[Sosfbay-discuss] ALL CA voting machines FAILED official security test. Decertification possible

JamBoi jamboi at yahoo.com
Sat Jul 28 23:43:34 PDT 2007 

http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2007/07/28/VOTING.TMP&tsp=1
Most vote machines lose test to hackers

John Wildermuth, Chronicle Staff Writer

Saturday, July 28, 2007

Virtually all voting machines tested by researchers
trying to thwart security proved to be easy mark.
Chronicle photo by Penni Gladstone

State-sanctioned teams of computer hackers were able
to break through the security of virtually every model
of California's voting machines and change results or
take control of some of the systems' electronic
functions, according to a University of California
study released Friday.

The researchers "were able to bypass physical and
software security in every machine they tested,'' said
Secretary of State Debra Bowen, who authorized the
"top to bottom review" of every voting system
certified by the state.

Neither Bowen nor the investigators were willing to
say exactly how vulnerable California elections are to
computer hackers, especially because the team of
computer experts from the UC system had
top-of-the-line security information plus more time
and better access to the voting machines than would-be
vote thieves likely would have.

"All information available to the secretary of state
was made available to the testers,'' including
operating manuals, software and source codes usually
kept secret by the voting machine companies, said Matt
Bishop, UC Davis computer science professor who led
the "red team" hacking effort, said in his summary of
the results.

The review included voting equipment from every
company approved for use in the state, including
Sequoia, whose systems are used in Alameda, Napa and
Santa Clara counties; Hart InterCivic, used in San
Mateo and Sonoma Counties; and Diebold, used in Marin
County.

Election Systems and Software, which supplied
equipment to San Francisco, Contra Costa, Solano and
Los Angeles counties in last November's election,
missed the deadline for submitting the equipment,
Bowen said. While their equipment will be reviewed,
Bowen warned that she has "the legal authority to
impose any condition'' on its use.

Bowen said in a telephone news conference Friday that
the report is only one piece of information she will
use to decide which voting systems are secure enough
to use in next February's presidential primary
election.

If she is going to decertify any of the machines, she
must do it by Friday, six months before the Feb. 5
vote.

A day-long hearing in Sacramento on Monday will give
the UC investigators a chance to present their finding
and allow the various voting machine companies to
present a response. The hearing also will be open for
comments from the public.

The study was designed to discover vulnerabilities in
the technology of voting systems used in the state. It
did not deal with any physical security measures that
counties might take and "made no assumptions about
constraints on the attackers,'' Bishop said.

"The testers did not evaluate the likelihood of any
attack being feasible,'' he added.

Some county elections officials in the state were
among the most critical of the study, saying they
worry that they could be forced to junk millions of
dollars in voting machines if Bowen decertifies them
for the February election.

Letting the hackers have the source codes, operating
manuals and unlimited access to the voting machines
"is like giving a burglar the keys to your house,''
said Steve Weir, clerk-recorder of Contra Costa County
and head of the state Association of Clerks and
Election Officials.

The study also determined that many voting systems
have flaws that make it difficult for blind voters and
those with other disabilities to cast ballots.

During her election campaign last year, Bowen made it
clear she had little confidence in the security of
electronic voting machines and vowed to review their
use in the state.

"Voting systems are tools of our democracy,'' she said
Friday. "We want to ensure that the voting systems
used in the state are secure, accurate, reliable and
accessible to all. This (study result) is not a big
deal to me. It's a big deal for everyone in the
country.''

Vendors and other advocates of electronic voting
machines have suggested that because of Bowen's
well-publicized concerns, she has her thumb on the
scale when it comes to reviewing the systems. But the
secretary of state said she purposely avoided the
scientists doing the study.

Bowen admitted that she's "enough of a geek" that she
would have enjoyed working closely with the study, but
"I've stayed out of the way ... It's not my review,''
she said. "I didn't want (the researchers) to be
influenced by my questions.''

Weir said the UC study "is only a hologram of what
could be done technically without considering the
real-world mitigation,'' the locks, access cards and
other physical security measures typically used.

The study found "absolutely no evidence of any
malicious source code anywhere,'' he added. "They
found nothing that could cast doubt on the results of
elections.''

Bishop, however, said he was surprised by the weakness
of the security measures, both physical and
electronic, protecting the voting systems. His team of
hackers found ways to get into the systems not only
through the high-tech equipment in election
headquarters but also through the machines in the
polling places.

If the testers had had more time, they would have
found more flaws, he added.

"The vendors appeared to have designed systems that
were not high assurance (of security)," said Bishop, a
recognized expert on computer security. "The security
seems like it was added on.''

This article appeared on page A - 1 of the San
Francisco Chronicle

___________________

JamBoi: Jammy, The Sacred Cow Slayer
The Green Parties' #1 Blogger
http://dailyJam.blogspot.com

"To the brave belong all things"
Celt's invading Etrusca reply to nervous Romans around 400BC

"Live humbly, laugh often and love unconditionally" (anon)


       
____________________________________________________________________________________
Be a better Heartthrob. Get better relationship answers from someone who knows. Yahoo! Answers - Check it out. 
http://answers.yahoo.com/dir/?link=list&sid=396545433

More information about the sosfbay-discuss mailing list