Tags for This Article:

USA United States Of America (7149)  Voting Integrity (2486)  Voting Technology (1728)  Voting Machines (1320)  California (1257)  Florida (870)  New York (644)  Ohio (635)  Fraud (440)  Privacy (415)  Connecticut (247)  France (171)  Germany (168)  Cuyahoga (51)  Netherlands (22)  Bibliography (4) 

Populum Tag Cloud
       Control Panel
Fine tune your search to access content
Articles
Diaries Products
Events All
All time
Last 6 mos
Last month
Last week
Last 24 hrs
From:
Month  Day   Year

To:
Month  Day   Year
Alphabet
Popularity
Count ON
Count OFF
This Level
Sub-levels

 

 

 

Tag(s): ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;
Add to My Group
December 10, 2007 at 16:08:24

2007 Technology Tests of Computerized Voting Systems

by Rady Ananda     Page 8 of 8 page(s)

www.opednews.com


Tell A Friend

(0.0 from 0 ratings) View Ratings | Rate It

By adding extra security measures against the over-emphasized threat posed by outsiders, one can actually increase the risk posed by insiders.

For example, today’s mobile phones often combine a processor, execution memory and tamper-resistant key storage to make sure only the manufacturer (who has the cryptographic signing keys) can update the software. These mechanisms can sometimes still be circumvented, but at least they offer a layer of security that is completely absent in the Nedap ES3B.  But by adding ‘security’ in this way, the device could also resist any attempts to independent inspectors to see what code it is actually running. 

UCONN University of Connecticut Security Assessment of Diebold Optical Scan system, 2006 Abstract:

We identify a number of new vulnerabilities of this system which, if exploited maliciously, can invalidate the results of an election process utilizing the terminal.  

An Accu-Vote Optical Scan can be compromised with off-the-shelf equipment in a matter of minutes even if the machine has its removable memory card sealed in place. The basic attack can be applied to effect a variety of results, including entirely neutralizing one candidate so that their votes are not counted, swapping the votes of two candidates, or biasing the results by shifting some votes from one candidate to another.  

Such vote tabulation corruptions can lay dormant until Election Day, thus avoiding detection through pre-election tests. 

UCONN University of Connecticut Security Assessment of Diebold Touch Screen (TSx) system, 2007. 

The attacks presented in this report were discovered through direct experimentation with the voting terminal and without access to any internal documentation or the source code from the manufacturer. 

We present two attacks based on these vulnerabilities: one attack swap the votes of two candidates and another erases the name of one candidate from the slate.

These attacks do not require the modification of the operating system of the voting terminal, and can be launched in a matter of minutes, requiring only a computer with the capability to mount a PCMCIA card file system (a default capability in current operating systems). 

Security problems are present in the system despite the fact that a cryptographic integrity check appears to be employed in the voting system’s memory card.

 1  |  2  |  3  |  4  |  5  |  6  |  7  |  8

 

http://www.re-mediaetc.org/

In 2004, Rady Ananda began contributing to the Web, as part of the growing community of citizen journalists. Focusing mainly on elections, her blogs also address religious, gender, sexual and racial equality, as well as environmental issues; and are sprinkled with book and film reviews on various topics. She currently serves as a senior editor at OpEdNews. All material offered here is the property of Rady Ananda, copyright 2006, 2007, 2008. Permission is granted to repost, with proper attribution including the original link. In a time of universal deceit, telling the truth is a revolutionary act. Tell the truth anyway. Sign this petition: http://www.electiondefensealliance.org/ny_levers_petition

Contact Author
Contact Editor
View Other Articles by Author

 

Bookmark this page: (what's this?)

NETSCAPE      DIGG THIS      Add This Page to Mr Wong!           NEWSVINE      DEl.ICIO.US      Looksmart Furl      My Web      Tag!RawSugar      Blink List     (More...)
Comments: Expand   Shrink   Hide  
5 comments

Bachelors of Science Degree in Computer Science and Business Administration with 25 years of experience working in the Independent Software Vendor Industry.
RunnerBachelors of Science Degree in Computer Science and Business Administration with 25 years of experience working in the Independent Software Vendor Industry.

Excellent article! - One More Vulnerability to Mention

Excellent article! There is one more area of vulnerability that you did not mention in your summary of voting machine problems - Anonymous, unchecked and un-sworn contract programmers who write ballot definition software for each election have the first and best opportunity to hack the vote.

Ballot definition software is constructed for each voting precinct for each specific election and contains all the ballot details for that election. The DRE touch-screen and optical ballot scan machines use the ballot definitions to determine how selections on the touch-screen or paper ballot are interpreted and recorded in the vote database, and how election results are tallied. The BALLOT DEFINITION SOFTWARE is loaded on voting machines in the county elections office warehouse before the machines are even sealed with security tape.

The process of creating the ballot definition and vote tallying software is so complex that most counties contract the work to voting machine vendors. Voting machine vendors themselves do not maintain a staff of programmers large enough to write all the ballot definition software for all the voting precincts of all its county election administration customers across the U.S. Therefore, Voting machine vendors themselves must contract out the programming of ballot definition and vote tallying software for its customers.

