CTVotersCount.org

CA Software Reports Released – Diebold subtracts from democracy

Update: Talk of the Nation Interview – Red Team LeaderÂ Â Â ” [relying on procedures] indicates a very high belief in human infalibility.”

Executive Summary:

Vulnerability to malicious software

The Diebold software contains vulnerabilities that could allow an attacker to install malicious software on voting machines or on the election management system. Malicious software could cause votes to be recorded incorrectly or to be miscounted, possibly altering election results. It could also prevent voting machines from accepting votes, potentially causing long lines or disenfranchising voters.

Susceptibility to viruses

The Diebold system is susceptible to computer viruses that propagate from voting machine to voting machine and between voting machines and the election management system. A virus could allow an attacker who only had access to a few machines or memory cards, or possibly to only one, to spread malicious software to most, if not all, of a countyâ€™s voting machines.
Thus, large-scale election fraud in the Diebold system does not necessarily require physical access to a large number of voting machines.

Vulnerability to malicious insiders

The Diebold system lacks adequate controls to ensure that county workers with access to the GEMS central election management system do not exceed their authority. Anyone with access to a countyâ€™s GEMS server could tamper with ballot definitions or election results and could also introduce malicious software into the GEMS server itself or into the countyâ€™s voting machines.

Continue reading “CA Software Reports Released – Diebold subtracts from democracy”

Likely that state’s largest election will go unaudited

The Norwich Bulletin reports concern in Plainfield because the ballot for a charter revision may reach three pages. No mention in the article that the state’s new audit law does not provide for random audits of ballot questions. Apparently huge concern in Norwich over cost of ballots, yet they have likely spent thousands on developing the charter revisions and will put it all at risk for a relatively small amount as at least that part of the election goes unaudited.

Read the full story

An hour with the Secretary of the State

Susan Bysiewicz live blogged tonight on MyLeftNutmeg. MLMBlog

I asked two questions and got two answers, both of which were disappointing in different ways.

But 1^st let me say that I endevored to ask reasonable questions and make reasonable comments. There were two bloggers there that asked very confrontational, long, and sometimes insulting questions. I note that one of them registered only on July 24^th, and has not blogged until today, with the name LiveFreeOrDie, I suspect someone from out of state. I note that the other, obviously from CT registered on April 17^th, but has not commented until today.

Although the Secretary was to take questions on four subjects, the vast majority were on voting machines.

WHAT I LEARNED

– She started with a long entry, probably prepared ahead. The news for voting integrity was that she referenced the anticipated Brennan Report, to which she provided a link. (It is 40 pages plus another 50 in appendixes). I attempted scanning it quickly it appears to be more of a survey confirming many other reports without taking many strong stands. Yet, it will take a real read to really see what it has to offer. Report.

– I asked if she was happy with the confidence levels of 2-4% of detecting fraud in municipal and state legislateive races. She said â€œNOâ€. But, in reality it is clear she confused the 10% random district audit level with the resulting confidence level. So, not surprisingly, we learned that she, like many seems to have a weak grasp of statistics, at least in a fast blogging session. Unfortunately, the one hour blog session is not an environment suitable to educating on such subjects. I am sure most people can understand enough if we could actually sit down with their full attention for a few minutes.

– I asked that if when SB1311 mentioned primaries, elections, and races, if it included referendums and questions in audits?. I was disappointed to have my suspicions confirmed that they will not be audited. And pleased that she expressed the possibility of working on that in the future.

I would hope that she and other officials are not detered from similar sessions.

Is Diebold ineligible in NY?

Memo to Governor Spitzer:

New York State Law Prohibits State from Entering into Contract with Any of the Vendors under Consideration

New York State is enjoined from doing business with vendors who lack business integrity or whose past performance is wanting…none of the voting machine vendors New York is presently considering doing business with are eligible for contracts.

Not that the laws or lack thereof in Connecticut should preclude us from concern that each of our individual races, and precincts are programmed for each election in secret by Diebold employees.

Read the report

Hot Summer for Research Reports

Recent weeks and months have seen increasing activity in voting machine security and statistical analysis for auditing elections. Expect more news in the near term: A report is anticipated from the Brennan Center for Justice and several papers at the USENIX Accurate Electronic Voting Technology Workshop in
Boston on August 6^th.

