ES&S Voting Machine Reviewed: Security Is Lacking
from the you-expected-otherwise? dept
ES&S is already involved in a lawsuit for providing uncertified software to California e-voting machines, but things keep getting worse for the company. Beyond all the other problems it's had with buggy machines and a defiant attitude towards anyone who questions the company, California has finally produced the independent security team review of the ES&S machines used in California and it's not pretty. You may recall that all of the other e-voting machines were reviewed by independent researchers four months ago. ES&S, however, wasn't included in that review because the company stubbornly refused to hand over its source code until well after the deadline, meaning that the review had to wait. However, the results are pretty similar to the other machines. The machine was clearly not built with security in mind, as both the software and the physical security were found to be lacking and easily violated in ways that would not leave much of a trace. At this point, none of this should be even remotely surprising. What still is surprising is why none of these firms will even admit that their approaches to date have fallen well short of what was necessary -- while committing to building new machines that actually have real security and accountability built in.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: california, e-voting
Companies: es&s
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
Fixed. Perfect thing to quote in regards to these 'voting machines.'
I'm honestly surprised the government (state or better yet, Federal) doesn't treat these like they do military hardware. Send out an RFP (request for proposal) with specific needs and do a competitive bid.
Should the winning bid fail to meet the needs (such as being able to be compromised as easily as these POSes) move on to the next bidder.
Then once they get a working model, STANDARDIZE IT and use it until a flaw is found.
Won't happen, but it'd be nice.
[ link to this | view in chronology ]
Re:
Function:noun
Date:1663
: the state or fact of being incompetent
Or in this case, the state of desperately needing a spell checker in the comments area
[ link to this | view in chronology ]
Hmmm
What would it take to HIT the BIOS and lock down ALL ports.
USE a BASIC input device, like a Numeric pad ONLY.
And make the Whole program in GW basic.. Or just use DOS, and HTML..
WHAt is so hard about LOCKING down ports, and NOT installing DRIVERS for those ports...UNLESS you want to USE WINDOWS, there SHOULDNT be a problem.
[ link to this | view in chronology ]
Re: Hmmm
As far as the voting machines go, why are we even allowing this to continue?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Technology is the wrong answer
And I say that as a long-time technologist.
Part of the reason that it's the wrong answer is that the wrong question is being asked -- or perhaps another way to put that is that the wrong requirements are being articulated. Consider, for example: what is the functional requirement for the time lag between end-of-voting and result reporting?
I submit that the answer to that question ranges somewhere from "days" to "weeks", as in most countries there is a considerable lag between when an election's winner is determined and when that winner assumes office. There is thus no functional requirement for real-time reporting of results. (Yes, I'm aware that the media would like this, but elections are not run for the benefit of media. It is vitally important to get the numbers right; it is of no importance at all to get them quickly.)
This line of reasoning (and others similar to it) lead me to the conclusion that very simple voting systems (e.g., pencil and paper) will meet all functional requirements. In addition, such systems are well-understood -- in part due to long experience in the field -- and numerous anti-fraud techniques are known for them.
The answer isn't to "fix" these hopelessly-broken voting machines; the answer is to dispense with them entirely.
(Let me anticipate a possible counter-argument about the tedium of having tens of millions of ballots repeatedly hand-counted over a period of (say) a few weeks: don't you think that democracy's worth that minor delay and trifling inconvenience?)
[ link to this | view in chronology ]
ES&S has installed pcanywhere which allows anyone even overseeas
[ link to this | view in chronology ]