SV: [governance] CPSR - California to recertify insecure voting machines

Kicki Nordström kicki.nordstrom at srfriks.org
Tue Aug 7 03:26:32 EDT 2007 

Dear all,

Really interesting!
Yours
Kicki  


Kicki Nordström
Synskadades Riksförbund (SRF) 
World Blind Union (WBU)
122 88 Enskede
Sweden
Tel: +46 (0)8 399 000
Fax: +46 (0)8 725 99 20
Cell: +46 (0)70 766 18 19
E-mail: kicki.nordstrom at srfriks.org 

kicki.nordstrom at telia.com (private) 


-----Ursprungligt meddelande-----
Från: yehudakatz at mailinator.com [mailto:yehudakatz at mailinator.com] 
Skickat: den 6 augusti 2007 19:57
Till: governance at lists.cpsr.org
Ämne: [governance] CPSR - California to recertify insecure voting machines

F.Y.I. (CPSR Californians)

California to recertify insecure voting machines By Ryan Paul | Published: August 06, 2007 - 09:27AM CT 

http://arstechnica.com/news.ars/post/20070806-california-to-recertify-insecure-
voting-machines.html


California Secretary of State Debra Bowen announced on Friday that the state hopes to recertify and continue using electronic voting machines produced by Diebold, Sequoia, and Hart, even though the machines have known security vulnerabilities and severe flaws. The state government decided that the machines can still be used as long as the vendors adhere to a lengthy list of requirements that aim to limit the potential for security breaches and machine failure. 

This announcement from the state follows extensive red team security audits that illuminated profound security failings in all of the electronic voting machines that were subjected to scrutiny. The security researchers who analyzed the voting machines found ways to modify firmware, gain root access, trivially circumvent voting machine physical security mechanisms, install self-propagating trojan horses, and manipulate mock elections. On Diebold's voting machine, which uses the Windows operating system, researchers even found a remotely-accessible administrative account that wasn't protected by a password. 

In conditional recertification decision documents issued by the state, Bowen outlines an extensive set of requirements that the electronic voting machine vendors will have to meet before their products can be used in elections. The vendors will have to provide the Secretary of State with a document that lists the complete specifications of the hardware and software used by all components of the voting system, identify requirements for "hardening" the configuration of all software on the voting machines including the operating system, create automated testing mechanisms to ensure that individual voting machines conform to the standards established in the hardening requirements document, provide a plan for preventing the propagation of viruses between voting machines, establish documented procedures for performing necessary security updates on the voting machines and the underlying operating systems, collaborate with counties to develop requirements and procedures for protecting the physical security of voting machines, and document a system for auditing vote results. 

The decision documents also include source code disclosure requirements. The vendors must provide the Secretary of State with "the source code for any software or firmware contained in the voting system, including any commercial off the shelf software or firmware that is available and disclosable by the vendor." It gets better. According to the documents, "any reasonable costs associated with the review of the source code for any software or firmware contained in the voting system shall be born by the vendor." That's right, the vendors have to hand over their source code and then foot the bill for source code reviews. 

Bowen also lays out a series of requirements for election practices. Most notably, election officials will have to conduct complete manual audit counts of all votes tabulated on DRE machines. Use of any kind of Internet connectivity on the machines is strictly forbidden. Finally, the requirements limit the use of Sequoia and Diebold machines to one per polling location. 

Bowen clearly takes voting machine security very seriously. The requirements are impressive, but even if the vendors comply, it still won't change the fact that these machines are irreparably flawed. Considering the many weaknesses of the voting machines that received conditional recertification, the unbelievable ineptitude of the vendors, and the limited amount of time that they have to resolve these problems, it's hard to imagine that the vendors will really be able to meet Bowen's requirements. In some states, voting machines have been certified anyway even when the vendors refuse outright to adhere to government standards. Let's hope that Bowen is willing to give Sequoia, Hart, and Diebold the ax if they can't deliver. 

--
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.cpsr.org
To be removed from the list, send any message to:
     governance-unsubscribe at lists.cpsr.org

For all list information and functions, see:
     http://lists.cpsr.org/lists/info/governance
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.cpsr.org
To be removed from the list, send any message to:
     governance-unsubscribe at lists.cpsr.org

For all list information and functions, see:
     http://lists.cpsr.org/lists/info/governance

More information about the Governance mailing list