CA, Post-Election Audit Standards Working Group, Report

Post-Election Audit Standards Working Group, Report, Evaluation of Audit Sampling Models and Options for Strengthening Californiaâ€™s Manual Count

This report moves the technical and political conversation to a whole new level.

â€œ The literature does not frame the statistical problem in the best way: Most of the papers address essentially this question: â€˜If the machine count named the wrong winner, what is the chance we will see at least one error in the sample?â€™ However, the Working Group believes the right question to ask is: â€˜If the machine count named the wrong winner, what is the chance we would have seen more errors in the sample than we actually saw in the sample?â€™â€
â€œIf audits are effective, then the public can have confidence in the outcome of elections even if the voting systems used are imperfect, because the audit can detect and be used as the basis to help correct human and voting system errorsâ€¦
The complexity of these systems means there are many more ways in which voting systems can fail to capture votes correctly, lose votes, miscount votes, and be manipulated to yield incorrect resultsâ€¦
Auditing a small percentage of precincts is not effective for finding problems that affect only a few precincts. Moreover, no fixed percentage (short of 100%) suffices to give high confidence that the apparent outcome of the election is correct. For that goal, the number of precincts that should be tallied manually depends on the margin in each precinct, the number of ballots cast in each precinct, and other factors, including the number of discrepancies found in the precincts that are manually counted.â€

Read the full report

University of California Red Team Reports to the Secretary of State

This confirms earlier reports on Diebold Optical Scan equipment, including the University of Connecticut report.

The vulnerabilities identified in this report should be regarded as a minimal set of vulnerabilities. We have pursued the attack vectors that seemed most likely to be successful. Other attack vectors not described here may also be successful and worth pursuing. This work should be seen as a first step in the ongoing examination of the systems, All members of the team strongly believe that more remains to be done in this field and, more specifically, on these systems
The Red Team was able to verify the findings of some previous studies on the AV-OS unit; the impact of these was to alter vote totals in order to change the vote results on that machine
…the attacker launches a low-tech attack that can be discreetly executed at a Precinct Count AV-OS under the watch of a moderately attentive poll worker. The tools for completing the attack are small and easily concealed, and they can be obtained in a typical office
â€¦we were able to discover attacks for the Diebold system that could compromise the accuracy, secrecy, and availability of the voting systems and their auditing mechanisms. That is, the Red Team has developed exploits that absent procedural mitigation strategies can alter vote totals, violate the privacy of individual voters, make systems unavailable, and delete audit trails.

Read the full report

University of Connecticut, Security Assessment of the Diebold Optical Scan Voting Terminal

In July, 2007 a similar report was released on the Diebold TSX, which demonstrated that that the state’s choice of Diebold Optical Scan was far superior to the Diebold DRE option, however, the October 2006 report is the one that applies to our voting systems.

We identify a number of new vulnerabilities of this system which, if exploited maliciously, can invalidate the results of an election process utilizing the terminal. Furthermore, based on our findings an AV-OS can be compromised with off-the-shelf equipment in a matter of minutes even if the machine has its removable memory card sealed in placeâ€¦Such vote tabulation corruptions can lay dormant until the election day, thus avoiding detection through pre-election tests
The vulnerability assessment provided in this paper is based only on experimentation with the system. At no point in time had we used, or had access to, internal documentation from the manufacturer we conclude that attackers with access to the components of the AV-OS
system can reverse-engineer it in ways that critically compromise its security, discover the vulnerabilities presented here in and develop the attacks that exploit them.

Unfortunately, presumably the secret programming of each election by Diebold allows access to the memory cards by those with all the documentation.

Read the full report

VerifiedVoting.org, Percentage-based vs. SAFE Vote Tabulation Auditing: A Graphic Comparison

This is a complete case for variable audit percentages.

Several pending electoral-integrity bills specify hand audits of 2% to 10% of all precincts. However, percentage-based audits are usually inefficient… Percentage based audits can also be ineffective, since close races may require auditing a large fraction of the total â€“even a 100% hand recount to provide confidence in the outcome. This paper presents the SAFE (Statistically Accurate, Fair and Efficient) alternative¦based on the same statistical principles that inform audits in business and finance…However, SAFE audits ensure high confidence in all electoral outcomes by using auditing resources more efficiently and employing large samples only when necessary.

Read the full report