Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

[ Create a new account ]

Damning Report On Sequoia E-Voting Machine Security

Posted by kdawson on Tue Oct 21, 2008 05:15 PM
from the worse-than-you-thought dept.
Security Politics
TechDirt notes the publication of the New Jersey voting machine study, the attempted suppression of which we have been discussing for a while now. The paper that the Princeton and Lehigh University researchers are releasing, as permitted by the Court, is "the same as the Court's redacted version, but with a few introductory paragraphs about the court case, Gusciora v. Corzine." What's new is the release of a 90-minute evidentiary video — the researchers have asked the court for permission to release a shorter version that hits the high points, as the high-res video is about 1 GB in size. See TechDirt's article for the report's executive summary listing eight ways the AVC Advantage 9.00 voting machine can be subverted.
security politics diebold evoting censorship
news security
story

Related Stories

[+] Your Rights Online: Sequoia Threatens Over Voting Machine Evaluation 221 comments
enodo writes "Voting machine manufacturer Sequoia has sent well-known Princeton professor Ed Felten and his colleague Andrew Appel a letter threatening to sue if New Jersey sends them a machine to evaluate. It's not clear from the letter Sequoia sent whether they intend to sue the professors or the state — presumably that ambiguity was deliberate on Sequoia's part. Put another clipping in your scrapbook of cases of companies invoking 'intellectual property rights' for bogus reasons." Sequoia seems to be claiming that no one can make a "report" regarding their "software" without their permission.
[+] Your Rights Online: Judge Suppresses Report On Voting Systems 192 comments
Irvu writes "A New Jersey Superior Court Judge has prohibited the release of an analysis conducted on the Sequoia AVC Advantage voting system. This report arose out of a lawsuit challenging on constitutional grounds the use of these systems. The study was conducted by Andrew Appel on behalf of the plaintiffs, after the judge in the case ordered the company to permit it. That same judge has now withheld it indefinitely from the public record on a verbal order."
Firehose:Want To Know Just How Bad Security Is For E-Voting Machines? by techdirtfeed (1081893)
[+] Your Rights Online: US's First Internet Votes To Be Cast This Friday 143 comments
longacre writes "If you thought online voting in America was a distant pipe dream (nightmare?), think again: the nation's first Internet-based voting system goes online this Friday, just days after the release of the Damning Report On Sequoia E-Voting Machine Security we discussed yesterday. In the first real world run of the Okaloosa Distance Ballot Piloting (ODBP) test program, election officials from Okaloosa County, Florida have set up kiosks in Germany, the UK and Japan where 600-700 absentee voters — mostly military personnel — are expected to cast ballots. Security experts still have many questions, of course, particularly on the potential for interception of voting data while it travels across oceans (via 'secure VPN'), the security of the kiosks ('hardened laptops' with no hard drives and other sensitive components disabled) and the security of the three data centers (one of which is itself housed overseas, in Barcelona, Spain), not to mention the fact that Florida doesn't exactly have a stellar record when it comes to vote counting. Florida's Dept. of State also has a fairly detailed outline of ODBP's components and processes [PDF]."
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Damning Report On Sequoia E-Voting Machine Security 25 Comments More | Login /

 Full
 Abbreviated
 Hidden
More | Login
Loading... please wait.

  • Don't look (Score:5, Funny)

    by Anonymous Coward on Tuesday October 21, @05:19PM (#25460925)
    Don't read the report about voting machines. It contains spoilers about who wins next month.

  • "We provide this voting booth for entertainment purposes only. Use of this machine does not constitute the actual act of voting for a bill or candidate. The State of [INSERT_STATE_NAME_HERE] and the United States Federal Government are not liable for any damages that may arise through the use of this entertainment apparatus."

    That ought to do it.

  • An oxymoron.

    The only thing a e-voting machine should be used for is printing a paper ballot.

    Count the paper ballots.

