Government Technology

E-Vote: Ohio Election Systems Have Critical Security Failures, Says Secretary of State



December 17, 2007 By

Ohio's electronic voting systems have "critical security failures" which could impact the integrity of elections in the Buckeye State, according to a review of the systems commissioned by Secretary of State Jennifer Brunner.

"The results underscore the need for a fundamental change in the structure of Ohio's election system to ensure ballot and voting system security while still making voting convenient and accessible to all Ohio voters, " Secretary Brunner said Friday in unveiling the report.

"In an era of computer-based voting systems, voters have a right to expect that their voting system is at least as secure as the systems they use for banking and communication," she said.

The Report

The Evaluation & Validation of Election-Related Equipment, Standards & Testing report, known as EVEREST, is a comprehensive review of voting systems revealing startling findings on voting machines and systems used in Ohio and throughout the country. The Ohio study tested the systems for:

  • Risks to vote security
  • System performance, including load capacity
  • Configuration to currently certified systems specifications
  • Operations and internal controls that could mitigate risk.

The $1.9 million study, paid for using federal funds, was structured to allow two teams of scientists, corporate and academic, to conduct parallel assessment of the security of the state's three voting systems -- Election Systems & Software (ES&S), Hart Intercivic and Premier Election Solutions (formerly Diebold) -- in both voting and board of elections environments. Separate research was conducted on each voting system's performance, configuration and operations and internal controls management. A bipartisan team of 12 election board directors and deputy directors advised the study and evaluated all reports, participating with the secretary in making recommendations for change.

While some tests to compromise voting systems took higher levels of sophistication, fairly simple techniques were often successfully deployed.

"To put it in every-day terms, the tools needed to compromise an accurate vote count could be as simple as tampering with the paper audit trail connector or using a magnet and a personal digital assistant," Brunner said.

The researchers in the Ohio study didn't address the issue of probability of attack, leaving that to the determination of state and local officials. The researchers commented that with the lack of technical measures in voting system design, its integrity "is provided purely by the integrity and honesty of election officials."

"It's a testament to our state's boards of elections officials that elections on the new HAVA mandated voting systems have gone as smoothly as they have in light of these findings," Brunner said.

Testers looking at the performance of the voting systems used in Ohio and in many locales throughout the country, identified numerous risks to election integrity ranging from minor to severe, according to the review.

Also, those examining how voting systems were configured in the field found risks such as the use of materials like memory storage and printer paper that had not been certified by the voting system manufacturers; a lack of standardized equipment testing and that revisions to voting system software for all systems and counties were not documented or tracked, the review said.

Recommendations
Secretary Brunner has presented recommendations and options to address these findings to Gov. Ted Strickland and legislative leaders for their consideration. Among the top recommendations are:

  • Eliminating points of entry creating unnecessary voting system risk by moving to central counting of ballots
  • Eliminating Use of direct recording electronic (DREs) and precinct-based optical scan voting machines that tabulate votes at polling locations
  • Utilizing the AutoMark voting machine for


| More

Comments

Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
McAfee Enterprise Security Manager and Threat Intelligence Exchange
As a part of the Intel® Security product offering, McAfee® Enterprise Security Manager and McAfee Threat Intelligence Exchange work together to provide organizations with exactly what they need to fight advanced threats. You get the situational awareness, actionable intelligence, and instantaneous speed to immediately identify, respond to, and proactively neutralize threats in just milliseconds.
Better security. Better government.
Powering security at all levels of government with simpler, more connected IT.
Cybersecurity in an "All-IP World" Are You Prepared?
In a recent survey conducted by Public CIO, over 125 respondents shared how they protect their environments from cyber threats and the challenges they see in an all-IP world. Read how your cybersecurity strategies and attitudes compare with your peers.
View All

Featured Papers