Category: Electronic Vulnerability

Recommended Listening and Reading – Talk Nation Radio

Dori Smith aired the first of a four part series on voting integrity yesterday at 5:00 PM on WHUS. I highly recommend listening to the audio and reading the transcript while also marking your calendar for next week.

This segment really brings home the dangers and implications of the incident last fall when LHS violated election protocols. Although I was familiar with the incident from Dori’s earlier reporting, this broadcast really demonstrates the risks strongly and clearly.

Continue reading “Recommended Listening and Reading – Talk Nation Radio”

Wed 8/29 5:00 PM – Dori Smith Interview with LHS President – Don’t Miss It

Dori Smith, Producer of TalkNationRadion will air an interview with LHS President John Silvestro, Wednesday August 29th, at 5:00pm on the air and online at WUHS. She has also provided a preview and extensive background.

LHS is the distributor of Diebold Premier election equipment and services to Connecticut. Once again, hats off to Dori for great reporting and great service to the voters of Connecticut.

There is a lot to absorb in the preview, I will be reading it and listening in tomorrow. Let me provide a couple of teasers:

Continue reading “Wed 8/29 5:00 PM – Dori Smith Interview with LHS President – Don’t Miss It”

Record Journal: New voting machines could be vulnerable

Differing levels of trust in the technology are apparent in statements from TrueVoteCT, the Secretary of The State’s Office, and a Uconn Scientist:

“How do we know the card was programmed correctly in the first place?” [Dr. Michael Fischer, computer science professor at Yale University and president of True Vote Connecticut] asked. “Up until that point (when the cards reach Connecticut), they’re vulnerable, beginning with LHS Associates and all the hands they pass through at the company to the shipping clerk. It’s real convenient to say that once the cards have reached Connecticut they can’t be changed. Any time you have a private company that has the power to control the outcome of an election, it’s a big threat. The only way I would trust the memory cards would be if there was a publicly available way to verify the cards afterward.”
Michael Kozik, managing attorney of the Elections Division of the Secretary of the State’s office, said this isn’t a large concern.
LHS performs the same service for five New England states and has been in business 20 years, Kozik said. “It’s their livelihood,” he said. “In terms of security after it leaves their facility, it is shipped to the registrar in tamper-evident packaging. If something has been done to the card, it will be obvious once it has reached the town.”
Dr. Alec Schvartsman, professor of computer science and engineering at the University of Connecticut and head of the university’s voting technology research center, which is working closely with the Secretary of the State to safeguard elections, agrees with Fisher that there is a possible vulnerability at LHS.“
That’s a valid concern, and the issue of how well we trust the people who program the memory cards for the election is important, be they a state employee or not,” he said. “The concerns are very valid and very real.”

I recommend reading the full Record Journal story click here.

Review some CTVotersCount recent posts on LHS and Diebold here and here.

FAQ: We all trust ATM’s. Why don’t you trust voting machines?

This is a very understandable and legitimate question that must be answered. If there were significant problems with ATM’s we would know about them because banks or consumers would be losing money, it would be reported all over the news, and there would be investigations by regulators. The guilty would be punished, the losses restored, ATMs banned, or fixed. Computer experts need to explain the apparent inconsistency.

Two too simple answers are: We are computer experts, voting machines have unique risks, trust us. We are voting equipment vendors and election officials, we know more about voting computers and running elections than computer experts.

An accurate simple answer is that voting machines are different from ATMs in several ways, especially in their programming, usage, and implementation which are based on the different requirements of voting vs consumer banking.

Continue reading “FAQ: We all trust ATM’s. Why don’t you trust voting machines?”

Dan Rather Reports – The Trouble With Our Fear Of Facing The Facts

On Tuesday night Dan Rather Reports on HDTV presented “The Trouble With Touch Screens”.

It is well worth watching in its 64 minute entirety. Dan Rather deserves credit for this important and detailed report, however, there are inadequacies in the report that must be acknowledged as well – it is chilling, and devastating, yet mistitled, and incomplete.

Continue reading “Dan Rather Reports – The Trouble With Our Fear Of Facing The Facts”

Has LHS Director Challenged Brad To A Debate?

Do I seem to be irate? You bet and it has nothing to do with the legitimacy of electronic voting, which I have also questioned.”
– Ken Hajjar, Director of Sales & Marketing, LHS

Brad Friedman, a nationally know election integrity advocate has received an e-mail allegedly from Ken Hajjar, LHS, Director of Sales and Marketing. (LHS is the New England distributor of Dieblod equipment responsible for the sale to Connecticut).

Given the foul and ranting nature of the attack I would hope the letter is a fake. I would question the wisdom of relying on the author to be involved in any way in running our elections. I’ll spare the not so nice parts of the letter, you can read the whole thing and Brad’s response here.

