Sacramento (CA) – A new California study has found that several electronic voting machines have serious security vulnerabilities.  California Secretary of State Debra Bowen commissioned the study which pitted two hacker teams, better known as “Red Teams” against voting machines manufactured by Diebold, Hart and Sequoia.  The hackers found several security problems and were able to change firmware, access the election database and even open up the machines without detection.

The study was headed by Matt Bishop from UC Davis.  The first Red Team was lead by Robert Abbott and his team examined the Diebold and Hart machines at a secure facility in Sacramento.  Giovanni Vigna and Richard Kemmerer from UC Santa Barbara matched wits with the Sequoia voting machine.

Both teams found alarming security problems in all the machines.  Bishop summed it up by writing, “The red teams demonstrated that the security mechanisms provided for all systems analyzed were inadequate to ensure accuracy and integrity of the election results.”

Abbott’s team was able to access election data directly by exploiting vulnerabilities in the Diebold machine’s Windows operating system – an operating system that all three e-voting machines use.  They were also able to bypass locks and other physical security with “ordinary objects”.  Election data on the Hart machine was also easily compromised.

Vigna’s team also found physical security on the Sequoia voting machine to be inadequate.  They gained access to the machine’s insides by unscrewing a few locks and discovered that the screws with not protected by seals.  

The study adds that all three machines used some form of Windows operating system and that each machine's  firmware was easily overwritten by the teams.

Bishop complains that his teams didn’t have enough time to fully document all the security vulnerabilities because they study started in mid-June and ended July 20th.  Secretary of State Bowen had said that the deadline could not be extended because the counties need at least six months to examine the findings.  Bishop added that Abbott’s team was close to finding several other problems, but simply ran out of time.

Great

Jul 30, 2007 16:16     

Now your going to get every moron saying "see this is why we can't use technology for voting". Yep because "hanging chads" and human counters are far safer from tampering. :rolls eyes:
James Jones report abuse vote down vote up Votes: +0

Paper trails verifed by the voter at the time of..

Jul 30, 2007 16:44     

voting is the only reasonable method of e-voting. There should be a physical way to re-count. But the rulers of U.S. has decided this was not the case for whatever reason. Sad for democracy.
Emrah report abuse vote down vote up Votes: +0

Security Measure

Jul 30, 2007 17:15     

Why are they using Windows? Linux is perfectly suited for this purpose and it is fully customizable in terms of security protections. Whatever happened to good old fashioned high security pad locks on the enclosure with special security seals? Obviously these machines have to be watched by security 24hrs a day as they have been with paper ballots in a lock box. Friggin morons.
Darkk report abuse vote down vote up Votes: +0

It's supposed to be that way

Jul 30, 2007 18:10     

it's a puppet government either way you look at it.
coldmast report abuse vote down vote up Votes: +0

Paper trails...in Venezuelan election

Jul 30, 2007 19:53     

Last Venezuela presidential election were electronic. Many didn't trust these machines, only 10% of paper trals were audited. I'm a technologist but voting should always be manual.
Javier report abuse vote down vote up Votes: +0

Founder, California Tangible Ballot Initiative

Jul 30, 2007 20:39     

As can be seen at youtube, via search; "hacking democracy," see also; "electronic voting, Princeton," electronic voting machines are subject to hacking and mannipulation. The sole remedy is a tangible ballot. Petition circulation will commence in August. Watch for the web page. hvl
Harry V. Lehmann report abuse vote down vote up Votes: +0

Does manual or automatic voting matter?

Jul 30, 2007 21:50     

Does manual or electronic voting even matter? This especially applies since we still use the electoral college and certain citizens don't understand and/or can't read the ballot. Have we not learned anything from the past two elections?
Brandon report abuse vote down vote up Votes: +0

Cheap easy solution.

Jul 31, 2007 02:34     

Create a touch screen system that prints out a normal optical voting ballot. When the voter makes his or her choices, a human readable ballot that is identical to todays ballots is printed. After the voter checks to see if the ballot is correct, he drops it into the optical scanner. At the end of the day, you total up the votes in the touch screen system and the optical scanner. If the numbers match, everything is ok. If not, you do a manual count of the printed ballots, and compare them with the electronic records. By using the Optical scanners and tabulating computers that the election boards have today, you can make a very inexpensive system that is very hard to exploit.

RalfTheDog report abuse vote down vote up Votes: +0

The system is only...

Jul 31, 2007 03:39     

The tool is only as good as the man who wields it. It doesn't matter how good the ballot system is, it only takes a small group of people at the top to change the outcome to their liking. It's generally a two party system. Bush was linked to Enron and Schwarzenegger was linked to Bush. The energy crisis in California arose because of Enron, and guess who gets elected? A foreigner linked to Bush. How do you think electoral votes work? Hmm. With all the money and political vote that California has we need someone in the governor's seat with muscle. No pun intended. The politicians of this country are corrupt, it's no secret. Business is generally unethical, and it's found a new ethical face to wear recently. I think some would say that big business and politics are one in the same. The system is flawed, and as long as man can change the outcome of a vote, it's bound to happen. Democracy isn't THAT much better than other forms of government. It isn't as if our votes really make a huge difference, it's ultimately up to a smaller number of people and money that decides who is president. (electoral voting anyone?) The campaign with the prettiest face and the most money sometimes wins. It isn't as if America really knows who these people are we elect into office. Every 4 years I get to see a potential candidate on T.V. for a few hours. That doesn't really give me facts about what this person will do for the country, just a slight inclination.

JonnyDough report abuse vote down vote up Votes: +0

Never trust a Windows computer with sensitive data

Jul 31, 2007 05:15     

The Windows operating system is simply not secure and should never be trusted with sensitive data nor used for mission critical applications. Worse, it can't be fixed or programmed around. Windows' security flaws are written directly into its kernel. Whoever approved a Windows-based system for such an important application should be fired.
Loye Young report abuse vote down vote up Votes: +0

paper proof necessary

Jul 31, 2007 06:34     

In India's most recent national elections they used $500.00 portable electronic voting machines the size of a large toaster. It gave print-outs on the spot.
Wayne H. Farnum report abuse vote down vote up Votes: +0

what is needed is a major departure in voting ,

Jul 31, 2007 06:51     

perhaps create 50 individual usa sub countries, each with their own powerful "president", yet remain under the powerful control of a military command. oops, we already have that!
pete krohn report abuse vote down vote up Votes: +0

Live Free or Die Hard

Jul 31, 2007 08:37     

Reminds me of the movie that just came out this summer lol
Eurasianman report abuse vote down vote up Votes: +0

Just get the hackers to design the machines

Jul 31, 2007 08:38     

Pit those teams against each other's voting machines. The only way to prevent hacking is let a hacker design the system.
jekbradbury report abuse vote down vote up Votes: +0

Hackers?

Jul 31, 2007 09:10     

What do hackers have to do with it? The title should be "Voting machienes vulnerable".
anonymouse report abuse vote down vote up Votes: +0

Windows vulnerability???? WTH?????

Jul 31, 2007 09:28     

Shocking!!!! Hahahaha. That's what you get for using Windows. It's just plain crappy software, no matter what hardware you run it on... Oh, well - I wasn't using those civil liberties anyway....
jh report abuse vote down vote up Votes: +0

Just another moron for democracy . . .

Jul 31, 2007 12:11     

Interesting how the first poster in this forum believes that human vote counting -- hanging chads and all the other shortcomings over the last two hundred or so years of the republic -- is far worse than his beloved technology. RalfTheDog has a interesting solution which I hope the state of California will consider. Nothing is riding on this, of course, except the shrinking principles of democracy that are the still the cornerstone of the republic, if not the fate of the republic itself.

Larry Cafiero report abuse vote down vote up Votes: +0

Gee, what a surprise !

Jul 31, 2007 13:29     

Raise you hands all of those of you who were the least bit surprised that hackers could beat these hi-tech voting systems. Hmm, I only see a few hands and those are from the members of the California Election Commission. But what do you expect. There was NEVER a need for these new machines except that the election commission clowns thought that it was better to get the state vote counted faster rather than safer. Actually, the age-old manual lever voting machines are the best and safest option but they're not sexy.

Luddite report abuse vote down vote up Votes: +0

james: tech bad paper ballots good

Jul 31, 2007 13:30     

computers have not increased the speed, reliability or cost efficiency of voting, the nature of software/firmware makes it difficult to check so go back further than hanging chads, paper ballots hand counted or audited computer potical scan counting is best, very easy for public to peer behind curtain and double check every last ballot, no expensive machines, no long lines when machines break down, just voting desks/booths, cheap easy quick, its waht we do in MN and no controversies here, every way they use ATM type machines, its a mess

karen report abuse vote down vote up Votes: +0

Shouldn't we be using securs os's?

Jul 31, 2007 14:26     

News recently came out that Red Hat Enterprise Linux was awarded a top level security rating. Until then only Trusted Solaris had that rating. Seeing how elections are things that people may want to tamper with, shouldn't we be using one of those operating systems? And another thing. Should these machines really be on a network? Why don't they just collect data from each individual machine. This would provide better evidence of tampering should it occur (if two machines side by side have to very different outcomes, it's safe to say one was tampered with) and would prevent against remote attacks.

