http://www.futurismic.com/...
Security Vulnerabilities In Voting Machines
by Jeremy Lyon
The Brennan Center [NYU] report on voting system security vulnerabilities (584KB PDF) (http://www.brennancenter.org/... ) is out and, as expected, has some damning things to say about the ability of attackers to breach the security of the machinery of democracy. Bruce Schneier's summary of the summary is worth a look for the main points.
http://www.schneier.com/...
Three fundamental points emerge from the threat analysis in the Security Report:
* All three voting systems have significant security and reliability vulnerabilities, which pose a real danger to the integrity of national, state, and local elections.
* The most troubling vulnerabilities of each system can be substantially remedied if proper countermeasures are implemented at the state and local level.
* Few jurisdictions have implemented any of the key countermeasures that could make the least difficult attacks against voting systems much more difficult to execute successfully.
There are a number of steps that jurisdictions can take to address the vulnerabilities identified in the Security Report and make their voting systems significantly more secure. We recommend adoption of the following security measures:
1. Conduct automatic routine audits comparing voter verified paper records to the electronic record following every election. A voter verified paper record accompanied by a solid automatic routine audit of those records can go a long way toward making the least difficult attacks much more difficult.
2. Perform "parallel testing" (selection of voting machines at random and testing them as realistically as possible on Election Day.) For paperless DREs, in particular, parallel testing will help jurisdictions detect software-based attacks, as well as subtle software bugs that may not be discovered during inspection and other testing.
3. Ban use of voting machines with wireless components. All three voting systems are more vulnerable to attack if they have wireless components.
4. Use a transparent and random selection process for all auditing procedures. For any auditing to be effective (and to ensure that the public is confident in such procedures), jurisdictions must develop and implement transparent and random selection procedures.
5. Ensure decentralized programming and voting system administration. Where a single entity, such as a vendor or state or national consultant, performs key tasks for multiple jurisdictions, attacks against statewide elections become easier.
6. Institute clear and effective procedures for addressing evidence of fraud or error. Both automatic routine audits and parallel testing are of questionable security value without effective procedures for action where evidence of machine malfunction and/or fraud is discovered. Detection of fraud without an appropriate response will not prevent attacks from succeeding.