California finds e-voting software had errors, data deletion functions
Diebold knew about the flaw for years
Computerworld - A report released on Monday by California's secretary of state, Debra Bowen, explains how nearly 200 votes were deleted from the official results for Humboldt County during November's presidential election, and identifies several problems with the e-voting technology from Premier Election Solutions, which was used by the county.
Among the problems identified in the report (PDF document) is one that allows operators of some e-voting machines from Premier, a Diebold subsidiary formerly called Diebold Elections Systems, to delete crucial audit logs that, under federal standards, are supposed to be stored permanently on the systems.
In addition, the report noted the version of Premier's Global Election Management System (GEMS) that was used in Humboldt County's e-voting machines failed to maintain required logs of important system events, and generated inaccurate data and time stamps in several cases.
It was not the first time Premier's e-voting machines have been at the center of a controversy. Last August, Premier initially blamed antivirus software from McAfee Inc. for a problem that resulted in its system dropping hundred of votes during the primaries in Ohio.
Later, the company changed its story and said the problem had been caused by a "logic error" in its GEMS source code, not McAfee's software.
Secretary of State Bowen's report, which was submitted to the U.S. Election Assistance Commission, said that Premier had known about the problems for at least four years but had not adequately warned the county about it. "The number of votes erroneously deleted from the election results reported by GEMS in this case greatly exceeds the maximum allowable error rate established by [Help America Vote Act]," the report noted.
The defects in the software version violate voting system standards established in 1990 and would have made the systems ineligible for use in an election had they been detected, the report said.
The secretary's office initiated the investigation after a volunteer group called the Humboldt County Election Transparency Project conducted an independent scan of all the ballots cast in the county during the presidential elections and discovered that 197 more ballots had been cast than in the official count. An inquiry into that discrepancy later led to the issue in the GEMS software.
According to the report, the error resulted from a so-called "Deck 0" flaw in the central counting server in the version of GEMS software used in Humboldt County's e-voting machines. The error "silently deletes" all tallied votes from the first batch or "deck" of ballots that is scanned into the system, the secretary's report said. The deletion results whenever an operator, at any point after the first batch of voted ballots is scanned into the system, deletes any subsequent batch for any reason, the report said.
- Transforming Business Performance with Hybrid Networks IT organizations globally are faced with the challenge to transform network architectures to deliver the right performance and reliability cost-effectively while retaining control....
- Accelerating the Delivery Microsoft Office 365 Many organizations use Office 365's cloud-based mail, collaboration and communication services as the dominant workload. However, as services move to the cloud, data...
- Path Selection Infographic Path selection technology provides the ability to re-direct select traffic and application flows through alternate WAN routes based on service metrics, such as...
- IDC ROI Infographic Trends such as evolving communication patterns, connection types, applications and bandwidth can have an impact on enterprise organizations. Learn how IT organizations can...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Legal White Papers | Webcasts