Diebold e-voting machines certified in California

But the move is conditional and requires special security procedures

Election officials in California have certified controversial e-voting gear from Diebold Election Systems Inc. for the 2006 voting season, despite security concerns raised by e-voting opponents.

The machines are the AccuVote-TSx touch screen and the AccuVote-OS optical scan devices. California Secretary of State Bruce McPherson announced Feb. 17 (download PDF) that he had given conditional approval for the gear with the proviso that special security procedures be observed when using it. Additionally, in the long term, Diebold must fix the security vulnerabilities if it wishes to keep its certification.

California, like a number of other states, will use these machines to comply with the Help America Vote Act (HAVA), which stipulates that every voting precinct have a touch screen or optical scan system that is handicapped-accessible. States that are non-compliant, such as New York, face legal action from the U.S. Department of Justice (see ”New York Faces Federal Suit Over Voter Accessibility Law”).

Over the past few months, California has been scrambling to attain compliance and working to certify voting machine vendors. However, there have been questions around the security of Diebold’s machines, including the AccuVote-OS, in particular. That hardware was the subject of high-profile hacks by experts (see ”Q&A: E-voting systems hacker sees ‘particularly bad’ security issues”). So, as part of the California certification process, which included both state and federal reviews of the devices, the state sponsored special testing on the source code in the Diebold systems’ memory cards by a Voting Systems Technology Advisory Board. Working with the board were computer scientists from the University of California at Berkeley.

According to McPherson’s spokeswoman, these reviewers are among “some of the harshest critics” of electronic voting machines. Their findings (download PDF) indicated the machines had security vulnerabilities that could be mitigated by using best practices, she said.

As part of the certification, McPherson is mandating that any county employing the Diebold gear implement a set of new security procedures, which will also require poll working re-training. The mandates require that administrators reset the cryptographic keys on every AccuVote-TSx machine from the factory-installed default prior to use in an election. Additionally, each memory card must be programmed in a secured facility under the supervision of the registrar of voters. After being programmed for the election, the card must immediately be inserted into its device and sealed.

The spokeswoman also said that McPherson’s office has requested that Diebold fix weaknesses in the machines’ firmware if the company wants to be a vendor in the state after 2006. After those fixes are completed, Diebold will have to be re-certified, she said. “In the meantime, we are confident that this system has been through the most rigorous process in the nation,” she said.

In a statement, Diebold said it “wholeheartedly agrees” with the proposed security procedures. Diebold also said it intends immediately to harden the security in its optical-scan firmware, as well as use strong cryptography technology to create digital signatures that would help detect any tampering with the devices.

At least one other state, Florida, is following California's example and hardening its security procedures. Dawn Roberts, Florida’s director of the Division of Elections, issued new guidance to the state’s elections supervisors.

“The bureau recognizes that as technology evolves so must our security procedures surrounding the operations of our voting systems,” Roberts said in a memorandum to county supervisors. “As we identify new procedures and guidelines that are necessary, it is paramount that county supervisors amend their security procedures.”

The memorandum said that any potential vulnerabilities highlighted by the recent California tests can be dealt with by new security safeguards. The new guidelines, which cover access to and the transportation of voting gear components, won’t be limited to Diebold touch-screen devices; they apply to any voting system used in Florida.

Said Roberts: “The success of a certified voting system is largely dependent upon the security employed.”

Copyright © 2006 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon