Want To Know Just How Bad Security Is For E-Voting Machines?

from the read-this dept

You may recall earlier this month that a judge in New Jersey barred some researchers from releasing their report into the security vulnerabilities found in e-voting machines from Sequoia that were being used in the state. Sequoia had fought hard to stop the research from even being done in the first place, let alone released, even threatening the researchers with lawsuits. Now, one of the researchers who did the research, Andrew Appel, has released a long report detailing a ridiculous number of security problems with Sequoia's machines. To be honest, it's not clear from the blog post about the report if this is the same one that's being suppressed or not, but it's pretty damning. Because this is an important issue that doesn't necessarily get enough attention, I'm reposting Appel's executive summary of just how screwed up these machines are:

Executive Summary

I. The AVC Advantage 9.00 is easily "hacked" by the installation of fraudulent firmware. This is done by prying just one ROM chip from its socket and pushing a new one in, or by replacement of the Z80 processor chip. We have demonstrated that this "hack" takes just 7 minutes to perform.

The fraudulent firmware can steal votes during an election, just as its criminal designer programs it to do. The fraud cannot practically be detected. There is no paper audit trail on this machine; all electronic records of the votes are under control of the firmware, which can manipulate them all simultaneously.

II. Without even touching a single AVC Advantage, an attacker can install fraudulent firmware into many AVC Advantage machines by viral propagation through audio-ballot cartridges. The virus can steal the votes of blind voters, can cause AVC Advantages in targeted precincts to fail to operate; or can cause WinEDS software to tally votes inaccurately. (WinEDS is the program, sold by Sequoia, that each County's Board of Elections uses to add up votes from all the different precincts.)

III. Design flaws in the user interface of the AVC Advantage disenfranchise voters, or violate voter privacy, by causing votes not to be counted, and by allowing pollworkers to commit fraud.

IV. AVC Advantage Results Cartridges can be easily manipulated to change votes, after the polls are closed but before results from different precincts are cumulated together.

V. Sequoia's sloppy software practices can lead to error and insecurity. Wyle's Independent Testing Authority (ITA) reports are not rigorous, and are inadequate to detect security vulnerabilities. Programming errors that slip through these processes can miscount votes and permit fraud.

VI. Anomalies noticed by County Clerks in the New Jersey 2008 Presidential Primary were caused by two different programming errors on the part of Sequoia, and had the effect of disenfranchising voters.

VII. The AVC Advantage has been produced in many versions. The fact that one version may have been examined for certification does not give grounds for confidence in the security and accuracy of a different version. New Jersey should not use any version of the AVC Advantage that it has not actually examined with the assistance of skilled computer-security experts.

VIII. The AVC Advantage is too insecure to use in New Jersey. New Jersey should immediately implement the 2005 law passed by the Legislature, requiring an individual voter-verified record of each vote cast, by adopting precinct-count optical-scan voting equipment.

Happy voting!

Filed Under: e-voting, new jersey, security, vulnerabilities
Companies: sequoia

New Jersey Elections Board Says This Election Is Too Important To Allow Outside Observers

from the think-of-what-they-might-see dept

Transparency is key to a functioning democracy. No, we don't always have it, but we absolutely should be striving for it, or you can almost guarantee corruption will take over. That's why we've been so focused on the problems with e-voting machines for so many years, and pushing for increased transparency. Now, some of the researchers who wrote a recent suppressed report, about potential security problems with the Sequoia e-voting machines used in New Jersey, followed the procedures in place to be allowed to view the process by which votes are counted. This is a perfectly legal request. The Elections Board is allowed to offer "Challenger Badges" to those who would like to observe the election process. You would think that some Princeton-associated folks, with knowledge of e-voting, would be exactly the type of people that an Elections Board would want to observe the election, in order to make sure that it was done properly, and to make citizens more comfortable that their votes would be counted.

But, of course, that's not what happened.

