As election day comes to a head, so does the discussion of security in electronic voting systems. All over the country, TV news reports indicate operational problems and vulnerabilities with e-voting machines. Change the channel to HBO, and you might catch "Hacking Democracy," the cable network's documentary on security flaws in voting systems. And you can't escape it by going to the movies: Robin Williams' "Man of the Year" is all about a TV commentator who wins the presidency through a glitch in an e-voting system.
And if you're a security professional -- even one who has nothing to do with e-voting -- you're probably getting a lot of questions from friends, executives, and end users about whether e-voting hacks can really happen. Need some fodder to feed these inquiring minds? We thought so.
Here, for use at the water cooler or over election night cocktails, is a look at some of the news and research that have come out on e-voting security since the beginning of September. Keep this little ditty handy and amaze your friends and colleagues into believing you really do know something about security.
"Lots of fender benders, but no major tie-ups," said Doug Chapin, director of Electionline.org, a nonpartisan group that tracks voting changes, in a wire report. "It's been a steady drumbeat but nothing that rises to the level of 'This could compromise the results.'"
On Oct. 30, researchers at the University of Connecticut's Voting Technology Research Center issued a separate report which states that Diebold's Optical Scan Voting Terminal can be compromised "with off-the-shelf equipment in a matter of minutes" even if its removable memory card is sealed in place. This basic attack could be used to swap votes between candidates or to prevent one candidate's votes from being counted, the researchers say.
The study offers details on how "anyone, when given brief access to the devices at any time before the election, can gain complete and virtually undetectable control over the election results." Following the report, the Dutch government banned the use of some voting machine models for its Nov. 22 election, and officials in Ireland put their plans to use the machines on hold.
Despite the reports, governments across the U.S. and in other countries continue to ramp up their use of e-voting devices, and experts are calling for tougher security assessments of the equipment.
David Wagner, a professor in the Computer Science Division at U.C.-Berkeley, told Congress earlier this year that independent testing authorities used by federal and regional governments are not catching key flaws in voting systems before they allow them to be used. He reported that systems in Tarrant County, Texas counted 100,000 votes that were never cast by voters in 2004.
"The state of electronic voting security is not good," said Wagner. "Many of today's electronic voting machines have security problems."
— Tim Wilson, Site Editor, Dark Reading