The database files that contain the election definition (and results) are neither encrypted nor authentication protected. By removing the front panel of the server (this is held in place by a small keyed lock), one can insert a CD, power up the server, and have it boot its operating system off the CD. A sophisticated user can automate this procedure requiring only a few minutes access to the server.
Because both the database password and audit logs are stored within the database itself, it is possible to modify the contents without detection. Furthermore, system auditing is not configured to detect access to the database. Given either physical or remote access it is possible to modify the GEMS database.
The procedure by which precincts upload votes to their LBE is vulnerable to a "man-in-the-middle" attack.
AVIEL RUBIN, National Science Foundation Director of ACCURATE Center, one of the authors with: Tadayoshi Kohno, Adam Stubblefield, and Dan S. Wallach. Analysis of an electronic voting system. In IEEE Symposium on Security and Privacy, May 2004.
Also see www.avirubin.com and "On My Mind: Pull The Plug," Forbes Magazine, 8/2006 http://www.forbes.com/forbes/2006/0904/040.html?partner=alerts&_requestid=2972
Why am I advocating the use of 17th-century technology for voting in the 21st century?
The boot loader controls which operating system, so it is the most security-critical piece of the machine. To (install overwriting software), a night janitor at the polling place would need only a few seconds' worth of access to the computer's memory card slot.
If the defense against the attack is not built into the voting system, the attack will work, and there are virtually limitless ways to attack a(n electronic) system.
U.S. COMMISSION ON FEDERAL ELECTION REFORM, 2006. See Wall Street Journal article, "Reversing Course on Electronic Voting: Some Former Backers of Technology Seek Return to Paper Ballots, Citing Glitches, Fraud Fears," Wall Street Journal, May 12, 2006.
click here
Former Secretary of State James A. Baker III and former President Jimmy Carter, who were co-chairmen of the bipartisan Commission on Federal Election Reform, warned in their 2005 final report that (fraud) could happen.
"Software can be modified maliciously before being installed into individual voting machines. There is no reason to trust insiders in the election industry any more than in other industries."
DAVID WAGNER Written Testimony, Computer Science Division, University of California, Berkeley, submitted to the Committee on Science and Committee on House Administration U.S. House of Representatives, July 19, 2006:
The federal qualification process is not working. Federal standards call for voting machines to be tested by Independent Testing Authorities (ITAs) before the machines are approved for use, but ITA-approved machines have:
* Lost thousands of votes across the country, and have reported thousands more votes than voters;
Next Page 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10
(Note: You can view every article as one long page if you sign up as an Advocate Member, or higher).
