Few jurisdictions have implemented any of the key countermeasures that could make the least difficult attacks against voting systems much more difficult to execute successfully.
For all three types of voting systems:
1. When the goal is to change the outcome of a close statewide election, attacks that involve the insertion of Software Attack Programs or other corrupt software are the least difficult attacks.
to a wide array of attacks.
DREs without voter-verified paper trails do not have available to them a powerful countermeasure to software attacks: post-election Automatic Routine Audits that compare paper records to electronic records.
For DREs w/VVPT and PCOS:
1. The voter-verified paper record, by itself, is of questionable security value. The paper record has significant value only if an Automatic Routine Audit is performed (and a well-designed chain of custody and physical security procedures is followed).
2. Even if jurisdictions routinely conduct audits of voter-verified paper records, DREs w/VVPT and PCOS are vulnerable to certain software attacks or errors.
COMPUWARE CORP. DRE Technical Security Assessment Report for Ohio, November 2003. Confidential report prepared for Ohio Secretary of State Ken Blackwell, and later published on the web. High risks include:
With access to the supervisor card, someone could guess the four digit PIN. The four digit PIN is a factory default from Diebold and cannot be changed. In our test it was guessed in less than two minutes of testing.
Smart Card Writer - with access to the small handheld writer, someone could use a voting card more than once while at the voting booth.
Diebold's voting system uses MS Access as the database to store the Ballot definition, Audit logs and Tally results. The Database has no password protection. The audit logs and the tally results can be changed.
CONGRESSIONAL RESEARCH SERVICE, Election Reform and Electronic Voting Systems (DREs): Analysis of Security Issues. (Order Code RL32139) November 4, 2003. click here
This is a comprehensive report on several expert studies of electronic voting systems. Problems noted include:
There appears to be an emerging consensus that in general, current DREs do not adhere sufficiently to currently accepted security principles for computer systems, especially given the central importance of voting systems to the functioning of democratic government.
Next Page 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10
(Note: You can view every article as one long page if you sign up as an Advocate Member, or higher).