California report slams e-voting system security

LATEST NEWS

Computerworld is New Zealand's only specialised information systems fortnightly.
Subscribe now for $100 (23 issues) and save more than 37% off the cover price!

Get the latest news from Computerworld delivered via email.
Sign up now

Diebold and Sequoia in frame for e-voting flaws

By Robert McMillan | San Francisco | Monday, 6 August, 2007

Researchers commissioned by the US state of California have found security issues in every electronic voting system they tested, California Secretary of State, Debra Bowen, says.

The e-voting security report was published in late July as part of a complete review of the state’s voting systems, initiated earlier this year by Bowen’s office. Its findings were not encouraging for backers of e-voting.

“The security teams were able to bypass both physical and software security in every system they tested,” Bowen says.

The report documents 15 security problems found in the devices. For example, researchers were able to exploit bugs in the Windows operating system used by the Diebold GEMS election management system to circumvent the system’s audit logs and directly access data on the machine. They were able to get a similar level of access to Sequoia WinEDS data as well.

Testers were also able to overwrite firmware, bypass locks on the systems, forge voter cards, and even secretly install a wireless device on the back of a GEMS server.

Bowen was set to decide by August 3, after Computerworld’s deadline, which systems will be certified for use in the 2008 presidential primaries. She would not comment on how the report’s findings will affect this decision until she has completely reviewed the report. “The severity of it, what it means ... that’s a matter for us to investigate and pull apart and analyse between now and ... Friday,” she says.

Bowen acknowledges the security problems found by researchers were important. “It’s a big deal for many people in this country,” she says. “We are a democracy and our very existence as a democracy is dependent on having voting systems that are secure, reliable and accurate.”

California’s review is the most thorough review of voting machine technology yet undertaken in the US.

A team of researchers assembled by the University of California has spent the past two months evaluating the security, accessibility and manufacturer documentation of voting machines. A “red team” of penetration testers attempted to gain access to the voting systems to see if they could disrupt an election or alter the results, while another team examined the source code to the machines.

Researchers examined devices manufactured by Diebold Election Systems, Hart InterCivic and Sequoia Voting Systems.

Representatives from Diebold and Sequoia said they needed more time to review the research before commenting in depth.

“We are very anxious to review the findings,” says Michelle Shafer, a Sequoia spokeswoman. She notes, however, that the “testing done during this Top to Bottom Review did not employ the processes and procedures used in the conduct of an actual election.”

Another vendor, Election Systems & Software (ES&S) was so late in providing access to their products that their systems will be evaluated at a later date, Bowen says.

The ES&S systems are used by Los Angeles County, and Bowen wouldn’t say whether the absence of ES&S from the report might leave the county without certified voting systems in February.

Voting systems are purchased by local county officials in California, but they must be certified by the Secretary of State’s office before they can be used in an election.

With California in the forefront of voting system reforms, the report will be closely scrutinised by state officials across the country, says Kim Alexander, president and founder of the California Voter Foundation. “Even though we’ve made a number of improvements to voting systems in California, doubts persist about the reliability of our voting equipment.”

In 2004, for example, voting was delayed by several hours in many San Diego precincts as the city struggled to roll out a new US$31 million (NZ$40.1 million) Diebold electronic voting system.

The report was conducted under time constraints. In March, California Governor Arnold Schwarzenegger moved the date of the state’s 2008 presidential primary vote ahead from June to February 5.

State law mandates that the Secretary of State must give counties at least six months’ notice if machines are to be de-certified, forcing Bowen to make a decision on the matter by August 3.

She says it was unfortunate there was not more time for study and debate, but that putting off the review was not an option. “I don’t want any doubt about the reliability of our voting systems come February 5, 2008,” she says.