Among its findings are:
Harri Hursti's attack upon the memory card is a real threat.
There are at least 16 additional vulnerabilities beyond the one
identified by Harri Hursti, related to the interpreter.
Access to a memory card can be used to change the election results.
An attacker could change vote totals, modify reports, change the names
of candidates, change races being voted on, or insert the attackers own
code into the running firmware of the Diebold voting system.
Successful attacks can only be detected by examining the paper ballots.
There would be no way to know that any of these attacks occurred;
including in the canvass procedure.
"Clearly there are serious security flaws in the current state of the
AV-OS and AV-TSx software"
They also made it clear that there may be other security
vulnerabilities they did not find given the limited scope of their
examination. They also concluded that the AccuVote-TSx and AccuVote-OS
did not meet the 2002 Voting System Standards banning the use of
interpreted code in voting systems. Interpreted code is prohibited
because "[t]his prohibition is to ensure that the software tested and
approved during the qualification process remains unchanged and retains
its integrity."
The lawsuit in California is also based upon the AccuVote-TSx not
meeting the requirements of the Help America Vote Act (HAVA) for
accessibility for the disabled voter.
While the voting system can provide an audio capacity for the blind
(with reports of it taking over 30 minutes to vote with the audio), it
does not address the other disabled individuals who have other physical
impairments and require such features as sip-puff, or gel pads. Those
requirements are applicable to any voting systems purchased for and
used in Utah. The state and local counties are leaving themselves
vulnerable to a lawsuit from the disabled community.
Despite the findings by the Secretary's own Board, on February 17,
2006 he did certify the AccuVote-OS and TSx based upon certain
conditions. Those conditions in effect placed the burden and liability
upon the local counties. Two of his "conditions" stated the voting
systems were certified only if they met the requirements of state and
federal law, and specifically including the 2002 Voting Systems
Standards. According to his own Board, the Diebold voting systems are
not in compliance with those standards.
The lawsuit in California is not based upon "alleged evidence that the
machines could easily be tampered with, leading to voter fraud." There
have been two tests in Florida proving it by independent computer
scientists, and now the California Secretary of State's own assessment
Board has also proven that there are in fact security vulnerabilities.
It has gone from an assertion without proof or evidence, to one that
has been scientifically proven. There was already ample evidence
available to Bruce Funk to justify his wanting to subject the
AccuVote-TSx voting system to further examination. He was conducting
his due-diligence in protecting the interests of the citizens and
voters of Emery County. The question that must be asked; Will the Utah
Secretary of State and Lt. Governor do their due-diligence and subject
the AccuVote-OS and TSx voting systems to more rigorous examination
before allowing them to be used in an election? If they do not examine
the voting system regarding compliance with HAVA, accessibility, and
security issues, they put at risk any federal funding and expose the
state to possible lawsuits. Worse, the voters of Utah will not be able
to have confidence that their votes were recorded and counted
accurately.
Regards,
Joseph Holder
Lead Plaintiff
Holder v McPherson
--
----
Kathy Dopp
http://electionarchive.org
National Election Data Archive
Subscribe to our announcements by emailing election-subscribe@uscountvotes.org
Dedicated to Accurately Counting Elections
Please donate or volunteer.
Harri Hursti's attack upon the memory card is a real threat.
There are at least 16 additional vulnerabilities beyond the one
identified by Harri Hursti, related to the interpreter.
Access to a memory card can be used to change the election results.
An attacker could change vote totals, modify reports, change the names
of candidates, change races being voted on, or insert the attackers own
code into the running firmware of the Diebold voting system.
Successful attacks can only be detected by examining the paper ballots.
There would be no way to know that any of these attacks occurred;
including in the canvass procedure.
"Clearly there are serious security flaws in the current state of the
AV-OS and AV-TSx software"
They also made it clear that there may be other security
vulnerabilities they did not find given the limited scope of their
examination. They also concluded that the AccuVote-TSx and AccuVote-OS
did not meet the 2002 Voting System Standards banning the use of
interpreted code in voting systems. Interpreted code is prohibited
because "[t]his prohibition is to ensure that the software tested and
approved during the qualification process remains unchanged and retains
its integrity."
The lawsuit in California is also based upon the AccuVote-TSx not
meeting the requirements of the Help America Vote Act (HAVA) for
accessibility for the disabled voter.
While the voting system can provide an audio capacity for the blind
(with reports of it taking over 30 minutes to vote with the audio), it
does not address the other disabled individuals who have other physical
impairments and require such features as sip-puff, or gel pads. Those
requirements are applicable to any voting systems purchased for and
used in Utah. The state and local counties are leaving themselves
vulnerable to a lawsuit from the disabled community.
Despite the findings by the Secretary's own Board, on February 17,
2006 he did certify the AccuVote-OS and TSx based upon certain
conditions. Those conditions in effect placed the burden and liability
upon the local counties. Two of his "conditions" stated the voting
systems were certified only if they met the requirements of state and
federal law, and specifically including the 2002 Voting Systems
Standards. According to his own Board, the Diebold voting systems are
not in compliance with those standards.
machines could easily be tampered with, leading to voter fraud." There
have been two tests in Florida proving it by independent computer
scientists, and now the California Secretary of State's own assessment
Board has also proven that there are in fact security vulnerabilities.
It has gone from an assertion without proof or evidence, to one that
has been scientifically proven. There was already ample evidence
available to Bruce Funk to justify his wanting to subject the
AccuVote-TSx voting system to further examination. He was conducting
his due-diligence in protecting the interests of the citizens and
voters of Emery County. The question that must be asked; Will the Utah
Secretary of State and Lt. Governor do their due-diligence and subject
the AccuVote-OS and TSx voting systems to more rigorous examination
before allowing them to be used in an election? If they do not examine
the voting system regarding compliance with HAVA, accessibility, and
security issues, they put at risk any federal funding and expose the
state to possible lawsuits. Worse, the voters of Utah will not be able
to have confidence that their votes were recorded and counted
accurately.
Regards,
Joseph Holder
Lead Plaintiff
Holder v McPherson
--
----
Kathy Dopp
http://electionarchive.org
National Election Data Archive
Subscribe to our announcements by emailing election-subscribe@uscountvotes.org
Dedicated to Accurately Counting Elections
Please donate or volunteer.
(Note: You can view every article as one long page if you sign up as an Advocate Member, or higher).
