Tuesday, December 18, 2007

2007-12-18 Ohio Electronic Voting Machine Test Results - Not Good

The Register.com (why do we hear this type of information first from the UK?) reports that the Ohio Secretary of State has just released a federally funded report on electronic voting machines used in Ohio, and has found that they contain critical failures that could affect the integrity of state elections.

Excerpted from the Ohio Secretary of State's report (link below):

The voting systems uniformly “failed to adequately address important threats against election data and processes,” including a“failure to adequately defend an election from insiders, to prevent virally infected software . . . and to ensure cast votes are appropriately protected and accurately counted. (Id.)"

"• Security Technology: The voting systems allow the “pervasive mis-application of security technology,” including failure to follow “standard and well-known practices for the use of cryptography, key and password management, and security hardware.” (Id.)
• Auditing: The voting systems exhibit “a visible lack of trustworthy auditing capability,” resulting in difficulty discovering when a security attack occurs or how to isolate or recover from an attack when detected. (Id.)
• Software Maintenance: The voting systems’ software maintenance practices are 'deeply flawed,' leading to 'fragile software in which exploitable crashes,lockups, and failures are common in normal use. (Id.)'"

Register.com also reports an executive for eVoting solution vendor Premier Election Solutions as cautioning people not to read too much into the report. That executive was quoted in the article as stating:

"'It is important to note that there has not been a single documented case of a successful attack against an electronic voting system, in Ohio or anywhere in the United States," an executive for Premier said in response to the report. "Even as we continue to strengthen the security features of our voting systems, that reality should not be lost in the discussion." He went on to say the report failed to take into account security improvements made since the study began.'"

Here's the man behind the curtain (sections of the report) we're asked to ignore:

"Specific Results: Source Code Analysis and Red Team (Penetration) Testing
Failure to Protect Election Data and Software Failure to Effectively Control Access to Election Operations
Failure to Correctly Implement Security Mechanisms
Failure to Follow Standard Software and Security Engineering Practices

Failure To Effectively Protect Vote Integrity and Privacy
Failure to Protect Elections From Malicious Insiders
Failure to Validate and Protect Software
Failure to Follow Standard Software and Security Engineering Practices
Failure to Provide Trustworthy Auditing

Failure To Effectively Protect Election Data Integrity
Failure To Eliminate Or Document Unsafe Functionality
Failure To Protect Election From “Malicious Insiders”
Failure To Provide Trustworthy Auditing

Lessee: Failure to protect against insiders. Failure to follow "standard and well known practices" for crypto, key management and security hardware. Failure to provide a trustworthy auditing capability, making it "difficult" to discover when an attack occurs. Deeply flawed software maintenance practices resulting in "fragile software."

Hmm. Let's build a house with twelve doors and eleven locks. Certify it as safe because there has been no 'documented" case of a successful attack?

Article link:


Report Link: