ElectronicVotingMachines
Latest
Colorado voting machines don't make the grade
In a terrifically unsurprising blow to electronic voting fans everywhere, Colorado's Secretary of State has declared the machines unreliable -- and apparently in need of a software patch. While not as harsh as some rulings on the systems, Secretary Mike Coffman decertified three out of four machines which had been tested. Why the bad grade? Apparently the machines failed on accuracy and security, two sort-of-crucial components to dependable voting solutions, and two components which have been lacking in many systems. Coffman believes Colorado's findings could have a larger impact, stating, "What we have found is that the federal certification process is inadequate." Clearly another blow for the Diebolds (er, we mean Premier Election Solutions) of the world, but hopefully a sign that we can expect tough love for suspect voting machines.
Diebold says e-voting sales have failed
According to an AP article released today, Diebold, one of the prominent makers of the recently embattled electronic voting machines, says that the company has failed to make its e-voting business profitable. If you'll recall, Diebold machines have repeatedly been the target of various hacks, many of which have proven the machine to be susceptible to intrusion from outside elements and thus unreliable from a security standpoint. The company has reduced its revenue outlook by $120 million, and has plans to allow its e-voting unit to operate more independently, giving the team its own board of directors and possibly a new management structure. To complete the overhaul of the ailing division, the company will also change the name of the branch from "Diebold Election Systems" to the starkly different "Premier Election Systems." Diebold blames the "rapidly evolving political uncertainties and controversies surrounding state and jurisdiction purchases of electronic voting systems," for much of its problems... as opposed to the fact that they currently produce faulty, unprotected, and unreliable machines.
California white hat hackers: 3, Diebold and friends: 0
In a move which will bolster your undoubtedly high sensations of "faith" in the US voting process, a group of University of California researchers have just hacked their way through security on nearly every voting machine certified by the state of California. According to Secretary of State Debra Bowen, who initiated these tests, the team was able to "bypass physical and software security in every machine they tested." The group, which was sanctioned by the state, was given full access to the machines, as well as their source code and manuals, leaving some to argue that the test doesn't accurately depict how vulnerable the machines are -- because we all know how hard it is for hackers to get their hands on that kind of stuff. The report will affect whether or not Bowen approves the systems for use throughout California in its upcoming presidential primaries. It looks like 2008 is going to be an exciting year, to say the least.[Via The Raw Feed]
California prepares to crack down on e-voting manufacturers
In an unprecedented attempt to shore up any possible flaws in its counties' electronic voting machines -- the same machines that have been examined and criticized nationwide on many occasions -- California will undertake a so-called "top-to-bottom" review of numerous systems from some half-a-dozen vendors, who must meet a set of seemingly rigid criteria if they want to receive certification for the 2008 election. Giving the proposed three-pronged approach -- initiated by Secretary of State Debra Bowen in collaboration with the University of California -- some real teeth is the fact that each of the three teams tasked with the actual work will be spearheaded by respected academics and leading private sector consultants, including none other than Princeton's Ed Felten, whose tireless efforts to expose the dangers of these shoddy machines are well known to readers of this site. Specifically, each system from manufacturers such as Sequoia, ES&S, and yes, everyone's favorite whipping boy Diebold will see a thorough review of their source code and documentation, along with what are being referred to as "red team penetration" attacks to test the terminals' hardware and software. Since companies are required to submit equipment for testing if they wish to partake in future elections, we could be seeing Diebold make the same begrudging exit from the Golden State as it did from North Carolina, for what we are not alone in suspecting is fear of exposing its flimsy code. Anyone who does choose to participate still risks being forced to make significant changes to their gear or perhaps even complete decertification, so when you Californians go to cast your votes in about eighteen months, don't be surprised if you have to mark up a piece of paper and drop it into a Equalivote-brand ballot box. [Via Slashdot]
Dutch government orders reforms in response to hacked voting machines
Even though the issue of electronic voting security has yet to be taken seriously in the United States (we're looking at you, Diebold), the Dutch government appears to be very concerned about the shenanigans that hackers recently pulled with one of Nedap/Groenendaal's old-school machines, and has taken several steps to ensure that the equipment is as hack-proof as possible prior to the November 22nd national elections. According to a translated article on the site Nu.nl, officials have ordered Nedap to double-check every single terminal, replace all of the weak software, and install unflashable firmware so that the simple "Diebold memory hack" can't be replicated in the Netherlands. Furthermore, all of the machines will be retrofitted with an iron seal that will presumably prevent unnoticeable access to their innards, and two additional independent checks will be performed to add another layer of redundancy: a certification institute will make sure that Nedap has performed all of the necessary upgrades, and the machines will be spot-checked for accuracy once again on election day. Finally, the Dutch intelligence service AIVD will reportedly look into the RF emissions that enable snoopers to wirelessly establish a vote tally, although it doesn't sound like the inquiry will have any immediate effect on this gaping security hole. Despite these changes and increased oversight, though, it seems that the voting group responsible for the original hacks is still not confident that all of the problems have been solved; we certainly see their point, however, we'd suggest that a government that at least acknowledges and makes moves to alleviate these serious concerns is already far more progressive than one that seems to be waiting around for an e-voting "Enron" before taking the initiative to sort out this significant threat to the democratic process.[Via Slashdot]
Diebold machines fail in Alaska primary
When you hear the words "electronic voting machines" and "problems" in the same sentence, you don't have to be a rocket scientist to infer that our old friend Diebold is somehow involved. The latest chapter in the company's woeful history of security lapses and tampering accusations comes courtesy of Tuesday's primary election in the great state of Alaska, where several of Diebold's "high-tech" touchscreen units were unable to use their dial-up modems to upload voting results to the Division of Elections' central servers due to an inability to pick up dial-tones and "other problems." Apparently thirteen total precincts experienced the issues, forcing election workers to toil into the wee morning hours manually uploading their data and getting it to sync with the overall numbers. The Director of Elections, Whitney Brewster, attempted to reassure voters that the integrity of the process had not been compromised by pointing out that "just because they're not being uploaded doesn't mean they're not being recorded accurately." That's probably true, but with all the scrutiny and negative publicity surrounding the company, it's going to be hard to convince some folks that any election involving Diebolds's products is ever on the level.[Via Slashdot]
More security woes for Diebold
It's no secret that Diebold's electronic voting gear is, um, a little lax in the security department, and now a non-profit group known as the Open Voting Foundation has found "what may be the worst security flaw we have [ever] seen in touch screen voting machines" in the company's older TS model. Apparently these devices -- which produce no paper record of voters' choices -- contain a switch on the internal motherboard (pictured above, with handy onboard instructions) that would allow nefarious hackers to toggle between the two pre-installed boot profiles and "change literally everything regarding how the machine works and counts votes." Even worse, the board also sports a slot for external flash memory from which a third profile could be "field-added in minutes," allowing unsavory characters to overwrite certified files with their own data before switching the machine back to its unaltered state -- with no one the wiser. It looks like Diebold has two options for addressing this nagging problem: either they can open up their machines and source code to a thorough external audit and adopt the resulting suggestions (unlikely), or they can take the simpler route and just get their friends in Washington make it illegal for rabble-rousers like the Open Voting Foundation to play with their toys.[Via The Register]
