December 17, 2007 By News Report
Ohio's electronic voting systems have "critical security failures" which could impact the integrity of elections in the Buckeye State, according to a review of the systems commissioned by Secretary of State Jennifer Brunner.
"The results underscore the need for a fundamental change in the structure of Ohio's election system to ensure ballot and voting system security while still making voting convenient and accessible to all Ohio voters, " Secretary Brunner said Friday in unveiling the report.
"In an era of computer-based voting systems, voters have a right to expect that their voting system is at least as secure as the systems they use for banking and communication," she said.
The Evaluation & Validation of Election-Related Equipment, Standards & Testing report, known as EVEREST, is a comprehensive review of voting systems revealing startling findings on voting machines and systems used in Ohio and throughout the country. The Ohio study tested the systems for:
The $1.9 million study, paid for using federal funds, was structured to allow two teams of scientists, corporate and academic, to conduct parallel assessment of the security of the state's three voting systems -- Election Systems & Software (ES&S), Hart Intercivic and Premier Election Solutions (formerly Diebold) -- in both voting and board of elections environments. Separate research was conducted on each voting system's performance, configuration and operations and internal controls management. A bipartisan team of 12 election board directors and deputy directors advised the study and evaluated all reports, participating with the secretary in making recommendations for change.
While some tests to compromise voting systems took higher levels of sophistication, fairly simple techniques were often successfully deployed.
"To put it in every-day terms, the tools needed to compromise an accurate vote count could be as simple as tampering with the paper audit trail connector or using a magnet and a personal digital assistant," Brunner said.
The researchers in the Ohio study didn't address the issue of probability of attack, leaving that to the determination of state and local officials. The researchers commented that with the lack of technical measures in voting system design, its integrity "is provided purely by the integrity and honesty of election officials."
"It's a testament to our state's boards of elections officials that elections on the new HAVA mandated voting systems have gone as smoothly as they have in light of these findings," Brunner said.
Testers looking at the performance of the voting systems used in Ohio and in many locales throughout the country, identified numerous risks to election integrity ranging from minor to severe, according to the review.
Also, those examining how voting systems were configured in the field found risks such as the use of materials like memory storage and printer paper that had not been certified by the voting system manufacturers; a lack of standardized equipment testing and that revisions to voting system software for all systems and counties were not documented or tracked, the review said.
Secretary Brunner has presented recommendations and options to address these findings to Gov. Ted Strickland and legislative leaders for their consideration. Among the top recommendations are:
This Digital Communities white paper highlights discussions with IT officials in four counties that have adopted shared services models. Our aim was to learn about the obstacles these governments have faced when it comes to shared services and what it takes to overcome those roadblocks. We also spoke with several members of the IT industry who have thought long and hard about these issues. The paper offers some best practices for shared government-to-government services, but also points out challenges that government and industry still must overcome before this model gains widespread adoption.