Ohio e-voting system security bashed in new state report
Problems threaten the integrity of future elections, officials say
Computerworld - E-voting in Ohio faces a host of potential security, equipment and process changes following the release of an 86-page report that criticizes the existing e-voting systems used in the state.
The report concludes that security shortcomings in Ohio's e-voting systems are a continuing danger to the accuracy of elections there.
The study was done at the request of Ohio Secretary of State Jennifer Brunner, who is in charge of the state's elections. Between Oct. 5 and Dec. 7, teams of academic researchers, accredited e-voting system testing labs and scientists evaluated the state's existing hardware and software and made recommendations for improvements.
The stakes are big for Ohio, which faces two key elections next year -- a March 4 primary election, and the Nov. 4 general election.
"The findings of the various scientists engaged by Project EVEREST are disturbing," the report states (download PDF). "These findings do not lend themselves to sustained or increased confidence in Ohio's voting systems. The findings appearing in the reports necessitate that Ohio's voting process be modified to eliminate as many known risks to voting integrity as possible, while keeping voting accessible to Ohio's voters."
EVEREST is short for Evaluation & Validation of Election-Related Equipment, Standards & Testing.
The main problem, according to the report, is that while security and privacy standards generally exist for critical technology systems, "unfortunately ... the computer-based voting systems in use in Ohio do not meet computer industry security standards and are susceptible to breaches of security that may jeopardize the integrity of the voting process."
The study, paid for with $1.9 million in federal money, allowed researchers to conduct security assessments on the e-voting equipment produced by the state's e-voting vendors -- Election Systems & Software (ES&S), Hart InterCivic and Premier Election Solutions Inc. (formerly Diebold Election Systems Inc.). Testing was done on system performance, configuration, operations and internal controls management. Following the testing, the results were reviewed by a bipartisan team of 12 county election board directors and deputy directors from across the state.
The report recommends that the state make the following changes:
- Move to a centralized counting of all votes where all ballot choices are sent electronically, rather than keeping track of votes in individual voting precincts. The idea, according to the report, is that a central ballot depository would be more secure by eliminating unnecessary and security-reducing local points of entry that could be infiltrated by intruders to change election results.
- Require that all e-voting machines in Ohio be optical-scan machines, which use a paper ballot that is scanned electronically and tabulated after being filled out by a voter. Presently, most voting precincts in the state use direct-recording electronic (DRE) touch-screen e-voting machines, where voters make their candidate selections using a touch screen. A paper-verifiable record is then printed out next to the machine so the voter can confirm that the correct votes are about to be recorded.
- Require counties that use touch-screen machines to offer paper ballots to voters who don't want to vote using a DRE machine in the upcoming March 4 primary election.
- Securing Mobile App Data - Comparing Containers and App Wrappers Analysts agree that Mobile Device Management (MDM) is not enough when it comes to securing app data. Although it remains a critical component...
- PCI 3.0 Compliance In this white paper, learn how PCI-DSS 3.0 effects how you deploy and maintain PCI compliant networks using CradlePoint devices.
- Mitigating Security Risks at the Networks Edge This white paper provides strategies and best practices for distributed enterprises to protect their networks against vulnerabilities, threats, and malicious attacks.
- 5 Strategies for Modern Data Protection Read the five strategies for modern data protection that will not only help solve your current data management challenges but also ensure that...
- Business-driven data protection Setting up data protection infrastructures with your organizations' core mission or business in mind is key. In this webinar, the ARCserve team will...
- On-Demand Webinar: Mind the Gap! Watch the webinar featuring Bob Janssen, CTO and Co-Founder of RES Software, to start building a solid foundation for business and IT to... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!