Feds Issue Test Copies of E-voting Software
Officials can match digital signatures to reference copies, but initial use is limited
Computerworld - Federal officials last week released a set of software files submitted by five vendors of e-voting systems and voting verification tools, saying that election officials can use the code and related digital signatures to check whether the software they have bought has been modified without their knowledge.
But the so-called reference data set issued by the National Institute of Standards and Technology will likely be of little use to state officials for verifying the integrity of e-voting systems being used in tomorrow's election. And the future value of the files could be limited for states that have customized their e-voting software.
The National Software Reference Library's (NSRL) Web site said the files typically can be used only to check software that has yet to be installed on a voting machine. The notice added that "with limited exceptions," e-voting software can't generate digital signatures after it has been installed.
The NSRL notice also said that election authorities using software that has been legitimately altered won't be able to use the reference data set to compare digital signatures. Only signatures derived from the identical product releases submitted by the five vendors are available on the NSRL's Web site.
Vendors that had provided software to the NSRL as of Oct. 22 include Diebold Inc., Election Systems & Software Inc., Hart InterCivic Inc., Sequoia Voting Systems Inc. and VoteHere Inc. Oakland, Calif.-based Sequoia said it has made several submissions over the past two weeks.
Bellevue, Wash.-based VoteHere said in late June that it had submitted a reference source-code implementation for inclusion in the NSRL. Omaha-based ES&S made a similar announcement in August, and Austin-based Hart InterCivic followed suit in mid-October. North Canton, Ohio-based Diebold couldn't be reached for comment.
The submissions were made after the U.S. Election Assistance Commission called on all e-voting software vendors to provide code to the NSRL. In a letter dated July 13, commission Chairman DeForest Soaries Jr. said having access to the code would "facilitate the tracking of software version usage." Some observers have claimed that vendors have installed patches and upgrades prior to elections without letting officials inspect the code first. Sequoia spokesman Alfie Charles said the NSRL is storing "pristine copies" of vendor-submitted software "to help prepare for the inevitable challenges that take place whenever there are close elections."
But Avi Rubin, a professor at Johns Hopkins University who has criticized e-voting security controls, called the NSRL "smoke and mirrors." Rubin said that if e-voting software "is already rigged, storing the [digital signature] hashes only guarantees that the malicious code will be thereif the hashes match."
Kim Alexander, president of the California Voter Foundation, called the vendor submissions good news, but only if there are no last-minute changes to the software. "If there are technical problems with software vote counts on election night, it's possible that vendors will, as they have in the past, install patches or upgrades to get the vote count started again," she said.
Election officials will have to keep a public audit log of all software testing and installations to ensure that there's no appearance of impropriety, Alexander added.
Read more about Business Intelligence/Analytics in Computerworld's Business Intelligence/Analytics Topic Center.
- The Big Data Security Analytics Era Is Here New security risks and old security challenges often overwhelm legacy security controls and analytical tools.
- Building an Intelligence-Driven Security Operations Center The openness of today's networks and the growing sophistication of advanced threats make it almost impossible to prevent cyber attacks and intrusions.
- Seattle Children's Accelerates Citrix Login Times by 500% with Cross-Tier Insight Seattle Children's is a leading research hospital with a large and growing Citrix XenDesktop deployment. With ExtraHop, the IT team at Seattle Children's...
- McKesson Makes Application Hosting for Hospitals Faster, More Efficient With ExtraHop, McKesson identified the root cause of slow Citrix XenApp application launches and adopted a more intelligent, proactive IT operations model that...
- Charting Your Analytical Future - "Making predictive analytics part of your business processes" Webinar This session will show how predictive analytics can be used throughout the organization by anyone looking for answers and how organizations can make...
- Capturing Data in Motion: Delivering Real-Time Insight from Data Streams This webcast will help organizations of all types and sizes learn about a technology and business strategy for tapping into the wealth of... All Business Intelligence/Analytics White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!