From their press release:
On December 14th, 2007, Ohio Secretary of State Jennifer Brunner released the results of a comprehensive review of her state’s electronic voting technology. The study, called Project EVEREST, examined electronic voting systems – touch-screen and optical scan – from Elections Systems and Software (ES&S), Hart InterCivic, and Premier Election Systems (formerly Diebold). As part of that study, three teams of security researchers, based at Pennsylvania State University (State College, PA), the University of Pennsylvania (Philadelphia, PA), and WebWise Security, Inc. (Santa Barbara, CA), conducted the security reviews. The reviews began in September, 2007 and concluded on December 7, 2007 with the delivery of the final report. The teams had access to voting machines and software source code from the three vendors, and performed source code analysis and security penetration testing with the aim of identifying security problems that might affect the integrity of elections that use the equipment.
The public report can be downloaded from:
The report is similar to those that Debra Bowen had commissioned in California. In short, the electronic voting machines all had extremely serious flaws.
Some reactions from the election integrity community:
- From The Ohio EVEREST site:
While some tests to compromise voting systems took higher levels of sophistication, fairly simple techniques were often successfully deployed.
“To put it in every-day terms, the tools needed to compromise an accurate vote count could be as simple as tampering with the paper audit trail connector or using a magnet and a personal digital assistant,” Brunner said.
* Eliminating Use of Direct Recording Electronic (DREs) and Precinct-based Optical Scan Voting Machines that tabulate votes at polling locations
(The recommendations also suggest centralized ballot counting rather than precinct based ballot counting. I have not studied the report in depth so I am unsure why. Note that many in the election integrity community prefer precinct based counting of paper ballots.)
- Joseph Hall’s commentary (Joseph participated in the review as a “legal or procedural consultant”):
Our study identified exploitable security weaknesses in all three vendors’ systems. Many of these vulnerabilities represent practical threats to the integrity of elections as they are conducted in Ohio.
While some of the technical weaknesses we identified can be mitigated with improved procedural safeguards, others are more systemic. These structural flaws are more more difficult to correct, and reliably correcting them will require re-engineering and redesign of the equipment and software itself.
The security failures themselves affected the entirety of the election process. We found vulnerabilities in different vendor systems that would, for example, allow voters and poll-workers to place multiple votes, to infect the precinct with virus software, or to corrupt previously cast votes–sometimes irrevocably.
- Avi Ruben’s write-up:
The report is an incredible read. This group, in only a couple of months, managed to completely subvert these system and to expose them as woefully insecure and inadequate for the real world. Secretary Brunner, to her credit, has now recommended the elimination of DREs in polling places in her state. Now if only other states will follow her lead and that of Debra Bowen, SoS of California.
- Ed Felton weighs in:
Ohio Study: Scariest E-Voting Security Report Yet
Worse yet, the system’s access control can be defeated by a poll worker or an ordinary voter, using only a small magnet and a PDA or cell phone (page 50).
Some administrative functions require entry of a password, but there is an undocumented backdoor function that lets a poll worker or voter with a magnet and PDA bypass the password requirements (page 51).
The list of problems goes on and on.
This is yet more evidence that today’s paperless e-voting machines can’t be trusted.