California Wants All E-Voting Machines To Get Independent Review By Security Experts

from the good-for-CA dept

Thu, Mar 29th 2007 9:36am — Mike Masnick

One of our biggest complaints with e-voting systems is that all of the testing is done under severely limited conditions. Neither the voting machine companies nor election officials (with a few very rare exceptions -- who are quickly punished) are willing to let security researchers fully explore the machines for security flaws. No good explanation is ever given for this. Diebold once protested such tests by saying it would undermine "the public's confidence in the security and accuracy" in the machines. That's funny -- if Diebold is worried that such testing would make the public lose confidence in its machines, isn't that an admission that the machines aren't secure enough?

We may soon find out. California politicians are proposing a new e-voting law that would require all e-voting machines in the state to be available for hacking attempts by "red teams" of computer security experts. Of course, the e-voting firms are already complaining, saying there wouldn't be enough time for the firms to upgrade machines -- which, again, certainly sounds like an admission that the firms know that the current machines aren't secure or accurate. You would think that any company that was confident in the security and accuracy of its machines would be overjoyed at the opportunity to have third-party security experts show how secure their machines are.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

10 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Casper, 29 Mar 2007 @ 10:05am

Whining...
This is a good thing. Anything this important can not be left up to individual companies quality control. All they want it to do is work, but they don't spend nearly enough time trying to break it. On the contrary, that is exactly what a person with malicious intent will be doing.

Look at it this way, it's free testing by professionals. Stop complaining and build a better product.
[ link to this | view in chronology ]
Anonymous Coward, 29 Mar 2007 @ 10:21am

These guys are mentally on another planet. We're not going to accept any excuses--ANY--hear that? You're providing equipment for a sacred purpose. I expect no complaints about any measure of caution or any degree of concern. If I was on a board responsible for making these purchasing decisions, I would immediately disqualify any firm that I heard bitching and moaning.
[ link to this | view in chronology ]
Ajax 4Hire, 29 Mar 2007 @ 11:28am

Microsoft, Oracle, IBM all
give free reign to the world to try to crack their software (as well as any flavor of Linux).

If the eVoting machine makers are so fearful I can only guess it is because they have reason to fear; their machines are so security weak that they would not stand even minor testing.

I will huff and puff and blow your eVoting machine down. It needs to withstand the brick test.

I like the previous note about RIAA lawsuits:
"Straw will burn."
[ link to this | view in chronology ]
Geekfather, 29 Mar 2007 @ 12:14pm

Careful Cali...
Diebold may sue you over this!
[ link to this | view in chronology ]
Mischa, 29 Mar 2007 @ 12:50pm

According to the linked article, it is the county election officials who are complaining about lack of time for upgrades, not the e-voting companies themselves.
[ link to this | view in chronology ]
Ajax 4Hire, 29 Mar 2007 @ 1:15pm

I was careful to not mention the
eVoting machine vendor name.

For anything to last it must stand the test of time.
MSDOS, feudalism, eatable underwear, communism, IBM PCs and the AMC Gremlin can attest to the harsh wind of time.

The eVoting machine will be attacked. Someone will try. The only question is how well the eVoting machine will repel the attack.
[ link to this | view in chronology ]
Coward, 29 Mar 2007 @ 2:06pm

Bring on the Red Team!
Major companys have independant red teams check for security flaws. I sure would feel a better if independant security expert had a chance to hack them.
[ link to this | view in chronology ]
Adam, 29 Mar 2007 @ 2:07pm

so..
Feudalism, edible underwear, and most certainly communism, (and to a greater extent socialism) are all still VERY around. find better examples

i agree with your point though.

and most certainly agree with the notion that these companies very clearly are hiding something.

that was patently obvious when that "evoting machine company employee" happened across this blog a while back.
[ link to this | view in chronology ]
Adam, 29 Mar 2007 @ 2:09pm

also..
... does the term "red team" remind anyone else of a certain scene from a certain themed movie with a certain popular "news" entertainer spouting off about teams of armed men hiding in the bushes on the back of a 20 dollar bill? man?
[ link to this | view in chronology ]
Anonymous Coward, 29 Mar 2007 @ 6:58pm

Between plain stupidity and corrupt politicians, we're all f****d - unless we get real loud and tough.

I'm mad as hell and I won't take it anymore.
(what movie was that from?)
[ link to this | view in chronology ]