Voting Machines Vulnerable to "Serious" Vote-Flipping Attack
Peter Langston
MiniFunPeople at psl.to
Tue Apr 17 19:44:08 PDT 2007
MiniFunPeople........................................ISSN 1098-7649
Forwarded-by: "Peter Langston" <MiniFunPeople at psl.to>
From: David Michael <harp at olympus.net>
http://www.truthout.org/docs_2006/041707A.shtml
[When does "clearinghouse" start to smell like "outhouse"? Read on... -psl]
Voting Machines Vulnerable to "Serious" Vote-Flipping Attack
By Michael Richardson and Brad Friedman
Bradblog
Monday 16 April 2007
Scientific report finds "serious security vulnerability" similar to
"Princeton Diebold virus hack" in widely used iVotronic system,
allowing a single person to change election results across entire
county without detection. Despite GAO confirmed mandate to serve as
info "clearinghouse," embattled EAC says they will take no action
to alert elections officials, public.
<http://www.truthout.org/imgs.art_02/3.041707A.jpg>
(Photo: www.bradblog.com)
While revelations surrounding the mysterious 18,000 "undervotes" in the
November 2006 U.S. House election between Christine Jennings and Vern
Buchanan in Florida's 13th Congressional district continue to inform the
nation about the dangers of electronic voting machines, new information has
recently come to light exposing a shocking lack of responsible oversight by
those entrusted with overseeing the certification of electronic voting
systems at the federal level.
An investigation into what may have gone wrong in that election has
revealed a serious security vulnerability on some, and possibly all,
versions of the iVotronic touch-screen voting system widely used across the
country. The iVotronic is a Direct Recording Electronic (DRE) touch-screen
voting machine manufactured by Elections Systems & Software, Inc. (ES&S),
the nation's largest distributor of such systems.
The vulnerability is said to allow for a single malicious user to
introduce a virus into the system which "could potentially steal all the
votes in that county, without being detected," according to a noted computer
scientist and voting system expert who has reviewed the findings.
And yet, despite their federal mandate to serve as a "clearinghouse" to
the nation for such information, a series of email exchanges between an
Election Integrity advocate and officials at the U.S. Elections Assistance
Commission (EAC) has revealed that the federal oversight body is refusing to
notify states of the alarming security issue.
The recent email conversation shows that even in light of the EAC's
review of the warning from the computer scientist who characterized the
"security hole" as severe, needing to be "taken very seriously," and among
the most serious ever discovered in a voting system, the EAC is unwilling to
take action.
Recent reports by the Government Accountability Office (GAO) have taken
the EAC to task for a failure to meet their legislated mandate for informing
the public and elections officials about such matters. However, a review of
the email communications to and from the EAC's Jeannie Layson shows that the
federal body is steadfast in their refusal to take action to alert either
elections officials or the public about the security risk recently
discovered by a team of eight noted computer scientists.
The EAC's current Chairwoman, Executive Director, Director of Voting
System Certification, and other top officials at both the National
Association of State Election Directors (NASED), and even the GAO, were
included in the series of email communications, The BRAD BLOG has learned.
The vulnerability was initially discovered by a panel of scientists
convened by the State of Florida to study the possible causes for the FL-13
election debacle. The team's discovery revealed that a design issue in the
widely used iVotronic system could allow for a viral attack, by a single
individual, which could then spread unnoticed throughout the electronic
election infrastructure of an entire county.
A similar vulnerability was found in DRE touch-screen system made by
Diebold last Summer by a team of computer scientists at Princeton University.
Attempts to seek information about EAC plans to notify other states and
local jurisdictions that use the same vulnerable voting systems as the one
in FL-13 have been met with an astounding refusal, troubling denial,
buck-passing, and a lack of accountability by the federal commission of
Presidential-appointees. The agency has also come under fire in recent weeks
for a number of questionably partisan decisions and other failures to
perform as mandated by the Help America Vote Act (HAVA) of 2002.
Of late, the EAC has been forced to respond to a great deal of
controversy, on a number of different operational matters and policies, as
revealed by a series of articles on this site and in mainstream outlets such
as the New York Times and USA Today. Several of those matters have drawn
Congressional notice, questioning of EAC officials, and letters of inquiry.
Thus, this latest revelation is likely to add to the rising concern of
Congress members as new federal legislation introduced by Rep. Rush Holt
(D-NJ), currently facing mark-up by a Congressional committee, would
permanently fund the now-embattled EAC. Funding for the agency was
originally mandated by HAVA only through 2005.