Andrew Appel and Grayson Barber had their request rejected as the Elections Board claimed it was "too important" an election to allow in any outside observers. You would think that if the election is so important, having some experts on hand to make sure the process is done in an acceptable manner would be more important. You can understand why they don't want too many people in the room, or don't want anyone who is clearly a partisan activist -- but these are e-voting experts. There's simply no reason not to have them in the room, and rejecting them raises many more questions about New Jersey's process for counting votes.

Filed Under: andrew appel, e-voting, elections, grayson barber, new jersey, observers

Judge Won't Allow Researchers To Reveal Report On E-Voting Machines

from the it's-not-like-we-have-an-election-coming-up-that-use-these-machines dept

You may recall that earlier this year, after some serious problems were discovered with Sequoia's e-voting machines in New Jersey, that the state asked a group of independent researchers to investigate the machines and prepare a report. Sequoia threatened to sue the researchers though. Luckily, a court allowed the researchers to investigate the machines, and said that 30 days after the court had received the report, it could be released. However, Sequoia, in its usual "It can't be our fault, no, no!" fashion, has convinced the judge to suppress the report.

Despite the fact that we're a month away from an election that will use these machines that time and time again have been shown to have problems accurately and reliably counting votes, no one is allowed to see the report. Voters in New Jersey won't be told the results of the report until after it's too late to request absentee ballots. As the head researcher on the report notes, even New Jersey's governor and secretary of state are not allowed to read the report and use it to make public policy decisions that would more likely create a fair election. For so many years now, the e-voting companies have dismissed concerns, blocked attempts to investigate, threatened investigators and almost never admitted any fault, despite tons and tons of evidence that the machines simply do not work that well. It's a travesty that this report is being suppressed.

Filed Under: e-voting, new jersey, suppression
Companies: sequoia

New Jersey Court Says Independent Investigators Can Review E-Voting Machines

from the protect-the-vote dept

Last month, e-voting firm Sequoia threatened both independent researchers and New Jersey election officials if those independent researcher were allowed to inspect Sequoia's e-voting machines. This seemed like a very odd threat for a variety of reasons. Why wouldn't Sequoia want its machines inspected? The very fact that it was threatening legal action seemed like grounds to simply never use Sequoia e-voting machines. Sequoia claimed that existing inspections were enough, despite a history of problems in those inspections. Furthermore, Sequoia's own explanations for the problems with its machines in the primary elections this year were wrong. Ed Felten found that Sequoia's explanations didn't actually explain many of the problems. Unfortunately, though, with the threat of legal action, New Jersey agreed not to have Felten test the machines.

However, a New Jersey state judge has now ruled that it's perfectly reasonable for independent inspectors to review the machines. Unfortunately, she pushed back the date for such inspections until September, meaning that it won't affect this year's presidential election -- which will still use machines that may have problems. So while Sequoia didn't succeed in stopping independent examination of its machines, it did stall the process long enough so that the existing machines will stay in use for this year's elections -- despite the long list of problems that have been discovered with them. Apparently, we're still in beta when it comes to democracy.

Filed Under: e-voting, ed felten, inspections, new jersey
Companies: sequoia

New Jersey Says ISPs Need A Subpoena To Give Up Subscriber Info

from the it-really-needed-a-decision? dept

A bunch of folks have sent in the link about the New Jersey Supreme Court ruling that ISPs need a valid subpoena to hand over private info on your account to anyone -- including the police. While people are rightfully cheering this on as an excellent decision, what's troubling is the idea that anyone has felt otherwise. ISPs (and other service providers) shouldn't be handing out your private data without a valid legal reason no matter what -- and that should not have required a legal decision to make clear.

Filed Under: isps, new jersey, subpoena, subscriber info

Turns Out New Jersey E-Voting Problems Even Worse Than Originally Thought

from the care-to-explain dept

You may recall that last month, the state of New Jersey asked some top notch computer security researchers, including Ed Felten, to do an independent study of Sequoia's e-voting machines. That's because there were some worrisome discrepancies in the voting totals that the machines released. When Sequoia found out about this it threatened to sue, which seems fairly odd. If the company were confident in the quality of its e-voting machines, why wouldn't it want well-respected security researchers to take a look? However, Sequoia's legal threats worked, and the state of New Jersey nixed plans for that independent review. Sequoia also offered an explanation, claiming that it was all a minor bug, where the machine merely got mixed up about party affiliation -- but the vote totals would match up in the end. Guess what? That turns out to not be true.

