AndrewAppel
Latest
Sequoia takes aim at Princeton profs over e-voting analysis plans
Princeton professors Ed Felten and Andrew Appel are certainly no strangers to drawing controversy, and it now looks like they've stirred the pot yet again, this time drawing the ire of Sequoia Voting Systems as a result of their plans to conduct some further e-voting analysis. At the heart of this latest brouhaha is plans that New Jersey election officials reportedly had to send some Sequoia Advantage e-voting machines to the profs for analysis, which Sequoia is unsurprisingly not so keen about. In fact, they've gone so far as to send Felten an email saying that such a plan violates Sequoia's licensing agreement for use of the systems, and that they've "retained counsel to stop any infringement of our intellectual properties, including any non-compliant analysis." No word on the professors' future plans just yet but, given their past history, we suspect they won't be backing down quite that easily.
Princeton prof picks up e-voting machines on the cheap
It's no secret that e-voting machines here in the US and around the world have more security holes than a slice of Lorraine Swiss, but it took a Princeton professor and $82 to discover just how bad the situation really is. Now, one would think that election officials would destroy their old terminals instead of selling them to the general public for practically nothing (the ~$5,000 devices are going for less than $20 apiece), yet that's exactly what Buncombe County, North Carolina did with 144 of its retired Sequoia AVC Advantages. First manufactured in the late 80's, the Advantages use old-school push buttons and lamps instead of the touchscreens found on more modern models -- and yet according to Princeton's Andrew Appel, they're actually more secure than those Diebold machines that fellow faculty member Ed Felten totally pwned several months back. Still, Appel and his students found numerous problems with these Sequoias that are still being used in parts of Colorado, New Jersey, Pennsylvania, and all across Louisiana: not only were they able to pick the machines' locks in under seven seconds, they discovered that the non-soldered ROM chips were easily replaceable, allowing a hacker-in-the-know to potentially swap them out with outcome-altering data. A Sequoia spokesperson claims that any tampering with the machines would set off an alarm at their headquarters, but Appel argues that this security precaution could easily be overridden with the right code. So this is just great: now we know that a determined individual could easily pick up still-in-use machines (for a song), reverse engineer them to figure out the security roadblocks, and then sneak into a church basement or gymnasium where many of these terminals gather dust for 364 days a year. This is a big problem, folks, and let's hope it doesn't take an election Enron for some serious changes and regulations to be enacted by the feds.
