Secure Election Systems

Monday, August 06, 2007

F*&CK s**** Damn!!!

It all started with a lawsuit.

The ADA sued the State, "It's not right that disabled people should have to require assistance, they should be able to vote in private.".

Without provocation or public pressure, a suit was brought to decertify our tried and true paper ballot system. The suit was won by the plaintiffs, who were not acting on the behalf of the greater "differently abled" community.

The state allocated millions of taxpayers dollars to replace the "aged" punch card voting system and institute a brave new election world. All without the pressure of the greater public.

August 6, 2007 - California Secretary of State releases findings of Red Team testing. Most if not all electronic voting systems are decertified. Testing was performed without public input or public disclosure. Local elections officials were effectively frozen out of the testing process and given short notice on the results.

The state has once again thrown out tax payer dollars (16 million for one county). I ask, "Where is the proof that the majority wanted this?". For being in charge of elections, the State seems to have no interest in conducting fair and impartial surveys of the electorate. Coduct the survey or "Election" as they like, paper or electronic. But none-the-less, conduct a survey of the people.

I was no supporter of electronic voting from the get-go. I favored a conservative approach, using paper ballots until the technology matured. However, the state did not offer funding for that approach, only for e-voting. They forced the issue in the first place, and now it is up to the Counties and local taxpayers to foot the billfor their incompetence.

It's a sad world when the system that elects the officials is at the mercy and control of the elected officials. Next time you see this kind of shit happen, please think of this... If one elected official can be elected because "His brother rigged the Diebold machines", why is it okay for another elected official to dictate what machines you vote on?

Saturday, September 23, 2006

Analysis of Electronic Voting Systems by John Hopkins University.

This article has some good points to it. I too am frustrated by the poor coding and systems design by the niche companies that serve the elections communities.

However this analysis, like so many others, ignores the procedural and physical security measures that surround the voting systems.

I am glad that this author took the effort to learn some about the elections process as a polls judge. I would encourage all to observe the official logic testing and recount processes as well.

Smart Cards: If you have EVER gone to a polling place, you will not that it is required that you be a registered voter and listed on a voter index/roster. If you are not, you are required to vote a "Provisional" ballot in most jurisdictions. At this point, it wouldn't matter if the smart card was nothing more than a common unencrypted floppy disk. You didn't pass the first measure of physical control. Other than that, you would need inside knowledge of the unique identifiers on that smart card to activate anything on the voting system.

Casting multiple votes: In this scenario, again you would have to know the unique identifiers used in the election. This would be an inside job performed by a vendor or election official. Also, vote trends would detect an anomaly if a percentile difference for votes cast or ballots cast in a precinct deviated from the norm and would throw a red flag EVEN IF the total votes cast was not audited against signatures on the index of voters. This would be detectable by the public when presented on the precinct level votes report.

Accessing administrator and poll worker functionality: This is a procedural issue that should be addresses by the election official. PINS should be complex and changed each election where possible. This would also require access to an existing valid administrator card. This IS a poor security design, although other systems do not follow this model.

Election configurations and election data: Data storage manipulation requires unfettered access to the voting terminal. Again, proper physical security measures prevent this. Networking should never be used when it is connected to external systems such as the election officials LAN or Internet. Barring open network connections there is nothing to be faulted with network data uploads as long as all systems within the network are properly secured, updated and virus free.

Tampering with the system configuration: Unfettered access to the machine or data would be required to accomplish this. Vote trends and patterns would detect any manipulation of the votes cast.

Impersonating legitimate voting terminals: PLEASE GOD! Show me one election jurisdiction that is STUPID enough to upload results through the public internet! And yes, the voting device ID is verified by the backend server and may only be uploaded ONCE, thereby throwing a red flag when a duplicate is encountered.

Key management and other cryptographic issues with the vote and audit records: Encryption is not used on many of the voting terminals that I am familiar with. And yet the one company that goes the extra step is criticized because of it. If it were that big of an issue, all vendors would be required to implement it. Encryption does not matter unless you are able to get that data into the system.

Tampering with election results and linking voters with their votes: Again. show me someone who has intercepted a voting machine, cracked the encryption, rewrote the votes, re-encrypted the data, copied to all redundant media, with full cooperation of the multi-partisan poll site employees who would detect this when either opening the polling site or reconciling the votes cast to the voter index. These geeks have no clue, I could find plenty of fault in the CIAs systems if I had full access to them.

LINKING VOTERS WITH THEIR VOTES.: Honestly, who really cares? Elections officials don't care who voted for who. I don't care if you know who I voted for. People want to know if their vote counted, yet they want it secret. You can't have both. Also, linking voters with their votes would require the cooperation of all poll workers in the precinct. Not likely due to the mixed party panels.

Audit logs: Audit logs tell you that something went bad after the fact. Votes are in the system, untraceable to a voter and we can't get them out in an intelligent manner. Any seeding of votes into the system prior to e-day would be caught by a poll judge. Any during the day would require cooperation of a multi-partisan poll panel. Why, when, how would you alter these logs?

Attacking the start of an election: Yes, let's download the files over the Internet. Who does this?!?!?! Why don't we make up a outrageous situation that doesn't exist to garner public support for our position?

Software engineering: From this point on, these "Experts" get into detail that is beyond the concern of the public and more of a concern for anal retentive tech geeks. I could care less if it was spaghetti-code with goto, line labels, multiple return paths and general chaos. If it fulfills a purpose and can be implemented in a secure way, the code doesn't matter.


I encourage anyone out there to volunteer to observe and learn about the elections process. Testing is mandated to be publicly observable in all California jurisdictions. Ask, learn and understand. Or you may speculate, suppose, assume and call yourself an "Expert".

Friday, September 22, 2006

Welcome!

As you may well know, there is much published information for "Experts" and "Scientists" on elections security and electronic voting systems.

As someone with full experience of the elections process and electronic voting, I can clear up much of the misconceptions and assumptions that these pseudo experts have published as facts.

To start: No matter how poor the software or systems security may be, the lack of physical security and proper procedure is what will ultimately break a voting system.

To feed the frenzy:
www.blackboxvoting.com