Ohio e-voting system security bashed in new state report
Problems threaten the integrity of future elections, officials say
Computerworld - E-voting in Ohio faces a host of potential security, equipment and process changes following the release of an 86-page report that criticizes the existing e-voting systems used in the state.
The report concludes that security shortcomings in Ohio's e-voting systems are a continuing danger to the accuracy of elections there.
The study was done at the request of Ohio Secretary of State Jennifer Brunner, who is in charge of the state's elections. Between Oct. 5 and Dec. 7, teams of academic researchers, accredited e-voting system testing labs and scientists evaluated the state's existing hardware and software and made recommendations for improvements.
The stakes are big for Ohio, which faces two key elections next year -- a March 4 primary election, and the Nov. 4 general election.
"The findings of the various scientists engaged by Project EVEREST are disturbing," the report states (download PDF). "These findings do not lend themselves to sustained or increased confidence in Ohio's voting systems. The findings appearing in the reports necessitate that Ohio's voting process be modified to eliminate as many known risks to voting integrity as possible, while keeping voting accessible to Ohio's voters."
EVEREST is short for Evaluation & Validation of Election-Related Equipment, Standards & Testing.
The main problem, according to the report, is that while security and privacy standards generally exist for critical technology systems, "unfortunately ... the computer-based voting systems in use in Ohio do not meet computer industry security standards and are susceptible to breaches of security that may jeopardize the integrity of the voting process."
The study, paid for with $1.9 million in federal money, allowed researchers to conduct security assessments on the e-voting equipment produced by the state's e-voting vendors -- Election Systems & Software (ES&S), Hart InterCivic and Premier Election Solutions Inc. (formerly Diebold Election Systems Inc.). Testing was done on system performance, configuration, operations and internal controls management. Following the testing, the results were reviewed by a bipartisan team of 12 county election board directors and deputy directors from across the state.
The report recommends that the state make the following changes:
- Move to a centralized counting of all votes where all ballot choices are sent electronically, rather than keeping track of votes in individual voting precincts. The idea, according to the report, is that a central ballot depository would be more secure by eliminating unnecessary and security-reducing local points of entry that could be infiltrated by intruders to change election results.
- Require that all e-voting machines in Ohio be optical-scan machines, which use a paper ballot that is scanned electronically and tabulated after being filled out by a voter. Presently, most voting precincts in the state use direct-recording electronic (DRE) touch-screen e-voting machines, where voters make their candidate selections using a touch screen. A paper-verifiable record is then printed out next to the machine so the voter can confirm that the correct votes are about to be recorded.
- Require counties that use touch-screen machines to offer paper ballots to voters who don't want to vote using a DRE machine in the upcoming March 4 primary election.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!