New E-Voting Machines Flawed, Study Says

The new electronic voting systems certified for use by the government of California were expected to do a lot of things; primarily, provide secure e-voting environments. What they were not expected to do was splatter egg on the government’s face.

That is what three of these systems have ended up doing so far. In what has become a source of major embarrassment for the government and amusement for the skeptics, the systems fell flat on their faces during testing by researchers.

A report said a series of tests by researchers from the University of California has resulted in the detection of major security issues in each of the three systems. The tests were ordered by Debra Brown, Secretary of State, at a cost of $1.8 million.

The systems in question have been designed by Diebold Elections Systems, Sequoia Voting Systems, and Hart Intercivic. The tests researchers designed to breach the security apparatus on the three systems have been all too successful in achieving their objectives.

The end could not have been worse. Not only did the researchers breach the security, and quite easily at that, they announced that there were probably a quite few more things wrong with the machines, which they could not look at because of the short time frame they were provided with.

The researchers, code named the Red Team, were able to access physically the Sequoia Voting Systems machine – remove a few screws, bypassing the lock, and they were in. As if that was not embarrassing enough, they were also able to overwrite the firmware.

The Diebold Elections Systems machine also yielded flaws during testing. The system did not have very high physical security measures. Besides, the Red Team also discovered they could play around with the machine’s Windows OS. They implemented security actions, which surprisingly did not appear in the audit logs of the server.

Not only that, Red Team members could access Diebold firmware. They also found ways to compromise the voting data by changing the number of votes and also cause havoc with the administrative privileges of the people using the system.

In the case of the Hart Intercivic gadget, researchers overcame the machine’s restricted environment and breached the system. They also gained access to the firmware, rewrote voting data, accessed supposedly password-protected secure menus.

The surprising aspect of the whole story is that all these flaws, and each of them are monumental flaws, are being discovered after the government issued certificates of approval for these systems.

The three vendors facing the flak for the these disastrous results have issued statements once the findings were published. Sequoia issued a statement saying the tests were not done in a real time environment and there made the product out to be a total disaster in terms of safety and security.

Even the critics have been floored. While they were a bit skeptical about the performance of the machines, they never thought the results would be so bad. One of them, Avi Rubin, who is a professor of computer science and technical director, Information Security Institute, John Hopkins University, said the unbelievable part was these machines were already certified as being in good condition by the government.

The issue of integrity, vis a vis electronic voting machines has been around for quite a while. The security flaws of the Diebold machines have already been laid out as long as a year back.

However, what has the critics most worried is the fact that this enormous amount of security flaws have been detected on certified machines.