Ed Felten has received a bunch of "summary tapes" from the last election in New Jersey, and while many of them do have the vote totals matching up correctly at the end at least two of the summary tapes simply don't add up, meaning that Sequoia's explanation of what went wrong is incorrect. Given how often the company has denied or hidden errors in its machines, despite a ton of evidence, we shouldn't be surprised that it was inaccurate in explaining away this latest problem as well. However, we should be outraged that the company refuses to allow third party researchers to investigate these machines. It's a travesty that any government would use them when they've been shown to have so many problems and the company is unwilling to allow an independent investigation.

Filed Under: e-voting, ed felten, intimidation, new jersey
Companies: sequoia

More On Sequoia's Legal Threats Against Ed Felten: The Intimidation Worked

from the freedom-to-threaten-lawsuits dept

Yesterday we covered the threats that e-voting firm Sequoia had sent to Ed Felten and to various officials in New Jersey. Unfortunately, it appears those threats worked: the election officials have backed down and agreed not to send Felten the machine to test. News.com has more details on both the reason for the test and Sequoia's response to the whole mess. The reason? Shockingly enough, Sequoia's e-voting machines malfunctioned during the primary in a way that should scare you: it gave two different vote counts. You would think that's a pretty good reason for allowing a qualified, well-respected researcher like Felten to check out the machines. No such luck. Sequoia has tried to explain it away as a bug, but that doesn't explain why the machines shouldn't be tested by a third party.

Sequoia's response to that question is disingenuous, claiming that the company "supports third party reviews and testing of its election equipment." If that's so, then why not Ed Felten? Well, because Sequoia says that the machines have already been through a "rigorous" independent review from an accredited Voting System Test Labs. Ah? Would that be one of the accredited Voting System Test Labs that was barred from further testing for not having proper controls in place and having no evidence that tests were actually conducted? Most of those tests have very limited real-world applicability -- which is what Felten is good at testing. Sequoia also lists out some independent tests in other states that the company was forced into accepting, as if it willingly took part in them. Yet, what the company doesn't explain is what it's so scared of in having Felten test its machine. If the company is confident in the machines, then where's the problem? As a last resort, Sequoia appeals to the fact that such a test would break a licensing agreement, noting that "Licensing agreements are standard practice in the technology industry." That's clearly a cop out. While it may be legally correct, it's no reason not to let a researcher try to figure out if there are any problems with its machines. This isn't some random technology here. This is the technology we're trusting with providing a free and fair election. Sequoia should be ashamed of pulling out legal threats and weak excuses.

Filed Under: e-voting, ed felten, intimidation, new jersey
Companies: sequoia

E-Voting Firm Threatens Ed Felten If He Reviews Its E-Voting Machine

from the well-that's-comforting dept

Many of the folks around here are surely aware of the name Ed Felten, the Princeton professor who runs the fantastic blog Freedom To Tinker, and who has been involved in a number of important technology news stories over the years. One of the first that brought him to much wider attention in the tech community happened back in 2001. The recording industry had set up a contest, asking anyone to try to hack its SDMI DRM offering. The idea was to prove that SDMI was a perfectly good DRM. But, of course, like every other DRM, it had its faults, and Felten and some of his researchers figured them out. That's where things got ridiculous. Despite the fact that the recording industry had told people to try to hack SDMI, when Felten went to present the paper, he was threatened with a lawsuit for breaking the anti-circumvention clause of the DMCA. Eventually, after a ton of public pressure, the recording industry backed down, but Felten's name was cemented in the minds of many in the tech industry as a fighter for freedom of speech and, more importantly, the freedom to tinker.

