News & Product Reviews for Tech Leaders

Top Tech News

World Wide Web

California Hacks Its E-Voting Machines

by Michael Smith

California Hacks Its E-Voting Machines

July 31, 2007 8:56AM
Following a report from a team of experts indicating that electronic voting systems are vulnerable, vendors fought back at the public hearing in California, with officials from Sequoia Voting Systems saying the five-week review was an “unrealistic, worst-case scenario” conducted in a computer lab by experts who had unlimited access.


Neustar, Inc. (NYSE: NSR) is a trusted, neutral provider of real-time information and analysis to the Internet, telecommunications, information services, financial services, retail, media and advertising sectors. Neustar applies its advanced, secure technologies in location, identification, and evaluation to help its customers promote and protect their businesses. More information is available at www.neustar.biz.


The recent YouTube-CNN presidential debate showed how technology could open up political dialogue. But a public hearing in California on Monday raised questions about whether technology could also open up voting — to hacking.The contentious hearing in Sacramento followed a “top-to-bottom review” of electronic voting systems from Sequoia, Diebold, Hart InterCivic, and ES&S, ordered by California Secretary of State Debra Bowen.Conducted in May and June, with the results released last week, the study by teams of computer scientists organized by the University of California found that the voting machines could readily be hacked and the voting results changed.


‘Security Through Obscurity’

Bowen’s office said in a statement that the review involved three teams of seven specialists each, from the California university system, other universities, and private companies in the U.S. Each team analyzed documents and studies, looked at source code, and then attempted a “red team” penetration attack.

The red teams’ report indicated that the researchers made no assumptions about any constraints on the attackers and that it examined what a “dedicated attacker could accomplish with all possible kinds of access.”

The researchers added that “security through obscurity,” where one assumes “a veneer of security by relying on attackers not having access to protocol specifications” or hard-to-get tools, “is not an acceptable option for any system that can’t afford to have its security compromised.”

The report also indicated that the teams did not evaluate “the likelihood of any attack being feasible.” One problem with the study, the researchers said, was the time restriction, which meant that they could have “missed other serious vulnerabilities.”

At Monday’s hearing, the vendors fought back. Officials from Sequoia Voting Systems characterized the five-week review as an “unrealistic, worst-case scenario” that was conducted in a computer lab by experts who had unlimited access. An official from Diebold said in a written statement that all voting systems “in a laboratory environment” can be hacked.


Security Procedures, Accessibility

Some election officials at the hearing said that the review did not account for the researchers’ expertise or the security precautions that would be put in place in an actual voting scenario. The report noted that the researchers did not evaluate local officials’ security procedures because there are 58 different sets of procedures in California’s 58 counties.

Voting activists argued that the state should return to paper ballots, and that any voting machine vulnerability is too much. Emily Levy of Bradblog, a Web site that focuses on electronic voting, wrote of one election official who supported the report. She quoted him as saying, “We bought these systems to accommodate voters with special needs and disabilities and ‘we have let them down in the most appalling way’ by certifying systems with such obvious defects.”

In addition to covering security issues, the state’s review included an assessment of how well the voting systems actually met accessibility requirements. The accessibility report, released last week, found that none of the tested machines “met the accessibility requirements of current law and none performed satisfactorily in test voting.” (continued…)

1  |  2  |  Next Page >

Leave a Comment