Tuesday, January 1, 2008

California limits use of E-voting systems, but does not go far enough

It was unclear from my cursory read of the materials whether machines will require voter verifiable paper audit trails.  At least the Sequoia and Diebold machines must have their ballots hand-counted so it does sound like all-electronic voting is dead for those machines at least.

The full details are available here:  http://www.sos.ca.gov/elections/elections_vsr.htm

Read Rebecca Mercuri's comments in Risks on this announcment:  California Voting System Hacking Report

My favorite gem:

...let's just throw more money atadditional security mechanisms and training while we all pretend that we'reconducting legitimate elections. Good job, guys, thanks for letting the CASoS off the hook.

Here's a novel thought: why not just throw this crap in the junk heap whereit belongs, vote on paper, and let the citizens do the counting? Maybe foranother $1.8M some State can get a team of PhDs to validate that conclusion.

California Puts Limits on Use of E-voting Systems
California Secretary of State Debra Bowen has mandated tough new
security standards for the state’s e-voting systems and curtailed their
planned use after an independent review of the technology.

“Citizens do not have confidence that elections have been
fairly decided, because they don’t have faith in the integrity of the
tools,” Bowen said during a teleconference on Aug. 3.

The state will allow e-voting machines made by Diebold
Election Systems Inc. and Sequoia Voting Systems Inc. to be used only
under strict conditions. Polling stations won’t be able to have more
than one of those systems in place, and county registrars will have to
take steps such as reinstalling the software and firmware for the
devices and resetting their encryption keys.

Bowen mandated similar security measures for Hart InterCivic
Inc.’s e-voting systems, but without the single-machine limitation. She
decertified products from Election Systems & Software Inc. after it
was late in providing researchers with access to them. The ES&S
systems are being evaluated now and could be approved for use in next
year’s presidential primary, she said.

E-voting systems were used by one quarter to one-third of California voters in last November’s election, Bowen said.

But during a state-sponsored review of the machines and their
source code, a team of penetration testers found 15 security problems,
including the ability to exploit flaws in Windows.

The team reported that it was also able to overwrite
firmware, bypass system locks, forge voter cards and install a wireless
device on the back of a Diebold server.


No comments:

Post a Comment