Kevin report abuse vote down vote up Votes: +0

A vote for democracy and freedom

Jul 31, 2007 16:03     

The best way to cast your vote is on a blank piece of paper printed with only the titles of the positions to be filled. Voters write in or paste in stick on labels or whatever to vote. This eliminates the machine, makes "getting on the ballot" more democratic and takes longer to count the votes; something you west coasters would love if the east coasters did it too. All you need are honest counters and that you can achieve by lottery.

Steven Seltzer report abuse vote down vote up Votes: +0

Brandon: If they can't read the ballot they should...

Jul 31, 2007 16:24     

Brandon: If they can't read the ballot they shouldn't be voting. And the Electoral College is a good thing.
Don report abuse vote down vote up Votes: +0

Signature recognition or bar coding recognition...

Jul 31, 2007 17:04     

Can you duplicate your signature each time you sign your check? Be real and be frank about it. Diebold is currently use this technique to fool election officials that they could provide a service that use signature recognition to verify people identification for voting. How stupid can you be to believe such system exist?
Sonny report abuse vote down vote up Votes: +0

Voting on Universal Health Care Reform

Jul 31, 2007 17:51     

Knowing that the voting machines can be compromised so easily, we can't trust that any future vote we might have on HR-676 (Conyers Universal Health Care reform)will be valid. We need to overhall our voting machines as much as our health care system. Dr. Laurent Colvin, DC
Dr. Laurent Colvin, DC report abuse vote down vote up Votes: +0

Linux (opensource) just as bad as Windows or MacOS

Jul 31, 2007 20:28     

but it is still easier to alter paper ballots....
Chuck report abuse vote down vote up Votes: +0

Electronic safeguards

Jul 31, 2007 21:17     

My wife works for a registrar of voters office. A couple of items that are not mentioned is that none of the machines are networked. In our county the only network that is used is a private network locked in a secured room with cameras feeding into a press room and using card access that is used for tabulating the data from the machines. During the testing the teams were allowed unlimited access to work on the machines, move them around and use tools to break-in. How many of you that have voted think that you would be able to move a machine around to get to the back with the poll workers sitting there watching? I also wonder why people have a big issue with Debold and do not raise one word about Sequoia that is owned by the Venezuela government.

Kevin report abuse vote down vote up Votes: +0

Are you all that stupid?

Jul 31, 2007 22:02     

Last week EVERY single Democrap in the Senate voted against the voter ID bill. Shouldnt that tell you idiots something? The PROBLEM with our health care system is the GOVERNMENT you morons! Teddy "Chapaquidick" Kennedy along with his democrap friends have been screwing up health care INTENTIONALLY for decades (ever woder who invented the HMO?) just so they CAN force universal health care upon all. The end of democracy and the beginning of SOCIALISM... But it's all GW fault.... Wake up fools!

Mitch the bitch report abuse vote down vote up Votes: +0

Thank you Mitch for pointing out our errors

Jul 31, 2007 23:07     

If you don't vote in the Primary you don't have any affect on the outcome of the Presidential election anyway. The electoral college is a dumb idea, but then I have to admit that in a pure democracy we end up with prime time TV. We need a benevolent dictator! We're sheep. Tell us how to vote then lead us to greener pastures.
Big Wilma report abuse vote down vote up Votes: +0

WAKE UP, STOP SLEEPING!!!!!!!!

Jul 31, 2007 23:13     

These machines are just one small pile of garbage that this admin has been piling around the American people so high in the last eight years that we can't see over or around it and feel as if we can't get out of it. The links below are not propoganda, just honest information about our president and his administration. Funny how history can and will DEFINITELY repeats itself if the people allow it. www.creators.com/opinion/robert-scheer/the-pre sident-we-were-warned-about.html www.whatreallyhappened.com/reich.html www.sfgate.com/cgi-bin/article.cgi?f=/n/a/2007/ 07/23/financial/f085306D63.DTL&type=business http://www.projectcensored.org/censored_2007/ index.htm Thanks everyone, and please do not be afraid to march like we used to in the 60's and 70's. Last time I checked it is STILL a free country, whether we still believe it or not.

Andrew report abuse vote down vote up Votes: +0

Given access and enough time!

Aug 07, 2007 15:02     

I am a poll worker in Ohio. There are 4 poll workers (2 Democrat and 2 Republican assigned to each poling station. Assuming that all four poll workers are not in colusion, how much time would it take for the machine to be hacked? I think if someone started unscrewing screws or pluging a laptop into the machine that the poll workers would notice. Since the memory card compartment is locked and the access cards are not coded until right before they are given to the voter - how would they gain access?? Given enough time and access I can compromise any computer or network switch or VPN box etc. I don't thnk anyone would have enough time and access to compromise the machines before they were stopped.

James Reynolds report abuse vote down vote up Votes: +0