All the latest UK technology news, reviews and analysis
|
|
|
31 Jul 2007
Democracy has taken another blow in the US where a team of investigators has found fundamental security flaws in all the e-voting systems it tested in California.
The tests were carried out over the last two months as part of a review of e-voting by California Secretary of State Debra Bowen.
According to the Californian government website the review was “designed to restore the public's confidence in the integrity of the electoral process and … ensure that California’s voters are being asked to cast their ballots on machines that are secure, accurate, reliable, and accessible.”
But it has achieved exactly the opposite.
A public hearing on the report is being held today in the State capital, Sacremento.
The team of investigators, led by Matt Bishop from the Davis University of California, concluded that “the security mechanisms provided for all systems analysed were inadequate to ensure accuracy and integrity of the election results.”
Bishop’s team was able to forge voter cards and manipulate counts from voting terminals and even the reports from servers which aggregate results. They found terminals and servers where they could overwrite firmware, run malicious code and even undo screws on protective locks to gain access to the innards of voting machines.
“Many of the components tested appear to have been hardened by taking their basic design and adding security features,” Bishop reported. “As a result, the testers were able to exploit inconsistencies between the protective mechanisms and that which they were intended to protect.”
The systems tested were supplied by Sequoia, Diebold and Hart InterCivic. Systems supplied by Election Systems and Software arrived too late to test.
Bishop said his researchers were impeded in obtaining sufficient security data to carry out their tests and recommends in his report that in future all vendors be compelled to provide all the source code and documentation for their systems before testing commences.
“All team members felt that they lacked sufficient time to conduct a thorough examination, and consequently may have missed other serious vulnerabilities,” reported Bishop.
Latest stories from Web
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
Orange and Intel talk us through the ins and outs of their San Diego smartphone
Connect with V3.co.uk
The wrong printers, for the wrong tasks on the wrong contracts
Who leads the BI pack and who should we be watching out for?
Helpdesk/Service Analyst x 3 3 Month Contract...
French Technical support Specialist (2/3rd Line) CCNA...
ECM Project Manager - CMS, "Document Management", Web...
Skills - Presales, Consultant / Consultancy, Technical...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
The problems are nationwide, not just California
The systems used in California are used in almost all 50 states. It should also be noted that one huge company, ES&S, failed to cooperate and results are not yet available -- which does not speak well of that system at all. Many of the findings are in the context of externam attackers. "Outside hackers" is a false frame. Historically, vote tampering has been performed by those with inside access. They have extensive access, user manuals, and time on their hands to do what needs to be done to capture an election. As long as we use systems that count votes in secret, our rights are not secured. At no time did the framers of the Constitution contemplate or approve a system whereby the government and its contractors would count The People?s votes in secret. Bev Harris Founder - Black Box Voting
Posted by: Bev Harris 30 Jul 2007