Saturday, July 28, 2007

More Evidence of Insecure Electronic Voting Systems

The potential for electronic voting skullduggery appears to be engineered into some of the most popular modern polling technology.

If this wasn't the case, these systems would be more tamper-proof.

Insecure electronic slot machines would never be officially tolerated in Vegas.

Computer scientists from California universities have hacked into three electronic voting systems used in California and elsewhere in the nation and found several ways in which vote totals could potentially be altered, according to reports released yesterday by the state.

The reports, the latest to raise questions about electronic voting machines, came to light on a day when House leaders announced in Washington that they had reached an agreement on measures to revamp voting systems and increase their security.

The House bill would require every state to use paper records that would let voters verify that their ballots had been correctly cast and that would be available for recounts.

The House majority leader, Representative Steny H. Hoyer, Democrat of Maryland, and the original sponsor of the bill, Representative Rush D. Holt, Democrat of New Jersey, said it would require hundreds of counties with paperless machines to install backup paper trails by the presidential election next year while giving most states until 2012 to upgrade their machines further.

Critics of the machines said that some of the measures would be just stopgaps and that the California reports showed that security problems needed to be addressed more urgently.

The California reports said the scientists, acting at the state's request, had hacked into systems from three of the four largest companies in the business: Diebold Election Systems, Hart InterCivic and Sequoia Voting Systems.

Thousands of their machines in varying setups are in use.

The reports said the investigators had created situations for each system "in which these weaknesses could be exploited to affect the correct recording, reporting and tallying of votes."

Voting experts said the review could prompt the California secretary of state, Debra Bowen, to ban the use of some of the machines in the 2008 elections unless extra security precautions were taken and the election results were closely audited.

Matthew A. Bishop, a professor of computer science at the University of California, Davis, who led the team that tried to compromise the machines, said his group was surprised by how easy it was not only to pick the physical locks on the machines, but also to break through the software defenses meant to block intruders.

Professor Bishop said that all the machines had problems and that one of the biggest was that the manufacturers appeared to have added the security measures after the basic systems had been designed.

By contrast, he said, the best way to create strong defenses is "to build security in from the design, in Phase 1."

The reports also said the investigators had found possible problems not only with computerized touch-screen machines, but also with optical scanning systems and broader election-management software.

<< Home