    Anything else means you have to trust the voting machine, or the people who verified the voting machine.
    (You have to make sure that there are no hidden things in any of the chips, the software, any memory card that comes into contact with the machine, the network that the machine is connected to, etc. Seriously, who can possibly think that a E-voting machine with a Sprint data card in it is secure?)

    • Re:"E-Voting Machine Security" like "Microsoft Wor (Score:5, Interesting)

      by entgod (998805) on Tuesday October 21, @05:36PM (#25461131)
      They could, in addition to printing the paper ballots, count the votes. That way it would be possible for people to see the votes being cast in almost real-time. I would like it. Of course, the official count would be done by hand.

    • The only thing a e-voting machine should be used for is printing a paper ballot. Count the paper ballots. Anything else means you have to trust the voting machine, or the people who verified the voting machine. (You have to make sure that there are no hidden things in any of the chips, the software, any memory card that comes into contact with the machine, the network that the machine is connected to, etc. Seriously, who can possibly think that a E-voting machine with a Sprint data card in it is secure?)

      Nonsense. The vast majority of computer security experts agree that electronic voting machines are the safest, most secure way to conduct an election, and that they are virtually immune to tampering or forging of votes.*

      *results of a poll of 1000 experts conducted using Diebold voting machines. 93 of 1000 said electronic voting was not secure, 1237 out of 1000 said that it was.

      • On a side note - how hard can this stuff be? It's not like they aren't making a fortune from these things - it's seeming like they are barely able to break even so they have to hire "below the barrel" talent...

        Making a machine that counts or tallies votes shouldn't be very hard, and should be a first year programming assignment.

        Making that whole system *secure*, otoh, is almost impossible, especially when it is something as large and distributed as a national voting system. If a company could actually make a completely secure voting system, they could also have a good DRM system. (Yeah, I did say "good DRM system", which shows how possible I think that is)

        From Ken Thompson's essay Reflections on Trusting Trust [bell-labs.com], he says it isn't enough to check the source code, you also have to check the compiler, the output from that compiler, and I would add, in the context of a voting system, everything that is or could be in the system/network.

          • Because those are different cases.

            The user isn't going to hack his own computer to get his credit card number. Hope that persons computer doesn't have a virus or key logger.

            That insurance company or hospital hopefully will have physical security protecting their machines. That doesn't always work, surely you have seen the articles about x million peoples data lost from (company of the week).

            Securing E-voting is really like DRM: you want to distribute a device to potential hackers, and keep it secure from those hackers.

            • Anonymity and reliability are directly at odds (Score:5, Informative)

              by LrdDimwit (1133419) on Tuesday October 21, @08:00PM (#25462657)
              There is also the not-at-all-a-small-issue of anonymity. Your voting mechanism must ensure that a particular account number (i.e. a voter's identity) can be used at most one time per election. And you have to record what it was used for anonymously so that what was done with the account literally cannot be traced back to the account holder.

              Most of the common credit card fraud-prevention schemes (such as date/time stamping every transaction) violate this. Not really a surprise, since the credit card system is designed to enforce accountability, the antithesis of anonymity (the whole purpose of anonymity is to avoid accountability).

              Fundamentally, anonymity is about removing traceability information, and fraud prevention is about maintaining it. These are both core requirements, and they directly work against one another.

      • Re:"E-Voting Machine Security" like "Microsoft Wor (Score:5, Insightful)

        by vtcodger (957785) on Tuesday October 21, @06:14PM (#25461577)
        ***E-voting done well is far superior to paper voting done well. The costs are far less, it's more convenient, and more environmentally friendly*** Sounds like utter and complete hogwash to me. E-voting is a complicated solution to an simple problem. The US uses all sorts of moderately complex and expensive mechanical voting aids that invariably lead to complaints of fraud, malfeasance, or failure to register votes (because they are busted). Canada uses paper ballots and counts them in a few hours. The paper ballot system is not broken. We should quit trying to fix it until we get a LOT smarter.

      • Re:Paper ballots are ABSOLUTELY safe! (Score:5, Insightful)

        by corsec67 (627446) on Tuesday October 21, @07:04PM (#25462103) Homepage Journal

        Lets change your bet a little bit. The 7 minutes are 2 days before the election. You get private time with the ballot box, I get private time with the voting machine.

        What can you do to the ballot box that wouldn't be noticeable 2 days later and still affect the vote?

        I was an election judge for Boulder County in 2004. Part of my duties as the head election judge for the precinct was to make sure that there was noting in the ballot box and seal it. From that time until I handed the box to the county officials, it was not left in the presence of any single person, so nobody would have 7 minutes during the election day.

        You can't stuff the ballot box 2 days before the election with nobody being able to notice.

        **THAT** is what they are complaining about. The machines were left in publicly accessible areas for days before the election. Replace one of the chips with that 7 minutes, and it would take a very detailed examination to notice the problem.

  • could be made 100% secure, foolproof, etc., it should still not be used

    simply because of the PERCEPTION of what happens to your vote in electronic voting

    it is a black box. your votes go in, sausage comes out. meanwhile, a piece of paper has no secrets. it stays in a box, it can retallied. it can be messed with and falsified and burned, sure. but not with such ease and not in so many quick secret and immensely powerful ways electrons or magnetic marks on a disk can be messed with

    all nations should use paper ballots, doesn't matter how rich they are. joe schmoe needs to touch and feel and smell his vote. voting machines and electronic voting represents a black box system, and therefore represents too much fundamental distrust. distrust undermines the legitimacy of democratically elected governments in the eyes of the people

    it is not good enough that joe schmoe vote in absolute security and privacy and integrity. joe schmoe must also BELIEVE that. but in an irreducibly black box system, distrust is inescapable

    electronic voting is the greates threat to democracy, ever. no ideological system or intolerant set of beliefs can undermine faith in democracy more than a method of tallying votes that the technofetishist loves, but the general populace views with suspicion

    you don't need to say "gee whiz" when you vote

    we need to end electronic voting, in the name of strengthening democracy

    • Re:if electronic voting (Score:5, Insightful)

      by corsec67 (627446) on Tuesday October 21, @05:58PM (#25461411) Homepage Journal

      I think you have the perception most people have of computers wrong.

      Most people think computers are incapable of being incorrect. Microsoft is trying hard to change that, but they are getting less effective.

      If the computer is wrong, it must have been something that the user did incorrect. "I shouldn't have clicked on that link to that page", instead of "The browser is broken, it shouldn't have been vulnerable to the stuff on that page"

      I agree that paper ballots should be used, but most people think that if a computer is involved it will not be incorrect.

      • actually, i was referring to a scratch and sniff voting system

        "hmmm... obama"

        scrathscrathscratch

        "yay! smells like jesus and cupcakes! ok, now... mccain"

        scrathscrathscratch

        "uggh. smells like depends and denture cream"

        • Re:LOL (Score:5, Insightful)

          by db32 (862117) on Tuesday October 21, @08:06PM (#25462711) Journal
          I can't bring myself to make a scented Palin joke.

          Every time I get upset about the tremendous disaster that our modern voting is with the rampant election fraud I remind myself... I am getting upset over the fairness of a system that will only let me choose between two criminals for who should be the leader. It seems to me that getting up in arms about the whole voting trainwreck is pretty stupid considering what we are demanding our votes get counted for. When I am faced with a choice more complex than liar/asshole vs asshole/liar I will be more concerned about how my vote gets counted. As it stands now I can rest assured that no matter what I do my vote would go towards putting a liar and an asshole in office.

          I mean really now...its like being lost in the woods and choosing if you want to wipe the shit off your ass with your left hand or your right hand. Which hand you choose is pretty tangent to the fact that you are lost in the damned woods. Seems to me we should be a little more concerned about getting out of the woods than to be upset about which hand got shit on it.

