Click here to see full-size video... SECURITY ANALYSIS OF THE DIEBOLD ACCUVOTE-TS VOTING MACHINE Ariel J. Feldman, J. Alex Halderman, and Edward W. Felten, Princeton University DOWNLOAD THE FULL REPORT IN PDF FORMAT, FROM PRINCETON UNIVERSITY WEBSITE Abstract: This paper presents a fully independent security study of a Diebold AccuVote-TS voting machine, including its hardware and software. We obtained the machine from a private party. Analysis of the machine, in light of real election procedures, shows that it is vulnerable to extremely serious attacks. For example, an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates. An attacker could also create malicious code that spreads automatically and silently from machine to machine during normal election activities — a voting-machine virus. We have constructed working demonstrations of these attacks in our lab. Mitigating these threats will require changes to the voting machine's hardware and software and the adoption of more rigorous election procedures. [Go to Sentido Video, or read more at: Princeton.edu]

ELECTRONIC VOTING MACHINES FLAWED ACCORDING TO UC STUDY
STUDY RAISES SERIOUS QUESTION AS TO WHETHER ANY E-VOTING PLATFORM CAN BE SECURE
6 August 2007

A California government-sponsored study has "found that virtually all voting machines used in the state are vulnerable to hackers", creating a whirlwind of complaints from activists and defiance from manufacturers. Secretary of State Debra Bowen, along with voting rights activists have said the problem needs to be solved before next year's presidential primary elections.

The study has re-opened public debate on the viability of elections using electronic machines. The computerization of the electoral process means it is all the more possible to re-arrange, distort or erase vote totals, and in the worst-case, steal an election. Scientists representing numerous universities, watchdog groups or state governments have demonstrated the pervasive security flaws inherent in e-voting.

California is one of the states which requires voter-verified paper trails. California's e-voting regulations also require a manual audit of paper trails, to ensure there are no anomalies in the electronic count. But there are 23 states which do not as yet mandate voter-verified paper trails, and several which do where a large number of voting machines still do not provide any paper trail at all, let alone a document the voter can check to ensure there is an accurate record of the votes cast.

Sen. Dianne Feinstein (D-CA) said the study is "yet another reason that states and counties should consider a move to optical scan machines that provide an auditable, individual voter-verified paper record without having to rely on a separate printer". Feinstein has said the Senate will study this in hearings in hopes of correcting problems nationwide before the 2008 general election.

While the California study has been criticized by manufacturers as "unrealistic" for exploring all possible types of tampering, it clearly demonstrated major security flaws, some of which those same manufacturers are currently working to correct, an apparent sign of recognition of the problem.

What's more, this has been a process of many years, where study after study show similar vulnerabilities, and manufacturers continue making flawed machines and, among those already in circulation, have tended to correct only those where the state mandates fixes.

The San Francisco Chronicle reports: "The UC 'Red Team' attack by hackers purposely ignored any security measures that would be taken by local counties, such as limiting access to the computer centers, putting guards over the voting machinery and training poll workers and other election officials to look for suspicious activity." This was done, ostensibly, to ensure that potential breaches of such measures (by way of corruption or lax security) not go untested.

Critics of the methods of touchscreen manufacturers, such as Diebold, have repeatedly said they do not feel it should be considered a security measure for a state-of-the-art voting machine to require added security to ensure that simple modes of tampering not damage the information contained within. The objective of activist groups and the verified-voting movement is that there be an unalterable record, secured at the moment the vote is cast, which can be checked to ensure accuracy.

The Chronicle also notes that county officials from across the state have expressed concern that the decertification of voting machines now, from Sacramento, may leave them with even less likelihood of being able to organize a reliable and secure vote-count when the presidential primaries are held in February 2008, just 6 months from now.

A state-ordered study in Florida determined that not only electronic 'touchscreen' voting machines but also optical scanners, which read blackened circles as are common on standardized testing, can be tampered with, their results modified, and traces of the wrongdoing erased. Diebold has said it will make the necessary corrections to the optical scanners it provides to Florida, by 17 August, to prevent the machines being decertified.

USEFUL LINKS DOCUMENTED ELECTRONIC MISCOUNTS, VOTES LOST 'RED TEAM' FINDS PERVASIVE SECURITY FLAWS CENTER FOR VOTING & DEMOCRACY HR-550: BILL REQUIRING "A PERMANENT PAPER RECORD OR HARD COPY" OF BALLOTS HR-2239: BILL REQUIRING PAPER TRAILS BY NOV. 2004 REP. RUSH HOLT: ORIGINAL SPONSOR OF HR-550, HR-2239 HAVA: MANDATES MOVE TO E-VOTING, NO PAPER TRAILS

Florida is still working to correct the fundamental flaw the Supreme Court noted in its voting process in 2000: the existence of so many disparate modes of technology, leaving voters with radically varied likelihood of having their vote actually count. 15 of 67 counties across Florida still have machines that use no paper-trail. A new law mandates that all voting machines produce a paper-trail, and old machines that do not will be discarded.

The risk of insecure technology to the integrity of the election process is real: Professor Edward Felten, a professor of computer science at Princeton University, recently found in a comprehensive study commonly available e-voting machines were easily susceptible to malicious tampering. The NY Times reports his two main findings as:

(1) Malicious software on a voting machine can “steal votes with little if any risk of detection.” It can also “modify all of the records, audit logs and counters kept by the voting machine, so that even careful forensic examination of these records will find nothing amiss.”

(2) “Anyone who has physical access to a voting machine, or to a memory card that will later be inserted into a machine, can install” malicious software in as little as one minute.

Verified Voting, the largest NGO working to ensure the verifiability of votes cast electronically, reports that while 27 states already mandate that all machines produce a paper-trail, 12 more states have paper-trail legislation pending. This means that 39 states may have ordered the paper-trail standard be in place by the 2008 general elections. Congress is likely to vote on legislation that would mandate the paper-trail standard nationwide. [s]

• SF Chronicle: "Makers of voting machines battle critics over UC study"
• Sci-Tech Today: "The Plot Thickens for Electronic Voting"
• Forbes: "Voting Machine Companies Attack Review"
• NY Times: "The Good News (Really) About Voting Machines"

BACKGROUND:
TWENTY-SIX STATES HAVE PASSED LEGISLATION REQUIRING PAPER TRAILS FOR ELECTRONIC BALLOTS
11 June 2006

Since the 2000 election, voting technology has become a major issue in US elections regimens and regulations; touchscreen balloting machines, which legislatures seem to have favored as a way to record votes accurately, eliminating the 'hanging chad' problem, were designed with no paper record and have proven insecure and susceptible to tampering. Now, 26 US states have passed laws requiring paper trails, and 13 more, plus Washington, DC, have proposed laws "not yet enacted". [Full Story]

• VerifiedVoting: "Voter-Verified Paper Record Legislation"
• Newsweek: "Will Your Vote Count in 2006"
• CA Secretary of State's Office: "Security Analysis of the Diebold AccuBasic Interpreter" [PDF]
• SD Registrar of Voters: "June 2006 Primary Election"

SAN DIEGO COUNTY SENT VOTING MACHINES HOME WITH POLL WORKERS ON EVE OF ELECTION
9 June 2006

Reports have emerged that according to the San Diego registrar of voters, poll workers in San Diego county took tamper-susceptible Diebold voting machines home on the eve of the election. In some cases, poll workers may have had unsupervised access to the machines for a week or longer. [Full Story]

FLORIDA'S LOST & FOUND ELECTRONIC VOTES
31 July 2004

The Supervisor of Elections for Miami-Dade County, Florida, announced Friday that her office had recovered missing electronic records of touch-screen votes from the 2002 primary elections in the race for Florida Governor. The records had been reported lost, after a series of computer crashes appeared to have wiped out the electronic files containing the record of the votes. [Full Story]

EAC RECOGNIZES NEED FOR "ENHANCED SECURITY MEASURES" IN TOUCHSCREEN BALLOTING
28 July 2004

The Election Assistance Commission, set up by the 2002 Help America Vote Act to provide nationwide oversight of election processes and to seek to prevent any debacle resembling the 2000 Florida recount, has voiced support for "paper verification" and "enhanced security measures" to guarantee legitimacy of touch-screen votes. For some time, verified voting activists have been troubled by the unwillingness of members of Congress to support legislation to require a paper record of electronic votes until the EAC makes its recommendations. [Full Story]