Nothing....
Ohio:
Ohio’s electronic voting systems have “critical security failures” which could impact the integrity of elections in the Buckeye State, according to a review of the systems commissioned by Secretary of State Jennifer Brunner.California:
“The results underscore the need for a fundamental change in the structure of Ohio’s election system to ensure ballot and voting system security while still making voting convenient and accessible to all Ohio voters, “ Secretary Brunner said Friday in unveiling the report.
“In an era of computer-based voting systems, voters have a right to expect that their voting system is at least as secure as the systems they use for banking and communication,” she said.
THE REPORT
The Evaluation & Validation of Election-Related Equipment, Standards & Testing report, known as EVEREST, is a comprehensive review of voting systems revealing startling findings on voting machines and systems used in Ohio and throughout the country. The Ohio study tested the systems for:
- risks to vote security,
- system performance, including load capacity,
- configuration to currently certified systems specifications, and
- operations and internal controls that could mitigate risk.
The $1.9 million study, paid for using federal funds, was structured to allow two teams of scientists, corporate and academic, to conduct parallel assessment of the security of the state’s three voting systems - Election Systems & Software (ES&S), Hart Intercivic and Premier Election Solutions (formerly Diebold) - in both voting and board of elections environments. Separate research was conducted on each voting system’s performance, configuration and operations and internal controls management. A bipartisan team of 12 election board directors and deputy directors advised the study and evaluated all reports, participating with the secretary in making recommendations for change.
While some tests to compromise voting systems took higher levels of sophistication, fairly simple techniques were often successfully deployed.
“To put it in every-day terms, the tools needed to compromise an accurate vote count could be as simple as tampering with the paper audit trail connector or using a magnet and a personal digital assistant,” Brunner said.
The researchers in the Ohio study didn’t address the issue of probability of attack, leaving that to the determination of state and local officials. The researchers commented that with the lack of technical measures in voting system design, its integrity “is provided purely by the integrity and honesty of election officials.” (p. 20, Final Report of Academic Researchers.)
“It’s a testament to our state’s boards of elections officials that elections on the new HAVA mandated voting systems have gone as smoothly as they have in light of these findings,” Brunner said.
Testers looking at the performance of the voting systems used in Ohio and in many locales throughout the country, identified numerous risks to election integrity ranging from minor to severe, according to the review.
Also, those examining how voting systems were configured in the field found risks such as the use of materials like memory storage and printer paper that had not been certified by the voting system manufacturers; a lack of standardized equipment testing and that revisions to voting system software for all systems and counties were not documented or tracked, the review said.
Earlier this year, California Secretary of State Debra Bowen established strict new standards for electronic voting machines, requiring independent code audits, Red Team security testing, and support for paper records. The Red Team testing process primarily involves subjecting the machines to review by security experts who attempt to hack the software and bypass the physical security mechanisms. Recent Red Team tests of ES&S voting machines have uncovered serious security flaws.And then there's the (global) economy -- we're maybe on the cusp of inflation thanks to all the gratuitous rate cuts that haven't and won't do anything for the subprime/housing disaster -- and Iraq, Iran, Afghanistan....
Previous Red Team tests commissioned by the state of California revealed significant vulnerabilities in devices sold by Diebold and Sequoia. At the time, ES&S declined to participate in the testing, citing lack of preparedness. The tests on the ES&S machines were finally conducted in October, and the results, which were recently published (PDF), show that products from ES&S are as insecure as the rest.
The first round of tests focused on the physical security of the Polling Ballot Counter (PBC), which the Red Team researchers were able to circumvent with little effort. "In the physical security testing, the wire- and tamper-proof paper seals were easily removed without damage to the seals using simple household chemicals and tools and could be replaced without detection," the report says. "Once the seals are bypassed, simple tools or easy modifications to simple tools could be used to access the computer and its components. The key lock for the Transfer Device was unlocked using a common office item without the special 'key' and the seal removed."
After bypassing the physical security of the voting machines, the Red Team researchers were able to gain direct access to all of the files on the systems, including password files. "Making a change to the BIOS to reconfigure the boot sequence allows the system to be booted up using external memory devices containing a bootable Linux copy," according to the researchers. "Once done, all the files can be accessed and potentially modified, including sensitive files such as the password file which can be cracked by openly available cracker programs. New users may be added with known passwords and used by the same attacker or other attackers later."
The Election Management System workstations were also found to be vulnerable, with critical security codes stored in files as plain text. The Red Team also discovered that the Election Loader System used unencrypted protocols to transmit election initialization data to the PBC units, which implies vulnerability to a man-in-the-middle attack. The Election Loader System is populated with data from an Election Distribution CD, which is generated by a special Election Converter Application. The researchers were able to break the encryption used on the generated CD to "breakdown the CD, revise the election definition, and replace the CD with a new encrypted CD with an alternate election definition." The researchers note that this tactic could be used to alter vote tallies.
ES&S is already in serious trouble in California for selling uncertified voting machines to several counties in violation of state law. The results of the Red Team test, which demonstrate beyond doubt that the security of ES&S voting machines is utterly inadequate for use in elections, make it seem unlikely that ES&S will be able to continue peddling their defective products in the state.
And speking of free elections:
The Justice Department's voting rights chief stepped down Friday amid allegations that he'd used the position to aid a Republican strategy to suppress African-American votes.Link.
John Tanner became the latest of about a dozen senior department officials, including former Attorney General Alberto Gonzales, who've resigned in recent months in a scandal over the politicization of the Justice Department in the Bush administration.
In recent months, McClatchy has reported on a pattern of decision-making within the department's Civil Rights Division, of which the Voting Rights Section is a part, that tended to narrow the voting rights of Democratic-leaning minorities.
Tanner has been enmeshed for months in congressional investigations over his stewardship of the unit that was established to protect minority-voting rights. He drew increased focus this fall after he told a Latino group: "African-Americans don't become elderly the way white people do. They die."
In addition, the Justice Department opened an internal investigation into allegations that Tanner unfairly had deprived two veteran African-American staffers of bonuses and that he and a deputy had misused tax dollars on official trips.
***
While Tanner hailed his accomplishments, asserting that the section had "tripled the number of new lawsuits" compared with the period before he took office, critics have charged that the department has filed few suits on behalf of African-American voting rights.
Shortly after he became section chief in 2005, Tanner reversed the recommendation of the career staff that the department object to a Georgia law requiring voters in that state to produce photo identification cards. The staff had argued that the law would disenfranchise minority voters.
A federal judge later blocked implementation of the law, likening it to a Jim Crow-era poll tax because poor minority voters, who are most likely to lack driver's licenses, would be required to buy photo IDs.
This October, after making his comments about the shorter life span of blacks while defending the Georgia law, Tanner apologized for his "clumsiness" before a House Judiciary subcommittee.
Tanner also drew harsh criticism for directing a crackdown to force states to purge hundreds of thousands of names from voter registration rolls, an initiative that critics charge was aimed at disenfranchising minority voters, who move frequently.
He's facing an investigation by the department's Office of Professional Responsibility into multiple allegations that he mistreated staff and abused his travel privileges. At least two of the inquiries stem from formal complaints from members of his staff.
In late November, the Web site TPM Muckraker reported that Tanner had made taxpayer-funded trips to Hawaii for three straight years, twice staying a full week although his work was completed within a couple of business days. The Web site said he'd made 36 trips covering 97 days since taking the helm in May 2005.
No comments:
Post a Comment