What Did You Expect? They All Run Windows…
California Secretary of State Debra Bowen has finally released the results of an unprecedented top-to-bottom review of the state’s electronic voting machines and, what do you know, they were all easily hacked. Researchers at the University of California discovered more than a dozen vulnerabilities in voting systems manufactured by Diebold Election Systems, Hart InterCivic and Sequoia Voting Systems (which all, perhaps not coincidentally, run a variation of Windows). Among them, one that could allow someone to replace firmware in all three systems with malicious programs that could alter the recording, reporting and tallying of votes. “The security mechanisms provided for all systems analyzed were inadequate to ensure accuracy and integrity of the election results and of the systems that provide those results,” wrote principal investigator Matt Bishop, a computer science professor at the University of California at Davis.
Pretty much says it all, no? “What surprised me was not that we found things; what surprised me is the number of issues that we found,” Bishop said later in an interview with the Daily Democrat. “The problems covered the spectrum from physical locks all the way into software.”
Apparently, if one set out to design a voting system that prevents checks and balances, it would be hard to outdo the one used in California these days. Of course, the manufacturers of those systems would disagree with that assessment. As they have with Bowen’s review and the innumerable studies that preceded it. “While this evaluation was an interesting and helpful theoretical exercise, it did not represent a security-risk analysis and as such does not measure the severity of the actual threats in any meaningful way,” Sequoia said in a statement. “This was not a security-risk evaluation but an unrealistic worst-case scenario evaluation limited to malicious tests, studies and analysis performed in a laboratory environment by computer-security experts with unfettered access to the machines and software over several weeks.”
OK, so all electronic-voting systems are vulnerable in a laboratory environment. But have we forgotten that they’re also beset with problems in real-world environments as well? Remember the November 2006 elections? Not exactly smooth sailing, now was it? “Here’s the bottom line–no one trusts those machines anymore,” Markos “Kos” Moulitsas wrote at the time. “And not only do they damage the integrity of our democracy, but they give losing campaigns an excuse to grandstand and further erode faith in our system.”