e-voting
Latest
Nearly half of the votes in Estonia's election were cast online
While many parts of the world are still struggling with voting machines, Estonia appears to be embracing online voting with gusto. In the country's recently finished parliamentary elections, nearly 44 percent of votes were cast through the i-voting system -- a major milestone when just 16 percent of Estonians voted online in 2009's EU elections. The result isn't a total surprise when the nation has spent most of the past two decades digitizing government functions, but it's still no mean feat given everything involved.
DC election website hacked, John Philip Sousa pleased
Unlike the secrecy that usually surrounds e-voting efforts, the folks at the Washington D.C. Board of Elections and Ethics had a novel approach: Why not invite hacksters of all stripes and temperaments to bust into the new online system being tested for overseas and military voters? Of course, it was only a matter of time before a security hole was discovered -- and now we know that the University of Michigan fight song is called The Victors. It seems that a certain college professor unleashed his students on the site, at which point they quickly sniffed a way in and left an MP3 of the tune ("the greatest college fight song ever written," according to John Philip Sousa) as their calling card. The board has made the source code and server info available (the better to test its mettle) and we must say, it's certainly good to see public officials paying more than lip service to security -- especially where electronic voting is concerned. The site was down over the weekend, and is back up now, but with one crucial difference: ballots will have to be mailed, faxed, or e-mailed in.
E-voting whistleblower Hari Prasad arrested, taken to Mumbai for questioning
In America, when you demonstrate what a racket e-voting is, you get to play Pac-Man. In India? You just might get arrested. Security researcher Hari Prasad made waves earlier this month when he demonstrated how an e-voting machine might be compromised, live on national television. It is now being reported that police have taken Prasad into custody, ostensibly for the theft of the machine, although folks in the know are suggesting that a cover-up is in the works. For Prasad's part, he refuses to give up the source of the machine -- and has been taken by police to Mumbai (a fourteen hour drive) to undergo questioning. According to researcher Alex Halderman there are some 1.4 million e-voting machines in use in India, all of which the government keeps out of the hands of researchers on intellectual property grounds -- and all of which might be vulnerable to fraud. There's a brief discussion with Prasad after the break.
Sequoia e-voting machine hacked to play Pac-Man (video)
Oh Sequoia, why are you so changeable? The thoroughly hacked electronic voting machine is back with another ignoble showing, courtesy of researchers from the universities of Michigan and, of course, Princeton. Picking up an AVC-Edge box that had seen live duty in collecting votes for the 2008 Virginia primaries, they quickly and all too easily managed to supplant the embedded psOS+ software with DOS, which was promptly followed by the installation of Pac-Man. Given that the underlying circuit boards were populated with such luminaries as a 486 processor and 32 megabytes of RAM, we find this a most appropriate match of hardware and software. As to that whole voting security thing, maybe next time we should let people do it with their BlackBerrys, eh? See the Pac do his thing on video after the break.
Premier Elections Solutions pays up in Ohio Diebold suit, offers more faulty voting machines for free
Man, this is rich. Some two years after being sued by Ohio Secretary of State Jennifer Brunner, Premier Elections Solutions (formerly, and more infamously known as Diebold) has decided to settle up. Way back when, Brunner alleged that the outfit's touch-screen voting machines weren't acting as they should, and she pointed to an investigation that proved at least 11 counties were dropped in past elections when their memory cards were uploaded to servers. As of now, Premiere -- which is owned by Election Systems & Software -- has agreed to pony up just over $470,000 to the 47 counties that touched its e-voting hardware, but that's hardly the kicker. Counties are also eligible for up to $2.4 million in free Premiere software for two years, and the company's even throwing in up to 2,909 free voting machines along with a 50 percent coupon for maintenance fees. Right, because the Buckeye State is so anxious to start using the machines it found so faulty to begin with. Makes total sense. Update: We've learned from someone inside of Ohio elections that 11 counties experienced a failed upload of results from a memory card during the unofficial canvas (election night), but those results were recovered during the official canvas several days later. The statewide results included all counties. And know you know.
Hang your head, Sequoia e-voting machine; you've been hacked again
Oh, Princeton University, won't you leave the poor electronic voting machines alone? Haven't they suffered enough without you forming teams with researchers from the University of California, San Diego and the University of Michigan to spread their private moments even further asunder? That group of brainiacs came together to devise a new, even easier hack that allows someone with no special access to take complete control of a Sequoia AVC Advantage voting machine -- an example of which the team purchased legally at a government auction. The machine does not allow modifications to its ROM (because it has an O in the middle), but the team was able to use a technique called return-oriented programming to modify how the machine executes existing code, taking the bits they want and, ultimately, devising a way to re-program its behavior by simply inserting a cartridge into a slot -- presumably after blowing on it for good luck. The hack only works until the machine is powered off, but the attack even foils that, intercepting the switch signal and making the system only appear to power down. Today's top tip for electronic voting polling stations: unplug your boxes overnight. [Via Digg]
Electronic voting outlawed in Ireland, Michael Flatley DVDs okay for now
Yes, it's another international blow for electronic voting. We've seen the things proven to be insecure, illegal, and, most recently, unconstitutional. Now the Emerald Isle is taking a similar step, scrapping an e-voting network that has cost €51 million to develop (about $66 million) in favor of good 'ol paper ballots. With that crisis averted Irish politicians can get back to what they do best: blaming each other for wasting €51 million in taxpayer money.[Via Techdirt]
German court finds 2005 e-voting was unconstitutional, uncool
Oh, e-voting machines... ever since they arrived on the scene to challenge old timey lever-laden beasts of yore (not to mention pencils and paper, if you remember what those are), there have been numberless examples of their hackability, their unreliable software, and the general mayhem caused by not having a paper trail in elections. It's been a fun ride, but one that's causing a ruckus in Germany... almost four years after the fact, anyway. That's right, the country's highest court has ruled that the 2005 General Election was, in fact, unconstitutional, after the use of e-voting machines was challenged by a father and son team. The ruling states that while the voting was unconstitutional (read: illegal) because the software used on the machines is unreliable, they have not proven that any mistakes were made, nor do they rule out the possibility of using such machines in the future, when stuff will be cooler and work better.
Estonia to allow citizens to vote via cellphone by 2011
Brutal honesty here: on election day this past November, the entire Engadget staff (well, those of us with US passports) collectively agreed that casting our vote via SMS or some other incredibly simple method would be infinitely more awesome than trudging out in the streets and waiting in hour-long lines. Clearly, some higher-ups in Estonia are on board with that concept, as its Parliament has approved a law that will likely make it the first nation on Planet Earth to give citizens the right to vote by phone in something that matters (American Idol notwithstanding). 'Course, those who choose to take advantage must first obtain a free authorization chip for their handset, which sort of kills the whole "not having to leave your house" aspect of all this. Ah well, at least we're moving in the right direction.
Diebold's e-voting machines violate GPL, good taste
Diebold just can't seem to keep its nose clean these days. The nation's largest manufacturer of ATMs admitted not too long ago what everybody already knew: that their e-voting machines were totally bunk. Apparently in the course of that investigation it emerged that the company also thought it would be a laugh to load the open source Ghostscript Postscript interpreter software into those faulty machines without releasing its changes or paying the proprietary usage license fee -- leading Aritex, its developer, to file a lawsuit. It doesn't really instill confidence any further to hear that our nation's terrible electronic voting machines are running on stolen software, guys -- and to be honest, we're kinda starting to wish you'd get out of the ATM business, too.
Princeton publishes how-to guide for hacking Sequoia e-voting machines
If you're American, it's nearly time to do your civic duty and pick the lesser of two evils for the greater good... and then to wonder if that vote actually got counted. With Diebold admitting its own machines are utterly insecure, competitor Sequoia is now under the microscope and, after a little quality time with the company's machines, Princeton researchers have filed a 158 page report on the ease of replacing their ROMs and winning yourself an election. Okay, we know what you're thinking: "Hacking hardware isn't exactly easy when the computer is in a locked box." Amazingly, it is. A researcher was able to bypass the physical security mechanisms in 13 seconds, despite never having picked a lock before. Now you're thinking: "But you'd need to do that on hundreds of them!" Not so; once infected that malicious code can spread itself to others, and, with no paper trail and an easily bypassed internal audit system, you're well on your way to whatever dark corner of Washington, D.C. you care to occupy![Via Ars Technica]
Diebold comes clean, admits that its e-voting machines are faulty
For years, Diebold has embarrassed itself by claiming that obvious faults were actually not faults at all, and during the past decade or so, it mastered the act of pointing the finger. Now that it has ironically renamed itself Premier Election Solutions, it's finally coming clean. According to spokesman Chris Riggall, a "critical programming error that can cause votes to be dropped while being electronically transferred from memory cards to a central tallying point" has been part of the software for ten years. The flaw is on both optical scan and touchscreen machines, and while Mr. Riggall asserts that the logic error probably didn't ruin any elections (speaking of logic error...), the outfit's president has confessed to being "distressed" about the ordeal. More like "distressed" about the increasingly bleak future of his company.[Via Techdirt]
Unloved e-voting machines cluttering warehouses, losing value fast
Just as the world's landfills could soon see an influx of unwanted televisions, many American warehouses are packed with e-voting machines that once held promise for a better way to vote. Instead, they turned into a multi-year fiasco, with hackers figuring out how to do everything save for their income taxes on 'em and states reverting back to less vulnerable methods. Now, many states are scrambling for ways to recoup costs, even for outlets that will take them in for recycling. Oddly, Ohio cannot ditch the systems it purchased until a couple of related lawsuits get dealt with. The result? Buckeyes will probably still be using e-voting machines come November.[Via Slashdot, image courtesy of BradBlog]
Sequoia takes aim at Princeton profs over e-voting analysis plans
Princeton professors Ed Felten and Andrew Appel are certainly no strangers to drawing controversy, and it now looks like they've stirred the pot yet again, this time drawing the ire of Sequoia Voting Systems as a result of their plans to conduct some further e-voting analysis. At the heart of this latest brouhaha is plans that New Jersey election officials reportedly had to send some Sequoia Advantage e-voting machines to the profs for analysis, which Sequoia is unsurprisingly not so keen about. In fact, they've gone so far as to send Felten an email saying that such a plan violates Sequoia's licensing agreement for use of the systems, and that they've "retained counsel to stop any infringement of our intellectual properties, including any non-compliant analysis." No word on the professors' future plans just yet but, given their past history, we suspect they won't be backing down quite that easily.
Ohio report recommends scrapping electronic voting
Like California and Florida before it, habitual swing state Ohio has just issued a report slamming its three providers of electronic voting equipment -- including, of course, renamed Diebold -- and recommending that the 50 counties which use them scrap the machines in favor of a paper-trail-leaving optical scanning method. The report, commissioned by Secretary of State Jennifer Brunner, details the ways in which white hat hackers were able to infiltrate the systems, easily picking locks, using portable devices to manipulate vote counts, and even introducing "malignant software" into boards of election servers. Brunner's plan calls for the entire state's voting infrastructure to be overhauled by next year's presidential elections, a move likely to be lauded by touchscreen voting's many critics, but coming "about eight years too late, jerks -- thanks a lot," according to usually-even-tempered former candidate Al Gore.
ES&S e-voting machine fails epically at withstanding hackers
We're going out on a limb here and assuming that precisely no one is surprised, but yes, another e-voting machine has proven totally incapable of resisting even the most unsophisticated of hacks. Not long after California Secretary of State Debra Bowen okayed the use of systems that failed prior security audits provided they make a few last minute attempts to appear invulnerable, a security penetration team revealed that an ES&S test system was no better than the rest. Reportedly, Red Team researchers were able to circumvent physical blocks with little effort, and they were even able to access internal files by making a quick and dirty change to the BIOS and booting it up with an external memory device. Needless to say, this deceased horse has been bludgeoned quite enough, but if you're interested in seeing a dozen pages of epic failure, the read link has got you covered. [Warning: PDF read link][Via ArsTechnica, image courtesy of USA Today]
Connecticut offering up voting lessons on video
Not to anyone's big surprise, e-voting is apparently not the most straightforward process in the world, but Connecticut's Secretary of the State Susan Bysiewicz is going so far as to release a 90-second video clip that demonstrates how to correctly place a vote using a vanilla optical scan voting machine. Yep, this means you'll be able to surf on over and download a 1.5-minute instructional video that will purportedly "lure young voters to the polls," and while Bysiewicz did admit that those who could operate an iPod could likely figure out a voting machine, she's hoping that "providing voting information through a familiar mechanism" will somehow encourage the younger sect to get their vote on. We know, all of this is worthless sans a vid, right? Never fear, it's waiting to put you to sleep after the jump.
Diebold says e-voting sales have failed
According to an AP article released today, Diebold, one of the prominent makers of the recently embattled electronic voting machines, says that the company has failed to make its e-voting business profitable. If you'll recall, Diebold machines have repeatedly been the target of various hacks, many of which have proven the machine to be susceptible to intrusion from outside elements and thus unreliable from a security standpoint. The company has reduced its revenue outlook by $120 million, and has plans to allow its e-voting unit to operate more independently, giving the team its own board of directors and possibly a new management structure. To complete the overhaul of the ailing division, the company will also change the name of the branch from "Diebold Election Systems" to the starkly different "Premier Election Systems." Diebold blames the "rapidly evolving political uncertainties and controversies surrounding state and jurisdiction purchases of electronic voting systems," for much of its problems... as opposed to the fact that they currently produce faulty, unprotected, and unreliable machines.
California official gives ok to voting systems that failed security audit
Yeah, remember those white hats that took out three separate systems with ease in a California e-voting system security audit? Well what do you know, the eminently wise and honorable California Secretary of State Debra Bowen up and decided Friday that those severely vulnerable Diebold, Hart, and Sequoia voting terminals would still be cleared for takeoff, provided the companies in question supply their machines with updated firmware, disabled access to unused ports, kill the wireless connections, and so on. So basically, the companies that deny up and down their voting systems are even vulnerable are now directly responsible for making them less vulnerable per seemingly vague security-hardening guidelines. As usual, we suggest preempt these fools' garbage tech entirely and go low-fi on it: if you suspect your district is or will be using e-voting machines, send your votes by mail.[Thanks, Daniel]
Myriad of errors mar UK e-voting trials
Right on cue, the Electoral Commission has published findings from a number of UK e-voting trials, and just as expected, they went about as awry as they possibly could. Within the 24-page document resides a comedy of errors that would certainly put any other system on an eternal blacklist, but the blind faith in e-voting continues to allow events such as these to complicate democratic procedures. For starters, it was noted that the "use of electronic counting significantly increased the total cost of delivering these elections compared with a manual count," and furthermore, the scanning of ballot papers "took a lot longer than expected due to the need to scan certain batches more than once." Needless to say, the amount of mishaps involved are far too numerous to cover in this space, but hopefully the UK will take our interestingly administered warning to heart now that it has experienced similar turmoil. [Warning: PDF read link][Via The Inquirer, image courtesy of BBC]
