8)         Secret Software Programs - I

9)         Secret Software Programs – II

Pull the Plug on E-Voting

http://www.truthout.org/docs_2006/102706O.shtml

    By Bruce O'Dell
    OpEdNews

    Thursday 26 October 2006

    Here's an indictment of the IT profession, and a fine irony: the degree of independent hand-auditing of paper ballot records sufficient to verify the corresponding computerized vote tallies is comparable to the effort required to more accurately count all the ballots by hand in the first place, dispensing with the machines. But until that day arrives, the programs that the voting vendors actually distribute - as opposed to the software they may say they distribute - will continue to determine who takes power after the votes are tallied.

    How does Diebold or ES&S software wind up in my precinct?
Consider that while there are a relative handful of programmers at companies like Diebold or ES&S, there are hundreds of thousands of voting machines out in the field. After a programmer writes a piece of software, compiles it into binary form, and tests it well enough to say it's done and working properly, many additional people - dozens to hundreds of them, in fact - get involved in the long chain of events to get that software out to the polling station and election office, ready to be used.

 

Security Analysis of the Diebold AccuVote-TS Voting Machine http://itpolicy.princeton.edu/voting/

Abstract   This paper presents a fully independent security study of a Diebold AccuVote-TS voting machine, including its hardware and software. We obtained the machine from a private party. Analysis of the machine, in light of real election procedures, shows that it is vulnerable to extremely serious attacks. For example, an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates. An attacker could also create malicious code that spreads automatically and silently from machine to machine during normal election activities — a voting-machine virus. We have constructed working demonstrations of these attacks in our lab. Mitigating these threats will require changes to the voting machine's hardware and software and the adoption of more rigorous election procedures.

 

Florida: The Harri Hursti Hack and its Importance to our Nation

http://www.votetrustusa.org/index.php?option=com_content&task=view&id=798&Itemid=51

The Leon County Supervisor of Elections, Ion Sancho, authorized a "test" of his Diebold voting system to see if election results could be altered using only a memory card. Harri Hursti (photo at right), a computer programmer from Finland, who has been working with Black Box Voting, facilitated the test and it has come to be known as the "Harri Hursti Hack."

 

THE MACHINERY OF DEMOCRACY: Protecting Elections in an Electronic World

http://www.brennancenter.org/programs/dem_vr_hava_modsecurity.html

On June 28, 2006, the Brennan Center released a report by its Voting System Security Task Force on the security of electronic voting systems. The Task Force was composed of internationally renowned government, academic, and private-sector scientists, voting machine experts and security professionals; together, they conducted the nation's first systematic analysis of security vulnerabilities in the three most commonly purchased electronic voting systems.

Most broadly, the report found:

·         All three voting systems have significant security and reliability vulnerabilities, which pose a real danger to the integrity of national, state, and local elections.

·         The most troubling vulnerabilities of each system can be substantially remedied if proper countermeasures are implemented at the state and local level.

·         Few jurisdictions have implemented any of the key countermeasures that could make the least difficult attacks against voting systems much more difficult to execute successfully.

 

Court Upholds Colorado Voters Challenge to Electronic Voting System

http://www.votetrustusa.org/index.php?option=com_content&task=view&id=1812&Itemid=113

In a legal victory this afternoon in the Colorado voters' lawsuit challenging Secretary of State's Gigi Dennis' cursory certification of electronic  voting systems manufactured by Diebold, Sequoia, ES&S, and Hart Intercivic, the  District Court in Denver decided that it will not permit the use of  these systems post November 7th until real security standards are  adopted and the machines are retested to meet these standards. In his ruling, Judge Lawrence Manzanares said the Secretary of state had  failed to create minimum security standards, as required by state law, and did an "abysmal" job of documenting the  testing during its certification process.