Wednesday, March 10, 2010

Voting machine security and HAVA

Incompletely in response to the 2000 presidential election argument in Florida, where problems with punch card voting systems led to Bush v. Gore, Congress approved a law called the Help America Vote Act (HAVA) which appropriated $3.8 billion to replace punch-card and lever voting systems. Around 50 million votes were cast using electronic voting machines, while 32 million votes were cast with punch cards in the 2004 U.S. election. s the use of these machines became mainstream, several reports were released that highlighted insecurities with Optical Scan and DRE voting systems. The electronic voting machine industry joined the Information Technology Association of America, an industry organization that represents hundreds of the top technology companies in the U.S., and created the "Election Technology Council" in order to address these concerns. Many voting machines do not record votes on a paper medium. Demonstrations have shown important vulnerabilities with some electronic voting machines. Some, including Stanford professor David Dill, believe a Voter Verified Paper Audit Trail (VVPAT) is required for proper auditing of electronic results and that auditing is hard if not impossible without it, though he has acknowledged security concerns with VVPAT systems, as have other experts. According to a team of security experts, even a small alteration of the machine could have been enough to change the result in battleground states. Some computer scientists have said these machines are not tamper resistant and that open-architecture voting machines would make the process more transparent.

The voting public is denied access to the manufacturer's proprietary software, and the official certifications often do not comprise third party software (such as a Windows operating system. In several cases, agencies and experts examining the machines expressed dismay at their quality and security. At least one voting machine began counting backwards to zero when it reached 32,000 votes. The manufacturer, ES&S, allegedly had known of this issue for two years but had failed to fix the bug. In two cases, an Independent Testing Authori (CIBER Inc.) recommended voting machines for certification without testing core firmware or attempting to verify any of the crucial security aspects of the machines. CIBER's accreditation has since been terminated by the Election Assistance Commission. Some managers and/or affiliates of each of these also have criminal records, including cases of computer fraud, embezzlement, and bid rigging. In addition, voting machine companies have been accused of major security and law violations. Employees have been found to have had multiple prior convictions including bans for bid rigging, embezzlement, and drug trafficking, installing uncertified and untested versions of software on touch screen voting machines, and tampering with computer files. According to internal email messages at the manufacturers, data files used in the machines are not password protected to prevent manual editing.

Related Links:
Insurance claims software

No comments: