California finds e-voting software had errors, data deletion functions
Diebold knew about the flaw for years
Computerworld - A report released on Monday by California's secretary of state, Debra Bowen, explains how nearly 200 votes were deleted from the official results for Humboldt County during November's presidential election, and identifies several problems with the e-voting technology from Premier Election Solutions, which was used by the county.
Among the problems identified in the report (PDF document) is one that allows operators of some e-voting machines from Premier, a Diebold subsidiary formerly called Diebold Elections Systems, to delete crucial audit logs that, under federal standards, are supposed to be stored permanently on the systems.
In addition, the report noted the version of Premier's Global Election Management System (GEMS) that was used in Humboldt County's e-voting machines failed to maintain required logs of important system events, and generated inaccurate data and time stamps in several cases.
It was not the first time Premier's e-voting machines have been at the center of a controversy. Last August, Premier initially blamed antivirus software from McAfee Inc. for a problem that resulted in its system dropping hundred of votes during the primaries in Ohio.
Later, the company changed its story and said the problem had been caused by a "logic error" in its GEMS source code, not McAfee's software.
Secretary of State Bowen's report, which was submitted to the U.S. Election Assistance Commission, said that Premier had known about the problems for at least four years but had not adequately warned the county about it. "The number of votes erroneously deleted from the election results reported by GEMS in this case greatly exceeds the maximum allowable error rate established by [Help America Vote Act]," the report noted.
The defects in the software version violate voting system standards established in 1990 and would have made the systems ineligible for use in an election had they been detected, the report said.
The secretary's office initiated the investigation after a volunteer group called the Humboldt County Election Transparency Project conducted an independent scan of all the ballots cast in the county during the presidential elections and discovered that 197 more ballots had been cast than in the official count. An inquiry into that discrepancy later led to the issue in the GEMS software.
According to the report, the error resulted from a so-called "Deck 0" flaw in the central counting server in the version of GEMS software used in Humboldt County's e-voting machines. The error "silently deletes" all tallied votes from the first batch or "deck" of ballots that is scanned into the system, the secretary's report said. The deletion results whenever an operator, at any point after the first batch of voted ballots is scanned into the system, deletes any subsequent batch for any reason, the report said.
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Confront consumerization with convergence Virtualization expert Elias Khnaser spotlights the security, compliance, and governance issues that arise when enterprise users "consumerize" with shadow IT and public cloud...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Legal White Papers | Webcasts