Elections Systems & Software, Inc. (ES&S) for example has a consulting partner, DecisionOne, who provides nationwide support services for ES&S’ voting systems including software installations, upgrades, retrofits, repair, and preventive maintenance for 1,700 election jurisdictions in 34 states. Yet other consultants write the last minute ballot definition software.

Who checks the credentials of all these various sub-contractors that write and install the "last minute" ballot software? Who asks if contract programmers also work for a political party or candidate up for election or if they have criminal records or work for a foreign government? Who performs detailed audits of the software they write and install on voting machines just before each election? The frightening answer to all questions is - no one!

Election officials appointed to safeguard election integrity, who have sworn an oath to safeguard election integrity, never see or even test the ballot definition and vote tallying software that is loaded onto their voting machines. Even if local election officials wanted to inspect the ballot software they are not computer scientists; They can neither adequately assess the competence and veracity of local temporary contractor programmers hired to work on voting machines nor review and assess the accuracy of software installed on their eVoting machines. In actuality, local election officials cannot verify that a contractor programmer's work is free of critical coding errors or that they did not nefariously write a few extra lines of software code that activates only on election day to flip votes or rig vote totals on a central tabulator and then self delete at the end of the election day.

DRE touch-screen and optical scan ballot counting machine "physical access security procedures" and "security seals" can never guard against incorrectly written ballot definition software. The frightening truth is ballot software is seldom tested by election office officials and can never be tested by polling place election judges and citizen observers to ensure that the ballot definition software is free of error, either inadvertent or malicious. The more that software is used in the administration of elections, the more we, as a nation, hand control of elections over to anonymous, unchecked and un-sworn contract programmers who may not even be American citizens living and working in the USA. One has to be a U.S. citizen to caste a vote, but anyone in the world can write the ballot software that controls our democracy.

In November 2006 there were 1,142 counties using DRE voting machines and 1,752 counties using optical scanners. This tabulates to 2,894 counties and 161,111 voting precincts that depend on ballot definition software written in weeks and days just before the election last November. That adds up to a lot programmers writing a lot of "last minute" ballot definition software that election officials never visually audited or tested by election officials.

It would be so easy for a political partisan to entice or plant a few willing temporary contractor programmers working with voting machine vendors or directly for key local election offices to stuff the software ballot box as they perform their legitimate programming duties. Even just a few motivated partisan programmers each working independently could easily throw an election and no one would ever know, unless the ballot definition software was inspected line-by-line.

by Runner (9 articles, 34 quicklinks, 47 diaries, 33 comments) on Tuesday, December 11, 2007 at 10:43:46 AM
 


Currently I'm a cartoonist and contributing writer for The New Orleans Levee.
Mr MCurrently I'm a cartoonist and contributing writer for The New Orleans Levee.

If voting could change things - they'd make it illegal.

In a world where what you buy is tagged and tracked, where we are brought-up to ask for a receipt for every transaction, it is just incomprehensible to imagine why we can't do a simple thing like count someones vote.

It has to be obvious to even a half-wit that there is a reason why the powers that be don't want fair elections and it's the same reason we need to fight tooth and nail to see that we do.

by Mr M (4 articles, 0 quicklinks, 8 diaries, 1153 comments) on Tuesday, December 11, 2007 at 12:11:57 PM
 


Currently I'm a cartoonist and contributing writer for The New Orleans Levee.
Mr MCurrently I'm a cartoonist and contributing writer for The New Orleans Levee.

BTW

Again Rady a fantastic read. You're always at the top your game in being one of the best researchers I've had the pleasure to find. Keep it up!

by Mr M (4 articles, 0 quicklinks, 8 diaries, 1153 comments) on Tuesday, December 11, 2007 at 12:15:49 PM
 

 

5 comments

 

Tell A Friend

 


Copyright © OpEdNews, 2002-2008

Blog Ads

 

 

 

 

Most Popular Articles
(Most forwarded)

Pelosi Gets "Booked" & Confronts Her Own Past by Linda Milazzo

Are you ready for nuclear war? by Paul Craig Roberts

IMPEACHABLE OFFENSE? by Bruce K. Gagnon

Breaking: Conyers Calls Committee Back from Summer Recess to Investigate Suskind Allegations by Ralph Lopez

Did McCain Cheat At Saddleback? by Rob Kall

Sibel Edmonds Case: FBI files "formal complaint" with Sunday Times by Luke Ryland

John McCain - the Unauthorized Biography by Lisa Johnson

Are CFL's Designed to Make Us Pay More On Our Power Bills? by Steve Windisch (jibbguy)

It's the way McCain gets it exactly wrong that is his virtue for Republicans by Ed Martin

The Urgency of Impeachment by Jeeni Criscenzo

24 hrs 48 hrs
72 hrs 1 week
1 month 6 months
1 year All Time
Articles
Diaries Members
Products Events
Polls