Short-term recommendations include developing written rules and procedures avoiding network connectivity and using “sniffers” to detect same, changing and properly storing all encryption keys and passwords, checking that physical seals are unbroken, and checking that the version of hardware and software being used is that which was certified.
Some long-term recommendations include a more thorough certification process, additional security measures, avoiding use of continuous tape so that voter privacy is better protected, and review of software source code for all machines used in Kentucky.
NETHERLANDS Review of Nedap Touch Screen system (marketed as Liberty DRE in the U.S.), October 2006 by independent computer experts without the consent of the manufacturer.
90% of the votes in The Netherlands are cast on the Nedap/ Groenendaal ES3B voting computer. With very minor modifications, the same computer is also being used in parts of Germany and France.
The Nedap ES3B electronic voting computer is a touch screen system that only records votes in memory. The system requires ultimate trust, since it produces an election outcome that cannot be independently verified.
Anyone with brief access to the device at any time before an election can gain complete and virtually undetectable control over election results.
Radio emanations from an unmodified Nedap can be received at several meters distance and be used to tell who votes what.
The over-all security design relies almost solely on the near-universally deprecated concept of ‘security by obscurity.’ Since the problems we found stem from the very design, we see no quick fixes that could make this device sufficiently secure.
We conclude that the Nedap ES3B is unsuitable for use in elections, that the Dutch regulatory framework surrounding electronic voting insufficiently addresses security, and we pose that not enough thought has been given to the trust relationships and verifiability issues inherent in DRE class voting systems.
Given the fact that technical specifications and source code to most electronic voting systems are not publicly available, we see grave danger to our democracy by the use of secret voting technology.
Password stored in the code and quickly found, allowing attacks to read and modify election results.
Software code could be inserted, and in response to Nedap’s challenge, this team programmed the machine to play chess. (Emphasis added. ~RA)
Software could be manipulated to steal a certain percentage of votes, for a given party. In this way, elections could be predetermined without knowing candidate names.
Parallel testing is ineffective, and only tests for outside threats - not insider attacks. The Brennan Center (2006) reached the same conclusion:
“Even under the best of circumstances, Parallel Testing is an imperfect security measure. The testing creates an ‘arms race’ between the testers and the attacker, but the race is one in which the testers can never be certain that they have prevailed.”
In the case of voting systems, the only meaningful security against insider attacks is to have a voting mechanism of which all the details are published and that a substantial portion of the general public is capable of comprehending in-depth.
