EVEREST: The Truth About Electronic Voting Machines

Hats off to Jennifer Brunner for publicly denouncing touchscreen voting machines as having insurmountable security flaws. I appreciate her provision to allow those of us in counties that use touchscreen ( DRE) voting machines to opt for a paper ballot in the March primary. I hope Brunner and the legislature move quickly to decertify all DRE voting machines as unsafe for use in a democracy.

I am losing patience with attempts to undermine essential election reform from the usual suspects, Matt Damschroder and Bob Bennett. It boggles my mind that Bennett, former chairman of the Cuyahoga County Board of Election and Chairman of the Ohio Republican Party, can tell reporters that he had not yet seen the EVEREST report yet claim there is nothing wrong with the voting machines.  

This sort of willful ignorance is what contributed to the purchase of inadequately tested, fraud-friendly electronic voting machines in the first place.   

The academic reviewers of the EVEREST team describe the electronic voting system put in place under former Secretary of State Ken Blackwell as possessing "critical security failures that render their technical controls insufficient to guarantee a trustworthy election." 

Damschroder has criticized Brunner for her haste to replace DRE's. Perhaps if Damschroder had been listening to computer experts’ concerns about DRE's in 2004, instead of passing money from a voting machine intermediary to the Ohio Republican party, he might have influenced the County Boards of Election to purchase Optiscan over DRE's and we would not have to rush to put paper ballots in place to protect the vote in the 2008 primary.

EVEREST, Brunner's independent testing of Ohio's e-voting machines, assails the mountain of lies perpetuated by dishonest voting machine vendors and complicit Board of Election supervisors who sold the public a bill of goods concerning the security of these machines. EVEREST like the countless, credible, critical, reviews of electronic voting machines that preceded it, found numerous serious security vulnerabilities in basic electronic voting machine system design and implementation.  

As part of the EVEREST project, MicroSolved, Inc. (MSI), performed penetration tests of three voting machines systems in use in Ohio, Premier (Diebold), ES &S and Hart.  MSI's Executive Summary report concluded that all three vendors had failed to adopt, implement and follow "even the most basic set of information security guidelines" used in other industries.  

MSI uncovered a myriad of common vulnerabilities and weaknesses many of which have been known for several years and still exist in the system components.  They reported that many components lacked basic security controls such as firewalls, antivirus and other mechanisms for protecting system integrity.  

Princeton computer scientist Ed Felten considered the EVEREST report to be the scariest e-voting security report yet.  He questioned how the ES&S iVotronic touchscreen voting machine ever got certified, noting that a machine with so many design errors must be susceptible to misrecording or miscounting votes due to ordinary glitches that plague computer systems. He considered the iVotronic too risky to use even if all poll workers and voters were angels.   

Among the many potential touchscreen security breaches that alarmed Felten was an undocumented backdoor function that allows a voter or poll worker to alter vote totals using a magnet and a personal digital assistant.  

You see, Mr. Bennett, there is a truth, based on an actual body of evidence, that discredits your statement that there is nothing wrong with these voting machines. Facts trump the mindless repetition of vendor-generated untruths.

It would be a serious mistake to continue to use DRE voting machines that are extremely fraud friendly in a time when it is widely known how insecure these voting machines are.  When a DRE voting machine is corrupted or malfunctions on election night, votes are irretrievably lost.  If our election outcomes are to be decided by competing hackers or election insiders who infect electronic voting machines with computer viruses then our democracy is history.   

The move to optical scan is not sufficient in and of itself to restore confidence in the integrity of the vote. The accuracy of optical scan voting machine tallies is also easily compromised by programming errors, computer viruses and insider manipulation. A few insiders can still flip an election without detection because of shamefully inadequate auditing processes.  

Currently Ohio law has no requirement to use the paper audit trail to verify the accuracy of easily compromised electronic voting machines. If we are to restore confidence in the integrity of the vote by the 2008 presidential election, then we need to pass legislation that requires mandatory random surprise audits of the paper ballots as compared to the machine tallies.  

I welcome Jon Husted's participation in this process and his pledge of a bipartisan approach to implementing changes in the state election system.

 1  |  2