Slashdot Mirror

← Back to Stories (view on slashdot.org)

California Testers Find Flaws In Voting Machines

Posted by samzenpus on from the your-vote-can-count-many-times dept.

quanticle writes "According to Ars Technica, California testers have discovered severe flaws in the ES&S voting machines. The paper seals were easily bypassed, and the lock could be picked with a "common office implement". After cracking the physical security of the device, the testers found it simple to reconfigure the BIOS to boot off external media. After booting a version of Linux, they found that critical system files were stored in plain text. They also found that the election management system that initializes the voting machines used unencrypted protocols to transmit the initialization data to the voting machines, allowing for a man-in-the-middle attack. Altogether, it is a troubling report for a company already in hot water for selling uncertified equipment to counties."

34 of 167 comments (clear)

  1. WhiteHat Voting by JavaBear · · Score: 5, Insightful

    I have 2 solutions to all these problems.

    1: Do like the rest of the world, and use a HB #2 pencil.

    2: EFF and the rest of the American White hats get together and develop an Open Voting system, that are freely implementable by any state, that can withstand public scrutiny and peer review.

    1. Re:WhiteHat Voting by jacekm · · Score: 2, Funny

      HB #2 pencile has a serious flaw. It is suspectible to the man in the middle with cheap eraser.

      JAM

    2. Re:WhiteHat Voting by morgan_greywolf · · Score: 3, Interesting
      My wishlist of features:

      • All data is stored encrypted and signed.
      • All communications protocols are authenticated, encrypted and signed.
      • There are multiple, redundant backups of all data, including a hard copy paper trail that can be authenticated by a unique signature printed on each ballot
      • Voting machine is all open source -- no binary-only anything, no exceptions. This includes the OS -- so Linux or *BSD. It also includes the firmware, so something like OpenFirmware or whatever.
      • Source and binaries on each machine are independently verifiable
      • Ability for independent auditors to audit each machine at hardware level, application level and OS level.
      • No wireless networks
      • Machines have airgap security WRT the Internet
      • Machines use encrypted filesystems.
      • Machines have tamper-evident seals over everything
      • Good secure configurations -- no unnecessary services running, secure authentication methods, OS patches kept up to date, software consistently audited for security



        • All in all, I want a machine that is custom-configured for electronic voting and locked down so tight the NSA would have trouble getting in.

      --
      My blog
    3. Re:WhiteHat Voting by JavaBear · · Score: 2, Interesting

      # All data is stored encrypted and signed.

      All data should be stored in plain text, and signed with multiple hashes, keys and/or ciphers.

      # All communications protocols are authenticated, encrypted and signed.

      Only to the extend tat no one can say that for instance booth #5 voted on candidate X.

      You don't want to shroud the data in mystery or obscurity, merely make them tamper-proof (resistant).

      # There are multiple, redundant backups of all data, including a hard copy paper trail that can be authenticated by a unique signature printed on each ballot

      Partially.
      Use memory cards. The cards should be one-time use WORM memory. They contain the voting setup, in for instance XML. When the voting machine is initialized, the card is tagged with machine ID, timestamp, election official and authorization information, along with machine and software version keys. This should render the WORM card unreadable in any other machine. A crash and/or power outage should be recorded to the memory card if possible, and the machine should be reset using a new memory card, or the machine detects that the card is indeed it's own, and insert a new initialization header, preserving the original data.

      During voting, each vote is written to the card, tagged with some sort of security and padded to a fixed length.

      At the end of the day, this card is bundled with the paper trail, printed throughout the day like the internal tape in a cash register, and finalized with totals and signatures from election officials.

      After the election, the card content must be dumped to an official and freely accessible server along with a scanned version of the paper tape.

    4. Re:WhiteHat Voting by bhmit1 · · Score: 2, Interesting

      Once you have a voter verifiable paper trail the rest becomes redundant. Though having enough security on the machine so you don't have to rely on the paper trail is a good thing.

      But honestly, I don't see why the geeks are so upset here. This is our chance to rock the vote, and make sure that our votes actually count... more than once. If the current politicians aren't going to fix the voting machines, then lets flip a few bits, "elect" the EFF into office, and have this, plus copyright, patent, and net neutrality issues solved in one quick term.

