E-vote vendors submit software for safekeeping

Dan Verton   Today’s Top Stories    or  Other Legislation/Regulation Stories  

Sign up to receive Security Resource Alerts

October 27, 2004 (Computerworld) -- WASHINGTON -- With less than a week to go before the presidential election and concerns still lingering about the integrity and security of the software used by tens of thousands of electronic voting machines, five voting machine makers agreed to submit their software to the National Software Reference Library (NSRL) for safekeeping, federal officials said yesterday.
While the move to store the software for comparison in the event of questions about the integrity of e-voting systems has been positively received, the decision comes more than three months after the U.S. Election Assistance Commission officially called on the vendors to submit their software to the NSRL.
In a July 13 advisory letter, EAC Chairman DeForest Soaries said that doing so would "facilitate the tracking of software version usage," a critical concern for some observers who say vendors have in the past installed patches and upgrades prior to and during elections without those pieces of software having been inspected.
The NSRL is designed to collect software and incorporate file profiles computed from the software into a reference data set (RDS) of information. The RDS can be used by law enforcement, government and industry organizations to review files on a computer by matching the profiles in the RDS. The National Institute of Standards and Technology will maintain the voting software library.
According to the NSRL's Web site, the five vendors that have submitted software are: Diebold Inc., Election Systems & Software Inc., Hart InterCivic, Sequoia Voting Systems and VoteHere.
Soaries also said that the EAC will solicit information about suspicious electronic voting system activity, including software programming, and, if necessary, will request aggressive investigation from the U.S. Department of Justice Elections Crimes Branch. The EAC will also document incidents and record data concerning e-voting equipment malfunctions during the election.
Alfie Charles, a spokesman for Sequoia Voting Systems, said the NSRL will store "pristine copies" of vendor software "to help prepare for the inevitable challenges that take place whenever there are close elections." He also said that "this election is likely to be the most litigated and challenged contest we have ever seen."
Security experts and grass-roots voter advocacy groups, however, are skeptical of the vendor move.
Avi Rubin, a professor at Johns Hopkins University and a leading critic of the security controls put in place by e-voting system vendors, called the reference library "smoke and mirrors." The real threat to the election, he said, is that if "the code is already rigged, storing the hashes only guarantees the malicious code will be there if the hashes match."
Rubin also said he fears that the hash scheme will make it much harder to fix bugs and upgrade the systems and that binaries compiled on different platforms are not likely to match, which could create headaches for the vendors.
Kim Alexander, president of the grass-roots organization California Voter Foundation, called the submission good news, but only if there are no last-minute changes to the software.

Continued...
1 | 2 | NEXT  

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

"Earthlink partnership with Philly crashes and burns, defeated by mocha lattes and Big Macs..." Read more... "Now that Hewlett-Packard and Electronic Data Systems have decided to tie the knot, where does that put them -- and..." Read more... Read more Government & Regulation posts or See all Blogs

Tools circulate that crack Debian, Ubuntu keys Former Microsoft manager offers free fix for XP SP3 'endless reboot' Can Icahn take on the Yahoo board and win? More top stories...

DNS trouble knocks NSA off Internet Developers confirm, explain why they're avoiding Windows Vista NASA moves to save computers from swarming ants

Shuttle Columbia's hard drive data recovered from crash site Specialists have retrieved about 99% of the data on a disk drive on board the crashed space shuttle Columbia. Don't miss the photographs of the recovered drive. The top 15 vaporware products of all time These big ideas were supposed to revolutionize technology, but they never actually appeared. In a few cases, you'll be glad they didn't. Opinion: Malware vs. anti-malware, 20 years into the fray Nearly 20 years after the first Internet worm, Steven J. Vaughan-Nichols takes stock of the malware/anti-malware landscape and spotlights how the two sides are approaching the battle. Leopard at six months: Does it live up to the early hype? Though some thought it was released too soon, Mac OS X 10.5 has matured into a solid operating system, says reviewer Michael DeAgonia. Windows Vista A to Z Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS. More Continuing Coverage After 9/11: Homeland SecurityAsk a Premier 100 IT LeaderBlackBerry Legal BattleData Security BreachesElectronic VotingFirefoxH-1B VisasHP's Boardroom ScandalHandheld DevicesHurricane Katrina AftermathMicrosoft Legal IssuesMicrosoft's VistaOpen SourceRFID TechnologySCO's Linux FightSarbanes-Oxley ActSpamVoice Over IPWi-FiWindows Meta File VulnerabilityWindows XP Service Pack 2 IT Careers 2010 Four years from now, the IT field will be a vastly different place. Will you be ready? More Special Reports Premier 100 IT Leaders 2007 Best in Class2006 Computerworld Horizon Awards2006 Premier 100 IT Leaders2006 Salary Survey2007 Best Places to Work in IT2007 IT Forecast2007 Premier 100 IT Leaders40 Years of ComputerworldASPs, Take TwoBest Places to Work in IT 2003Best Places to Work in IT 2004Best Places to Work in IT 2005Best Places to Work in IT 2006Business Intelligence Home RunsBusiness Intelligence: Smarter BIBusiness Intelligence: The Future of BICRM Goes VerticalCRM: Sober CRMCareer Planning Guide 2005Careers: IT Profession 2010Computerworld Horizon Awards 2005Data Management: Mining for GemsData Management: Taming Data ChaosDevelopment: Hard-Workin' Web SitesDevelopment: New Tools New ChoicesDevelopment: The New World of Application DevelopmentDevelopment: The Web Services TsunamiDevelopment: Web Services HurdlesDisaster Recovery: Preparing for the WorstE-commerce Grows UpE-mail/Groupware: Big DecisionsFaces of Mobile ITForecast 2006Global MobileHardware: Multiple Cores, Multiple ChallengesHardware: On-Demand Un-HypedHardware: The Shape of Things to ComeHorizon Awards: 10 Cool Cutting Edge TechnologiesIT Management: Guide to Managing VendorsIT Management: Navigating Global ITIT Management: Recovery AheadIT Management: The Future of ITIT Management: The Resourceful Project ManagerInnovative Technology Awards 2004Management: Reinventing ITMicrosoft in TransitionMobile/Wireless Leaders and LaggardsMobile/Wireless: The Untethered WorkerMobile/Wireless: Tiny Gadgets, Huge CostsNetwork Management: Taking ControlNetworking: Turbulence Ahead!Networking: VoIP Goes MainstreamOperating Systems: In the Slow LaneOperating Systems: Linux Goes GlobalOperating Systems: Should You Nix Unix?Outsourcing: Offshore Buyer's GuideOutsourcing: Outsourcing DangersPremier 100 IT Leaders 2004 Best in ClassPremier 100 IT Leaders 2005 Best in ClassROI: Do the Math!Salary Survey 2003Salary Survey 2004Salary Survey 2005Security Action PlanSecurity: Compliance HeadachesSecurity: Proactive SecuritySecurity: Risk and RewardSecurity: Tips From Security ProsSouped-up SecurityStorage: Battling ComplexityStorage: Cheap & Secure Data StoresStorage: Stretching Your Storage DollarsStorage: The Lean Storage MachineStorage: The New Rules of StorageStorage: The Ultimate Backup GuideSupply Chain: Missing LinksSupply Chain: RFID Reality CheckThe Business of SecurityWeb 2.0 SecurityWireless: Wireless At Work All Zones Application Performance Zone Enterprise-Class Security Zone Enterprise Solutions Zone The File Data Management Zone Grid Computing on Windows Zone Security Management Zone ITIL Best Practices Zone The SAS Zone Storage Virtualization Zone The Data Center Management Zone See your link here

Computerworld Report: Storage Gets Strategic Download this Computerworld Report, free, compliments of HP. (Source: Computerworld) Data Storage has emerged from the back room to become a key part of regulatory compliance, disaster recovery and strategic tecnhology plans. Learn more in this new this Computerworld report, a $49.95 value, available free for a limited time, compliments of HP. Download this executive briefing  Long Tail Supplier Collaboration - What's In It For You? Long Tail Supplier Collaboration - What's In It For You? Download this webcast, free, compliments of Sterling Commerce Go to the webcast  Developing FIPS 140-validated Solutions for the Federal Government Using RSA BSAFE Software Get this white paper! (Source: RSA) The U.S. House of Representatives' Committee on Government Reform recently released the 2005 edition of its Federal Information Security Management Act (FISMA) report card. Unfortunately, the news was not good. The 25 major government agencies reported 15% of the IT systems remained uncertified/unaccredited while 6 agencies lacked effective corrective action plans, illustrating little improvement in the level of information security for government agencies compared to previous reports. Government agencies at all levels are entrusted with sensitive information about citizens, military personnel and others. As is the case with private industry, breaches of that information can create a public relations debacle and end up costing dearly-not just monetarily, but in public trust. Defense, security and diplomatic agencies are entrusted with even more sensitive information, which, in the wrong hands, could threaten national and international security. Download this white paper  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. Six Support Issues That Keep Execs Awake at Night Spam Spikes: A Real Risk to Your Business The New Foundation of Storage: Xiotech's Intelligent Storage Element View more whitepapers

• Tools circulate that crack Debian, Ubuntu keys
• Former Microsoft manager offers free fix for XP SP3 'endless reboot'
• Can Icahn take on the Yahoo board and win?
• More top stories 

Since You Asked A weekly storage column from storage analyst, Steve Duplessie of the Enterprise Strategy Group Click here to read the latest column by Steve Duplessie



Eliminate SPAM, Gain Productivity Learn all about the dangers and the costs of spam in all its forms – from stock-touting to spreadsheet. Also, understand the drawbacks of traditional hardware- and software-based defenses – and the unique benefits of MessageLabs multi-layered, managed Anti-Spam solution; as illustrated by a real-world case study where MessageLabs stopped spam cold. Download this white paper now!  See more Whitepapers



The Spy Files For Congress to do anything that helps protect consumers and the critical Internet infrastructure as a whole, it must pass laws that require proactive processes to protect computers, not that tell people how to deal with the resulting mess, says Ira Winkler. Click here to read the latest column by Ira Winkler



The Impact of Messaging and Web Threats Messaging, internal and Web-based threats are increasing in number and severity. The risks to organizations large and small are real problems that users and their employers face if they do not establish adequate defenses against this growing variety of threats. Read this Osterman Research paper to learn how organizations must implement a layered defensive strategy to protect against all types of threats and how Sunbelt Software can help. Download this white paper now