- Government Technology News Articles
- Digital Communities
- e-Government
- Economic Stimulus
- Emergency Management
- Emerging Technologies
- Enterprise Technology
- Green Initiatives
- Products
- Public CIO
- Public Safety
- Transportation
- Wireless
- View All News Topics…
- Get News Via Email
- Industry Perspectives
- Case Studies
- White Papers
- Partner Sites
- Government Technology Magazine
- Current Issue
- Subscribe
- Contact
-
Get Govtech's
Daily Newsletter
Princeton Researchers Find Flaws in Electronic Voting Machine
Sep 14, 2006, By Gina M. Scott
Three computer experts from Princeton University have found major security flaws in a popular electronic voting machine. Through analysis of the machine's hardware and software, the researchers believe that the Diebold AccuVote-TS voting machine, which is slated for use in 375 counties in the November 2006 elections, is vulnerable to criminal attacks.
In a paper published yesterday, Ariel Feldman, J. Alex Halderman and Edward W. Felten explain and demonstrate how easy it is for criminals to introduce malicious software to the machine. In less then one minute, a virus can be introduced which will steal votes, spread from machine to machine through memory cards, and can hide its tracks. The software can even delete itself from the machines at the end of elections.
In a demonstration, the researchers held a mock election between George Washington and the notorious Benedict Arnold. By adding the malicious vote-stealing software, an election which should have ended in a 4-1 win for Washington instead left Arnold ahead 3-2. Both the paper print out and the memory card showed the fraudulent results.
According to the paper, voting machines such as this, called Direct Recording Electronic (DRE), are nothing more then "general-purpose computers running specialized election software," of which computer scientists have been skeptical.
The main findings of the study:
KW
In a paper published yesterday, Ariel Feldman, J. Alex Halderman and Edward W. Felten explain and demonstrate how easy it is for criminals to introduce malicious software to the machine. In less then one minute, a virus can be introduced which will steal votes, spread from machine to machine through memory cards, and can hide its tracks. The software can even delete itself from the machines at the end of elections.
In a demonstration, the researchers held a mock election between George Washington and the notorious Benedict Arnold. By adding the malicious vote-stealing software, an election which should have ended in a 4-1 win for Washington instead left Arnold ahead 3-2. Both the paper print out and the memory card showed the fraudulent results.
According to the paper, voting machines such as this, called Direct Recording Electronic (DRE), are nothing more then "general-purpose computers running specialized election software," of which computer scientists have been skeptical.
The main findings of the study:
- Malicious software running on a single voting machine can steal votes with little if any risk of detection. The malicious software can modify all of the records, audit logs, and counters kept by the voting machine, so that even careful forensic examination of these records will find nothing amiss.
- Anyone who has physical access to a voting machine, or to a memory card that will later be inserted into a machine, can install said malicious software using a simple method that takes as little as one minute. In practice, poll workers and others often have unsupervised access to the machines.
- AccuVote-TS machines are susceptible to voting-machine viruses -- computer viruses that can spread malicious software automatically and invisibly from machine to machine during normal pre- and post-election activity.
- While some of these problems can be eliminated by improving Diebold's software, others cannot be remedied without replacing the machines' hardware. Changes to election procedures would also be required to ensure security.
KW
Industry Solutions for Government
Read real world deployments of technology in government from our sponsors.
View All Industry SolutionsRelated Products and Services
Marketplace
Video 
-
Clean Tech Capital
Chad Vander Veen reports on Sacramento's growing clean technology industry. -
Power Aid, Texting 911 & Broadband
Battery running low? Power up on the go. Got an emergency? Now some residents can text for help. And survey reveals broadband barriers. -
Belkin the Vampire Slayer
Belkin surge protector takes a bite out of vampire power.
Government Jobs
Browse hundreds of public sector career opportunities in GovTech's new jobs section. Popular job searches: government IT, public safety, GIS, transportation, CIO, security, health
Magazines:
Magazine Sites,
Government Technology,
Digital Communities,
Public CIO,
Emergency Management,
Advertise
Resources:
Site Map,
Search,
Events,
Video, Government Articles, Slide Shows, Case Studies, Privacy Policy, News Feeds (RSS), MyGT
Video, Government Articles, Slide Shows, Case Studies, Privacy Policy, News Feeds (RSS), MyGT
Email Newsletters to Stay Informed:
Executive News,
Digital Communities,
Emergency Management,
Public CIO,
Security,
Justice and Public Safety,
Webinars.
twitter
Site owned by e.Republic, Inc.
100 Blue Ravine Rd. Folsom, CA 95630.
916-932-1300 Copyright © 1995-2008. All rights reserved.
100 Blue Ravine Rd. Folsom, CA 95630.
916-932-1300 Copyright © 1995-2008. All rights reserved.
Government Technology Magazine
Government Technology Magazine provides information technology (IT) case studies, applications, news and best practices for state, city and county government.
Get FREE SubscriptionEmergency Management Magazine
Emergency Management Magazine provides technology news and solutions to the local government authorities that help protect our communities.
Get FREE SubscriptionPublic CIO Magazine
Public CIO Magazine provides technology news and solutions to public sector C-level technology executives.
Get FREE SubscriptionDigital Communities Magazine
Digital Communities Magazine is the premier information source for cities, counties and regions to explore and share experiences and best practices beyond just infrastructure and mobile innovations.
Get FREE Subscription
Comments
Diebold Election Systems Response to the Princeton University AccuVote-TS Analysis The following statement may be attributed to Dave Byrd, President, Diebold Election Systems. September 13, 2006 ? ?Three people from the Center for Information Technology Policy and Department of Computer Science at Princeton University today released a study of a Diebold Election Systems AccuVote-TS unit they received from an undisclosed source. The unit has security software that was two generations old, and to our knowledge, is not used anywhere in the country. Normal security procedures were ignored. Numbered security tape, 18 enclosure screws and numbered security tags were destroyed or missing so that the researchers could get inside the unit. A virus was introduced to a machine that is never attached to a network.? ?By any standard - academic or common sense - the study is unrealistic and inaccurate.? ?The current generation AccuVote-TS software ? software that is used today on AccuVote-TS units in the United States - features the most advanced security features, including Advanced Encryption Standard 128 bit data encryption, Digitally Signed memory card data, Secure Socket Layer (SSL) data encryption for transmitted results, dynamic passwords, and more.? ?These touch screen voting stations are stand-alone units that are never networked together and contain their own individual digitally signed memory cards.? ?In addition to this extensive security, the report all but ignores physical security and election procedures. Every local jurisdiction secures its voting machines - every voting machine, not just electronic machines. Electronic machines are secured with security tape and numbered security seals that would reveal any sign of tampering.? ?Diebold strongly disagrees with the conclusion of the Princeton report. Secure voting equipment, proper procedures and adequate testing assure an accurate voting process that has been confirmed through numerous, stringent accuracy tests and third party security analysis.? ?Every voter in every local jurisdiction that uses the AccuVote-TS should feel secure knowing that their vote will count on Election Day.?
Latest Government Technology News