  • Actual report: (Score:5, Informative)

    by Anonymous Coward on Tuesday October 21, @05:36PM (#25461127)

    http://coblitz.codeen.org/citp.princeton.edu/voting/advantage/advantage-insecurities-redacted.pdf

  • Hardware Work Around (Score:5, Insightful)

    by Gat0r30y (957941) on Tuesday October 21, @05:45PM (#25461241) Homepage Journal
    Is very simple, and in fact I used it Today! - The Paper Ballot. I marked my choices, and turned it in. Voters in NJ should demand paper ballots, issue solved (sort of).

  • ES&S has the same crap, as shown by UCSB (Score:5, Informative)

    by enos (627034) on Tuesday October 21, @05:49PM (#25461301)

    California ordered a review of all the machines used in the state last year. They would give access to university security labs to one manufacturer's machines at a secure location. I mean the machines were held in cages over night and there was controlled access for only the researchers, etc.
    They were asked to evaluate the machines.

    UC Santa Barbara did ES&S, and their analysis is here. [ucsb.edu]
    They also have a short video on the subject, here it is on youtube [youtube.com]

    In short, all the machines were utter crap. The "seals" can by bypassed by bending some plastic. The locks can be bypassed with a screwdriver. Plus the software is susceptible to viruses, and they managed to make the machine vote for whoever they wanted. Even though all the machines have the VVPT (voter-verified paper trail).

  • An obvious question... (Score:5, Insightful)

    by Dzimas (547818) on Tuesday October 21, @06:34PM (#25461783)
    Why doesn't the US revert to paper ballots? We just held a federal election in Canada, and things worked just fine with a good old fashioned pencil and a small paper ballot (well, actually more like thin card). It took us a matter of hours to successfully decide the fate of the country for the next X years without the need for millions of dollars worth of mysterious electronic machinery.

  • 20 minutes in (Score:5, Informative)

    by DreadPiratePizz (803402) on Tuesday October 21, @07:16PM (#25462217)
    Pretty much 20 minutes into the video, it describes how a poll worker can simulate activating the machine so that everybody in the room believes it is active, and the voter will notice nothing suspicious, yet the vote cast is not counted. The activation chirp is played, and the correct light display when the voter picks the candidate, and even says "vote counted thanks you", when in reality, no vote has been cast. Unbelievable. It's obvious that a malicious poll worker could absolutely use this to his or her advantage and deny people votes.

    • Re:Elections of 2010 (Score:5, Insightful)

      by mr_josh (1001605) on Tuesday October 21, @05:49PM (#25461307)
      The thing is, I don't think that everyone DOES know. I sincerely HOPE that they don't know, because no one is COMPLETELY OUTRAGED about it, and seriously, I think this should be a "people in the streets with torches and pitchforks" kind of issue. There simply seems to be zero public interest in this (and by "public" I of course mean the non-Slash-reading public) and it boggles the mind that some public figure hasn't jumped on this and made it a platform.

      • Re:So what? (Score:5, Informative)

        by kesuki (321456) on Tuesday October 21, @06:44PM (#25461887) Journal

        "That's quite a lot of fud with not much to back it up with."

        damn lameness filter, the 9 megabyte pdf is not FUD, it was a court ordered analysis of the voter system used in new jersey. http://coblitz.codeen.org/citp.princeton.edu/voting/advantage/advantage-insecurities-redacted.pdf [codeen.org]

        NOTE REGARDING REDACTIONS. As paragraph 1.1 and Appendix L explain, this research was conducted pursuant to a Court Order by the Hon. Linda Feinberg of the New Jersey Superior Court. Sequoia Voting Systems filed a motion alleging that certain parts of this report contain protected trade secrets. Plaintiffs dispute Sequoia's contentions. Judge Feinberg has expressed her intention to preserve Plaintiffs' objections until the time of the hearing when she will rule on the merits of Sequoia's claims of trade secret. We are confident that the Court will then permit release of the full, unredacted report. In the interim, the Court encouraged us to release the report with redactions. Paragraphs 19.8, 19.9, 21.3, and 21.5, as well as Appendices B-G, are redacted in this release.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.