Ohio e-voting system security bashed in new state report

Computerworld - E-voting in Ohio faces a host of potential security, equipment and process changes following the release of an 86-page report that criticizes the existing e-voting systems used in the state.

The report concludes that security shortcomings in Ohio's e-voting systems are a continuing danger to the accuracy of elections there.

The study was done at the request of Ohio Secretary of State Jennifer Brunner, who is in charge of the state's elections. Between Oct. 5 and Dec. 7, teams of academic researchers, accredited e-voting system testing labs and scientists evaluated the state's existing hardware and software and made recommendations for improvements.

The stakes are big for Ohio, which faces two key elections next year -- a March 4 primary election, and the Nov. 4 general election.

"The findings of the various scientists engaged by Project EVEREST are disturbing," the report states (download PDF). "These findings do not lend themselves to sustained or increased confidence in Ohio's voting systems. The findings appearing in the reports necessitate that Ohio's voting process be modified to eliminate as many known risks to voting integrity as possible, while keeping voting accessible to Ohio's voters."

EVEREST is short for Evaluation & Validation of Election-Related Equipment, Standards & Testing.

The main problem, according to the report, is that while security and privacy standards generally exist for critical technology systems, "unfortunately ... the computer-based voting systems in use in Ohio do not meet computer industry security standards and are susceptible to breaches of security that may jeopardize the integrity of the voting process."

The study, paid for with $1.9 million in federal money, allowed researchers to conduct security assessments on the e-voting equipment produced by the state's e-voting vendors -- Election Systems & Software (ES&S), Hart InterCivic and Premier Election Solutions Inc. (formerly Diebold Election Systems Inc.). Testing was done on system performance, configuration, operations and internal controls management. Following the testing, the results were reviewed by a bipartisan team of 12 county election board directors and deputy directors from across the state.

The report recommends that the state make the following changes:

• Move to a centralized counting of all votes where all ballot choices are sent electronically, rather than keeping track of votes in individual voting precincts. The idea, according to the report, is that a central ballot depository would be more secure by eliminating unnecessary and security-reducing local points of entry that could be infiltrated by intruders to change election results.


• Require that all e-voting machines in Ohio be optical-scan machines, which use a paper ballot that is scanned electronically and tabulated after being filled out by a voter. Presently, most voting precincts in the state use direct-recording electronic (DRE) touch-screen e-voting machines, where voters make their candidate selections using a touch screen. A paper-verifiable record is then printed out next to the machine so the voter can confirm that the correct votes are about to be recorded.


• Require counties that use touch-screen machines to offer paper ballots to voters who don't want to vote using a DRE machine in the upcoming March 4 primary election.