Brunner and Premier have locked horns several times since she took office in January 2007 over whether the company's DRE (direct recorded election) touch-screen electronic voting technology works properly and is secure. The problem came to a head in April, when election officials in Ohio's Butler County detected a vote count discrepancy during the primary election. The county board of elections staff determined that the Premier DRE system had malfunctioned and failed to count votes from memory cards uploaded to the system's vote tabulation computer server, Brunner says, adding, "This is not what we bargained for."
Suspecting problems with all of the e-voting technology that had so far cost Ohio $112 million, Brunner last year commissioned Project EVEREST, a comprehensive security review of the electronic voting technology used throughout Ohio, to identify any problems that might make elections vulnerable to tampering. During the 10-week project, teams of academic researchers from Pennsylvania State University, the University of Pennsylvania and WebWise Security (a security firm formed in 2005 by faculty and students from the University of California, Santa Barbara's security research group) examined DRE touch-screen and optical-scan voting systems from Premier, Election Systems and Software (ES&S) in Omaha, Neb., and Austin, Tex.–based Hart InterCivic as well as the software that manages these systems.
EVEREST researchers found exploitable security weaknesses in all three vendors' systems, Brunner said in a statement when the project concluded in December. "Many of these vulnerabilities represent practical threats to the integrity of elections as they are conducted in Ohio," she said. "We found vulnerabilities in different vendor systems that would, for example, allow voters and poll workers to place multiple votes, to infect the precinct with virus software or to corrupt previously cast votes—sometimes irrevocably."
"None of the systems out there are even remotely adequate given the importance of the data they handle," says Patrick McDaniel, a Penn State professor of information security who led the EVEREST testing. A lot of the attacks that McDaniel and his team tested could be carried out at a polling place or county elections office in a matter of seconds. An example: when researchers placed a piece of white tape over part of an e-voting system's scanner, they were able to effectively block it from reading the entire ballot. In other words, a person could put the tape in a place that kept the system from counting votes for a particular candidate. The team also found that the keys to unlock Hart's ballot box could also be used to open the ballot boxes on the Premier systems.
In a more serious attack, McDaniel found that his researchers could replace the memory card in some of the e-voting systems. "Any software you put on your card would uploaded into the system's computer," he says.
Premier had already responded to EVEREST's findings as well as a similar project commissioned by California Secretary of State Debra Bowen called Top-to-Bottom Review in March by issuing a report that emphasized that the EVEREST researchers did their work with "no physical or operational security controls" and did not simulate realistic election day conditions. Premier could not be reached for comment.
The EVEREST researchers don't dispute that. Sandy Clark, an EVEREST researcher and the computing systems manager of Princeton University's Atmospheric and Oceanic Sciences Program, said at the Last HOPE hacker's conference held last month in New York City that she and her EVEREST colleagues "treated the project as a hack."