Send a Tweet
Most Popular Choices
Share on Facebook Share on Twitter Share on LinkedIn Share on Reddit Tell A Friend Printer Friendly Page Save As Favorite View Favorites
General News

1,000 pages of bad news: Ohio e-voting report released

By Jon Stokes  Posted by Rady Ananda (about the submitter)       (Page 1 of 2 pages)     Permalink    (# of views)   1 comment

Related Topic(s): ; ; ; ; ; ; ; , Add Tags
Add to My Group(s)

View Ratings | Rate It

- Advertisement -
Published: December 17, 2007 - 11:58PM CT

Ars Technica

The results are now in from a thorough, $1.9 million test of the voting machines that Ohio has used in elections over the past few years, and they paint about as awful a picture of the state's electoral apparatus as one would expect given the steady stream of grim news out of counties like Cuyahoga. The two private-sector and three academic research teams that carried out the Evaluation & Validation of Election-Related Equipment, Standards & Testing (EVEREST) study of Ohio's e=voting systems did not mince words in the 86-page Executive report that they released this past Friday (or, if words were minced, then one can imagine that the unminced version wasn't family-friendly):

"The findings of the various scientists engaged by Project EVEREST are disturbing. These findings do not lend themselves to sustained or increased confidence in Ohio's voting systems."

Ohio Secretary of State Jennifer Brunner, a woman whose recent and spectacular bungling of a Cuyahoga County recount gives ample reason to doubt her commitment to fair and accurate elections, didn't even bother trying to sugarcoat this report.

- Advertisement -

"To put it in every-day terms, the tools needed to compromise an accurate vote count could be as simple as tampering with the paper audit trail connector or using a magnet and a personal digital assistant," Brunner said in a statement. Note that Brunner here is describing machines that have been in use in Ohio since before the 2004 presidential election. This isn't some glimpse of how bad things might be in November 2008. It's a look at how bad they've been all along.

Brunner went on to make the following unintentionally funny remark, which was presumably intended to inject a note of confidence into the release of a report that could almost have been titled, Barn Door Left Open; Whereabouts of Horse In Doubt: "It's a testament to our state's boards of elections officials that elections on the new HAVA mandated voting systems have gone as smoothly as they have in light of these findings."

E-voting in Ohio has gone "smoothly"? Really?!

- Advertisement -

Speaking of damage control attempts, however feeble, Premier released this press statement in response to Friday's report that contains plenty to chuckle at. I thought this gem was particularly priceless:

"It is important to note that there has not been a single documented case of a successful attack against an electronic voting system, in Ohio or anywhere in the United States."

Given the magnitude of the vulnerabilities that the report details in Premier's systems and the impossibility of conducting a meaningful audit with those systems, this is sort of like a blind and deaf person saying, "Despite my habit of cleaning my first-floor apartment in the nude with all of the street-facing windows open, I have no documented evidence that anyone has ever seen me naked."

Almost 1,000 pages of bad news

The voting systems investigated in the study came from ES&S, Hart Intercivic, and Premier Election Systems (formerly Diebold). The researchers evaluated individual components, whole systems, and elections procedures, and the list of detailed reports on each vendor's systems that they produced described technical and procedural problems with almost every aspect of each system. Like so many of their kind that litter my hard drive after years of e-voting coverage, the EVEREST reports list of page after page of flaws, vulnerabilities, and bone-headed design decisions, many of which would boggle my mind were it not already completely boggled out on this topic by said prior coverage.

Ultimately, the voting systems got failing grades in the following main areas tested, according to the "Findings" section of the executive report:

  • Insufficient Security: The voting systems uniformly "failed to adequately address important threats against election data and processes," including a "failure to adequately defend an election from insiders, to prevent virally infected software... and to ensure cast votes are appropriately protected and accurately counted."
  • Security Technology: The voting systems allow the "pervasive mis-application of security technology," including failure to follow "standard and well-known practices for the use of cryptography, key and password management, and security hardware."
  • Auditing: The voting systems exhibit "a visible lack of trustworthy auditing capability," resulting in difficulty discovering when a security attack occurs or how to isolate or recover from an attack when detected.
  • Software Maintenance: The voting systems' software maintenance practices are "deeply flawed," leading to "fragile software in which exploitable crashes, lockups, and failures are common in normal use."

The EVEREST executive report's conclusions summarize the findings as follows:

- Advertisement -

Unfortunately, the findings in this study indicate that the computer-based voting systems in use in Ohio do not meet computer industry security standards and are susceptible to breaches of security that may jeopardize the integrity of the voting process. Such safeguards were neither required by federal regulatory authorities, nor voluntarily applied to their systems by voting machine companies, as these products were certified for use in federal and state elections.

In lieu of my typical bullet list of outrageous report highlights—obvious admin passwords, a complete lack of encryption on critical files, a reliance on easily manipulated "security tape" to prevent tampering, the ease with which anyone can boot some of the machines into admin mode, and other typical problems that were there in spades in this report—I'll just highlight one critical flaw in an optical scan machine of the type that everyone wants to replace the touchscreens with.

The EVEREST researchers described a vulnerability in the ES&S M100 optical scanner in which simply flipping the write-protect switch on the device's CF card to "on" would result in a precinct-wide undercount that's extremely hard to detect.

Next Page  1  |  2


- Advertisement -

View Ratings | Rate It

In 2004, Rady Ananda joined the growing community of citizen journalists. Initially focused on elections, she investigated the 2004 Ohio election, organizing, training and leading several forays into counties to photograph the 2004 ballots. She officially served at three recounts, including the 2004 recount. She also organized and led the team that audited Franklin County Ohio's 2006 election, proving the number of voter signatures did not match official results. Her work appears in three books.

Her blogs also address religious, gender, sexual and racial equality, as well as environmental issues; and are sprinkled with book and film reviews on various topics. She spent most of her working life as a researcher or investigator for private lawyers, and five years as an editor.

She graduated from The Ohio State University's School of Agriculture in December 2003 with a B.S. in Natural Resources.

All material offered here is the property of Rady Ananda, copyright 2006, 2007, 2008, 2009. Permission is granted to repost, with proper attribution including the original link.

"In a time of universal deceit, telling the truth is a revolutionary act." Tell the truth anyway.

Share on Google Plus Submit to Twitter Add this Page to Facebook! Share on LinkedIn Pin It! Add this Page to Fark! Submit to Reddit Submit to Stumble Upon Share Author on Social Media   Go To Commenting

The views expressed herein are the sole responsibility of the author and do not necessarily reflect those of this website or its editors.

Writers Guidelines

- Advertisement -