EVoting
Latest
Swing states don't want DHS to protect its voting machines
Some states' electronic voting machines are antiquated, insecure and vulnerable to potential attacks from hostile attackers. But despite this, states like Georgia and Pennsylvania would prefer to take the risk than allow the Department of Home Security anywhere near them. NextGov is reporting that those states have rejected an offer from DHS chief Jeh Johnson to inspect the equipment for ways in which hackers could rig the vote. It comes just days after Johnson openly mulled demarcating voting machines as critical infrastructure -- meaning that they'd be defended with the same ferocity as power stations.
Hang your head, Sequoia e-voting machine; you've been hacked again
Oh, Princeton University, won't you leave the poor electronic voting machines alone? Haven't they suffered enough without you forming teams with researchers from the University of California, San Diego and the University of Michigan to spread their private moments even further asunder? That group of brainiacs came together to devise a new, even easier hack that allows someone with no special access to take complete control of a Sequoia AVC Advantage voting machine -- an example of which the team purchased legally at a government auction. The machine does not allow modifications to its ROM (because it has an O in the middle), but the team was able to use a technique called return-oriented programming to modify how the machine executes existing code, taking the bits they want and, ultimately, devising a way to re-program its behavior by simply inserting a cartridge into a slot -- presumably after blowing on it for good luck. The hack only works until the machine is powered off, but the attack even foils that, intercepting the switch signal and making the system only appear to power down. Today's top tip for electronic voting polling stations: unplug your boxes overnight. [Via Digg]
Electronic voting outlawed in Ireland, Michael Flatley DVDs okay for now
Yes, it's another international blow for electronic voting. We've seen the things proven to be insecure, illegal, and, most recently, unconstitutional. Now the Emerald Isle is taking a similar step, scrapping an e-voting network that has cost €51 million to develop (about $66 million) in favor of good 'ol paper ballots. With that crisis averted Irish politicians can get back to what they do best: blaming each other for wasting €51 million in taxpayer money.[Via Techdirt]
German court finds 2005 e-voting was unconstitutional, uncool
Oh, e-voting machines... ever since they arrived on the scene to challenge old timey lever-laden beasts of yore (not to mention pencils and paper, if you remember what those are), there have been numberless examples of their hackability, their unreliable software, and the general mayhem caused by not having a paper trail in elections. It's been a fun ride, but one that's causing a ruckus in Germany... almost four years after the fact, anyway. That's right, the country's highest court has ruled that the 2005 General Election was, in fact, unconstitutional, after the use of e-voting machines was challenged by a father and son team. The ruling states that while the voting was unconstitutional (read: illegal) because the software used on the machines is unreliable, they have not proven that any mistakes were made, nor do they rule out the possibility of using such machines in the future, when stuff will be cooler and work better.
Estonia to allow citizens to vote via cellphone by 2011
Brutal honesty here: on election day this past November, the entire Engadget staff (well, those of us with US passports) collectively agreed that casting our vote via SMS or some other incredibly simple method would be infinitely more awesome than trudging out in the streets and waiting in hour-long lines. Clearly, some higher-ups in Estonia are on board with that concept, as its Parliament has approved a law that will likely make it the first nation on Planet Earth to give citizens the right to vote by phone in something that matters (American Idol notwithstanding). 'Course, those who choose to take advantage must first obtain a free authorization chip for their handset, which sort of kills the whole "not having to leave your house" aspect of all this. Ah well, at least we're moving in the right direction.
ES&S e-voting machine fails epically at withstanding hackers
We're going out on a limb here and assuming that precisely no one is surprised, but yes, another e-voting machine has proven totally incapable of resisting even the most unsophisticated of hacks. Not long after California Secretary of State Debra Bowen okayed the use of systems that failed prior security audits provided they make a few last minute attempts to appear invulnerable, a security penetration team revealed that an ES&S test system was no better than the rest. Reportedly, Red Team researchers were able to circumvent physical blocks with little effort, and they were even able to access internal files by making a quick and dirty change to the BIOS and booting it up with an external memory device. Needless to say, this deceased horse has been bludgeoned quite enough, but if you're interested in seeing a dozen pages of epic failure, the read link has got you covered. [Warning: PDF read link][Via ArsTechnica, image courtesy of USA Today]
Dutch government abandons e-voting for red pencil
About a year after the Dutch government began seriously worrying about the integrity of e-voting machines, they've literally pulled the plug on the venture. The biggest flaw was the lack of a paper trail according to a special committee which reported its finding this morning. As such, Nederlanders will return to the "red pencil method" in upcoming elections until an automated paper-counting solution can be deployed... and then hacked.Update: To be perfectly clear, the regulation allowing e-voting machines has been withdrawn -- i.e., effective immediately, there is no more e-voting in the Netherlands. However, the Dutch government will make an overarching decision in the next two months "to regain the trust of the public in our voting system." Given that the government commissioned this study themselves, the decision is expected to be a simple rubber stamp approval.[Thanks, Wol]
Connecticut offering up voting lessons on video
Not to anyone's big surprise, e-voting is apparently not the most straightforward process in the world, but Connecticut's Secretary of the State Susan Bysiewicz is going so far as to release a 90-second video clip that demonstrates how to correctly place a vote using a vanilla optical scan voting machine. Yep, this means you'll be able to surf on over and download a 1.5-minute instructional video that will purportedly "lure young voters to the polls," and while Bysiewicz did admit that those who could operate an iPod could likely figure out a voting machine, she's hoping that "providing voting information through a familiar mechanism" will somehow encourage the younger sect to get their vote on. We know, all of this is worthless sans a vid, right? Never fear, it's waiting to put you to sleep after the jump.
Diebold says e-voting sales have failed
According to an AP article released today, Diebold, one of the prominent makers of the recently embattled electronic voting machines, says that the company has failed to make its e-voting business profitable. If you'll recall, Diebold machines have repeatedly been the target of various hacks, many of which have proven the machine to be susceptible to intrusion from outside elements and thus unreliable from a security standpoint. The company has reduced its revenue outlook by $120 million, and has plans to allow its e-voting unit to operate more independently, giving the team its own board of directors and possibly a new management structure. To complete the overhaul of the ailing division, the company will also change the name of the branch from "Diebold Election Systems" to the starkly different "Premier Election Systems." Diebold blames the "rapidly evolving political uncertainties and controversies surrounding state and jurisdiction purchases of electronic voting systems," for much of its problems... as opposed to the fact that they currently produce faulty, unprotected, and unreliable machines.
Myriad of errors mar UK e-voting trials
Right on cue, the Electoral Commission has published findings from a number of UK e-voting trials, and just as expected, they went about as awry as they possibly could. Within the 24-page document resides a comedy of errors that would certainly put any other system on an eternal blacklist, but the blind faith in e-voting continues to allow events such as these to complicate democratic procedures. For starters, it was noted that the "use of electronic counting significantly increased the total cost of delivering these elections compared with a manual count," and furthermore, the scanning of ballot papers "took a lot longer than expected due to the need to scan certain batches more than once." Needless to say, the amount of mishaps involved are far too numerous to cover in this space, but hopefully the UK will take our interestingly administered warning to heart now that it has experienced similar turmoil. [Warning: PDF read link][Via The Inquirer, image courtesy of BBC]
Fresh study (still) finds Diebold e-voting machines hacker-friendly
The fact that some individuals still have any level of faith left in Diebold is quite baffling, but in case you were looking for just one more episode to dash your hopes of a hack-proof voting machine, open wide. As fate would have it, a fresh study in Florida has found that even optical scan voting systems "can be hacked into," which is causing quite a bit of concern considering that touchscreen alternatives aren't exactly an option in the Sunshine State. Reportedly, the document noted that "official memory cards in the optical scan machines could easily be exchanged with ones altering the vote count," and it was also stated that Diebold must "deal with the flaws" by August 17th. Yeah, we're sure it's all over that.[Thanks, Josh]
Voting machine producers criticize critiques
Voting machine makers scoffing at bad reviews? That's preposterous! Actually, it's not all that alarming to hear that Diebold, Hart InterCivic, and Sequoia Voting Systems all had less-than-amicable responses to a state study that "found that their machines could be breached by hackers." Of course, we're not exactly sure what all that groaning is about, as we've seen nothing but proof to back the investigation up. Nevertheless, Sequoia dubbed the review "an unrealistic, worst-case-scenario evaluation," Diebold kvetched that the study didn't look at its most recently developed software, Hart found "several inconsistencies, alternate conclusions, and errors," and Elections Systems & Software bypassed the rigmarole entirely by failing to provide their information to the secretary of state. Oh, the irony. [Warning: Read link requires subscription]
US government warns UK that e-voting is finicky
If there's anything we can appreciate, it's the irony of the United States trying to tell other nations how to run their e-voting setups, you know, considering that America can't even hire competent companies to run quality assurance tests on its own machines. Nevertheless, the US Government Audit Office (GAO) has warned in a recent document document entitled "All Levels of Government Are Needed to Address Electronic Voting System Challenges" that e-voting setups could cause some problems when it came to issues of integrity. Specifically, Randolph Hite, director of IT architecture and systems at the GAO, stated that "no voting technology, however well designed, can be a magic bullet that will solve all election problems," and even went so far as to suggest that e-voting technology "merits the combined and focused attention of federal, state, and local authorities responsible for election administration." Still, friendly advice typically sinks in better if the presenter tends to practice what they preach, so we'd suggest the Brits do everything they can to just, um, not do what we've done. [Warning: PDF read link][Via Inquirer]
British locales to pilot internet / electronic voting schemes
While Americans (and the Dutch) are still trying to figure out exactly how to implement this "e-voting" thing without hackers exploiting them, people cracking them open (literally), and machines counting votes in triplicate, it looks like the Brits are disregarding all the red flags already waving and are giving it a go in select locations. New pilot schemes are slated to "help people vote more conveniently at the Local Government Elections in 13 local English authorities come May 2007," and while some areas simply get the option to vote in advance, Bedford, Breckland, Dover, South Bucks, Stratford-on-Avon District Council, and Warwick District Council will be graced with "electronic scanning technology to count ballot papers," while Rushmoor, Sheffield, Shrewsbury & Atcham, South Bucks, and Swindon will actually be able to "use the internet or telephone" to cast their vote if they so choose. The move is apparently tailored to fit the "more modern lifestyles" that most folks (mostly younger) are living, and officials hope that opening up the internet as a voting medium will convince chair-sitters to get off their butts surf on over and vote. Whether or not some trickster finds a loophole in the web-based voting system (or changes his / her voice up on a couple call-ins) to sabotage everything for everyone remains to be seen, but the Electoral Commission should be publishing the "findings" from these trials this August before choosing to keep (or axe) said methods.[Via Slashdot]
US chooses two hopefuls to review for future e-voting tests
Just days after the US government decided to bar Ciber from testing anymore e-voting terminals due to its perpetual negligence, it now seems that a pair of Colorado-based outfits are next in line to take over those duties. The National Institute of Standards and Technology (NIST) has recently recommended that iBeta Quality Assurance and SysTest Labs "be granted final clearance to test the systems" after a "comprehensive technical evaluation of the laboratories' processes based on the international standard ISO/IEC 17025, which covers general requirements for the competence of testing and calibration laboratories." Now it seems the final hammer resides in the hands of the US Election Assistance Commission, which is "a federal agency that has sole authority to grant full accreditation to the labs." SysTest Labs isn't new to this e-voting QA game, as the firm was already granted "interim" accreditation and is now awaiting the official seal to keep up the (presumably) good work. Notably, the EAC stated that they would be focusing their efforts now on "non-technical issues such as conflict of interest policies, organizational structure, and record-keeping protocols," but we're not so confident all the hardware checks are as robust as they should be just yet. Nevertheless, we shouldn't count on hearing anything final for quite some time, as this apparently lengthy "review process" somehow takes between 9 and 18 months to complete, so in the meantime we'll just see how many more Americans ditch the whole "voting" idea due to issues like voting in triplicate, getting distracted by board games, or simply obliterating their machine in frustration. [Warning: PDF read link][Via Slashdot]
Texas e-voting machines count votes three times for good measure
If you thought that November 7th was the final day that you'd hear about e-voting zaniness, you'd be incorrect. While a myriad of states (and foreign locales) have had their bouts with Diebold and other electronic voting machines, the internet hunting state is now reporting an oddity of its own. Apparently, voters using machines built by Election Systems and Software in Williamson County, Texas showed up three separate times to legally cast their votes for the same candidate, or performed some sort of "human malfunction" in order to make the machines think so, anyway. While we're inclined to think that the actual machines were the culprit, the company still insists that some form of "user error" caused each vote placed to be counted three times. Although the triplicates did not skew the percentages of votes cast for each candidate, it still seemingly signifies an apparent flaw in the e-voting system, yet election officials were quoted as saying that they'd "review their training procedures" -- you know, so we can all work together to circumvent the problem.[Via TechDirt]
Diebold makes its e-poll book software "glitch-free"
Ah, Diebold, our favorite democracy-threatening, gadget-making punching bag. Earlier this week, Diebold showed off a software fix to Maryland election officials of the company's new "e-poll books," a device to keep track of voter records and registration. The e-poll books previously had been marred by a glitch that caused machines in every precinct to freeze and reboot during the recent Maryland primaries, reports The Washington Post. However, there still remain two big problems that Diebold is mystified at: "why some units failed to communicate properly with one another, and why some access cards -- which voters receive after checking in and must insert into a voting machine -- 'did not encode.'" Yeah, that would be a problem, considering that these machines are crucial in, we dunno, the very foundation of our democracy. Also, for the record, Diebold says that its other voting machines "worked well," which in Diebold-speak means glitch-free but with the usual shoddy security.
Rolling Stone interviews a Diebold whistleblower
In what is perhaps the most astonishing turn of events in the ongoing Diebold fiasco, a new article in the latest issue of Rolling Stone -- with extensive information direct from a named former company consultant -- makes one of the most damning cases against the embattled company. The article weaves an elaborate tale of how Diebold had at the very least some extremely skeezy deals signed in 2002 with the state of Georgia, which allowed Diebold to replace all existing voting equipment, and to speed things up by the fall election: "The company was authorized to put together ballots, program machines and train poll workers across the state - all without any official supervision." As if that weren't enough, days before the primaries, the president of Diebold's election unit, Bob Urosevich, personally distributed a patch to the elections software. The article goes on: "Georgia law mandates that any change made in voting machines be certified by the state. But thanks to Cox's [Georgia's Secretary of State] agreement with Diebold, the company was essentially allowed to certify itself." Before the election, the two Democratic candidates in the two major races (for one Senate seat and the state governorship) had been ahead in the polls, and on Election Day, Republicans won the two races by a slim margin -- and given that no paper trail exists there is no way to prove or disprove that the election wasn't tampered with in some way. And you wonder why we continue to insist on paper ballots for the time being?
Open your Diebold AccuVote-TS with a minibar key
Remember those guys from Princeton who recently dissected a Diebold voting machine and wrote a serious academic paper laying the smack downon our favorite shady e-voting company? The plot thickens with those Jersey brainiacs: after giving a presentation to some computer science colleagues last week, Prof. Ed Felten was approached by Chris Tengi, a member of the department's technical staff, who pointed out that the key that opens the AccuVote-TS voting machine is very similar to a key that he has at home. Tengi's key opened the voting machine, and upon further investigation, the Princeton posse discovered that both keys are actually a common office furniture type used for hotel minibars, electronic equipment and jukeboxes. Furthermore, said keys can easily be bought on eBay or from various online retailers. So, all you need to hack Diebold's crackerjack security is to spend a little cash on these keys, bring 'em to your next local election along with a cheap-o flash drive, and you can easily open the lock that houses that Diebold memory card while you're in the voting booth -- good times, hey? If your locality uses these machines, you may want to write your Congressional representative and your county authorities to alert them to this, erm, "feature" -- better yet, buy them one of these keys and send it along with your letter, inviting them to test it out for themselves![Via Boing Boing]
Researchers show Diebold voting machines unsecure, citizens shocked
We're all for hacking stuff, generally, but hacking democracy for malicious purposes is just plain uncool. While no one's definitively proven that such a scenario has ever actually happened in real elections, vote-hacking remains a distinct possibility, given the state of our electronic voting equipment. If you were unconvinced the last time we covered this, of just how shoddy these Diebold voting machines are, here's another arrow in our quiver: Princeton University researchers have taken apart a Diebold machine, examined it from every angle, written a new paper on its flaws and have come to the following conclusions: 1) Malicious code "can steal votes with little if any risk of detection." 2) Said code can be installed in one minute or less. 3) The Dieblod machines run Windows CE 3.0 -- so, they're susceptible to viruses. 4) Some problems would require the entire replacing of hardware, yet another security risk. Still though, we would love to see a debate between the two candidates in this fictitious election: George Washington and Benedict Arnold.[Via Boing Boing]
