E-Voting Machines Pose Election Threat, Professor Says - InformationWeek
03:30 PM
[Dark Reading Crash Course] Finding & Fixing Application Security Vulnerabilitie
Sep 14, 2017
Hear from a top applications security expert as he discusses key practices for scanning and securi ...Read More>>

E-Voting Machines Pose Election Threat, Professor Says

A Princeton professor says computer viruses can easily be installed in an e-voting machine to change vote totals.

The red flag raised by a princeton prof last week about vulnerabilities in electronic voting machines may be no more than a warning about a several-generations-old machine unlikely to be used in any real election. But there were real-world glitches in e-voting systems in last week's primaries. With more than 60 million voters expected to use such systems in this fall's elections, the warnings are all worth taking seriously.

Edward Felten, a professor of computer science and public affairs, raised a minor stir last week by revealing that he and two grad students were able to install a computer virus in a touch-screen e-voting machine. With several months of work, the students created malicious software code programmed to steal votes undetected by modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates.

Once the curtain is pulled, anything can happen

Once the curtain is pulled, anything can happen
The students claim they could install the malicious code on the machine's memory in less than a minute, though it requires picking a lock on a door that covers the machine's memory card and power button and replacing the memory card with an infected one. Once the new memory card was installed, it infected the machine itself.

But the machine Felten tested, a Diebold AccuVote-TS system, is more than two generations old, and Diebold says it's not aware of it being used anywhere in the country. Diebold's newer systems have digitally signed memory cards, and each system includes an audit security tag with an ID number. If the tag appears tampered with, the system isn't used, says Mark Radke, director of marketing at Diebold Electronic Systems.

Felten acknowledges he used an older system but still raises the concern that a determined, intelligent hacker can figure out ways to violate such equipment. "Once you pull the curtain in the voting booth, anything's possible," he says.

In the fall election, 66.6 million voters are expected to use e-voting equipment, consulting firm Election Data Services says. Last week's primaries had their glitches--though most were less high tech or nefarious than Felten envisions. During primary elections in wealthy Montgomery County, Md., election workers didn't get access cards to operate the Diebold voting machines for the county's 238 precincts on time, leaving people to use paper ballots that, in many cases, ran out quickly. Some voters were asked to return later in the day. The mess has county executive Doug Duncan calling for the firings of local elections officials and for a quick investigation by the state board of elections to prevent a November repeat.

As far as preventing tampering, though, the state of Maryland uses a newer version of Diebold's AccuVote-TS system that includes stronger encryption than what Felten used, and the state also takes other safety measures, including conducting criminal background checks on all election workers and limiting who has access to the equipment.

Paper's Not Perfect

Many skeptics contend the best way to protect vote integrity is to back it up with a paper trail, such as systems that let voters verify a paper record of their selections before leaving the voting booth. Some e-voting equipment vendors, including Sequoia Voting Systems, specialize in such voter-verifiable paper trail systems, which are required in 27 states.

But e-voting systems backed up by paper aren't foolproof, either. Ohio's Cuyahoga County recently found that 10% of backup paper records generated by touch-screen voting machines were uncountable, caused mostly by improperly installed paper or paper jams.

"Often, the people volunteering on Election Day aren't as tech-savvy as you or I, and they may not be well-trained," says Michelle Shafer, Sequoia's VP of communications and external affairs. "Elections aren't only about the technology, they're about people and processes." All three--people, processes, and technology--will need to be up to snuff for the 67 million-voter test this fall.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll