Wilms posted a link to
http://vote.nist.gov/since the Technical Guidelines Development Committee held a meeting on 4/21 &22
I browsed and dowloaded some documents and since this wireless transmission or modem transmission issue had been bugging me for a long time, I thought I will check.
Ultimately the full findings and recommendations will end up at the EAC.
and for anyone interested to see the current communication set should see page 4 of
http://vote.nist.gov/April2005/6-wirelessv3.pdfAt Issue: Voluntary Voting System Standards
Telecommunication
5.1.1 Integrity
For WANs using public telecommunications, boundary definition and implementation shall meet the following requirements.
a. Outside service providers and subscribers of such providers shall not be given direct access or control of any resource inside the boundary;
b. Voting system administrators shall not require any type of control of resources outside this boundary. Typically, an end point of a telecommunications circuit will be a subscriber termination on a Digital Service Unit/Customer Service Unit (DSU/CSU) (though the precise technology may vary, being such things as cable modems or routers). Regardless of the technology used, the boundary point must ensure that everything on one side is locally configured and controlled while everything on the other side is controlled by an outside service provider; and
c. The system shall be designed and configured such that it is not vulnerable to a single point of failure in the connection to the public network causing total loss of voting capabilities at any polling place.
ES&S Comments on the Draft Standards for Wireless Communications Devices in Voting Systems, Draft Version March 2, 2005
Reference Comment
Specific Issue. ES&S employs the use of an infrared based wireless communications between the iVotronic DRE and the memory device that actuates and works with the iVotronic. An exacting physical alignment is required between the PEB and the iVotronic before either device is powered up and prior to initiation of the infrared communications. Such infrared is enclosed with a physical port/well in the DRE and transmits across a distance of less than a quarter of an inch. When the PEB is removed from the iVotronic well, the PEB powers down and infrared communications ends. There is no broadcasting or continuous communications of data in any direction, unless the strict physical alignment is in place. Over 40,000 such iVotronic DRE voting machines are in the field today. Such controlled, secure wireless communications should not be prohibited.
Specific Issue. Certain customer jurisdictions make use of wireless and cellular based communications to transfer unofficial vote totals from the polling place, after polls close, to the election central computer system. Such unofficial transmissions are later checked and validated against results paper tape printouts generated at the polling place. In addition, jurisdictions have the ability to carry such vote totals into election central via the memory devices from the voting machines. If for any reason a transmission is interrupted or fails, these techniques serve as backup processes and validation / audit points used before the election results are declared official. Such techniques completely mitigate any telecommunications based security concerns and maintain systems integrity regardless of any and all telecommunications techniques that can be used by those attempting to compromise the transmissions systems. While the most advanced encryption and secure transmission based techniques are desirable, they are not absolutely necessary given these overriding systems management processes that guarantee systems integrity.
and yet
Mr. James C. Johnson in his 8 page comment lays out the vulnerabilities among them:
How Secure is IrDA
IrDA does not provide encryption at the Physical Layer, and depends on the end systems to implement security if any. It is possible for the radiation emitted form the voting terminal or the Election Judge’s controller to be intercepted and listened to. Bluetooth, a short range RF technology whose use is restricted by P1583 (as well it should) provides encryption at the physical layer and thus its basic design offers more security than short range optical. The current NIST standard does not mandate link encryption and strong authentication, thus facilitating this kind of attack.
With optical, it is possible for a session to be ‘hijacked’ unless strong authentication measures are implemented between communicating systems. When a session is hijacked, a foreign device masquerades as a trusted system that is authorized to exchange data. Because the system has no way to distinguish the masquerader from the authorized system, it will accept anything from it as if was authorized.
and
Microsoft Statement on the security of IrDA
Microsoft Windows 2000 provides support for infrared-based connectivity. This support is provided through protocols developed by the Infrared Data Association (IrDA). Because of this, they are often called IrDA devices. These devices can be used to share files and printers with other IrDA-device capable systems. The software that handles IrDA devices in Windows 2000 contains an unchecked buffer in the code that handles certain IrDA packets.
A security vulnerability results because it is possible for a malicious user to send a specially crafted IrDA packet to the victim's system. This could enable the attacker to conduct a buffer overflow attack and cause an access violation on the system, forcing a reboot.
In other words, highly untrustworthy! Yet, ESS closes their comment by adding this:
"We would welcome the opportunity to review our products and processes with NIST personnel and our customers, and have a dialogue on how to help create a successful transition plan to better standards for all jurisdictional authorities tasked with making this happen. As vendors we are delighted to make changes to improve and sell new equipment or upgrade existing equipment as long as the market will support this."
I have yet to research my arch enemy suspect Optiscan and it's software...