Network News

X My Profile
View More Activity

Citing Security Concerns, California Limits E-Voting

California has placed tough restrictions on the nation's top electronic voting machine makers in the upcoming 2008 presidential primary, citing reports of security vulnerabilities in the devices that could jeopardize the integrity of the elections.

The decision comes roughly a week after a team of security experts from the University of California issued a report stating that all of the systems harbored physical and cyber security vulnerabilities that could allow miscreants to modify election results or render the machines unusable.

Many of the companies' systems already are used in local California elections. But according to a decree issued Friday by California's Secretary of State Debra Bowen, few of those systems will be allowed in polling booths in next year's primary.

"All of the voting systems studied contained serious design flaws that have led directly to specific vulnerabilities, which attackers could exploit to affect election outcomes," Bowen said.

According to the Sacramento Bee, "Bowen's actions will force 21 counties to shutter most of their touch-screen machines. Those counties, who use machines made by Diebold Election Systems and Sequoia Voting Systems, will instead ask most voters to fill bubbles on paper ballots to make their selections, a method known as 'optical scan.' The counties will be allowed to keep one electronic voting booth in each precinct to accommodate disabled users. Counties and manufacturers must install a series of security measures in order to keep even one booth, ranging from a reinstallation of software to extensive auditing procedures."

Christopher Drew of The New York Times reports that "the machines made by Diebold Election Systems and Sequoia Voting Systems could be used only in early voting and to meet voting-access requirements for the disabled. Another touch-screen model, made by Hart InterCivic, can be used more broadly, she said. But all three of the systems can be used only under rigorous security procedures, including audits of the election results."

By Brian Krebs  |  August 6, 2007; 2:05 PM ET
 
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Access Card Systems -- Trivially Vulnerable?
Next: Internet Explorer and Your Web Site's Privacy

Comments

See Bruce Schneiers comments on this, CA is still certifying machines which are modified. Hardly constitutes a fully secure system.

http://www.schneier.com/blog/archives/2007/08/more_on_the_cal.html

Also, FL and the UK have their takes:

http://www.schneier.com/blog/archives/2007/08/british_report.html
http://www.schneier.com/blog/archives/2007/08/florida_evoting.html

Posted by: dbh | August 6, 2007 3:26 PM | Report abuse

There is no way to hack into the voting machines unless you remove the security locks opened the case and hard wire into the motherboard. You would need a variety of tools to pull this off and you could only do one at a time. This would takes months to rig all the voting machines maybe years. You can not go in with a palm pilot and down load a trojan there is no hardware in the voting machine that would except it. No lan card, No internet card, No Wi-Fi reciever. There is a serial port but it is a output for the printer you can not input on this line it does not go anywhere. This line is a one way street nothing to hack too. With this said the only way to rig the election is to open the touch screen voting machines one at a time. If this is being done then we have seciruty problems with the poll workers allowing someone to open a voting machine. If touch screens can be hacked into then so can opticle scanners. Even paper can be rigged. Counting can be rigged. Nothing is full proof

Posted by: Auto2u | August 7, 2007 10:52 AM | Report abuse

Auto2u> There is no way to hack into the voting machines unless you remove the security locks opened the case and hard wire into the motherboard.

You obviously haven't read the reports, or followed this situation at all, because everything you say is dead wrong. Go read up on the last four years' research on http://avi-rubin.blogspot.com/ or http://www.freedom-to-tinker.com/.

Posted by: antibozo | August 7, 2007 3:22 PM | Report abuse

Auto2u:

Who signs your paycheck? One of the companies that make the voting machines?

Or is it the Republican National Committee?

Posted by: Critter | August 9, 2007 5:35 AM | Report abuse

What is particularly troubling about this is that, despite the results of the study, the machines can still be used if the identified vulnerabilities are fixed and certain procedural safeguards are put in place.

The evaluation found these weaknesses in spite of an unrealistic schedule and grudging cooperation, at best, from the vendors.

To assume that, once these flaws are fixed, the system will be secure is idiotic. It's as if you walked into your new apartment's kitchen, turned on the light, and saw 10 cockroaches -- and then assumed that, once you stepped on those 10, there would be no further problem.

Bruce Schneier has a good essay on this at "Wired""

http://www.wired.com/politics/security/commentary/securitymatters/2007/08/securitymatters_0809

Posted by: Rich Gibbs | August 9, 2007 11:11 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company