E Voting -- Engadget

e-voting posts

Hang your head, Sequoia e-voting machine; you've been hacked again

by Tim Stevens posted Aug 13th 2009 at 9:19AM

Oh, Princeton University, won't you leave the poor electronic voting machines alone? Haven't they suffered enough without you forming teams with researchers from the University of California, San Diego and the University of Michigan to spread their private moments even further asunder? That group of brainiacs came together to devise a new, even easier hack that allows someone with no special access to take complete control of a Sequoia AVC Advantage voting machine -- an example of which the team purchased legally at a government auction. The machine does not allow modifications to its ROM (because it has an O in the middle), but the team was able to use a technique called return-oriented programming to modify how the machine executes existing code, taking the bits they want and, ultimately, devising a way to re-program its behavior by simply inserting a cartridge into a slot -- presumably after blowing on it for good luck. The hack only works until the machine is powered off, but the attack even foils that, intercepting the switch signal and making the system only appear to power down. Today's top tip for electronic voting polling stations: unplug your boxes overnight.

[Via Digg]

Electronic voting outlawed in Ireland, Michael Flatley DVDs okay for now

by Tim Stevens posted Apr 28th 2009 at 7:23AM

Yes, it's another international blow for electronic voting. We've seen the things proven to be insecure, illegal, and, most recently, unconstitutional. Now the Emerald Isle is taking a similar step, scrapping an e-voting network that has cost €51 million to develop (about $66 million) in favor of good 'ol paper ballots. With that crisis averted Irish politicians can get back to what they do best: blaming each other for wasting €51 million in taxpayer money.

[Via Techdirt]

German court finds 2005 e-voting was unconstitutional, uncool

by Laura June posted Mar 4th 2009 at 1:09PM

Oh, e-voting machines... ever since they arrived on the scene to challenge old timey lever-laden beasts of yore (not to mention pencils and paper, if you remember what those are), there have been numberless examples of their hackability, their unreliable software, and the general mayhem caused by not having a paper trail in elections. It's been a fun ride, but one that's causing a ruckus in Germany... almost four years after the fact, anyway. That's right, the country's highest court has ruled that the 2005 General Election was, in fact, unconstitutional, after the use of e-voting machines was challenged by a father and son team. The ruling states that while the voting was unconstitutional (read: illegal) because the software used on the machines is unreliable, they have not proven that any mistakes were made, nor do they rule out the possibility of using such machines in the future, when stuff will be cooler and work better.

Estonia to allow citizens to vote via cellphone by 2011

by Darren Murph posted Dec 13th 2008 at 2:18AM

Brutal honesty here: on election day this past November, the entire Engadget staff (well, those of us with US passports) collectively agreed that casting our vote via SMS or some other incredibly simple method would be infinitely more awesome than trudging out in the streets and waiting in hour-long lines. Clearly, some higher-ups in Estonia are on board with that concept, as its Parliament has approved a law that will likely make it the first nation on Planet Earth to give citizens the right to vote by phone in something that matters (American Idol notwithstanding). 'Course, those who choose to take advantage must first obtain a free authorization chip for their handset, which sort of kills the whole "not having to leave your house" aspect of all this. Ah well, at least we're moving in the right direction.

Diebold's e-voting machines violate GPL, good taste

by Laura June posted Nov 8th 2008 at 12:02AM

Diebold just can't seem to keep its nose clean these days. The nation's largest manufacturer of ATMs admitted not too long ago what everybody already knew: that their e-voting machines were totally bunk. Apparently in the course of that investigation it emerged that the company also thought it would be a laugh to load the open source Ghostscript Postscript interpreter software into those faulty machines without releasing its changes or paying the proprietary usage license fee -- leading Aritex, its developer, to file a lawsuit. It doesn't really instill confidence any further to hear that our nation's terrible electronic voting machines are running on stolen software, guys -- and to be honest, we're kinda starting to wish you'd get out of the ATM business, too.

Princeton publishes how-to guide for hacking Sequoia e-voting machines

by Tim Stevens posted Oct 24th 2008 at 10:19AM

If you're American, it's nearly time to do your civic duty and pick the lesser of two evils for the greater good... and then to wonder if that vote actually got counted. With Diebold admitting its own machines are utterly insecure, competitor Sequoia is now under the microscope and, after a little quality time with the company's machines, Princeton researchers have filed a 158 page report on the ease of replacing their ROMs and winning yourself an election. Okay, we know what you're thinking: "Hacking hardware isn't exactly easy when the computer is in a locked box." Amazingly, it is. A researcher was able to bypass the physical security mechanisms in 13 seconds, despite never having picked a lock before. Now you're thinking: "But you'd need to do that on hundreds of them!" Not so; once infected that malicious code can spread itself to others, and, with no paper trail and an easily bypassed internal audit system, you're well on your way to whatever dark corner of Washington, D.C. you care to occupy!

[Via Ars Technica]

Diebold comes clean, admits that its e-voting machines are faulty

by Darren Murph posted Aug 23rd 2008 at 8:29PM

For years, Diebold has embarrassed itself by claiming that obvious faults were actually not faults at all, and during the past decade or so, it mastered the act of pointing the finger. Now that it has ironically renamed itself Premier Election Solutions, it's finally coming clean. According to spokesman Chris Riggall, a "critical programming error that can cause votes to be dropped while being electronically transferred from memory cards to a central tallying point" has been part of the software for ten years. The flaw is on both optical scan and touchscreen machines, and while Mr. Riggall asserts that the logic error probably didn't ruin any elections (speaking of logic error...), the outfit's president has confessed to being "distressed" about the ordeal. More like "distressed" about the increasingly bleak future of his company.

[Via Techdirt]

Unloved e-voting machines cluttering warehouses, losing value fast

by Darren Murph posted Aug 21st 2008 at 3:38AM

Just as the world's landfills could soon see an influx of unwanted televisions, many American warehouses are packed with e-voting machines that once held promise for a better way to vote. Instead, they turned into a multi-year fiasco, with hackers figuring out how to do everything save for their income taxes on 'em and states reverting back to less vulnerable methods. Now, many states are scrambling for ways to recoup costs, even for outlets that will take them in for recycling. Oddly, Ohio cannot ditch the systems it purchased until a couple of related lawsuits get dealt with. The result? Buckeyes will probably still be using e-voting machines come November.

[Via Slashdot, image courtesy of BradBlog]

Sequoia takes aim at Princeton profs over e-voting analysis plans

by Donald Melanson posted Mar 19th 2008 at 1:14PM

Princeton professors Ed Felten and Andrew Appel are certainly no strangers to drawing controversy, and it now looks like they've stirred the pot yet again, this time drawing the ire of Sequoia Voting Systems as a result of their plans to conduct some further e-voting analysis. At the heart of this latest brouhaha is plans that New Jersey election officials reportedly had to send some Sequoia Advantage e-voting machines to the profs for analysis, which Sequoia is unsurprisingly not so keen about. In fact, they've gone so far as to send Felten an email saying that such a plan violates Sequoia's licensing agreement for use of the systems, and that they've "retained counsel to stop any infringement of our intellectual properties, including any non-compliant analysis." No word on the professors' future plans just yet but, given their past history, we suspect they won't be backing down quite that easily.

Ohio report recommends scrapping electronic voting

by Evan Blass posted Dec 17th 2007 at 9:32AM

Like California and Florida before it, habitual swing state Ohio has just issued a report slamming its three providers of electronic voting equipment -- including, of course, renamed Diebold -- and recommending that the 50 counties which use them scrap the machines in favor of a paper-trail-leaving optical scanning method. The report, commissioned by Secretary of State Jennifer Brunner, details the ways in which white hat hackers were able to infiltrate the systems, easily picking locks, using portable devices to manipulate vote counts, and even introducing "malignant software" into boards of election servers. Brunner's plan calls for the entire state's voting infrastructure to be overhauled by next year's presidential elections, a move likely to be lauded by touchscreen voting's many critics, but coming "about eight years too late, jerks -- thanks a lot," according to usually-even-tempered former candidate Al Gore.

ES&S e-voting machine fails epically at withstanding hackers

by Darren Murph posted Dec 7th 2007 at 3:28PM

We're going out on a limb here and assuming that precisely no one is surprised, but yes, another e-voting machine has proven totally incapable of resisting even the most unsophisticated of hacks. Not long after California Secretary of State Debra Bowen okayed the use of systems that failed prior security audits provided they make a few last minute attempts to appear invulnerable, a security penetration team revealed that an ES&S test system was no better than the rest. Reportedly, Red Team researchers were able to circumvent physical blocks with little effort, and they were even able to access internal files by making a quick and dirty change to the BIOS and booting it up with an external memory device. Needless to say, this deceased horse has been bludgeoned quite enough, but if you're interested in seeing a dozen pages of epic failure, the read link has got you covered. [Warning: PDF read link]

[Via ArsTechnica, image courtesy of USA Today]

Connecticut offering up voting lessons on video

by Darren Murph posted Aug 24th 2007 at 11:08AM

Not to anyone's big surprise, e-voting is apparently not the most straightforward process in the world, but Connecticut's Secretary of the State Susan Bysiewicz is going so far as to release a 90-second video clip that demonstrates how to correctly place a vote using a vanilla optical scan voting machine. Yep, this means you'll be able to surf on over and download a 1.5-minute instructional video that will purportedly "lure young voters to the polls," and while Bysiewicz did admit that those who could operate an iPod could likely figure out a voting machine, she's hoping that "providing voting information through a familiar mechanism" will somehow encourage the younger sect to get their vote on. We know, all of this is worthless sans a vid, right? Never fear, it's waiting to put you to sleep after the jump.

Continue reading Connecticut offering up voting lessons on video

Diebold says e-voting sales have failed

by Joshua Topolsky posted Aug 17th 2007 at 8:21AM

According to an AP article released today, Diebold, one of the prominent makers of the recently embattled electronic voting machines, says that the company has failed to make its e-voting business profitable. If you'll recall, Diebold machines have repeatedly been the target of various hacks, many of which have proven the machine to be susceptible to intrusion from outside elements and thus unreliable from a security standpoint. The company has reduced its revenue outlook by $120 million, and has plans to allow its e-voting unit to operate more independently, giving the team its own board of directors and possibly a new management structure. To complete the overhaul of the ailing division, the company will also change the name of the branch from "Diebold Election Systems" to the starkly different "Premier Election Systems." Diebold blames the "rapidly evolving political uncertainties and controversies surrounding state and jurisdiction purchases of electronic voting systems," for much of its problems... as opposed to the fact that they currently produce faulty, unprotected, and unreliable machines.

California official gives ok to voting systems that failed security audit

by Ryan Block posted Aug 5th 2007 at 2:45PM

Yeah, remember those white hats that took out three separate systems with ease in a California e-voting system security audit? Well what do you know, the eminently wise and honorable California Secretary of State Debra Bowen up and decided Friday that those severely vulnerable Diebold, Hart, and Sequoia voting terminals would still be cleared for takeoff, provided the companies in question supply their machines with updated firmware, disabled access to unused ports, kill the wireless connections, and so on. So basically, the companies that deny up and down their voting systems are even vulnerable are now directly responsible for making them less vulnerable per seemingly vague security-hardening guidelines. As usual, we suggest preempt these fools' garbage tech entirely and go low-fi on it: if you suspect your district is or will be using e-voting machines, send your votes by mail.

[Thanks, Daniel]

Myriad of errors mar UK e-voting trials

by Darren Murph posted Aug 3rd 2007 at 5:14PM

Right on cue, the Electoral Commission has published findings from a number of UK e-voting trials, and just as expected, they went about as awry as they possibly could. Within the 24-page document resides a comedy of errors that would certainly put any other system on an eternal blacklist, but the blind faith in e-voting continues to allow events such as these to complicate democratic procedures. For starters, it was noted that the "use of electronic counting significantly increased the total cost of delivering these elections compared with a manual count," and furthermore, the scanning of ballot papers "took a lot longer than expected due to the need to scan certain batches more than once." Needless to say, the amount of mishaps involved are far too numerous to cover in this space, but hopefully the UK will take our interestingly administered warning to heart now that it has experienced similar turmoil. [Warning: PDF read link]

[Via The Inquirer, image courtesy of BBC]