2004, Rady Ananda began contributing to the Web, as part of the growing community of citizen journalists. Focusing mainly on elections, her blogs also address religious, gender, sexual and racial equality, as well as environmental issues; and are sprinkled with book and film reviews on various topics. She currently serves as a senior editor at OpEdNews.

All material offered here is the property of Rady Ananda, copyright 2006, 2007, 2008. Permission is granted to repost, with...

to see more of bio, click on member name
Rady AnandaIn 2004, Rady Ananda began contributing to the Web, as part of the growing community of citizen journalists. Focusing mainly on elections, her blogs also address religious, gender, sexual and racial equality, as well as environmental issues; and are sprinkled with book and film reviews on various topics. She currently serves as a senior editor at OpEdNews.

All material offered here is the property of Rady Ananda, copyright 2006, 2007, 2008. Permission is granted to repost, with...

to see more of bio, click on member name

Got citations?

this is a fantastic collection of information.  If cited, it can be used in the future.  Shall I attribute it to "Runner" ?

by Rady Ananda (88 articles, 228 quicklinks, 18 diaries, 631 comments) on Tuesday, December 11, 2007 at 1:30:15 PM
 

Currently I'm a cartoonist and contributing writer for The New Orleans Levee.
Mr MCurrently I'm a cartoonist and contributing writer for The New Orleans Levee.

If voting could change things - they'd make it illegal.

In a world where what you buy is tagged and tracked, where we are brought-up to ask for a receipt for every transaction, it is just incomprehensible to imagine why we can't do a simple thing like count someones vote.

It has to be obvious to even a half-wit that there is a reason why the powers that be don't want fair elections and it's the same reason we need to fight tooth and nail to see that we do.

by Mr M (4 articles, 0 quicklinks, 7 diaries, 1173 comments) on Tuesday, December 11, 2007 at 12:11:57 PM
 

Currently I'm a cartoonist and contributing writer for The New Orleans Levee.
Mr MCurrently I'm a cartoonist and contributing writer for The New Orleans Levee.

BTW

Again Rady a fantastic read. You're always at the top your game in being one of the best researchers I've had the pleasure to find. Keep it up!

by Mr M (4 articles, 0 quicklinks, 7 diaries, 1173 comments) on Tuesday, December 11, 2007 at 12:15:49 PM
 

In 2004, Rady Ananda began contributing to the Web, as part of the growing community of citizen journalists. Focusing mainly on elections, her blogs also address religious, gender, sexual and racial equality, as well as environmental issues; and are sprinkled with book and film reviews on various topics. She currently serves as a senior editor at OpEdNews.

All material offered here is the property of Rady Ananda, copyright 2006, 2007, 2008. Permission is granted to repost, with...

to see more of bio, click on member name
Rady AnandaIn 2004, Rady Ananda began contributing to the Web, as part of the growing community of citizen journalists. Focusing mainly on elections, her blogs also address religious, gender, sexual and racial equality, as well as environmental issues; and are sprinkled with book and film reviews on various topics. She currently serves as a senior editor at OpEdNews.

All material offered here is the property of Rady Ananda, copyright 2006, 2007, 2008. Permission is granted to repost, with...

to see more of bio, click on member name

thanks for the kudos

and more to come... I keep finding more reports!

by Rady Ananda (88 articles, 228 quicklinks, 18 diaries, 631 comments) on Tuesday, December 11, 2007 at 2:10:30 PM
 

 

5 comments

 

Tell A Friend

 

Copyright © OpEdNews, 2002-2008

Blog Ads

 

 

 

 

Most Popular Articles
in the Last 2 Days
(by Recommend Emails)

Loserville: Obama Is Channeling Kerry and Gore by Dave Lindorff

Are you ready for nuclear war? by Paul Craig Roberts

Fresh New Discovery - Can You Guess What This Photo Is? by Meryl Ann Butler

"Caroline: Pull a Cheney!" An Open Letter to Caroline Kennedy (head of the Obama VP search team) Posted by Stephen Fox

NSA MAY BE READING WINDOWS SOFTWARE IN YOUR COMPUTER by Sherwood Ross

The REAL John McCain by Mike Kuykendall

Mr. Bill: "OH NO, Fix the coast you broke, Shell Oil!" by Georgianne Nienaber

Brown's Gas ("HHO") : Clean, Cheap, and Suppressed Energy by Steve Windisch (jibbguy)

Russia to US: Checkmate! by William Helbig

New Zogby/Reuters Poll: Obama Down 5, in an Almost Perfect Storm by Rob Kall

Select Time
6 hrs 12 hrs
1 Day 2 Days
3 Days 1 Week
2 Weeks 1 Month
2 Months 3 Months
6 Months Last Year
Select Content
Articles Links
Diaries Members
Polls Events
All  
Select Popularity
Page Views
# of Comments
Recommend Emails