"Only dull people are brilliant at breakfast" -Oscar Wilde |
"The liberal soul shall be made fat, and he that watereth, shall be watered also himself." -- Proverbs 11:25 |
There are more than 120 security threats to the three most commonly purchased electronic voting systems, the study by the Brennan Center for Justice says. For what it calls the most comprehensive review of its kind, the New York City-based non-partisan think tank convened a task force of election officials, computer scientists and security experts to study e-voting vulnerabilities.
The study, which took more than a year to complete, examined optical scanners and touch-screen machines with and without paper trails. Together, the three systems account for 80% of the voting machines that will be used in this November's election.
While there have been no documented cases of these voting machines being hacked, Lawrence Norden, who chaired the task force and heads the Brennan Center's voting-technology assessment project, says there have been similar software attacks on computerized gambling slot machines.
"It is unrealistic to think this isn't something to worry about" in terms of future elections, he says.
[snip]
The new threat analysis does not address specific machines or companies. Instead, it "confirms the suspicions about electronic voting machines that people may have had from individual reports" of problems, Norden says.
Among the findings:
• Using corrupt software to switch votes from one candidate to another is the easiest way to attack all three systems. A would-be hacker would have to overcome many hurdles to do this, the report says, but none "is insurmountable."
• The most vulnerable voting machines use wireless components open to attack by "virtually any member of the public with some knowledge and a personal digital assistant." Only New York, Minnesota and California ban wireless components.
• Even electronic systems that use voter-verified paper records are subject to attack unless they are regularly audited.
• Most states have not implemented election procedures or countermeasures to detect software attacks.
"There are plenty of vulnerabilities that can and should be fixed before the November election," says David Jefferson, a Lawrence Livermore National Laboratory computer scientist who served on the task force. "Whether they will or not remains to be seen."