A Florida study found security holes in three e-voting machines likely to be used for U.S. elections. These systems are all under the crosshairs, but the vendors claim the researchers skewed the study with worst-case scenario tests.
Digital Journal — Serious security flaws exist in electronic voting systems recently tested by a Florida State University laboratory, according to researchers at Florida State University. Those problems could allow poll workers to tamper with the machines and change election results.
At the behest of Secretary of State Debra Bowen, the study discovered security flaws to see if the machines could be attacked, the Washington Post reported. The study (found here) explained:
The security mechanisms provided for all systems analyzed were inadequate to ensure accuracy and integrity of the election results.
The FSU researchers looked at e-voting systems from three major vendors — Sequoia, Diebold and Hart InterCivic. All three machines were easily hacked by the researchers.
How vulnerable are these e-voting systems? For instance, testers analyzing the Sequoia voting machines gained physical access to the system by simply removing screws to bypass locks. No seals protected the screws.
Also, testers hacked into Diebold’s Windows operating system and found the data directly. Overwriting Diebold’s firmware was simple enough, as Technewsworld reported:
Attacks could change vote totals, among other things. For instance, the testers were able to escalate privileges from those of a voter to those of a poll worker or central count administrator, enabling them to reset an election, issue unauthorized voter cards and close polls.
Taking over these machines seemed like a breeze for these testers, but the vendors weren’t happy with the results. They rebutted the findings, with Sequoia arguing the study didn’t re-enact real-life scenarios. Steven Bennett, a sales executive for Sequoia Voting Systems, told the San Jose Mercury News:[All that has been proven] is that any computerized system, removed from its environment and placed, in this case, literally, out in the street or into a laboratory for anyone to tamper with, can be successfully attacked.
The Mercury News also reported that Deborah Seiler, a former sales representative for Diebold and Sequoia, cautioned Bowen to to avoid “drawing extreme conclusions based on a study that was billed as a top-to-bottom review but was not even close to that.”
Although the study only lasted five weeks, its findings can’t be dismissed as mere worst-case scenarios. Whenever something as life-changing as a voting machine can be compromised, vendors and government agencies have to take the issue extremely seriously. We saw what happened in Florida in 2000. Sure, there won’t be any dimpled chads in our technological age of voting machines, but is that reassuring?
Depending on machines to spit out election results is risky but also predictably progressive. The U.S. will likely continue to upgrade its voting machines, but it shouldn’t ignore Bowen’s study. Doing so would only lead the country into more political chaos.