It would appear that the folks at Sequoia, one of the big three e-voting firms out there, is somewhat unaware of this aspect of Felten's past. In the past few years, Felten has been one of a few top computer science experts who have been picking apart the problems with e-voting machines. His freedom to tinker with such machines has broken numerous stories revealing serious problems with the machines that many suspected, but were unable to confirm, since the e-voting firms kept the machines so under wraps. In publicizing these flaws, Felten has become one of the go-to guys when various governments are reviewing e-voting machines, so it should come as no surprise that election officials in New Jersey (where Felten lives and works) would be interested in having him run some tests on a Sequoia e-voting machine that they're looking at using in future elections.

This seems perfectly reasonable -- and if you're an e-voting company like Sequoia, it should also be a perfect way to build more trust in your machines, telling people that they've been reviewed by some of the top experts in the field who found nothing wrong with them. Except... that's not how execs at e-voting companies seem to think. Sequoia has, instead, sent a threatening email to Felten, saying that election officials who sent a machine to Felten would be breaking the state's terms of service with Sequoia, and that the company has:

"retained counsel to stop any infringement of our intellectual properties, including any non-compliant analysis. We will also take appropriate steps to protect against any publication of Sequoia software, its behavior, reports regarding same or any other infringement of our intellectual property."

Yes, this is quite reminiscent of the recording industry's threats to Felten in 2001. Hopefully this situation ends similarly -- with Sequoia backing down quite publicly and apologizing. It's disgusting that such a firm would threaten a well-respected researcher with lawsuits just for checking on the security of an e-voting machine. This is worse than the recording industry situation. This is about the sanctity of our democratic elections. For Sequoia, a firm entrusted with our elections, to threaten someone for merely testing its product to make sure it lives up to necessary standards is terribly worrisome. It should call into question any locality that chooses to make use of Sequoia e-voting machines.

Filed Under: copyright, dmca, e-voting, ed felten, intellectual property, new jersey
Companies: sequoia

Two States, Two Very Different Approaches To VoIP Regulation

from the quacks-like-a-duck dept

For many years, states have been trying to tax VoIP providers as if they were telcos. From the states' perspective, they were using a "quacks like a duck" test, whereby any phone service that acted like a traditional phone service should get taxed like a traditional phone service. Since states rely on tax dollars so much, this feeling was reinforced as people started ditching landline phone service for VoIP providers. However, there are a few problems with this. The reason that telcos are taxed is because of the structure of the telephone system, and the fact that the government more or less handed over rights of way and control of the system to private companies. VoIP providers, however, have the calls travel over the internet, changing the nature of the equation, and meaning that most of the reasons for taxing telcos shouldn't apply. Shouldn't, except for politicians who can't see beyond the money. Yet, taxing VoIP is a doubly bad idea, because VoIP is still an emerging service that is rapidly changing -- offering new services and opportunities that weren't possible on landline offerings. Putting a tax on it could kill a lot of that innovation. Too many states don't see that.

Jeff Pulver is showing the contrast between two states in dealing with VoIP regulatory issues. New Jersey has passed a law saying that it will not regulate VoIP, noting "The proliferation of new technologies and applications and the growth in the number of providers developing and offering innovative services using Internet Protocol is due in large part to a light regulatory touch, including freedom from traditional telephone regulation that these new technologies and services and the companies that offer them have enjoyed in New Jersey.... These economic benefits, including consumer choice, new jobs, and significant capital investment, will be jeopardized and competition minimized by the imposition of traditional State entry and rate regulation on Voice over Internet Protocol service and Internet protocol-enabled service."

Unfortunately, Missouri isn't quite so enlightened. Despite various rulings saying that VoIP should not be taxed, Missouri is trying to bend the rules to make at least some VoIP offerings (mainly those provided by cable companies) classified as telco services that need to be taxed. As Jeff notes, if this works, then expect other states to follow suit and create loopholes for taxing VoIP providers... and then watch as all VoIP related innovation happens elsewhere.

Filed Under: missouri, new jersey, regulation, voip