ES&S Voting Machine Reviewed: Security Is Lacking

from the you-expected-otherwise? dept

ES&S is already involved in a lawsuit for providing uncertified software to California e-voting machines, but things keep getting worse for the company. Beyond all the other problems it’s had with buggy machines and a defiant attitude towards anyone who questions the company, California has finally produced the independent security team review of the ES&S machines used in California and it’s not pretty. You may recall that all of the other e-voting machines were reviewed by independent researchers four months ago. ES&S, however, wasn’t included in that review because the company stubbornly refused to hand over its source code until well after the deadline, meaning that the review had to wait. However, the results are pretty similar to the other machines. The machine was clearly not built with security in mind, as both the software and the physical security were found to be lacking and easily violated in ways that would not leave much of a trace. At this point, none of this should be even remotely surprising. What still is surprising is why none of these firms will even admit that their approaches to date have fallen well short of what was necessary — while committing to building new machines that actually have real security and accountability built in.

Filed Under: ,
Companies: es&s

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “ES&S Voting Machine Reviewed: Security Is Lacking”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: Re:

“Never attribute to malice that which can be explained by incompetence.”

Fixed. Perfect thing to quote in regards to these ‘voting machines.’

I’m honestly surprised the government (state or better yet, Federal) doesn’t treat these like they do military hardware. Send out an RFP (request for proposal) with specific needs and do a competitive bid.

Should the winning bid fail to meet the needs (such as being able to be compromised as easily as these POSes) move on to the next bidder.

Then once they get a working model, STANDARDIZE IT and use it until a flaw is found.

Won’t happen, but it’d be nice.

ECA (profile) says:


Any old programmers here? Want to start a company..

What would it take to HIT the BIOS and lock down ALL ports.
USE a BASIC input device, like a Numeric pad ONLY.
And make the Whole program in GW basic.. Or just use DOS, and HTML..
WHAt is so hard about LOCKING down ports, and NOT installing DRIVERS for those ports…UNLESS you want to USE WINDOWS, there SHOULDNT be a problem.

Trevlac says:

Re: Hmmm

When you capitalize whole words to put emphasis on them like this it MAKES me WANT to SMASH your FACE in WITH a HAMMER. Because I can hear your repetitive cadence in my head — and it is maddening. As to what you said, you’re all over the place with computer terms. Try to consolidate your argument or at least explain each method of intrusion.

As far as the voting machines go, why are we even allowing this to continue?

Rich Kulawiec says:

Technology is the wrong answer

And I say that as a long-time technologist.

Part of the reason that it’s the wrong answer is that
the wrong question is being asked — or perhaps another way
to put that is that the wrong
requirements are being articulated. Consider, for example:
what is the functional requirement for the time lag
between end-of-voting and result reporting?

I submit that the answer to that question ranges somewhere
from “days” to “weeks”, as in most countries there is a considerable
lag between when an election’s winner is determined and when
that winner assumes office. There is thus no functional
requirement for real-time reporting of results. (Yes, I’m aware
that the media would like this, but elections are not run
for the benefit of media. It is vitally important to get the
numbers right; it is of no importance at all to get them quickly.)

This line of reasoning (and others similar to it) lead me to
the conclusion that very simple voting systems (e.g., pencil
and paper) will meet all functional requirements. In addition,
such systems are well-understood — in part due to long
experience in the field — and numerous anti-fraud techniques
are known for them.

The answer isn’t to “fix” these hopelessly-broken
voting machines; the answer is to dispense with them entirely.

(Let me anticipate a possible counter-argument about
the tedium of having tens of millions of ballots repeatedly
hand-counted over a period of (say) a few weeks: don’t you think that democracy’s worth
that minor delay and trifling inconvenience?)

Katie Jones says:

ES&S has installed pcanywhere which allows anyone even overseeas

To hack those voting machines. Roy Moore’s election has proof his totally of votes were hacked and I believe it was done or recorded by inforwars people. I saw it but it has disappeared right now I saw the numbers change. There is NO security in that product and now a judge has blocked the ditical footprint to count the votes to see if they were right. Roy Moore’s election was not right and in my opinion the Secretary of State is covering it up!

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...