At the Last HOPE conference, University of Pennsylvania researchers who led EVEREST's analysis of ES&S e-voting technology described exploitable security vulnerabilities in almost every hardware and software component of ES&S's touch-screen and optical-scan systems. Some of these flaws, Clark said, could allow a single voter or poll worker with bad intentions to alter countywide election results, possibly without election officials ever knowing that the results had been tampered with. "There wasn't an attack that we tried that we weren't able to carry out," she added. "We learned that every current e-voting system has serious exploitable vulnerabilities."
In addition to investing in Premier systems, Ohio has spent more than $41 million on ES&S e-voting technology and is one of 43 states that are ES&S customers.
When contacted for this story ES&S pointed to statements made earlier this year regarding EVEREST. Like Premier, ES&S's conclusion is that anyone attempting to replicate many of EVEREST tests would need "unfettered access to the DRE unit" as well as detailed knowledge of how the system works (to wit, its communications protocol with its audit log).
Despite their differences, Ohio and Premier are stuck with each other for the 2008 presidential election. "With the election being less than three months away, the counties will be using the technology they have," Brunner says. To head off any potential problems, Ohio counties using touch-screen voting systems are being required to print a hard copy of at least a portion of electronically cast votes, which will provide an audit trail. Voters will also be offered the option of filling out paper ballots that can be read by optical scanners and registered in a database.
E-voting systems have to be completely redesigned with security in mind, McDaniel says. In the short term, this means adding more thorough vote-auditing capabilities so that discrepancies can be investigated. "The elections systems should have the same quality, the same reliability, the same testing and the same certification requirements as financial systems," he says. "If the systems used by banks, which have to report to the SEC [Securities and Exchange Commission], had this level of quality, no one would put their money in the bank."
Looking beyond November, Brunner says that she wants Ohio to rely more on optical-scan technology. "Later on," she adds, "there may be a place for touch-screen (systems)."
See what we're tweeting about
8 Comments
Add CommentAs a software engineer, there I say it is absolutely impossible to make an electronic voting system that can be trusted. Period. I have been through all the BS that proponents and people that work on the concept have said. It cannot be done. A major reason it cannot be done is that unique identifiers for users that can be traced to them are out. All the explanations otherwise are handwaving baloney.
Reply | Report Abuse | Link to thisThe only variant that could be trusted at all is one that spits out a hard copy on strong plastic or card stock. Then those cards can be inserted into a separate, dumb machine. But even this requires a unique identifier, and it can be hacked with a denial of service attack by manufacturing multiple identical identified cards, thereby destroying that vote in an audit.
Brunner's own studies showed that all computerized voting systems can be hacked. Over 50 scientific studies corroborate that software can be altered without detection, because malware can erase itself. It is absolutely ludicrous that public elections are run on the worse possible technology available - undetectably mutable software. So, for 2008, we'll have another election that provides us with no rational basis for confidence in reported results.
Reply | Report Abuse | Link to thisSee Debunking: http://snipurl.com/31wg5
Warning: http://snipurl.com/31v1x
Full 50+ Bibliography: http://snipurl.com/30nhj
The optical scanners are just as hackable and prone to breakdown as the touch screen machines. That's not very clear in the article especially with Burner's quote at the end. If we're to have confidence in our elections then count the ballots by hand. All the machines are undetectable vote fraud enabling junk.
Reply | Report Abuse | Link to thisThe whole point of these machines from day one was to rig elections. The ruling class have never had any interest in giving the rabble a real voice. Elections are no more real than a wrestling show if they can help it.
Reply | Report Abuse | Link to thisNot to mention the standards were written by politicians with no software knowledge, and then left to be evaluated by test houses in collusion, like systest in colorado: http://www.opednews.com/articles/SysTest-Labs-under-Fire-Fo-by-Rady-Ananda-080815-39.html
Reply | Report Abuse | Link to thisThe vote is the foundation of democracy. To put private, for profit corporations in charge of recording and counting the people's vote is short sighted. To allow them to count the vote with proprietary software in secrete invites tyranny.
Reply | Report Abuse | Link to this"Fascism should more properly be called corporatism because it is the merger of state and corporate power." - Benito Mussolini.
"It's not the people who vote that counts. It's the people who count the votes." - Josef Stalin
Another election approaches and yet another establishment media outlet does a story decrying the perils of e-voting too late to do anything about it.
Reply | Report Abuse | Link to thisGood job. This issue has been obvious to anyone with a PC for almost a decade. Not only have numerous tests been conducted proving that computerized voting (not to mention tabulation which is just as vulnerable and was omitted from this article), but there is more than compelling evidence that computerized systems have thrown elections.
These systems aren't imperfect. If one were to design a system for election rigging, they could not have done better.
It is nice that SciAm has decided to cover this issue. But it's too little too late. We are about to hand over yet another American election to a few private companies who have shown nothing but contempt for the principles of open, transparent democracy.
'EVMs illegally being used for a decade' -Legal Research Paper published in India at Chennai
Reply | Report Abuse | Link to thisAuthor - Ajay Jagga, Punjab & Haryana High Court Lawyer, India
Sanjay Sharma, TNN, Feb 22, 2010, 03.44am IST
CHANDIGARH: The electronic voting machines (EVMs) are being used in violation of the Information Technology Act 2000, a research paper has revealed.
Author of the research paper, advocate Ajay Jagga, told The Times of India, on Sunday that as per IT Act, 2000, a verifiable audit trail has to be provided in case of any electronic record, which is now admissible as evidence as per Evidence Act but in case of electronic voting, the voter does not get any receipt with regard to his voting.
The research paper recently attracted the attention of experts when a conference on "EVMs: How trustworthy? " in Chennai passed a unanimous resolution on February 13, to approach the Election Commission of India (ECI) for bringing the electronic voting procedure in tune with IT Act, 2000.
Jagga said he would soon approach ECI seeking formation of legal committee to remove the illegality or will knock the doors of court.He said the voter comes across a beep and flash, but what has happened inside the machine and whether the data has been recorded as per the wish of the elector, is not know. It is just like deposited money in the bank and official of the bank says no receipt is required.
The lawyer said, "Unless the voter gets a receipt like the one we get in ATM or after the use of debit or credit cards, all electronic transactions including a vote, are illegal." What is the evidence that the vote cast has really been recorded and that it has been recorded in the manner the voter intended, he asked.
For the purpose and to protect the secrecy of ballot, all such receipts, after the voter has checked his transaction, should be put in a box which should remain with ECI to be produced as evidence in case of a dispute, he said. The government amended the relevant laws in 1989 to equate EVM with ballot and ballot box to facilitate transition from ballot paper to EVM but the IT Act 2000 created a new complication that has to be immediately resolved in the interest of fairness of things, Jagga pointed out.