[ISN] Voting-Machine Makers To Fight Security Criticism

From: InfoSec News (isn@private)
Date: Tue Dec 09 2003 - 02:47:52 PST

  • Next message: InfoSec News: "[ISN] Security experts: Insider threat looms largest"

    http://www.washingtonpost.com/wp-dyn/articles/A47436-2003Dec8.html
    
    By Jonathan Krim
    Washington Post Staff Writer
    December 9, 2003
    
    Electronic-voting-machine companies announced yesterday that they are 
    banding together to counter mounting concerns about whether their 
    machines are secure enough to withstand tampering by hackers.
    
    Although less than 20 percent of the nation's counties use electronic 
    voting machines, their use is growing in the wake of the problems with 
    punch-card ballots in Florida that threw the 2000 presidential 
    election into turmoil. Last year Congress passed the Help America Vote 
    Act, which provides funds for states and localities to modernize their 
    election systems.
    
    But several academic and cyber-security experts argue that the new 
    machines, which let voters make their choices on video screens, have 
    disturbing security flaws.
    
    In July, researchers at Johns Hopkins University and Rice University 
    identified potential security holes that would allow vote tampering in 
    systems made by industry leader Diebold Election Systems Inc. 
    
    That report led Maryland state officials to delay purchasing $55 
    million in systems from Diebold, although Gov. Robert L. Ehrlich Jr. 
    (R) ultimately decided to move ahead. 
    
    Critics argue that at minimum, the machines should be equipped to 
    provide companion paper records of the votes as a check against simple 
    malfunctions, someone commandeering the operating systems and voting 
    multiple times, or causing others' votes to be lost.
    
    Last month California said it would require a paper verification 
    system. 
    
    The leading voting-machine companies, which argue that their systems 
    are safe, have yet to put forward any proposals on addressing the 
    concerns. But under the umbrella leadership of the Information 
    Technology Association of America, the industry hopes to foster 
    conversation that includes security experts, academics, local 
    elections officials, and the National Institute of Standards and 
    Technology, the federal agency overseeing technical standards.
    
    "This is an an inflection point in the history of voting in this 
    country," said Harris N. Miller, president of the IT association and a 
    former Democratic Party chairman in Fairfax County. "There's a certain 
    amount of controversy . . . the companies have decided they want to 
    deal with that controversy positively."
    
    Bill Stotesbery, vice president of Hart InterCivic Inc., which has 
    25,000 machines in use in Virginia and several other states, said the 
    electronic voting systems are not connected to the Internet, which 
    would be a prime avenue for hackers.
    
    He said his company and others have the capability to provide printed 
    verification of an individual's vote, which would at least allow the 
    voter to determine whether the machine properly recorded his or her 
    choices.
    
    But he said that many local jurisdictions have not yet demanded such a 
    capability, nor have they prescribed technical standards. Paper 
    printers could add $500 to the cost of each machine.
    
    But the Johns Hopkins study, and others, said the systems could be 
    compromised by preprogrammed "smart cards" that each voter uses to 
    activate the machines, or other tampering.
    
    Security experts also worry about mischievous insiders at the 
    voting-machine companies. That fear was fanned when Walden W. O'Dell, 
    chief executive of Diebold Inc., told Republicans in an Aug. 14 
    fundraising letter that he is "committed to helping Ohio deliver its 
    electoral votes to the president."
    
    The company also has angered critics by suing two Swarthmore College 
    students who posted on the Internet internal Diebold memos indicating 
    the company's awareness of security flaws.
    
    A Diebold spokesman said the firm has dropped the legal action.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Dec 09 2003 - 04:48:24 PST