Study: 120 threats to e-voting machines // Analysis finds e-voting machines vuln

[Guest guest]

" Stevo " <blue_meanie_9

Tue, 27 Jun 2006 13:11:12 -0700 (PDT)

[RandiRhodes] Study: 120 threats to e-voting machines //

Analysis finds e-voting machines vulnerable

 

 

 

 

USA Today

 

Steffanie Holdsbrook, left, of Woods Cross, and Sue Alvey, right, of

Layton, practice setting up new electronic voting machines in

Farmington, Utah.

By Andrea Stone, USA TODAY

 

WASHINGTON — Most of the electronic voting machines widely adopted

since the disputed 2000 presidential election " pose a real danger to

the integrity of national, state and local elections, " a report out

Tuesday concludes.

There are more than 120 security threats to the three most commonly

purchased electronic voting systems, the study by the Brennan Center

for Justice says. For what it calls the most comprehensive review of

its kind, the New York City-based non-partisan think tank convened a

task force of election officials, computer scientists and security

experts to study e-voting vulnerabilities.

The study, which took more than a year to complete, examined optical

scanners and touch-screen machines with and without paper trails.

Together, the three systems account for 80% of the voting machines

that will be used in this November's election.

While there have been no documented cases of these voting machines

being hacked, Lawrence Norden, who chaired the task force and heads

the Brennan Center's voting-technology assessment project, says there

have been similar software attacks on computerized gambling slot machines.

" It is unrealistic to think this isn't something to worry about " in

terms of future elections, he says.

The report comes during primary season amid growing concerns about

potential errors and tampering. Lawsuits have been filed in at least

six states to block the purchase or use of computerized machines.

Election officials in California and Pennsylvania recently issued

urgent warnings to local polling supervisors about potential software

problems in touch-screen voting machines after a test in Utah

uncovered vulnerabilities in machines made by Diebold Election Systems.

North Canton, Ohio-based Diebold did not return calls for comment. The

company, a major manufacturer of e-voting machines, said earlier this

month that security flaws cited in its machines were theoretical and

would be addressed this year.

The new threat analysis does not address specific machines or

companies. Instead, it " confirms the suspicions about electronic

voting machines that people may have had from individual reports " of

problems, Norden says.

Among the findings:

• Using corrupt software to switch votes from one candidate to another

is the easiest way to attack all three systems. A would-be hacker

would have to overcome many hurdles to do this, the report says, but

none " is insurmountable. "

• The most vulnerable voting machines use wireless components open to

attack by " virtually any member of the public with some knowledge and

a personal digital assistant. " Only New York, Minnesota and California

ban wireless components.

• Even electronic systems that use voter-verified paper records are

subject to attack unless they are regularly audited.

• Most states have not implemented election procedures or

countermeasures to detect software attacks.

" There are plenty of vulnerabilities that can and should be fixed

before the November election, " says David Jefferson, a Lawrence

Livermore National Laboratory computer scientist who served on the

task force. " Whether they will or not remains to be seen. "

The report said state election officials could improve voting-machine

security if they conduct routine audits comparing voter- verified

paper trails to the electronic record and ban wireless components in

voting machines.

" A voting system that is not auditable contains the seeds of

destruction for a democracy, " says Rep. Rush Holt, D-N.J., a chief

sponsor of a bill to improve electronic-voting security.

http://www.usatoday.com/news/washington/2006-06-26-e-voting_x.htm?csp=34