    5. Re:WhiteHat Voting by Feyr · · Score: 2, Insightful

      [quote]
      # All data is stored encrypted and signed.

      All data should be stored in plain text, and signed with multiple hashes, keys and/or ciphers.
      [/quote]

      i think you nailed that one. most people forget that encryption is no good if you already have access to the key, and the software must have the key if it's supposed to make use of the data in the file. thus, a hacker has the key

      remember people: signing good. crypting, not so good

    6. Re:WhiteHat Voting by JavaBear · · Score: 2, Insightful

      How can you accurately differentiate this from the voter accidentally filling in the wrong box and erasing it themselves?

      The easy answer, and incidentally the correct one, is: You don't.

      If you put your X on the wrong candidate, you exit the booth and get a new ballot, while the old one is ripped in half.

    7. Re:WhiteHat Voting by JavaBear · · Score: 2, Insightful

      On THAT note.
      Elections should be run by competent people, so politicians should really just stay away from the process.

    8. Re:WhiteHat Voting by bvimo · · Score: 2, Funny

      In the UK we don't use rubbers, we start again with a virgin sheet.

      --
      In either case, here at Microsoft, we feel standards are important. And we have fun, too. Doug Mahugh, Microsoft
  2. ATM Machines by Anonymous Coward · · Score: 4, Interesting

    For the last time - issue a voter card and use the cash machines / ATM machines / or whatever you call it in ur location.

    It will even print a receipt.

    If it good enough for your money it is good enough for your vote

    1. Re:ATM Machines by oliverthered · · Score: 4, Insightful

      but the problem is you can tell who voted for who and that's bad.

      --
      thank God the internet isn't a human right.
    2. Re:ATM Machines by sdpuppy · · Score: 2, Funny
      Perhaps Diebold should go back to what they do best...

      ... manufacture daisy wheel printers.

      :-)

  3. "common office implement" by jolyonr · · Score: 3, Funny

    Do they really think this sounds more impressive than "paperclip" ?

    Jolyon

    --


    Please read my Canon EOS tech blog at http://www.everyothershot.com
    1. Re:"common office implement" by oahazmatt · · Score: 2, Funny

      Do they really think this sounds more impressive than "paperclip" ?
      Because it's obligatory:

      "Hi! Looks like you're trying to right the election! Need some help?"
      --
      Those who believe the Internet is private,
      find their privates are on the Internet.
  4. Paper please! by courteaudotbiz · · Score: 2, Insightful

    I'm sure it's hard to hack a sheet of paper and a cardboard box. Please, leave democracy "unhackable", because where there's no paper for voting, there's no hard proof that you really did it...

    1. Re:Paper please! by Notquitecajun · · Score: 2, Insightful

      Actually, there are problems there as well. Illinois in the Kennedy/Nixon race. LBJ in Texas. Louisiana in...well, pick a year. Gerrymandering/re-districting. Keeping the electoral college/getting rid of the electoral college. Nothing is, has been, or will be perfect with the vote...we just have to continue to hold people accountable and try and make it as publicly accessible while keeping the ballot secret. I'm pretty far-right, but I think at the LEAST there should be limited open-source scrutiny of any private contracting of voting, and it should probably be entirely run by the Federal or State Election commissions.

  5. How much more does it take? by Opportunist · · Score: 5, Insightful

    Those machines have been proven time and again that they're insecure, not reliable and that it takes special knowledge to even start verifying their results. Now we add ease of manipulation to the fold.

    How much more does it take to see that it is a BAD idea?

    Yes, paper voting is costy. But we're not talking something where cost is the deciding factor. Democracy is about two things: People participating in the government of their country, and people trusting the government of their country. In a democracy, people have (ok, should have) a say in their country's behaviour. And this in turn should give them a feeling of belonging, they should feel their country takes them serious and as more than just peons who can be ordered around, because they chose their government themselves. This usually means more trust and faith in their rulers, because they themselves chose them (not some divine right to rule or military force, they installed their government).

    Especially the latter part is at risk. If you cannot easily debunk any claims of voting fraud, because the means to vote offer themselves for easy manipulation, you open your country for claims of illegal manipulations that cannot be disproved. You destroy the faith people have in their country and the support. Not that it was really necessary these days, people already started losing faith in the democratic process and democracy altogether. But this has the potential to be the last straw.

    Cost is not an argument when it comes to voting. If you want people to support the government as wanted by the majority, you have to make sure that it will be seen as the will of the majority. If fraud is easy, dissenting people will always claim foul play and you will not have any chance to call them bad losers. You can't prove them wrong, quite the opposite, we have seen now time and again that they have every reason to be suspicious.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:How much more does it take? by Opportunist · · Score: 2, Insightful

      So you don't believe our count? No problem at all. Here's the ballot, count as much as you like.

      See? Easy to shoot down any claims of voting fraud. You can count, you can read, you can verify the voting count.

      Now please tell me how I, common man, aged past 30 and let's assume I'm not an IT expert, should verify some "count" done by a voting machine.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  6. This begs the question by oliverthered · · Score: 4, Funny

    Does it make paperclips and Linux illegal in Germany now that they can be used for hacking?

    --
    thank God the internet isn't a human right.
  7. Whats the point of e-voting by gmthor · · Score: 5, Insightful

    I believe the most important thing about e-voting is that you can't pic up a random person from the street, explain him how it works, and after it ask him if the process of voting was done correctly. Paper voting on the other side is so easy that manipulation is easy to realize. I mean the only point of e-voting is that some poor government officials can go home earlier. I want Democracy for everybody.

    --
    How do I uncompress my MD5 archive?
    1. Re:Whats the point of e-voting by Twisted+Willie · · Score: 2, Insightful

      The point of e-voting is to remove human error (in all shapes and forms) from the counting process. Assuming that at one point the electronic voting machines can be made secure enough, it's a much better way of getting accurate numbers than by paper voting.

    2. Re:Whats the point of e-voting by Opportunist · · Score: 4, Insightful

      That is exactly the problem with e-voting: You have to trust.

      With normal pen-and-paper voting, all skill you need is being able to count and discriminate between various candidates being chosing on the paper. You don't believe my count? You think I'm trying to fix elections? Here's the ballot, count for yourself.

      With e-voting, you face a problem. You need very special skills to actually conduct a recount (if it is possible at all). Don't believe me that I'm not trying to fix elections in my favor? Sucks to be you if you don't happen to have the skills.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    3. Re:Whats the point of e-voting by Firethorn · · Score: 4, Interesting

      electronic voting machines can be made secure enough

      That's currently the big if right now. It's just not transparent enough, and it's like all the companies building machines forgot completely about security; substituting a little theater instead. In addition, I don't like how a single machine or media failure can take out all of a machine's votes for the election. Two or three of those can throw elections today.

      In addition, most of the advocates of paper voting have been talking about optical scan ballots. This opens up recounts to multiple solutions - Company X's scanner, Company Y's scanner, verified by hand if deemed necessary.

      I am not one of those who believe that hand counting is automatically the most accurate - but optical scanning is old tech at this point, very accurate, and most importantly - auditable.

      Secure and accurate Voting is always going to be complicated and tough - especially when you figure that you normally have at least two parties with people willing to cheat, who may be in the system.

      --
      I don't read AC A human right
    4. Re:Whats the point of e-voting by CastrTroy · · Score: 2

      Exactly. I'm a software developer. Most people would say I'm a pretty smart guy. However, it would still take me a lot of research to be able to verify that an electronic voting system is even secure. If I could verify it at all. And still when I walk up to the machine on voting day, it would be impossible for me to verify that the machine was running the correct software, unmodified hardware, and was actually doing what the original design said, and not something else.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
  8. Let's do it like the ancient Greeks ... by Ihlosi · · Score: 2, Insightful
    I'm sure it's hard to hack a sheet of paper and a cardboard box. Please, leave democracy "unhackable", because where there's no paper for voting, there's no hard proof that you really did it...

    ... and scratch our votes into shards of pottery. How's that for hard proof ?


    Alternatively, just use a whole brick.

  9. Don't kid yourself... by fahrbot-bot · · Score: 3, Interesting
    I mean the only point of e-voting is that some poor government officials can go home earlier.

    ...there's more money to be made than with paper and pencil voting. Producing cheap, insecure machines without a paper trail increases companies' profit margins. Lawmakers have be lax and slow to respond, probably because their hands are so comfortable in those companies' pockets. Obviously, the only ones who care are "some" of the voters. Hopefully, that will become "most".

    I, for one, like seeing my vote on hardcopy.

    --
    It must have been something you assimilated. . . .
  10. common office implement by Threni · · Score: 2, Funny

    What, a service pack?

  11. Translation... by daninspokane · · Score: 2, Funny

    "Common office implement" AKA: Paper clip and some whiteout I hear Richard Dean Anderson was on the testing team, so really, that's their own fault.

    --
    Slashdot is too nerdy for me.
  12. Paper Seals = DoS? by kieran · · Score: 4, Insightful

    If the machines have paper seals in an accessible place, then you could very easily DOS the vote of a district that is known to be unfavourable to you simply by slicing the seal with your thumbnail, without ever having to hack the machine at all!

  13. Criminal organizations by paulproteus · · Score: 3, Informative

    If I defrauded a state and sold it uncertified voting equipment, I'd be in jail.

    Why isn't this organization, which has clearly committed a criminal act, in jail?

    --
    |/usr/games/fortune
  14. Moving into the electronic age... by doit3d · · Score: 3, Interesting

    ...can be a good thing, but this really concerns me. I'm all for changing with the times, don't get me wrong. I just feel that electronic and software items which play such a critical role in the much corrupt political system we have today do need more oversight from public entities, not private companies or political agencies. I feel we are far from where we need to be for electronic voting in the US to be reliable or trustworthy. I do have hope that it can be an option in the future though.



    I opt to kill a few trees to retain the paper method for now. I was forced to use an electronic voting machine (Diebold) in my district during the last local election in my state. I will not be using one regardless come the next election. Anyone can manipulate the machine behind the privacy fence surrounding the machine, without anyone knowing about it. Who is to say it cannot be tampered with even before the people are given access to the machine to cast their vote. I do not feel comfortable using an electronic voting device at this time.



    I am almost 100% convinced that major elections do not matter anymore in this country in this day and age. The rich, and the corrupt have a strangle hold on our government and the media. Just look at the biased mass media coverage that is happening today. It is as if the media has already made the decisions for us about the elections, and those who own the media have very powerful ties to the government. There are no real debates between candidates, but they are still called debates. There are no tough questions, and there are no truthful straight forward consistent answers but from a couple of candidates, which are silenced and kept from the publics knowledge by powerful people whom are in control. I do have some hope, but it is fading fast.



    I honestly feel that there will be another civil war in this country if things continue the way they are. It will not be the Whites against the Blacks, against the Hispanics, etc... It will be the poor against the rich. You know where the corporations and the corrupt politicians will stand when this happens. Change takes ballots or bullets. Sooner or later people will be tired of trying to make change peacefully with ballots.



    It may not happen in my lifetime, but I think it will happen sooner than anyone thinks if the current path is followed. All it will take is someone high up in the military to finally get fed up with the corruption to take the action of cleaning house. We have already seen first hand the dissent in the military ranks all the way to the top. Several generals have peacefully resigned/retired and spoken in protest to the insane, illogical decisions made by the current administration and the path it has taken us down. Sooner or later someone with a bigger set of balls will do something about it if this continues.



    It would not be a good thing to have this happen, but if things continue the way they are I would sadly be in support of it. It would be a rough road, but change is needed in a bad way. We are currently on a path of assured economic destruction, which will have effects far and wide around the world. We should learn from the past history of other, once large and powerful Republics. It seems to me that we are doomed to repeat history unless there is change.



    I hold the hope though, that this vast information highway called the internet will tip the field in the favor of the people in due time. The option to see and read more news from many sources, rather than the few sources force fed to the masses controlled by the powerful and corrupt few. The internet has broadened my view of things. This too may not happen in my lifetime, but I hold hope that it will foster a peaceful change in time.



    I hope for a peaceful change, but I am very afraid of what could and might happen.

    --
    "This is America... where the will of the few outweigh the outrage of the many..." - Unknown
  15. REALLY open the voting... by zippthorne · · Score: 3, Interesting

    Every vote is assigned to an ID. Not your ID, but a relatively random numerical one. When the voting is done, the entire votes database is made available on DVD (or whatever medium is appropriate to storing 300 million records. I wouldn't expect much space at all, I'd bet the IDs take up more space than the actual data.

    Then independent organizations can tally the votes themselves and verify that the election was on the up and up. They can also allow people to check their votes in the database to verify individually that the database itself is correct. Assuming the database has been distributed in whole to all of the various organizations, mis-votes should be easy enough to discover.

    Then it only remains that you need to protect people's anonymity. A ticket that can be used to verify an individual vote on behalf of a person can also be used to verify that vote to the satisfaction of a vote-buying machine (or worse.)

    A solution is to obscure the information by giving each voter not one, but a list of ID numbers and told which one is theirs privately. That way, nefarious organizations wouldn't be able reliably say they've been given the correct number, which should kill their scheme. It's not a perfect solution, though, and I can already see flaws in it, but that just means it needs a bit more work before it's ready for prime time.

    --
    Can you be Even More Awesome?!
  16. howitzer for flies method by Anonymous Coward · · Score: 2, Insightful

    ..really. computerized voting is not needed, a waste of resources (cash, manufacturing effort, etc, maintenance), inherently insecure (there is no possible way for a set of normal voters eyeballs to verify a count), it allows for the potential for widescale vote tampering,way way beyond any previous efforts where it had to be done precinct by precinct by corrupt individuals en masse, costs bundles of cash compared to paper and an empty box, and already has a track record of being possibly implicated in massive vote fraud that lead to profound differences in the apparent wishes of the electorate (using exit polls) and what allegedly happened (the alleged accurate vote count). Just look at Ohio in the last presidential race there. That badboy was hacked, no getting around it.

    Computers have a place in our society, using them for elections is not one of them. Sometimes the complicated method is not the preferred method, ie, using howitzers to shoot down flies. Look at the wishlist of complicated crap you want to try and make it secure. I mean, really, just don't use computers in the first place. Make the vote a 24 hour period, and a national holiday so there is little excuse to not vote, and use paper ballots. Every fix the computers scheme out there always falls back on a paper trail. duh, just use paper then! Eliminate that complicated middleman. That and instant runoff voting or something like that combined with severe caps on campaign financing (it shouldn't take hundreds of millions of dollars to run campaigns, and face reality, these are almost pure bribes once you look at them hard, set a hundred dollar cap on all combined contributions per human per election cycle) would improve the political process immensely, Computerized voting machines are designed to be voting manipulation devices,and taxpayer cash suckers, fullstop. It's just generally a totally bad idea, this trying to fix computerized voting is turd polishing.

  17. If you bypass physical security, it's all over by mdvolm · · Score: 2

    The first round of tests focused on the physical security of the Polling Ballot Counter (PBC), which the Red Team researchers were able to circumvent with little effort. "In the physical security testing, the wire- and tamper-proof paper seals were easily removed without damage to the seals using simple household chemicals and tools and could be replaced without detection," the report says. "Once the seals are bypassed, simple tools or easy modifications to simple tools could be used to access the computer and its components. The key lock for the Transfer Device was unlocked using a common office item without the special 'key' and the seal removed."

    You can stop reading the article here. Once physical security has been breached it's all over. With the machine open, you now have complete control over it, even to the point of changing out the hardware. This also applies to any machine that handles money, including ATM's.

    All the software security measures in the world won't protect you if physical security is breached. So, if the physical security of a voting machine cannot be maintained at least as well as an ATM, or better yet a slot machine in a casino (constant surveillance), then using the voting machine in the first place is NOT secure.