Friday, October 28, 2005

Electronic voting security audit by the GAO

The Government Accountability Office has released a 107-page report (see links at the end of this post) examining the security of electronic voting (something I've addressed before). The Free Press has an article looking at some of the implications of the report, and the GAO report itself includes a good justification for looking at electronic voting security:
... it is important to note that many [electronic voting security concerns] involved vulnerabilities or problems with specific voting system makes and models or circumstances in a specific jurisdiction's election, and that there is a lack of consensus among elections officials, computer security experts, and others on the pervasiveness of the concerns. Nevertheless, there is evidence that some of these concerns have been realized and have caused problems with recent elections, resulting in the loss and miscount of votes. In light of the recently demonstrated voting system problems; the differing views on how widespread these problems are; and the complexity of assuring the accuracy, integrity, confidentiality, and availability of voting systems throughout their life cycles, the security and reliability concerns raised in recent reports merit the focused attention of federal, state, and local authorities responsible for election administration.
The report details many of the problems that have been found with electronic voting systems (the list starts on page 30 of the full PDF); here's an excerpt:
... several evaluations demonstrated that election management systems did not encrypt the data files containing cast votes (to protect them from being viewed or modified). Evaluations also showed that, in some cases, other computer programs could access these cast vote files and alter them without the system recording this action in its audit logs. Two reports documented how it might be possible to alter the ballot definition files on one model of DRE so that the votes shown on the touch screen for one candidate would actually be recorded and counted for a different candidate. In addition, one of these reports found that it was possible to gain full control of a regional vote tabulation computer--including the ability to modify the voting software--via a modem connection.

... one model [of a DRE electronic voting system] failed to password-protect the supervisor functions controlling key system capabilities; another relied on an easily guessed password to access these functions. In another case, the same personal identification number was programmed into all supervisor cards nationwide--meaning that the number was likely to be widely known.
Some of these machines were used in the 2004 presidential election. The Election Assistance Commission (EAC) is apparently attempting to coordinate solutions to these problems at a federal level, but according to the abstract of the report:
However, these actions [by the EAC] are unlikely to have a significant effect in the 2006 federal election cycle because important changes to the voting standards have not yet been completed, the system certification and laboratory accreditation programs are still in development, and a system software library has not been updated or improved since the 2004 election. Further, EAC has not consistently defined specific tasks, processes, and time frames for completing these activities; as a result, it is unclear when their results will be available to assist state and local election officials.

Reference:

Federal Efforts to Improve Security and Reliability of Electronic Voting Systems Are Under Way, but Key Activities Need to Be Completed, GAO-05-956, September 21, 2005: Abstract Highlights-PDF PDF Accessible Text

No comments: