E-Vote: Ohio Election Systems Have Critical Security Failures, Says Secretary of State

Ohio's electronic voting systems have "critical security failures" which could impact the integrity of elections in the Buckeye State, according to a review of the systems commissioned by Secretary of State Jennifer Brunner.

"The results underscore the need for a fundamental change in the structure of Ohio's election system to ensure ballot and voting system security while still making voting convenient and accessible to all Ohio voters, " Secretary Brunner said Friday in unveiling the report.

"In an era of computer-based voting systems, voters have a right to expect that their voting system is at least as secure as the systems they use for banking and communication," she said.

The Report

The Evaluation & Validation of Election-Related Equipment, Standards & Testing report, known as EVEREST, is a comprehensive review of voting systems revealing startling findings on voting machines and systems used in Ohio and throughout the country. The Ohio study tested the systems for:

• Risks to vote security
• System performance, including load capacity
• Configuration to currently certified systems specifications
• Operations and internal controls that could mitigate risk.
  

The $1.9 million study, paid for using federal funds, was structured to allow two teams of scientists, corporate and academic, to conduct parallel assessment of the security of the state's three voting systems -- Election Systems & Software (ES&S), Hart Intercivic and Premier Election Solutions (formerly Diebold) -- in both voting and board of elections environments. Separate research was conducted on each voting system's performance, configuration and operations and internal controls management. A bipartisan team of 12 election board directors and deputy directors advised the study and evaluated all reports, participating with the secretary in making recommendations for change.

While some tests to compromise voting systems took higher levels of sophistication, fairly simple techniques were often successfully deployed.

"To put it in every-day terms, the tools needed to compromise an accurate vote count could be as simple as tampering with the paper audit trail connector or using a magnet and a personal digital assistant," Brunner said.

The researchers in the Ohio study didn't address the issue of probability of attack, leaving that to the determination of state and local officials. The researchers commented that with the lack of technical measures in voting system design, its integrity "is provided purely by the integrity and honesty of election officials."

"It's a testament to our state's boards of elections officials that elections on the new HAVA mandated voting systems have gone as smoothly as they have in light of these findings," Brunner said.

Testers looking at the performance of the voting systems used in Ohio and in many locales throughout the country, identified numerous risks to election integrity ranging from minor to severe, according to the review.

Also, those examining how voting systems were configured in the field found risks such as the use of materials like memory storage and printer paper that had not been certified by the voting system manufacturers; a lack of standardized equipment testing and that revisions to voting system software for all systems and counties were not documented or tracked, the review said.

Recommendations
Secretary Brunner has presented recommendations and options to address these findings to Gov. Ted Strickland and legislative leaders for their consideration. Among the top recommendations are: