Update [2007-12-19 18:50:26 by Midwest Millian]: Ed Felten, computer scientist at Princeton, has an interesting post on the iVotronic and the Ohio findings at his blog, Freedom to Tinker.
“It’s worse than I thought.” Those are the words of Ohio Secretary of State Jennifer Brunner used to describe the security of voting systems in her state, following a top-to-bottom review by a corporate-academic team. Brunner has recommended that Ohio scrap all direct-recording electronic touch screen systems.
Brunner’s review included the the ES&S iVotronic, the same system that will be used statewide in the South Carolina primaries on January 19 and January 26.
In a recent diary, I noted that South Carolina’s primary will depend on the reliability of the less than reliable iVotronic. Ohio’s review team confirms Brunner’s statement: the system is worse than we thought.
The academic team found that the iVotronic’s internal memory can be accessed, and its firmware compromised, by a person using magnet and personal digital assistant – see page 69 of the pdf (page 51 of the physical document):
Anyone with physical access to polling station PEBs can easily extract or alter their memory. This requires only a small magnet and a conventional IrDA-based palmtop computer (exactly the same kind of readilyavailable hardware that can be used to emulate a PEB to an iVotronic terminal). Because PEBs themselves enforce no passwords or access control features, physical contact with a PEB (or sufficient proximity to activate its magnetic switch and IR window) is sufficient to allow reading or writing of its memory. The ease of reading and altering PEB memory facilitates a number of powerful attacks against a precinct’s results and even against county-wide results. An attacker who extracts the correct EQC, cryptographic key, and ballot definition can perform any election function on a corresponding iVotronic terminal, including enabling voting, closing the terminal, loading firmware, and so on.
How difficult would potential attackers find it to actually do this?
Page 22 of the academic report pdf (document page 4):
“The review teams were able to subvert every voting system we were provided in ways that would often lead to undetectable manipulation of election results. We were able to develop this knowledge within a few weeks. However, most of the problems that we found could have been identified with only limited access to voting equipment. Thus, it is safe to assume that motivated attackers will quickly identify – or already have- these and many other issues in these systems. Any argument that suggests that the attacker will somehow be less capable or knowledgeable than the reviewer teams, or that they will not be able to reverse engineer the systems to expose security flaws is not grounded in fact.”
Yesterday, Colorado’s Republican Secretary of State decertified the iVotronic for use in the 2008 elections.
This is the machine that will count the votes in primary that will be make or break for as much as a majority of the candidates in both parties.
The South Carolina situation cannot go unchallenged. It is almost certainly too late for South Carolina to purchase new voting equipment. But the state does require emergency paper ballots in case of equipment failure. The state can simply decide that in light of new evidence, the iVotronic is not appropriate for use in a Presidential primary.
What can you do? Contact the Presidential candidates and educate them. Call on them to ask South Carolina not to use the iVotronic in the primary. Show them the New York Times article linked at the beginning of the story. Show them the Ohio report.
Who wants to see a candidate either on the ropes or triumphant after the iVotronic primary?
Presidential Campaign Contact Information:
Joe Biden
Hillary Clinton
Chris Dodd
John Edwards
Dennis Kucinich
Barack Obama ’08
Bill Richardson
You know I often think of electronic voting machines as a living metaphor for everything that’s gone wrong with my country.
A former leader in technology and scientific achievement cannot even create a machine to do literally one of the simplest “computing” tasks in existence. The software for the 1980’s game “Frogger” is more complicated than figuring out how to record someone’s choice between candidate X, Y or Z.
A system of political cronyism and lobbying and possibly even outright bribery gets defective machines put into use. Some of these machines are just so shoddy they are literally just defective – broken.
The rest are rigged to be able to be manipulated and altered to be open to hacking to steal elections.
And then the general public is apathetic and uncaring.
Incompetence, cronyism, stealing/rigging elections and widespread apathy. Welcome to the once great United States of America.
Pax
Back in the days of Watergate, a quasi-CIA guy came up with a degaussing gun that could demagnetize computer records at a distance. He almost used it on the White House tapes, but they would have destroyed too much other valuable data in the vicinity, and opted not to do it.
But imagine what someone could do to electronic voting, if they wanted.
The fact that we can’t prove alteration has been done should not inspire confidence, because with these new systems, it’s pretty much impossible to do that. The most we could prove would be discrepancies and errors. We would have a hard time proving malice.
No electronic voting system is a safe one. But I’d take one that at least used paper ballots and offered the protection of a substantial audit. When a recent San Francisco city election was audited, enough discrepancies between the hand count and the machine count mandated a full recount. It took weeks to get the results, but in a democracy – what’s the rush? I don’t care how long it takes to count the votes. I only care that they are counted accurately!
I hope activists in South Carolina press their SoS to decertify iVotronic there and tells counties to count by hand until they can come up with a workable solution.
Please start contacting the Presidential campaigns as well; they have influence.
Having worked on two presidential campaigns, I think this would be a waste of time. Even with so much at stake, they LITERALLY do not have the time to concern themselves with this.
Some of them are aware of the issues, but hope the rest of us are doing our part.
I’ve been involved in this issue for a while. You’re best chance of success is pressuring your local county Board of Supervisors or whoever handles elections locally, and then working through your Secretary of State’s office, since they can certify and decertify systems for use in elections.
Frankly, beyond talking about it, the presidential candidates can’t do squat.
The three Senators, however, could support Sen. Bill Nelson’s bill which is similar to Holt’s bill, but would also ban touchscreen/DRE machines.
I can only imagine how little time the campaigns have to think about this, but this effort is a Hail Mary. No way activists will change this situation before Jan 19, the date of the Republican primary. The only thing that would matter would be a direct request from the candidates, based on the hard evidence of the Ohio report (and all the iVotronic problems that have come before).
Colorado’s Republican Sec. of State Decertifies E-Voting Machines After Failed Testing
he wouldn’t have done it but for the fact that there was a court order.
an auditable paper trail should be required…period.
lTMF’sA
oops…incomplete comment. l see you’ve linked the DenverPost story, but this one at BradBlog is more in depth.
preview is my friend.
lTMF’sA