Ohio e-voting system security bashed in new state report
Problems threaten the integrity of future elections, officials say
Computerworld - E-voting in Ohio faces a host of potential security, equipment and process changes following the release of an 86-page report that criticizes the existing e-voting systems used in the state.
The report concludes that security shortcomings in Ohio's e-voting systems are a continuing danger to the accuracy of elections there.
The study was done at the request of Ohio Secretary of State Jennifer Brunner, who is in charge of the state's elections. Between Oct. 5 and Dec. 7, teams of academic researchers, accredited e-voting system testing labs and scientists evaluated the state's existing hardware and software and made recommendations for improvements.
The stakes are big for Ohio, which faces two key elections next year -- a March 4 primary election, and the Nov. 4 general election.
"The findings of the various scientists engaged by Project EVEREST are disturbing," the report states (download PDF). "These findings do not lend themselves to sustained or increased confidence in Ohio's voting systems. The findings appearing in the reports necessitate that Ohio's voting process be modified to eliminate as many known risks to voting integrity as possible, while keeping voting accessible to Ohio's voters."
EVEREST is short for Evaluation & Validation of Election-Related Equipment, Standards & Testing.
The main problem, according to the report, is that while security and privacy standards generally exist for critical technology systems, "unfortunately ... the computer-based voting systems in use in Ohio do not meet computer industry security standards and are susceptible to breaches of security that may jeopardize the integrity of the voting process."
The study, paid for with $1.9 million in federal money, allowed researchers to conduct security assessments on the e-voting equipment produced by the state's e-voting vendors -- Election Systems & Software (ES&S), Hart InterCivic and Premier Election Solutions Inc. (formerly Diebold Election Systems Inc.). Testing was done on system performance, configuration, operations and internal controls management. Following the testing, the results were reviewed by a bipartisan team of 12 county election board directors and deputy directors from across the state.
The report recommends that the state make the following changes:
- Move to a centralized counting of all votes where all ballot choices are sent electronically, rather than keeping track of votes in individual voting precincts. The idea, according to the report, is that a central ballot depository would be more secure by eliminating unnecessary and security-reducing local points of entry that could be infiltrated by intruders to change election results.
- Require that all e-voting machines in Ohio be optical-scan machines, which use a paper ballot that is scanned electronically and tabulated after being filled out by a voter. Presently, most voting precincts in the state use direct-recording electronic (DRE) touch-screen e-voting machines, where voters make their candidate selections using a touch screen. A paper-verifiable record is then printed out next to the machine so the voter can confirm that the correct votes are about to be recorded.
- Require counties that use touch-screen machines to offer paper ballots to voters who don't want to vote using a DRE machine in the upcoming March 4 primary election.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts