[governance] CPSR - California to recertify insecure voting machines

yehudakatz at mailinator.com yehudakatz at mailinator.com
Mon Aug 6 13:56:48 EDT 2007

F.Y.I. (CPSR Californians)

California to recertify insecure voting machines
By Ryan Paul | Published: August 06, 2007 - 09:27AM CT 


California Secretary of State Debra Bowen announced on Friday that the state
hopes to recertify and continue using electronic voting machines produced by
Diebold, Sequoia, and Hart, even though the machines have known security
vulnerabilities and severe flaws. The state government decided that the
machines can still be used as long as the vendors adhere to a lengthy list of
requirements that aim to limit the potential for security breaches and machine

This announcement from the state follows extensive red team security audits
that illuminated profound security failings in all of the electronic voting
machines that were subjected to scrutiny. The security researchers who analyzed
the voting machines found ways to modify firmware, gain root access, trivially
circumvent voting machine physical security mechanisms, install
self-propagating trojan horses, and manipulate mock elections. On Diebold's
voting machine, which uses the Windows operating system, researchers even found
a remotely-accessible administrative account that wasn't protected by a

In conditional recertification decision documents issued by the state, Bowen
outlines an extensive set of requirements that the electronic voting machine
vendors will have to meet before their products can be used in elections. The
vendors will have to provide the Secretary of State with a document that lists
the complete specifications of the hardware and software used by all components
of the voting system, identify requirements for "hardening" the configuration
of all software on the voting machines including the operating system, create
automated testing mechanisms to ensure that individual voting machines conform
to the standards established in the hardening requirements document, provide a
plan for preventing the propagation of viruses between voting machines,
establish documented procedures for performing necessary security updates on
the voting machines and the underlying operating systems, collaborate with
counties to develop requirements and procedures for protecting the physical
security of voting machines, and document a system for auditing vote results. 

The decision documents also include source code disclosure requirements. The
vendors must provide the Secretary of State with "the source code for any
software or firmware contained in the voting system, including any commercial
off the shelf software or firmware that is available and disclosable by the
vendor." It gets better. According to the documents, "any reasonable costs
associated with the review of the source code for any software or firmware
contained in the voting system shall be born by the vendor." That's right, the
vendors have to hand over their source code and then foot the bill for source
code reviews. 

Bowen also lays out a series of requirements for election practices. Most
notably, election officials will have to conduct complete manual audit counts
of all votes tabulated on DRE machines. Use of any kind of Internet
connectivity on the machines is strictly forbidden. Finally, the requirements
limit the use of Sequoia and Diebold machines to one per polling location. 

Bowen clearly takes voting machine security very seriously. The requirements
are impressive, but even if the vendors comply, it still won't change the fact
that these machines are irreparably flawed. Considering the many weaknesses of
the voting machines that received conditional recertification, the unbelievable
ineptitude of the vendors, and the limited amount of time that they have to
resolve these problems, it's hard to imagine that the vendors will really be
able to meet Bowen's requirements. In some states, voting machines have been
certified anyway even when the vendors refuse outright to adhere to government
standards. Let's hope that Bowen is willing to give Sequoia, Hart, and Diebold
the ax if they can't deliver. 

You received this message as a subscriber on the list:
     governance at lists.cpsr.org
To be removed from the list, send any message to:
     governance-unsubscribe at lists.cpsr.org

For all list information and functions, see:

More information about the Governance mailing list