I used to think that all of the looney idealogues(sic) were on the right. There are just as many on the left and you are one of them. … It’s not the machines that are the cause of our problems, it’s the people…Pick a forum and I’d be happy to discuss how we run elections in New England and how difficult, if not impossible it is to game the system. Bring it on.

The author of the letter does not represent the voters of New England and should not be telling anyone how we run elections.

Unfortunately, here in Connecticut we are about to have our 1st election entirely run on Diebold equipment purchased through LHS and to add to our risks the state has contracted with Diebold to program all of our elections. So in that sense Ken Hajjar, LHS, and Diebold will be running our elections, and not letting us in on how they are programmed.

Brad has accepted the challenge. We will keep you updated.

Update: Ken Hajjar responds to Brad

Continue reading “Has LHS Director Challenged Brad To A Debate?”

Kentucky AG and Sarasota FL – Diebold AccuVote-OS in Jeopardy

“Any voting systems subject to manipulation and corruption should be reexamined and decertified,” [Kentucky Attorney General Greg] Stumbo said. “Faulty electronic voting systems jeopardize the public’s confidence in Kentucky’s elections.”Stumbo’s concerns are based on serious security flaws identified by experts in California, which led to emergency decertification of the voting machines by California.

Read the entire Kentucky story

But the state has worries that hackers could breach the security of the optical scanners made by Texas-based Diebold Election Systems and used by 31 Florida counties.

If the Diebold machines are not certified Aug. 17, the only effect would be felt in Sarasota County

Read the entire Florida story

Update: Florida says Diebold corrected problem in record time.

Update: The Florida report on the Diebold corrections Not exactly a ringing endorsement:

We conclude by re-stating that this report does not contistitue a comprehensive security analysis. We limited our investigation to four specific flaws. In spite of repairs made, signigicant security vulnerablity continues to exist in the code base.

NPR Programs Explain Issues and Vulnerabilities

Update: Media Matters covers distortions in media coverage of CA decertification

Two recent NPR programs clearly explain the issues in easily understandable terms for the general public.

Science Friday, August 4th, Matt Bishop, University of California, Davis Red Team Leader and Security Expert, Professor Matt Bishop, describes clearly how security can be compromised. Also disputes Diebold response.

 

Like a bank taking all of its money, putting it in a room, and shutting the door and then saying no one will ever find this room so we’re not going to waste money on a lock…

Companies or customers…entirely by accident leak information…

Keeping the information secret assumes that people can’t figure things out and attackers are incredibly ingenious. There’s a technique known as social engineering where you can often get people to reveal information they didn’t realize they were revealing <Listen>

Morning Edition, August 8th, by Pam Fessler, “Voting Officials Wary About Electronic Ballot” Short interviews with voting advocates and Debra Bowen summarizing the issues, while other voting officials downplay the risks and emphasize their reluctance to work to protect our votes.

Continue reading “NPR Programs Explain Issues and Vulnerabilities”

EVT07 Electronic Voting Technology Workshop

Yesterday was the USENIX/ACCURATE Electronic Voting Technology Workshop held in Boston. Today I will give some overall impressions and highlight just one of the relevant papers.

UPDATE: Avi Rubin blogs on session with Debra Bowen
(inappropriate certification processes for electonic voting)

For me it was a highly educational and engaging day. My experience at conferences with highly academic papers, was in the mid 1980’s when for several years I participated in annual Artificial Intelligence conferences. At those conferences I found the general sessions very useful but the academic papers were very detailed, seemingly crossing the t’s and dotting the i’s on previous papers, those sessions went well beyond my tolerance for detail. The papers presented at the workshop yesterday were all clear and interesting, timely, and most were relevant to voting in Connecticut.

Seeing and meeting the other attendees was also a highlight of the day – researchers whose papers and blogs I’ve read, talked to previously, and who have made huge contributions to raise awareness of the risks of electronic voting. It was also hopeful to see a considerable group of researchers who work with state election officials and three election officials. Alex Shvartsman of Uconn and several of his students were there presenting one of their recent papers. Clearly the most appreciated attendee was Debra Bowen, Secretary of the State of California.

Sixteen of forty-two submitted papers were presented. A huge increase from the eighteen papers submitted last year. Doug Jones from Iowa, who testified to the CT Legislature a year lor two ago, was one of the organizers. He expressed the hope that next year more papers would be available that point the way to improved, reliable voting methods. Most of the papers this year demonstrated the lack of security and reliability in existing e-voting equipment. Several pointed the way for more effective post election paper audits. The final three papers presented five innovative ways that might enhance the voter attractive touch screen voting to make it private and auditable — unfortunately, for the most part, they accomplished the security by requiring a lot of sophistication on the part of the average voter.

 

I have covered the Uconn paper previously I will cover a paper relevant to Connecticut, from Princeton, here and perhaps more papers on other days.

The Princeton University paper:

Continue reading “EVT07 Electronic Voting Technology Workshop”