Aides to McCain say they're "searching for a “narrow-victory scenario”. Will E-Voting do the rest?

Top Aides to McCain say "they were searching for a “narrow-victory scenario”. Will E-Voting do the rest?

Confronting an increasingly bleak electoral map, top aides to Senator John McCain said Thursday that they were searching for a “narrow-victory scenario” and would focus in the final weeks on a dwindling number of states, using mailings, telephone calls and television advertisements to try to tear away support from Senator Barack Obama.

-snip

http://www.nytimes.com/2008/10/17/us/politics/17campaign.html?_r=2&oref=slogin&oref=slogin

HERE IS SOME INFORMATION ON THE VULNERABILITIES OF E-VOTING:

Examples of Voting System Vulnerabilities and Problems
• Cast ballots, ballot definition files, and audit logs
could be modified.
• Supervisor functions were protected with weak
or easily guessed passwords.
• Systems had easily picked locks and power
switches that were exposed and unprotected.
• Local jurisdictions misconfigured their
electronic voting systems, leading to
election day problems.
• Voting systems experienced operational
failures during elections.
• Vendors installed uncertified electronic
voting systems.
Source: GAO analysis of recent reports and studies.

http://www.gao.gov/highlights/d05956high.pdf

Security Analysis of the Diebold AccuVote-TS Voting Machine
Ariel J. Feldman, J. Alex Halderman, and Edward W. Felten — September 13, 2006

Abstract This paper presents a fully independent security study of a Diebold AccuVote-TS voting machine, including its hardware and software. We obtained the machine from a private party. Analysis of the machine, in light of real election procedures, shows that it is vulnerable to extremely serious attacks. For example, an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates. An attacker could also create malicious code that spreads automatically and silently from machine to machine during normal election activities — a voting-machine virus. We have constructed working demonstrations of these attacks in our lab. Mitigating these threats will require changes to the voting machine's hardware and software and the adoption of more rigorous election procedures.
Full research paper (Workshop version )

http://itpolicy.princeton.edu/voting/

Study: Hackers Could Change E-Voting Machine Results

By Erika Morphy
TechNewsWorld
07/30/07 12:35 PM PT

University researchers have demonstrated multiple ways of compromising all three of the electronic voting machine systems certified for use in California. The hacks could result in hijacking machines and altering election results, they claim. Although the system vendors have issued a detailed rebuttal of the study, critics are calling for an investigation into the e-voting certification process.

A test of three electronic voting systems certified for use in California has uncovered serious security flaws. Researchers at the University of California conducted the tests at the behest of Secretary of State Debra Bowen under a US$1.8 million contract.

Their mission was to try to compromise the integrity of the voting systems provided by Diebold Elections Systems, Hart Intercivic and Sequoia Voting Systems. They not only succeeded in breaching all of the systems, but also concluded there were likely more security problems that they did not have time to explore during the limited time frame of the study.


Three Vendors, Numerous Failures

What they did find was worrisome enough.

-snip

http://www.technewsworld.com/story/58572.html



Pull The Plug
Aviel Rubin 09.04.06, 12:00 AM ET



-snip


Consider one simple mode of attack that has already proved effective on a widely used DRE, the Accuvote made by Diebold (nyse: DBD - news -people ). It's called overwriting the boot loader, the software that runs first when the machine is booted up. The boot loader controls which operating system loads, so it is the most security-critical piece of the machine. In overwriting it an attacker can, for example, make the machine count every fifth Republican vote as a Democratic vote, swap the vote outcome at the end of the election or produce a completely fabricated result. To stage this attack, a night janitor at the polling place would need only a few seconds' worth of access to the computer's memory card slot.

Further, an attacker can modify what's known as the ballot definition file on the memory card. The outcome: Votes for two candidates for a particular office are swapped. This attack works by programming the software to recognize the precinct number where the machine is situated. If the attack code limits its execution to precincts that are statistically close but still favor a particular party, it goes unnoticed.

One might argue that one way to prevent this attack is to randomize the precinct numbers inside the software. But that's an argument made in hindsight. If the defense against the attack is not built into the voting system, the attack will work, and there are virtually limitless ways to attack a system. And let's not count on hiring 24-hour security guards to protect voting machines.

DREs have a transparency problem: You can't easily discover if they've been tinkered with. It's one thing to suspect that officials have miscounted hanging chads but something else entirely for people to wonder whether a corrupt programmer working behind the scenes has rigged a computer to help his side.



Aviel Rubin, professor of computer science at Johns Hopkins University and author of Brave New Ballot: The Battle To Safeguard Democracy In The Age Of Electronic Voting.

-snip

http://www.forbes.com/forbes/2006/0904/040.html?partner=alerts&_requestid=2972



Voting Technology

After the 2000 election and the passage of the Help America Vote Act of 2002, states moved to modernize election administration by retiring antiquated lever and punch-card voting machines and implementing new electronic voting machines. Electronic voting machines have not been the panacea to vote-counting woes that many had hoped they would be. Until recently, there has been surprisingly little empirical study on electronic voting systems in the areas of security, accessibility, usability, and cost. The result is that jurisdictions are making purchasing decisions and are adopting laws and procedures that do little to promote these goals.

In 2006, the Brennan Center released two comprehensive, empirical analyses of electronic voting systems in the United States, The Machinery of Democracy: Protecting Elections in an Electronic World and The Machinery of Democracy: Voting System Security, Accessibility, Usability, and Cost. The Brennan Center continued its study of electronic voting security in Post-Election Audits: Restoring Trust in Elections. Since the Brennan Center initiated its study of electronic voting, it has been called upon to provide expert testimony before Congress and to assist election officials in developing procedures that promote secure and reliable voting systems.

-snip

http://www.brennancenter.org/content/section/category/voting_technology/


OHIO'S EVEREST REPORT

The Evaluation & Validation of Election-Related Equipment, Standards & Testing report, known as EVEREST, is a comprehensive review of voting systems revealing startling findings on voting machines and systems used in Ohio and throughout the country. The Ohio study tested the systems for:
- risks to vote security,
- system performance, including load capacity,
- configuration to currently certified systems specifications, and
- operations and internal controls that could mitigate risk.

The $1.9 million study, paid for using federal funds, was structured to allow two teams of scientists, corporate and academic, to conduct parallel assessment of the security of the state’s three voting systems - Election Systems & Software (ES&S), Hart Intercivic and Premier Election Solutions (formerly Diebold) - in both voting and board of elections environments. Separate research was conducted on each voting system’s performance, configuration and operations and internal controls management. A bipartisan team of 12 election board directors and deputy directors advised the study and evaluated all reports, participating with the secretary in making recommendations for change.

-snip

http://www.sos.state.oh.us/SOS/elections/voterInformation/equipment/VotingSystemReviewFindings.aspx


SO IS THE GOP JUST LOOKING FOR AN EXCUSE TO MAKE IT SOUND CLOSE SO THAT THE E-VOTING CAN DO THE REST?

McCain Camp Unleashing National Robocall Blitz
Even as McCain said at the debate he regrets campaign negativity, his camp is releasing a nationwide blitz of robocalls attacking Obama on Ayers, national security, Hollywood, and the old infanticide smear, TPM Election Central reports.
Robocall: Obama Voted To Let Babies Die
Robocall: Obama And 'Terrorist Bill Ayers'
Robocall: Dems Want Rights For Enemies
Robocall: 'Hollywood Above America'
Obama Camp: Calls "Dishonorable"

http://www.talkingpointsmemo.com/

It's not like they haven't had enough time to fix this mess!!

Nothing was exposed in my state of Ohio until Jennifer Brunner was elected SOS and then....

Nearly half of voting machines tested fail

Montgomery officials tested the 5% of machines that drew complaints; 56 of those 125 machines failed.


By Lynn Hulsey
Staff Writer
Wednesday, March 21, 2007

DAYTON — After two days of tests, the results are in: About 2,500 people cast ballots in November on 56 malfunctioning electronic touch-screen voting machines in Montgomery County, said Steve Harsman, county board of elections director.

He said it is impossible to know how many people finalized their electronic ballots without realizing that the Diebold Elections Systems machines were inaccurately registering their votes. But people had three chances to review their votes before finalizing them, and all the machines accurately tallied the votes that were finalized by voters, Harsman said.



On Tuesday, county election officials completed testing of 125 machines identified in voter complaints collected by Advocates for Basic Legal Equality, which called for the investigation. Some 2,530 voting machines were used in the county on Election Day.

Harsman said several malfunctioning machines were clustered at certain precincts, indicating they may have been damaged during delivery by a trucking company that hauls the machines to the polls.

-snip

http://www.daytondailynews.com/n/content/oh/story/news/local/2007/03/21/ddn032107elex.html

County's voting machines examined
Brunner triggers state probe by reporting that fall ballot apparently masked a name

Sunday, March 16, 2008 3:22 AM
BY BARBARA CARMEN
THE COLUMBUS DISPATCH

When Jennifer Brunner cast her vote last fall, she is certain she saw something so odd on her touch-screen voting machine that it prompted a state criminal investigation into the Franklin County Board of Elections.

At least 15 of the county's electronic machines are under double-lock at an Alum Creek warehouse. It is being treated as a crime scene.

County elections officials asked the Ohio Bureau of Criminal Identification and Investigation to seize the machines during the investigation by Attorney General Marc Dann and forensics consultants.

Brunner said consultants from SysTest Labs in Colorado, however, were skeptical. When she described the gray box with the faint words "candidate withdrawn," the investigators told her, "That's exactly what you'd see if someone masked a name."

A SysTest report notes that voters in other precincts -- in Victorian Village, Clintonville and Hilliard -- also reported seeing "candidate withdrawn" on their machines.

SysTest investigators also found that the board had not performed a routine test of the computer software on each machine, instead testing just one machine in each precinct.

-SNIP

SysTest investigators also found that the board had not performed a routine test of the computer software on each machine, instead testing just one machine in each precinct.

-SNIP

Investigators also discovered that a board programmer turned off "audit logs" in the voting machines in April 2007, hindering investigators from reconstructing software changes. White found that the vendor had instructed a board employee on how to disable audits to speed programming.


http://www.columbusdispatch.com/live/content/local_news/stories/2008/03/16/BOEPROBE.ART_ART_03-16-08_B1_9F9LIV3.html?sid=101

and of course the Everest Study that is listed in the OP.

Sorry, I still have never seen evidence that electronic voting machine can be rigged on a macro level sufficient to win a national election, or that the necessary conspiracy of Party officials, elected officials, business executives and programmers could come up with the system to rig specific machines in a specific way, decide which candidates to support, and implement the strategy, without it leaking.

Republicans do steal elections -- they just do it the old fashioned way,

lorida Democrat Christine Jennings has gained plenty of attention for her cliffhanger House race in the open 13th District — just not the kind that she desired in her strong bid for the seat that two-term Republican Rep. Katherine Harris left open for a Senate bid that failed.

-snip

At issue for Jennings and her Democratic supporters are not the votes that were cast for the House race, but the ones that weren’t. Specifically, there were 18,000 voters in Sarasota County who participated in the Nov. 7 elections — most of them using electronic voting machines — who were recorded as casting votes in other races but not in the House contest.

The uncharacteristically high number of House “undervotes” has fueled an ongoing battle over who really should have received more votes, especially given that Jennings outran Buchanan by several percentage points in the certified Sarasota County vote.

-snip

http://www.nytimes.com/cq/2006/12/06/cq_2012.html



Of course they use "old fashioned" methods but that certainly does not negate the issue of vulnerabilities of e-voting. :eyes: