Feds Issue Test Copies of E-voting Software
Officials can match digital signatures to reference copies, but initial use is limited
Computerworld - Federal officials last week released a set of software files submitted by five vendors of e-voting systems and voting verification tools, saying that election officials can use the code and related digital signatures to check whether the software they have bought has been modified without their knowledge.
But the so-called reference data set issued by the National Institute of Standards and Technology will likely be of little use to state officials for verifying the integrity of e-voting systems being used in tomorrow's election. And the future value of the files could be limited for states that have customized their e-voting software.
The National Software Reference Library's (NSRL) Web site said the files typically can be used only to check software that has yet to be installed on a voting machine. The notice added that "with limited exceptions," e-voting software can't generate digital signatures after it has been installed.
The NSRL notice also said that election authorities using software that has been legitimately altered won't be able to use the reference data set to compare digital signatures. Only signatures derived from the identical product releases submitted by the five vendors are available on the NSRL's Web site.
Vendors that had provided software to the NSRL as of Oct. 22 include Diebold Inc., Election Systems & Software Inc., Hart InterCivic Inc., Sequoia Voting Systems Inc. and VoteHere Inc. Oakland, Calif.-based Sequoia said it has made several submissions over the past two weeks.
Bellevue, Wash.-based VoteHere said in late June that it had submitted a reference source-code implementation for inclusion in the NSRL. Omaha-based ES&S made a similar announcement in August, and Austin-based Hart InterCivic followed suit in mid-October. North Canton, Ohio-based Diebold couldn't be reached for comment.
The submissions were made after the U.S. Election Assistance Commission called on all e-voting software vendors to provide code to the NSRL. In a letter dated July 13, commission Chairman DeForest Soaries Jr. said having access to the code would "facilitate the tracking of software version usage." Some observers have claimed that vendors have installed patches and upgrades prior to elections without letting officials inspect the code first. Sequoia spokesman Alfie Charles said the NSRL is storing "pristine copies" of vendor-submitted software "to help prepare for the inevitable challenges that take place whenever there are close elections."
But Avi Rubin, a professor at Johns Hopkins University who has criticized e-voting security controls, called the NSRL "smoke and mirrors." Rubin said that if e-voting software "is already rigged, storing the [digital signature] hashes only guarantees that the malicious code will be thereif the hashes match."
Kim Alexander, president of the California Voter Foundation, called the vendor submissions good news, but only if there are no last-minute changes to the software. "If there are technical problems with software vote counts on election night, it's possible that vendors will, as they have in the past, install patches or upgrades to get the vote count started again," she said.
Election officials will have to keep a public audit log of all software testing and installations to ensure that there's no appearance of impropriety, Alexander added.
Read more about Business Intelligence/Analytics in Computerworld's Business Intelligence/Analytics Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The value of smarter oil and gas fields With global energy requirements continuing to rise, the exploration, development and production of new oil and gas resources are shifting to increasingly challenging...
- Smarter Environmental Analytics Solutions: Offshore Oil and Gas Installations Example This IBM Redbooks® Solution Guide describes a solution for implementing smarter environmental monitoring and analytics for oil and gas industries. The solution implements...
- Piecing Together the Business Intelligence Puzzle Business intelligence (BI) technology collects and analyzes company data, delivering relevant information to corporate decision-makers in an effort to produce favorable outcomes.
- Harness IT -- An Introduction to Business Intelligence Solutions Learn the key selection criteria required to provide your organization with the capability to address structured data, unstructured data and mobile demands so...
- Live Webcast Increasing the Value of Your Reports and Dashboards Learn how incorporating other analytical capabilities such as predictive modeling and visualization can increase the value of your reports and dashboards by providing...
- The Software-Defined Data Center: Is your ADC ready? Data center transformation is accelerating beyond virtualization to next-generation cloud architectures and software-defined data centers, bringing new challenges for application performance, scalability and...
- Application Acceleration: Optimize the End-User Experience Watch this on-demand webcast and learn how you can optimize your web content, accelerate performance across any device and browser combination, and offload... All Business Intelligence/Analytics White Papers | Webcasts