The new ES&S iVotronic vulnerability first emerged on February 23, 2007,
when the Florida Dept. of State released a report detailing their findings
from the investigation into what happened in Sarasota's still-contested
Jennings/Buchanan race. That election was ultimately decided by just 369
votes. The state's official findings included a report [PDF] [2] conducted
by an eight-member computer science and technology team under the auspices
of Florida State University (FSU). The report sought, unsuccessfully, to
determine the cause of the unexplained "undervotes" reported by the
iVotronic touch-screen voting systems used in Sarasota's portion of the
FL-13 race on Election Day and in early voting.
Although the reason thousands of votes turned up missing from those
systems remained unknown, the study team did discover a serious security
flaw in the iVotronic system that is used in Sarasota and many other
jurisdictions across the country (and even the world, as France is set to
use the same systems in their upcoming Presidential Election.)
Election integrity watchdog John Gideon, a frequent BRAD BLOG
contributer and the Co-Director and Information Manager for VotersUnite.org,
says that the security flaw may pertain to "every ES&S iVotronic voting
machine used in the US and overseas." A total of eight separate versions of
the system - without and without so-called "voter verified paper audit
trail" (VVPAT)" printers - are currently approved as qualified at the
federal level, he explained. Three of those are definitely affected and it
is likely that the others are as well.
The details, the dangers, and the denials are all described below...
*"It Needs to Be Taken Very Seriously"...*
As detailed by information in the FSU report, the ES&S iVotronic is
vulnerable to a very dangerous attack by a single person which could result
in an election, across an entire county, being flipped without notice.
One computer scientist who has closely reviewed the team's findings
warned via email, "The FSU report revealed a serious security vulnerability
in the iVotronic: it is vulnerable to viruses that could be introduced by a
single outsider and that could spread throughout a county. This means that a
single outsider in a county that uses the iVotronic Firmware version 8 could
potentially steal all the votes in that county, without being detected."
"In my opinion," the scientist warned, "the severity of this security
hole is roughly comparable to that of the Hursti II / Princeton virus-which
is to say it needs to be taken very seriously." Though the scientist asked
not to be identified publicly, his warning was shared with the EAC and is
now posted online in full at VotersUnite.org.
Both the so-called "Hursti II" report and the Princeton discovery, as
first reported by The BRAD BLOG, rocked the nation's voting system
manufacturers and election officials alike when they revealed extraordinary
vulnerabilities in touch-screen electronic voting systems made by Diebold,
Inc., last year during, and just prior to, the nation's primary election
cycle.
"This is further evidence that it's not just one vendor who has serious
security problems; it's a second instance [of] this sort of virus
vulnerability," the scientist writes.
"Don't let anyone tell you that if we just 'kick Diebold off the island'
all of the security problems will go away."
The scientific warning includes detailed steps on how to mitigate the
problem for several different versions of the ES&S iVotronic, all of which
are vulnerable to the attack.
Gideon took the warning to heart and forwarded it to the EAC with a
request that the important e-voting security issue be shared with other
states under the EAC's "clearinghouse" mandate. But the EAC has refused.
The Help America Vote Act (HAVA) requires the EAC to act as a national
"clearinghouse" for election administration and voting system information.
As stated on the EAC website:
The Election Assistance Commission is designed to serve as a
national clearinghouse and resource for the compilation of
information and review of procedures by.... Maintaining a
clearinghouse of information on the experiences of State and
local governments in implementing the guidelines and in
operating voting systems in general.
Despite their mandate, and admission of same, EAC spokeswoman Jeannie
Layson replied to Gideon that the iVotronic was qualified by the National
Association of State Election Directors [9] (NASED) and thus was not the
responsibility of the EAC. NASED was the body which oversaw federal testing
of systems until the EAC took over the process fully earlier this year.
*Not the EAC's Problem...*
In the EAC's refusal to take accountability for warning states of the
newly discovered danger, along with the buck passing over to NASED, Layson
failed to recognize that current EAC Executive Director Tom Wilkey [10] was
the chair of the NASED committee at the time they federally qualified
several of the virus-prone ES&S voting machines.
Nonetheless, whoever gave federal qualification to the system in the
past, it is now clearly the responsibility of the EAC to inform states about
the issue now that it has become known, Gideon argues, echoing the
sentiments of the GAO in two different reports.
Dumbfounded at the EAC response, Gideon wrote back expressing his dismay
to Layson:
My concern is NOT whether the system was NASED qualified
or EAC certified. My concern is a problem was found with
two versions of a voting system and there are mitigating
solutions to these problems. The EAC is supposed to be a
"clearinghouse" of information. Ms. Davidson [EAC Chair
Donetta Davidson - also a former member of NASED's Voting
Systems Board when it was chaired by Wilkey] - pointed
out recently that the EAC's middle name is "Assistance."
It seems like the EAC is neither acting as a "clearinghouse"
nor "assisting" when it ignores reports from prominent
computer scientists about a large security issue with a
voting system that is being used in many, many
jurisdictions around the country.
Layson responded that the "clearinghouse" only applied to studies
conducted by the EAC - like a recent bi-partisan "voter fraud" study and
another on "Voter ID." The commission is currently under fire for its
partisan rewrite of the former, and the "Voter ID" study which, though
commissioned by the EAC as well, was similarly dismissed by the agency after
the team of presidential appointees were unhappy with its reported findings.
As for warning states and voters of voting machine problems, Layson
refused to take responsibility. She maintained, in defense of the EAC, that
their new program for voting system certification is just now being put into
place, and thus they won't act on problems found in systems approved
previously by NASED.
"The EAC['s new] certification program will collect anomaly reports,"
Layson wrote in an email to Gideon, "which we will then investigate and
share with election officials and the public."
Gideon expressed his amazement in his next email response, and attempted
again to encourage the EAC to do their HAVA-mandated duty. Responding to the
EAC's communications director, he wrote:
I'm amazed that instead of answering the questions you
conflate the certification of voting systems with a
security vulnerability that is in existence across the
country. This issue has nothing to do with the EAC
certification program. It has to do with the EAC
recognizing that there may be a problem and then taking
action to ensure states and local jurisdictions are
aware of that problem.
Layson held her "not-our-problem" ground, stating in reply that
shortcomings of NASED testing and qualification were, incredibly, not the
business of the EAC.
"Again, as we have discussed many times, we did not certify this voting
system," Layson responded, deflecting Gideon's written concerns once again.
"If [the ES&S iVotronic system] successfully completes EAC's
certification program in the future, then it would be subject to our rules
and conditions, and if a problem occurs we would notify the election
community and the public," she reiterated in the follow-up reply.
*The GAO Disagrees...*
Layson's denial of EAC responsibility in warning the public of the
serious Florida findings is also in sharp contrast with a recent finding by
the Government Accountability Office (GAO).
In a 2005 report [PDF], requested by Congress on "Federal Efforts to
Improve Security and Reliability of Electronic Voting Systems," the GAO was
critical of the EAC's failure to inform the public of such concerns about
vulnerabilities in voting systems:
The continued absence of a national clearinghouse
for voting system problems means that segments of
the election community may continue to acquire and
operate their systems without benefit of critical
information learned by others regarding the security
and reliability of those systems.
The 2005 GAO report recommended the EAC, "Improve management support to
state and local election officials ... for sharing information on the
problems and vulnerabilities of voting systems."
A follow-up GAO report [PDF] submitted to Congress last month, stated
that the EAC had allocated some $3.5 million - twenty-five percent of its
total budget - to establish themselves as "a national clearinghouse of
election administration information."
However, two years and $3.5 million later the "clearinghouse" is still
not operational, as confirmed by the 2007 GAO report:
[W]e have recommended that the EAC develop a process and
associated time frames for sharing information on voting
system problems and vulnerabilities across the election
community.... Not yet defined are the mechanisms to collect
and disseminate information on problems and vulnerabilities
that are identified by voting system vendors and independent
groups outside of the national certification process.
Meanwhile, the newly-identified security flaw in ES&S voting machines,
all over the country, is like a hidden time bomb about which the EAC refuses
even to post an advisory on their website. The hidden flaw awaits
exploitation in a viral strike - if such an attack has not already occurred
- and yet the EAC has expressed a complete unwillingness to even alert state
and local officials.
The future of the EAC itself is now very much in play. Federal
legislation - the "Voter Confidence and Increased Accessibility Act"
(HR811), as proposed by Rep. Rush Holt, will for the first time remove
HAVA's previous 2005 funding "sunset." The act would make the EAC a
permanently funded federal body under the control of the White House.
And yet, the EAC's "clearinghouse" is beginning to smell like an
outhouse.
Gideon, who has spent years trying to effect positive change at the EAC
in attempts to hold them accountable for their mandate as the sole federal
oversight body for voting systems, told The BRAD BLOG recently in
frustration, "They just don't care."
--
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy
mailing list