Process and security in electronic voting

Process and security in electronic voting

Summary: Yesterday, I pointed to a story from New Mexico Verified Voting about hacking Diebold machines with some simple tools in 4 minutes. To follow up on that I asked Davis County (Utah) Clerk Steve Rawlings about it.

SHARE:
TOPICS: Security
2

Yesterday, I pointed to a story from New Mexico Verified Voting about hacking Diebold machines with some simple tools in 4 minutes. To follow up on that I asked Davis County (Utah) Clerk Steve Rawlings about it. His reply was that in Utah voting booths aren't fully enclosed, so anyone walking by would see a voter trying to tamper with the machine.

This underscores the point that no voting machine by itself will be secure. You need to also wrap the machine in process and procedure. The overall system is what has to be evaluate. Still, information like that in the site I pointed to yesterday is important because it informs County Clerks and others what steps and measure they need in their process to create a secure system.

I think there are a few key points that elections officials need to keep in mind as they move to electronic voting machines:

  • Transparency in creating and implementing the process is critical to establishing credibility. More importantly, transparency will aid the process by letting smart people point out flaws.
  • Being defensive is counterproductive. Elections officials should welcome interaction from voting activists even if it's delivered in a condescending and mocking tone.
  • Never think you're done or that your system is impenetrable. If computer security teaches us anything, it's that there is no such thing as compete or impenetrable security.

Voting activists would do well to deliver their message in a way that seems helpful rather than confrontational. Often the message is delivered in a way that assumes that people running elections are all crooked or stupid. That's just not productive.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Vote hacking in hardware

    My website at Verfied Voring New Mexico got slashdotted so it's
    off the air for a few days till I get some more bandwidth. Glad
    the word is getting out. Black Box Voting .org now has the
    photos up on their site with less detailed an explanation so head
    over there.

    Regarding clerks comment it sort of shows that the clerk thinks
    the enemy here is the voting public. Whereas the real nature of
    the particular attack shown is not a voter in the voting booth--
    that's pretty obvious from the nature of the disassembly. The
    real threat is from anyone with access to a few moments with
    the machine. The Truck driver, the warehouse manager, the
    night custodian, the precint judge or the clerk's office. In many
    states machines get sent home with the precint judges or stored
    in the school principals office the night before.

    The attack is particularly relevant because there's a known
    software attack that's so far proved undetectable by any means
    at the count clerks disposal, that can alter the election outcome
    to a desired result (the Hurtsi attack). So given physical access
    unwathed then in 4 minutes the game's over.

    But the real story here is not the specific attack. That can be
    retroactively patched. The point is the sheer obviousness and
    simplicity of the attack is because the manufacturer was in such
    a rush to market on these devices that they just did not consider
    the security issue. And that's the problem.

    It shows why that it's not only neccessary to have paper ballots/
    trails but to also verify them.
    charlie strauss
  • Process and Security in Electronic Voting

    I appreciate that Phil refers to the fact that computerized voting
    systems are inherently vulnerable. That vulnerability includes
    accidental, defective, and maliscious errors and fraud. Many
    computer specialists have written extensively on this subject.
    The Compuware and RABA Reports also pointed out the multiple
    motivations and vulnerabilities with electronic based voting
    systems. What happened in Ohio when recounts were attempted
    in the 2004 election cycle point out the various ways that some
    election officials treat the public's attempt to confirm the
    accuracy of electronic voting systems; a willingness to subvert
    and mislead the public and even break the law. We have seen
    similar efforts here in California. Whenever the public wants to
    confirm that the final result was accurate it would behoove
    election officials to welcome oversight and an opportunity to
    prove the viability and effectiveness of the voting system and the
    procedures used. Instead we have seen election officials
    resisting or preventing observation of key processes, ignoring of
    the required procedures, and even violation of election code.

    The 4-minute "hack" to the memory card was done on a Diebold
    optical scanner. But it actually would take much less time. The
    memory card is normally accessed via the modem or serial port.
    In seconds a knowledgeable person could access and alter the
    contents of the card without any more tools than a cable with
    the right plug. The units are typically distributed to the field
    already in Election Mode, the very mode in which the Hursti I
    hack can occur.

    In Utah and elsewhere the system being used is the Diebold TSx
    touch-screen machine. It has other access points that enable an
    electronic pathway to the operating system, firmware, and the
    memory card with the election, ballot definitions, and data.
    Diebold points out the memory card can be loaded with the
    election and ballot definitions via the modem and serial port. A
    PC can be connected to the electronics of the TSx via a Smart
    Card serial cable and the operating system, firmware, etc. can be
    altered.

    It would be just as easy to insert a Smart Card already loaded
    and power up the unit and the operating system in the Diebold
    voting system automatically searches for downloads. There is
    even an unmarked power switch externally accessible.

    In San Diego the upper access door to the second PCMCIA port
    and main power switch was not covered with a security seal prior
    to being distributed for "sleepovers", even though the key is a
    standard commercially available key that is identical throughout
    the country.

    What I want to know is why taxpayers are expected to pay for
    the development of procedures and upgrades to make voting
    systems that were poorly designed supposedly more secure.

    In retrospect local election officials will discover that not only
    have they bought into a sales pitch that promised more than it
    could deliver, they also betrayed the trust of their constituencies
    and continue to do so by defending the indefensible. A multi-
    billion dollar fraud has been perpetrated on the American people
    and election officials have been used to accomplish it. They have
    chosen to listen to sales pitches more than to their constituents.

    Conducting open, accurate, and trustworthy elections must be
    the exclusive goal in conducting elections. If they are willing to
    prove they are, they will regain the public's confidence.
    Jody Holder