Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Studies question e-voting security

June 27, 2006 12:00 PM ET

IDG News Service - A series of new reports have again raised questions about the security of electronic voting machines, with one report identifying multiple vulnerabilities.

The Brennan Center for Justice at New York University School of Law, in a report released today, said three popular electronic voting systems are vulnerable to software attacks that could threaten the integrity of elections.

The center's Task Force on Voting System Security, made up of computer security experts from the U.S. government, universities and the private sector, unanimously recommended states conduct routine audits comparing voter-verified paper trails to the electronic record. The task force also recommended a ban on wireless components in voting machines. Currently, only three states ban wireless components on e-voting machines, but at least two e-voting machine vendors offer models with wireless technology.

"These machines are vulnerable to attack," Michael Waldman, the Brennan Center's executive director, said in a statement. "That's the bad news. The good news is that we know how to reduce the risks and the solutions are within reach."

Lawmakers need to take a "hard look" at the recommendations in the report, Howard Schmidt, a member of the task force, said in a statement. Schmidt is former White House cyber security advisor and former chief security officer at Microsoft Corp. and eBay Inc.

E-voting vendors have questioned the need for a paper trail with electronic machines, saying printers could add cost to the machines and cause machine shut-downs without providing more security. E-voting vendors say their machines are secure and a printout would do nothing more than replicate the voting numbers inside the machine.

The report details nine categories of possible attacks on e-voting machines, including attacks on tally servers and attacks designed to shut down e-voting machines.

While supporters of e-voting vendors say there's no evidence of software-based attacks on e-voting machines, the report suggests such attacks should be expected because "in the last several years, there have been increasingly sophisticated attacks on nonvoting computer systems."

The Information Technology Association of America  (ITAA), a trade group representing e-voting vendors, questioned the report, saying it was based on speculation, not performance. "Voting systems have to pass many levels of testing and scrutiny that detect vulnerabilities and allow for fixes," said Bob Cohen, ITAA's senior vice president. "To date, voting systems have not been successfully attacked in a live election. The purported vulnerabilities presented in this study, while interesting in theory, would be extremely difficult to exploit."

The report, available at http://www.brennancenter.org/programs/downloads/Full%20Report.pdf, also calls for Election Day testing of machines.

The Brennan Center study follows two other reports questioning e-voting security released this month. Last week, advocacy group Common Cause said 17 states using e-voting machines are at high risk of their election results being compromised because they use machines without paper backups. Among those states are Pennsylvania, Texas, New Jersey, Indiana and Maryland, Common Cause said.

Earlier in the month, Verified Voting, a group pushing for new security measures for e-voting machines, released a report on vulnerabilities of Diebold Inc. discovered by Harri Hursti of Black Box Voting. Twenty-seven states using Diebold machines are at risk of election fraud, some because they do not use paper trails, Verified Voting said.

 

 


Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.

Jump to comments

e-voting

Additional Resources

Microsoft
Here are some of the key reasons why you would want to run Unified Access Gateway with DirectAccess.
Microsoft
Review how one energy firm tightened protection and simplified IT work using business-ready security solutions.
Sybase
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

White Papers & Webcasts

Death to PST Files
Download Now  

Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".

eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!  

Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...


IT Jobs