Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

11/4/2008
03:31 PM
Sara Peters
Sara Peters
Commentary
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Optical Scanning Machines, Not Just DREs, Giving Voters Trouble Today

If voters do not even have confidence in the voting machines recommended by the Verified Voting Foundation, what hope have we in any voting system in use today?

If voters do not even have confidence in the voting machines recommended by the Verified Voting Foundation, what hope have we in any voting system in use today?Luckily, none of the technical problems thus far experienced by voters have been called "systemic," but rather are isolated incidents.

Nonetheless, it was no doubt frustrating and perhaps shocking to some citizens when, after waiting in line for hours at their local polling places, they were told that the optical scan voting machines were malfunctioning; voters were given the option of waiting for the machines to be repaired or filling out the paper ballot and relying on poll workers to scan the paper ballot when the scanning machines were once again fully functional.

Optical scanning machines are preferred by the nonprofit organization Verified Voting because they automatically provide a paper trail, unlike most direct recording electronic machines (DREs, which are most often thought of in discussions about e-voting.)

Optical scan machines basically work like those ScanTron machines you might have used when taking tests back in high school. You're given a paper ballot, you fill in some boxes or circles with your choices. You then personally insert the paper ballot into the machine, which scans your answers, adds them to the tally, and then drops the paper into a secured box. So in the event of a recount (or in the event that the polling station was randomly selected for a mandatory audit), the machine's tally could be compared against a manual count of the paper ballots filled out and confirmed by each voter.

Yet some troubles have been reported with these optical scan machines today, including quite a low-tech problem -- after heavy rain, the paper ballots at one Virginia polling station were damp, and were getting stuck in the scanning machine.

This morning Tom Brokaw, current moderator of "Meet the Press" and the moderator of one of the presidential debates, said that regardless of who wins, the nation needs to fix the problems with the voting system. It would be difficult to make a convincing counter-argument.

Some of the swing states being given the most attention by analysts and candidates today are Ohio, Florida, Colorado, and Virginia. Florida has the most rigorous policy, requiring both a voter-verified paper trail and a manual audit of randomly selected polling places -- some of these paper ballots, however are still the infamous "butterfly" ballots that had the country hanging in an uncomfortable suspense during the 2000 election. Colorado also requires a VVPR and manual audits, but according to Verified Voting, Colorado is "shown as having a VVPR requirement because they have enacted VVPR legislation, but these states' requirements will not be fully implemented until after 2008." Ohio has a VVPR requirement, but no audit requirement, and Virginia requires neither the paper trail nor the audit.

See the requirements for other states here.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/14/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWare,  7/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-14499
PUBLISHED: 2020-07-15
Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials.
CVE-2020-14501
PUBLISHED: 2020-07-15
Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also ...
CVE-2020-14503
PUBLISHED: 2020-07-15
Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code.
CVE-2020-14497
PUBLISHED: 2020-07-15
Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code.
CVE-2020-14505
PUBLISHED: 2020-07-15
Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection�) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that create...