EUIST

what is it about?

Ohio uses five voting systems manufacturered by three firms:
- Elections Systems and Software (ES&S) – 3 systems namely Unity EMS, iVotronic DRE, and M100/M650-based optical scan voting systems;
- Premier Election Solutions, formerly Diebold; and
- Hart InterCivic.
The study reports that voting machines and central servers made by these three firms were easily corrupted.

Important here is also that Ohio is a whose electoral votes narrowly swung two elections toward President Bush. These identified flaws could undermine the integrity of the 2008 presidential elections in Ohio and wherever else they might be used across the USA.

is it new?

We have reported about how electronic voting systems as those used in Ohio and others are vulnerable since about 2001, such as:2004-07-13 E-Voting and USA’s Presidential Elections Nov. 2 – Federal Court Upholds Ban

2003-07-29 Security Flaws in Electronic Voting System

2002-06-06 E-Government, Citizenship and Voting

2002-10-01 E-Voting – security issues

However, this is probably the first time that researchers have gained access to all the inner workings of the system. In addition, tests were conducted in the field under conditions similar to those occurring when people will cast their votes next year for the next president of the country.
what are the key findings?

The Evaluation & Validation of Election-Related Equipment, Standards & Testing (EVEREST) report discovered many things. In fact, it is exhaustive and extremely detailed (334 pages).

Unfortunatly, media fails us once again by ignoring the critical security flaws and instead focusing on hype, instead of the critical security flaws that are including but not limited to:

1) data that should be encrypted are not,

2) when data are encrypted, the key is stored in the clear next to the ciphertext;

3) coding errors and vulnerabilities resulting in buffer overflows

4) useless (and misapplied) physical security;

5) SQL injection;

6) audit logs are tamperable; and

7) undocumented back doors.

Naturally, there are a few more things that make us wonder.

There are two reports (besides an executive summary from Secretary Brunner – see further below).

The team consisted of research and industry experts and their final report (the file is 11 MB! and 334 pages) can be found here:

Matt Blaze and Giovanni Vigna (Team Leaders) and associates (December 7, 2007). Academic evaluation and validation of election-related equipment, standard and testing – final report (PDF) – 334 pages

If the above fails check out CyTRAP Labs White Paper portal

There is also a risk assessment study done by SysTest Labs that you can download here (700 KB):

SysTest Labs (December 2007). Consulting and Testing Services Risk Assessment Study of Ohio Voting Systems – Technical Report (PDF) – 114 pages

If the above fails check out CyTRAP Labs White Paper portal

what does Jennifer Brunner Ohio Secretary of State recommend?

Below is taken from the government Webpage and press release of Secretary Brunner

Secretary Brunner has presented recommendations and options to address these findings to Gov. Ted Strickland and legislative leaders for their consideration. Among the top recommendations are: * Eliminating points of entry creating unnecessary voting system risk by moving to Central Counting of Ballots
* Eliminating Use of Direct Recording Electronic (DREs) (editor – usually touch screen) and Precinct-based Optical Scan Voting Machines that tabulate votes at polling locations
* Utilizing the AutoMark voting machine for voters with disabilities (This machine “reads” the bar code on a blank ballot and acts solely as a ballot marking device, allowing voters, especially those with disabilities, to mark ballots with little or no assistance, preserving the secrecy of their ballot selections.)
* Requiring all ballots be Optical Scan Ballots for central tabulation and effective voter verification
* Maintaining “no fault” absentee voting while establishing Early (15 days prior to the election) and Election Day Vote Centers (of the size of 5 to 10 precincts), eliminating voting at individual precincts or polling places of less than 5 precincts
* Requiring all Special Elections (issues only) held in August 2008 to be voted by mail (no in-person voting, except at the board of elections, for issue-only elections held in August 2008)

You can get her executive report right here:

EVEREST Executive Report of Findings (PDF) by Jennifer Brunner Ohio Secretary of State

Ms. Brunner proposed replacing all of the state’s voting machines, including the touch-screen ones used in more than 50 of Ohio’s 88 counties. In fact, Secretary Jennifer Brunner wants all counties to use optical scan machines that read and electronically record paper ballots that are filled in manually by voters.

But some of the vulnerabilities identified are of a procedural kind…. and the above steps will not address those at all. It seems a bit like throwing the baby out with the bathwater.

Fixing the e-voting systems’ technical problems is a challenge and may result in 4 of the 5 not being secure enough to be used in next year’s election. Nonetheless, that does not take care of the structural and procedural problems that are particular to how Ohio manages its election and voting process.

The two reports reveal that these procedural risks have nothing to do with e-voting but everything with wrong procedures and lack of trust. Hence, addressing those is important but not focusing in press material on the critical security flaws seems a failure to take this opportunity to fix things for good. We just noted 7 critical security flaws in the list above but there are many more. Inquiring minds want to know why Jennifer Brunner failed to really stress these but focused instead on more procedural issues?

CONCLUSION OR WHAT DOES IT MEAN?

Both, the vaidtation report as well as the risk assessment study are great material to read. If you can spare the time, download and browse through. While they do not tell us many new things, they are a rare example of what can go wrong.

What is sad about this is that Secretary Brunner recommends things that have seemk more procedural than technical. In fact, most remedies she asks to be fixed are those that suggest not all things are running smoothly across the state’s voting stations. Unfortunatlely, that is a management and possibly social issue (e.g., how much can you trust the people manning the stations to do it right and according to the procedures?) and can happen with paper and pencil voting as much as with e-voting.

In conclusion, the 5 e-voting systems tested, validated and used in Ohio during the last presidential election have critical flaws that could undermine the integrity of the 2008 general election.

============>

60% OF THIS ITEM’S READERS SUBSCRIBED ALREADY

CyTRAP Labs invites you to get info about zero-day exploits, tools, benchmarking and regulatory intell. BETTER, just become one of our readers by subscribing right now to one or more of our highly acclaimed services.

====>

Also related:

2004-11-10 W46 – Bookreview – Secure Electronic Voting – 2

====>

.