Sponsored By

Princeton Professor Finds No Hardware Security In E-Voting Machine

A professor says there was nothing in the five Sequoia AVC Advantage machines that would stop him from reaching the read-only memory chips that hold the program instructions for counting votes.

Antone Gonsalves

February 16, 2007

3 Min Read

A Princeton University computer science professor who bought several Sequoia electronic voting machines off the Internet claims he found no hardware security to prevent someone from accessing the technology that controls the vote counting.

Andrew Appel said Friday there was nothing in the five Sequoia AVC Advantage machines he bought for $82 that would stop him from reaching the read-only memory (ROM) chips that hold the program instructions for counting votes. The chips weren't soldered to the circuit boards and could be easily removed with a screwdriver and replaced with other chips.

Therefore, a person who had access to a machine chip could reverse engineer the program instructions and then write his own instructions on a ROM chip available from any computer equipment retailer, according to Appel. If that person had access to a machine in a voting station, he could easily open the computer, pop out the original chip from its socket, and press in the new one.

Sequoia, which says it has managed thousands of electronic elections for 14 years in 16 states, said the professor's analysis was bogus because the machines bought off the Internet aren't in a voting station, where election officials implement their own security measures to prevent machine tampering.

"This is just an example of something that further adds to the hype against electronic voting systems, but is not based on the reality of the election environment," Michelle Shafer, a Sequoia spokeswoman, said. "It does a disservice to voters and election officials and helps to undermine confidence in our nation's election system."

Nevertheless, the company on its Web site specifically lists the AVC Advantage as one of its "tamperproof products," a claim that Appel challenges. The professor said the 1997 touch-screen machines he bought in January off the government surplus site GovDeals.com aren't much different from the ones Sequoia sold as late as last year.

"Sequoia sells different versions of the machines, but I'm pretty sure the differences are in the firmware, as opposed to different security measures that would somehow prevent replacement with fraudulent firmware," Appel, an expert in computer security, said in an interview Friday.

The security of e-voting remains controversial in many states. Voters' rights activists in New Jersey have referred to Appel's findings in court papers asking a judge to prevent the state from using more than 10,000 similar e-voting machines scheduled to be used in most of the state's 21 counties, the New York Times reported this week. The activists argue that the machines' lack of security makes them unsuitable for use. Concerns over the use of voting machines linger in the state, despite a law that requires a printed copy of all votes as a backup by January 2008.

In analyzing the machines, Appel found that a student could pick the lock protecting a backdoor to the motherboard in seven seconds. Once the door was off, Appel only needed to unscrew 10 screws from a sheet metal panel to get to the computer's circuit boards. He found no seals protecting any of the machine's components.

Appel has a Web site chronicling his research. Sequoia has posted a response on its own site.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights