Remember how e-voting firm ES&S was so against
letting California's Secretary of State have an independent security team review their e-voting machines? Well, now we know why. The state had already released one
damning security report and sued ES&S
for giving the state uncertified machines. Now the state has come out with another report on more ES&S machines and the story gets worse and worse and worse
. The good news is that California won't certify any of them. The bad news is that ES&S appears to not only be belligerent in not wanting to let California review its machines, but it also seems to be incompetent as well. As Dan Wallach notes in reviewing the report, ES&S appears to have outright ignored issues that the state asked them to address. As for the machines themselves? There seem to be all sorts of problems, including an awful lot of data stored in cleartext rather than encrypted, easily accessible and easily changed or corrupted data, and seldom-used and easily-broken password protection. Physical locks were all easily picked (some within 5 seconds, the rest within a minute). In other words, the security is a near total joke. This, despite the fact that people have been pointing out these kinds of security concerns for over five years. I wonder if the guy from ES&S who showed up a year ago and told us all
we had no clue what we were talking about and swearing up and down that the machines were safe will come back and explain these latest results.