California Reviews... And Decertifies... More ES&S E-Voting Machines

from the a-lesson-in-weak-security dept

Remember how e-voting firm ES&S was so against letting California's Secretary of State have an independent security team review their e-voting machines? Well, now we know why. The state had already released one damning security report and sued ES&S for giving the state uncertified machines. Now the state has come out with another report on more ES&S machines and the story gets worse and worse and worse. The good news is that California won't certify any of them. The bad news is that ES&S appears to not only be belligerent in not wanting to let California review its machines, but it also seems to be incompetent as well. As Dan Wallach notes in reviewing the report, ES&S appears to have outright ignored issues that the state asked them to address. As for the machines themselves? There seem to be all sorts of problems, including an awful lot of data stored in cleartext rather than encrypted, easily accessible and easily changed or corrupted data, and seldom-used and easily-broken password protection. Physical locks were all easily picked (some within 5 seconds, the rest within a minute). In other words, the security is a near total joke. This, despite the fact that people have been pointing out these kinds of security concerns for over five years. I wonder if the guy from ES&S who showed up a year ago and told us all we had no clue what we were talking about and swearing up and down that the machines were safe will come back and explain these latest results.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, Mar 27th, 2008 @ 3:14pm

    Maintain solidarity, guys. Accept no compromises. The masses will let us fix their PCs.. they will pause and contemplate when you spew forth venom on e-voting fiascos whenever the subject arises.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Mar 27th, 2008 @ 3:21pm

    I wonder if the guy from ES&S who showed up a year ago and told us all we had no clue what we were talking about and swearing up and down that the machines were safe will come back and explain these latest results.

    I guess not.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Mar 27th, 2008 @ 3:47pm

    You want to know what ES&S will say to this. I want to know why there are states that are using these machines when the issues have been publically identified.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    CVPunk, Mar 27th, 2008 @ 3:54pm

    follow the yellowbrick road...

    Pay no attention to the man behind the curtain!!!

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Rusty Shackleford, Mar 27th, 2008 @ 5:05pm

    Dont think E-voting will ever work

    besides the troubles in the technology... the people running the countries are so dirty that even when you have the best guy in the world running for office... you wouldnt know it because he sounds like all the rest... and thatsa real shame for the people. Getting these machines into the voting process only creates the opportunity for more underhanded events to happen... such as recounts are useless... the number is the number... and that can be changed by whoever sees fit to change it... I would love to see evoting work... I just dont think, in t5his dishonest world it will ever work to the satisfaction of the people

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Boot13, Mar 28th, 2008 @ 7:19am

    Are Automated Teller Machines secure?

    I use ATMs all the time, so I hope they're secure. Who makes them? If they're secure, why don't we get those people to make voting machines? If they're not, well, we sure as heck need to know about that too!

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    Richard Ahlquist (profile), Mar 28th, 2008 @ 11:08am

    Re: Are Automated Teller Machines secure?

    ROTFLMAO! Boot13 ummm wow how long have you worked for Diebold? Who happens to make both ATM and Voting machines and who has gotten quite a lot of press over how bad their voting devices are...

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Donald King, Mar 28th, 2008 @ 7:41pm

    Re: Are Automated Teller Machines secure?

    ATMs are in a different category than voting machines. If an ATM has a security flaw, the bank knows who owns what account and which ATM was used when, and both you and the bank have all the paper records you'll ever need.

    With voting, anonymity is a very important goal. If the voting machine prints out perfectly accurate receipts that you can use to double-check how your vote was counted, then (employers|union bosses|mobsters|etc.) can threaten you into voting for the "right" candidate. So a voting machine is almost the exact opposite of an ATM.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Jake, Mar 30th, 2008 @ 12:02am

    The report on the machines makes fascinating reading, in a morbid sort of way. In particular, check out ES&S's responses to the concerns raised, especially Item 7 on Page 19.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This