marco
blog
Menu:
Unfettered access?
August 20, 2008
This was not a security risk evaluation but an unrealistic worst case scenario evaluation [...] performed in a laboratory environment by computer security experts with unfettered access to the machines and software over several weeks. This is not a real-world scenario [...]
Security reviews of the Hart system as tested in California, Colorado, and Ohio were conducted by people who were given unfettered access to code, equipment, tools and time [...]
The "unfettered access" claim has been a standard response from electronic machine vendors to the reports of serious security flaws in their equipment, as identified by recent evaluations, such as the California's Top-To-Bottom Review and the Ohio's EVEREST project.
This claim, essentially, postulates two theories:
- Vulnerabilities can be discovered only if analysts have extended access to the voting equipment under study.
- Attackers don't have extended access to voting equipment.
Theory number 1) is very suspicious from a security point of view, in that it builds on two discredited ideas: that "attackers/analysts have limited capabilities" (weak threat model), and that "as long as the system is unknown, it is secure" (security by obscurity). I will not elaborate further on this, since, I think, what follows is more interesting.
Theory number 2) (electronic voting equipment is not available to the general public) has been proven wrong a number of times in the past. There are various ways in which voting equipment can become accessible to non authorized people:
- It may be put up for auction, for example, when counties have surplus.
- It may be lost or displaced.
- It may be stolen.
Here is a list of cases when, for similar or other reasons, voting systems have finished (or might have finished) in the hands of the general public:
- B. Harris, The First Public Look — Ever — into a secret voting system, 2003. Bev Harris discovers a publicly accessible FTP server that hosts the source code repository, binaries, and various documentation for Diebold machines.
- Mysterious touchscreen voting machine found, USA Today, September 9, 2004. Diebold DREs are found abandoned on a street and in a bar in Baltimore.
- Voting machine stolen from polling site, Topeka Capital-Journal, March 1, 2005. A vote tabulator is stolen from a polling site (a school) in Topeka, KS.
- Voting machine stolen from elections judge, Dallas Morning News, March 6, 2006. An iVotronic machine is stolen from the home of a Dallas County elections judge.
- A. Dechert, Smash Diebold, June 2006. OVC buys a Diebold TS Touch Screen voting machine from eBay.
- C. Barr, Officials Probing Possible Theft of Voting Software in Md., Washington Post, October 20, 2006. Three disks containing the source code of Diebold programs is anonymously delivered to a former Maryland legislator.
- A. Feldman, J. Halderman, E. Felten, Security Analysis of the Diebold AccuVote-TS Voting Machine, September 13, 2006. The Princeton team obtains the complete voting machine (software and hardware) from an undisclosed "private party".
- A. Appel, How I bought used voting machines on the Internet, February 2007. Andrew Appel buys 5 Sequoia AVC Advantage machines on the auction site govdeals.com. Total price: $82.
- K. Zetter, Election Software Lost in Transit Found — But More Chips Go Missing, Wired, January 31, 2008. Chips loaded with software that run Diebold optical scanners are lost in California.
- D. Gang, Cast ballots stolen from Thermal site still missing, registrar's office says, Press-Enterprise, February 25, 2008. 119 cast ballots and a used voting cartridge for the Sequoia Edge DRE are stolen from a voting precinct in Riverside County.
- E. Felten, NJ Election Day: Voting Machine Status, June 3, 2008. Ed Felten describes (and photographs) Voting machines left unguarded around Princeton.
- B. Livingston, Voting machine stolen from church, Meridian Star, March 21, 2008. A voting machine is stolen in Lauderdale County, AL.
- eBay, ES&S OPTECH EAGLE IIIP VOTING MACHINE III/3P - COMPLETE, Item number 230277629190, August 2008. ES&S voting machine on sale on eBay.
I'll try to maintain this list accurate and up-to-date, so if you know more cases, please, let me know! Thanks to Joseph Lorenzo Hall for his comments and for contributing many entries to this list. Errors are mine.
To leave a comment, complete the form below. Mandatory fields are marked *.