[admin]

Ohio e-voting system security bashed in new state report

Computerworld - Framingham,MA,USAread at source> http://computerworld.com/action/article ... src=kc_top
The stakes are big for Ohio, which faces two key elections next year -- a March 4 primary election, and the Nov. 4 general election. ...

Ohio e-voting system security bashed in new state report
Problems threaten the integrity of future elections, officials say
By Todd R. Weiss
December 17, 2007 12:00 PM ETAdd a comment.Computerworld - E-voting in Ohio faces a host of potential security, equipment and process changes following the release of an 86-page report that criticizes the existing e-voting systems used in the state.

The report concludes that security shortcomings in Ohio's e-voting systems are a continuing danger to the accuracy of elections there.

The study was done at the request of Ohio Secretary of State Jennifer Brunner, who is in charge of the state's elections. Between Oct. 5 and Dec. 7, teams of academic researchers, accredited e-voting system testing labs and scientists evaluated the state's existing hardware and software and made recommendations for improvements.

The stakes are big for Ohio, which faces two key elections next year -- a March 4 primary election, and the Nov. 4 general election.

"The findings of the various scientists engaged by Project EVEREST are disturbing," the report states (download PDF). "These findings do not lend themselves to sustained or increased confidence in Ohio's voting systems. The findings appearing in the reports necessitate that Ohio's voting process be modified to eliminate as many known risks to voting integrity as possible, while keeping voting accessible to Ohio's voters."

EVEREST is short for Evaluation & Validation of Election-Related Equipment, Standards & Testing.

The main problem, according to the report, is that while security and privacy standards generally exist for critical technology systems, "unfortunately ... the computer-based voting systems in use in Ohio do not meet computer industry security standards and are susceptible to breaches of security that may jeopardize the integrity of the voting process."

The study, paid for with $1.9 million in federal money, allowed researchers to conduct security assessments on the e-voting equipment produced by the state's e-voting vendors -- Election Systems & Software (ES&S), Hart InterCivic and Premier Election Solutions Inc. (formerly Diebold Election Systems Inc.). Testing was done on system performance, configuration, operations and internal controls management. Following the testing, the results were reviewed by a bipartisan team of 12 county election board directors and deputy directors from across the state.

The report recommends that the state make the following changes:


Move to a centralized counting of all votes where all ballot choices are sent electronically, rather than keeping track of votes in individual voting precincts. The idea, according to the report, is that a central ballot depository would be more secure by eliminating unnecessary and security-reducing local points of entry that could be infiltrated by intruders to change election results.


Require that all e-voting machines in Ohio be optical-scan machines, which use a paper ballot that is scanned electronically and tabulated after being filled out by a voter. Presently, most voting precincts in the state use direct-recording electronic (DRE) touch-screen e-voting machines, where voters make their candidate selections using a touch screen. A paper-verifiable record is then printed out next to the machine so the voter can confirm that the correct votes are about to be recorded.


Require counties that use touch-screen machines to offer paper ballots to voters who don't want to vote using a DRE machine in the upcoming March 4 primary election

Patrick Gallaway, a spokesman for the secretary of state's office, said that the report will now be reviewed by the state legislature, the governor, county election officials and others to decide what changes to implement. "These are in no way set in stone," Gallaway said. "They're being put out there to contemplate."

Many states rushed to change their voting systems after the 2000 presidential election, which made "hanging chads" part of the voting lexicon. But by rushing to change their systems, many states did so without proper evaluations, causing some of today's e-voting security dilemmas, Gallaway said. "We don't want to rush into any kinds of conclusions" this time, he said. "We want to get it right."

It's likely that wholesale changes won't be possible before the March primary or even by the November election, Gallaway said. But officials will use the report to look at needed long-term changes, as well as to how to pay for any modifications.

Avi Rubin, a professor of computer science at Johns Hopkins University in Baltimore and director of e-voting activist group ACCURATE (A Center for Correct, Usable, Reliable, Auditable and Transparent Elections), said the new Ohio report provides an excellent analysis of the e-voting security problems in Ohio.

"The things that they found are so serious that it's no surprise that they're trying to get away from these [DRE] machines as quickly as possible," Rubin said. "What I dislike about DREs the most is that you don't have [paper] ballots, so at the end of the day you don't have ballots. If something goes wrong, you can't re-create the election, you can't recount; you have no idea what happened."

Rubin said he disagrees with the central vote-counting recommendation, however. "I understand why they're doing that, but there are certain advantages to precinct-level scanning," such as when a voter selects too many candidates on a paper ballot. If the scanning is done in the precinct, that ballot can get immediately kicked back to the voter to be corrected and properly counted, whereas if it had been sent to a central location, it wouldn't be retrievable and changeable. In some states, Rubin said, if too many candidates are selected on a ballot, the entire ballot is invalidated, not just the affected race.

Rubin said he agrees with Ohio's current approach in taking its time to ensure that technology changes for future elections are done properly. "That makes perfect sense," he said.

The testing done by the academic research teams showed just how vulnerable the existing DRE e-voting systems are, he said. "I think people [don't] realize just how bad the quality of the equipment is. It should be very telling about this whole industry that they're building systems that are so insecure that this team was able to basically have their way with it and showed how you could tamper with election results in undetectable ways, and how you could change votes and things like that.

"I don't think it's impossible to build high-tech voting systems," he added, "but I think it will require a lot more quality control and effort than we've seen so far."