E-Voting Security Ignored

Michelle Pilecki

“

Eat The Press

Eat the Press” is the Huffington Post’s ongoing coverage of and commentary on the media. Hosted by Harry Shearer and his band of media critics, this is where we turn our gaze on the ever-more powerful fourth estate—keeping watch on the watchdogs.

E-Voting Security Ignored

Does anybody care if those nifty electronic voting machines actually work as promised? Are reliable? Tamper-proof? Apparently not. Last week the US Government Accountability Office issued a report on "Federal Efforts to Improve Security and Reliability of Electronic Voting Systems Are Under Way, But Key Activities Need to Be Completed." Among its findings, according to the press release from the House Committee on Government Reform:

Voting System Vulnerabilities Identified by GAO:

• Cast ballots, ballot definition files, memory cards, and audit logs could be modified.

• Supervisor functions were protected with weak or easily guessed passwords, and memory cards that allowed individuals access to voting machines were inadequately protected.

• Systems had easily picked locks and power switches that were exposed and unprotected.

• Voting machine vendors had weak security practices, including the failure to conduct background checks on programmers and system developers, and the failure to establish clear chain of custody procedures for handling software.


The list goes on to note real failures in real elections:

• In California, a county presented voters with an incorrect electronic ballot, meaning they could not vote in certain races.
• In Pennsylvania, a county made a ballot error on an electronic voting system that resulted in the county’s undervote percentage reaching 80% in some precincts.

• In North Carolina, electronic voting machines continued to accept votes after their memories were full, causing over 4,000 votes to be lost.

• In Florida, a county reported that touch screens took up to an hour to activate and had to be activated sequentially, resulting in long delays.


Outside of a few computer trade journals and voting-rights blogs, the report has gone almost entirely unnoticed. ComputerWorld quoted the report:

Until these efforts are completed, there is a risk that many state and local jurisdictions will rely on voting systems that were not developed, acquired, tested, operated or managed in accordance with rigorous security and reliability standards -- potentially affecting the reliability of future elections and voter confidence in the accuracy of the vote count.
As far as the consumer press, the ANG Newspapers group in and around Silicon Valley seems to provide the only coverage, reporting that "fixing problems could be years away."


Congress never granted a full appropriation to the or to the National Institute for Standards and Technology, which was to provide technical help. As a result, the new standards for security, performance and accuracy of voting systems have been three years in the making and may not be applied to actual voting systems until 2007. New labs to test voting systems to the standards won't be approved until then, and meanwhile the existing laboratories may continue testing voting systems to older standards until June 2008.

That's nice to know, isn't it?

Link: http://www.huffingtonpost.com/nellie-b/evoting-security-ignored_b_9726.html

GAO questions progress on e-voting standards

Questions about security, accuracy likely to continue into the '06 elections

News Story by Grant Gross
OCTOBER 24, 2005 (IDG NEWS SERVICE) - Questions about the security and accuracy of electronic voting systems are likely to continue into the 2006 national elections, because the U.S. government has not yet completed work on electronic voting guidelines, according to a new government report.

With lingering concerns about the security of e-voting systems, the U.S. Election Assistance Commission (EAC) needs to define security policies and set up a machine-certification program... (report issued Friday by the U.S. Government Accountability Office (GAO).)

"Until these efforts are completed, there is a risk that many state and local jurisdictions will rely on voting systems that were not developed, acquired, tested, operated or managed in accordance with rigorous security and reliability standards -- potentially affecting the reliability of future elections and voter confidence..., the GAO report said.

The EAC, established with the "Help America Vote Act" passed by Congress in 2002, is working...to help state and local governments improve their management of e-voting systems, the GAO said. ...working on security and reliability standards and on programs to certify voting machines and accredit independent laboratories to test e-voting systems, the GAO said. But those efforts aren't finished and are "unlikely to have a significant effect in the 2006 federal election cycle," the report said....

(clip)

"...GAO asserted that electronic voting systems must be secure and reliable, and EAC agrees," the EAC statement said. "Security has always been a top priority at EAC...",

(clip)

...The EAC and the National Institute of Standards and Technology (NIST) are developing a vulnerability analysis of e-voting systems, the statement said.

The EAC also questioned the GAO's reference to security and reliability questions about e-voting systems....

(clip)

...The GAO report relies on documents produced by other people, but the agency didn't substantiate those reports of security and reliability problems, the EAC added....

(clip)

...The Information Technology Association of America (ITAA), a trade group representing some e-voting machine vendors, said state election officials started late on working through e-voting machine concerns because of delays in Congress to set up the EAC...and because of congressional delays in funding. The EAC and NIST have, "put forth a steady stream of best-practices guidance,"

but Congress gave the EAC no regulatory authority to make states comply...

(clip)

...(Says) Rep. Tom Davis (R-Va.), chairman of the House Government Reform Committee..., "...It is certainly disappointing that, despite the recommendations from federal organizations and nongovernmental groups, many states still have not made progress to make sure their electronic voting systems are safe from fraud and can be relied on to accurately count votes...,"

(clip)

...Democrats, however, called for congressional action, (Michigan Rep. John Conyers Jr.)