Voting machines: Previous machine certifications didn't test security

Print
This is the second article in a two-part examination of a recent state decisions regarding the county's voting machines. The first article, “Secretary of State: County's voting machines require additional security,” was published Tuesday.


LAKE COUNTY – On Aug. 3, California Secretary of State Debra Bowen decided to decertify and recertify – with additional security measures – the Hart InterCivic eSlate electronic voting machines used by Lake County and several other counties.


As Lake County News reported Tuesday, Bowen's decision requires Lake County Registrar of Voters Diane Fridley to work with Hart InterCivic in order to create a plan to address the security concerns Bowen said her review found.


State Chief Deputy Secretary of State Evan Goldberg told Lake County News that the review looked at electronic voting machines and optical scan systems.


State law requires Secretary of State Debra Bowen to review voting systems, and she may do so at any time, said Goldberg.


So, why review the systems when they already had been certified previously by the federal government and previous secretaries of state?


“They were put through a review process but the review process never included security,” said Goldberg – either on the state or federal levels.


Bowen initially wanted to include eight voting systems in the review, but those machines not being used in the 2008 election were allowed to opt out, and the time frame and resources available also limited the study's scope.


“That's why it wound up there were only three systems that were reviewed,” he said.


Bowen's effort included a team of researchers – called the “Red Team” – from the University of California, Davis. A 14-page overview report from the team's principle investigator, Matt Bishop, stated that the team's specific goal was to identify and document how the systems might be vulnerable to tampering or error that could result in critical election data being altered.


The team considered several questions, said Bishop, including what the systems are required to do, who might threaten the systems, the environment in which the systems are used. They did not, however, evaluate the likelihood of any attack being feasible, but only described the conditions a hacker would need to be successful.


The team was split into two teams, one of which – led by Robert P. Abbott and based at the Secretary of State's Sacramento office looked at the Hart eSlate system, which Lake County uses, and the Diebold system.


The team found that the eSlate's mobile ballot box could be altered during an election, and that post-election safeguards to prevent data from a tampered mobile ballot box from being counted “can be easily bypassed.”


Lake County Registrar of Voters Diane Fridley last year purchased 50 Hart InterCivic eSlate voting machines, one for each of Lake County's polling places.


Fridley said the mobile ballot box is secured in a judge's booth controller unit by a serial-numbered, tamper-proof lock. The number is recorded when it's issued and is confirmed when it's returned to the Elections Office. Elections Office staff removes the lock when the votes are downloaded to be counted during the official canvass.


They also found they could remotely capture the audio from a voting session on an eSlate with audio enabled, which would violate the voter's privacy, the report stated. In addition, the machines could be forced to accept multiple bar codes which could lead to erroneous vote totals.


Fridley said she has e-mailed Hart and they are looking into the concerns about capturing audio.


Regarding the eSlate machines, Goldberg explained, “The Hart System was deemed to be less vulnerable to certain kinds of attacks than the Diebold or Sequoia system.”


Counties like Lake that use the Hart machines must meet several conditions to guarantee security, and must submit a plan to the state within 45 days of Bowen's decision.


Of the state's 58 counties, 37 have only one voting machine per polling location, as in Lake County's case, said Goldberg. It's the 21 other counties, some of which have multiple machines per polling place, that will face the most change.


Elections official concerned about study


Steve Weir, president of the California Association of Clerks and Elections Officials, told Lake County News that he's a healthy skeptic of electronic voting machines and that he welcomed a tough review of them.


But Weir said he was concerned with how Bowen conducted the review, beginning on March 22, when she gave county elections officials only six days to respond to the draft standards she proposed to use for the process.


Normally, according to state administrative code, such information needs to be in print for a month; Weir said that rule can be waived but only in extraordinary circumstances.


Goldberg responded that there is no legal requirement for the secretary to provide county elections officials a comment period, but that she did so anyway, although it was very short due to her “desire to get the review started as rapidly as possible.”


And, Goldberg added, Bowen didn't release her final criteria until May 9, which was because she had given elections officials more time to respond.


“She wanted to make the review process as open and transparent as possible,” said Goldberg. “I think she wishes the period could have been longer, and act it did turn out to be longer.”


Weir said Bowen again gave officials only days to respond when her initial reports on the review were released late in July. He said she released them on the afternoon of Friday, July 27, when hearings were scheduled for 10 a.m. Monday, July 30. On Aug. 3 she released her final decision, when he said actually had until Aug. 6 to do so under his interpretation of election code.


Three things about Bowen's study bother Weir. First, he said, she should have stated definitively that the machines included no “malicious code” and hadn't actually been tampered with in a real-world voting situation. Bowen could have settled that debate but didn't, said Weir.


Weir said he liked the idea of having the machines put through a tough test. “I like the idea of seeing my system tested against standards, and I mean really tested,” adding that he has a “healthy skepticism” of the voting machine vendors.


But his second issue with the process is that he said Bowen didn't have a protocol in place for the tests to penetrate the systems' defenses, which the National Institute of Standards and Testing had suggested was necessary.


He said the machines' defenses weren't tested, which he said was “patently unfair.”


His third concern is for the accessibility issue. By saying the machines had problems but were good enough to serve the disabled only “sent a terrible signal to the accessibility community” that they're separate and not really equal.


The need for voting accessibility, and Florida's voting issues during the 2000 election “landed us where we are today,” said Weir about electronic voting.


In the end, he said he believes Bowen simply ran out of time, with the California primary's deadline being moved up four months to February 2008.


At some point in the future, Bowen wants to review all systems, said Goldberg, although there's no time frame set up to do so at this point.


States including Ohio, Kentucky and New Jersey are now beginning similar voting machine reviews, said Goldberg. New Mexico and Florida already have banned the machines due to security concerns.


E-mail Elizabeth Larson at This email address is being protected from spambots. You need JavaScript enabled to view it..


{mos_sb_discuss:3}