A report commissioned by the Florida Department of State has found flaws in Diebold’s e-voting software that could compromise the integrity of its optical scan and touch screen machines. Although Diebold corrected many flaws previously identified, significant vulnerabilities remain, found researchers at Florida State University’s Security and Assurance in Information Technology Laboratory.
A flaw in the optical scan software, for example, enables a hacker to introduce an unofficial memory card into an active terminal before the polls open, according to the report. “This memory card can be preprogrammed to redistribute votes cast for selected candidates on that terminal, including swapping the votes for two candidates,” it states.
“The attack can be carried out with low probability of detection, assuming that audit with paper ballots are infrequent and that programmed cards are not detected before use,” the report continues.
Another vulnerability could allow a hacker to convert official, activated voter cards into smart cards that would enable ballot-stuffing attacks. “While polling place procedures may mitigate this attack, the attack might evade even rigorous policy enforcement,” the report reads.
The report gives a pass, of sorts, to Diebold, cautioning that its findings are slanted to negative results: “We focus on flaws that are not completely fixed. Even where we describe flaws that are greatly improved, our focus is on any remaining weakness, as is our charter.”
This is not the first time Diebold’s e-voting machines have come under Florida’s scrutiny and been found wanting. In some cases, Diebold tried to fix flaws, the report notes, but “the attempted fixes introduced regression faults.”
An August Deadline
Diebold must correct the vulnerabilities by Aug. 17, 2007, to retain certification for the e-voting systems, Florida Secretary of State Kurt Browning wrote in a letter to the company.
Diebold will have no problem meeting the deadline, said Mark Radke, vice president of communications. Many of the flaws the report found were administrative in nature, he told TechNewsWorld — a point the Secretary acknowledged in his letter to Diebold.
The other areas “are items where they want us to tighten security even further,” Radke said.
“So, Diebold is doing some things better than they did before when they had absolutely no security, but they have yet to do them right,” wrote Avi Rubin, a computer science professor who reviewed the report, in his blog. Rubin is technical director of the Information Security Institute at Johns Hopkins University; Ryan Gardner, a graduate student who works with him, played a key role in the study.
“Anyone taking any of our cryptography classes at Johns Hopkins, for example, would do a better job applying cryptography. If you read the SAIT report, this theme repeats throughout,” Rubin asserts.
“In my opinion, in his letter to Diebold, the Secretary of State of Florida, Kurt Browning downplays the severity of this report,” he concludes.
It may seem as though it is now open season on e-voting machines — at least to the vendors involved. Earlier this week, researchers at the University of California reported results of a study conducted at the behest of Secretary of State Debra Bowen, detailing numerous vulnerabilities in machines developed by Diebold Elections Systems, Hart InterCivic and Sequoia Voting Systems.
The difference between Florida’s study and California’s, though, is that Florida was looking at e-machines that produce a paper trail — now considered mandatory for e-voting security.
“People are saying, ‘Let’s move to the optical scan machines, because there is a paper ballot that can be counted,'” said Brett Kimberlin, director of the Velvet Revolution, a nonprofit organization that focuses on election reform, media reform, conflict resolution and government accountability.
The problem is, there may not be sufficient signs of tampering for a state to count the paper ballots after an election, he told TechNewsWorld. “I think this report highlights the need for more security processes — even around these supposedly ‘safe’ machines.”
Of the systems out there, those that incorporate a paper trail are the most secure, Kimberlin acknowledged, assuming a process is established that requires a paper count after every election. The DRE (digital recording equipment) type of machines studied in California “should just be thrown in the garbage,” he said. “They are not safe at all. In some instances, they are attaching printers — but even those have a ten percent failure rate.”
Coincidentally, legal experts at the Brennan Center for Justice at NYU School of Law and the Samuelson Law, Technology & Public Policy Clinic at UC Berkeley’s Boalt Hall School of Law have just released another report recommending that a count of paper ballots should accompany every election in which e-voting machines — optical scan or otherwise — are used.
“What they did in Florida and California was important, and we have to continue to do what we can to make these systems as secure as possible,” Lawrence Norden, lead author of the report and head of the Brennan Center’s Voting Technology Assessment Project, told TechNewsWorld.
“But in the end they will never be completely secure,” he added.
Auditing the results every time will encourage public trust and lead to improvements in the machines, he said.
More to Come
It may be that the public will require such assurances. Some state officials are beginning to wonder if they’ve been had by e-voting machine vendors, Brad Friedman, publisher of the Brad Blog, which follows e-voting and electoral issues, told TechNewsWorld. Ohio has also commissioned a study on the subject, he said.
“What we need to see happen next is election officials holding these companies accountable,” Friedman said. “Frankly, I think they — we- have been defrauded. These companies promised safe machines, and study after study show that they are not.”