ES&S Voting Machine Reviewed: Security Is Lacking
from the you-expected-otherwise? dept
ES&S is already involved in a lawsuit for providing uncertified software to California e-voting machines, but things keep getting worse for the company. Beyond all the other problems it’s had with buggy machines and a defiant attitude towards anyone who questions the company, California has finally produced the independent security team review of the ES&S machines used in California and it’s not pretty. You may recall that all of the other e-voting machines were reviewed by independent researchers four months ago. ES&S, however, wasn’t included in that review because the company stubbornly refused to hand over its source code until well after the deadline, meaning that the review had to wait. However, the results are pretty similar to the other machines. The machine was clearly not built with security in mind, as both the software and the physical security were found to be lacking and easily violated in ways that would not leave much of a trace. At this point, none of this should be even remotely surprising. What still is surprising is why none of these firms will even admit that their approaches to date have fallen well short of what was necessary — while committing to building new machines that actually have real security and accountability built in.
Filed Under: california, e-voting
Companies: es&s
Comments on “ES&S Voting Machine Reviewed: Security Is Lacking”
never atribute to malice what can be explained by incompatance, however at this point incompatance is getting harder and harder to believe
Re: Re:
“Never attribute to malice that which can be explained by incompetence.”
Fixed. Perfect thing to quote in regards to these ‘voting machines.’
I’m honestly surprised the government (state or better yet, Federal) doesn’t treat these like they do military hardware. Send out an RFP (request for proposal) with specific needs and do a competitive bid.
Should the winning bid fail to meet the needs (such as being able to be compromised as easily as these POSes) move on to the next bidder.
Then once they get a working model, STANDARDIZE IT and use it until a flaw is found.
Won’t happen, but it’d be nice.
Re: Re:
Main Entry:in-com-pe-tence
Function:noun
Date:1663
: the state or fact of being incompetent
Or in this case, the state of desperately needing a spell checker in the comments area
Hmmm
Any old programmers here? Want to start a company..
What would it take to HIT the BIOS and lock down ALL ports.
USE a BASIC input device, like a Numeric pad ONLY.
And make the Whole program in GW basic.. Or just use DOS, and HTML..
WHAt is so hard about LOCKING down ports, and NOT installing DRIVERS for those ports…UNLESS you want to USE WINDOWS, there SHOULDNT be a problem.
Re: Hmmm
When you capitalize whole words to put emphasis on them like this it MAKES me WANT to SMASH your FACE in WITH a HAMMER. Because I can hear your repetitive cadence in my head — and it is maddening. As to what you said, you’re all over the place with computer terms. Try to consolidate your argument or at least explain each method of intrusion.
As far as the voting machines go, why are we even allowing this to continue?
I’m no expert programmer, but how hard is it to make a program using 5 buttons at the most. I thought the point of e-voting is an accurate count, not a complex global network with special features.
Technology is the wrong answer
And I say that as a long-time technologist.
Part of the reason that it’s the wrong answer is that
the wrong question is being asked — or perhaps another way
to put that is that the wrong
requirements are being articulated. Consider, for example:
what is the functional requirement for the time lag
between end-of-voting and result reporting?
I submit that the answer to that question ranges somewhere
from “days” to “weeks”, as in most countries there is a considerable
lag between when an election’s winner is determined and when
that winner assumes office. There is thus no functional
requirement for real-time reporting of results. (Yes, I’m aware
that the media would like this, but elections are not run
for the benefit of media. It is vitally important to get the
numbers right; it is of no importance at all to get them quickly.)
This line of reasoning (and others similar to it) lead me to
the conclusion that very simple voting systems (e.g., pencil
and paper) will meet all functional requirements. In addition,
such systems are well-understood — in part due to long
experience in the field — and numerous anti-fraud techniques
are known for them.
The answer isn’t to “fix” these hopelessly-broken
voting machines; the answer is to dispense with them entirely.
(Let me anticipate a possible counter-argument about
the tedium of having tens of millions of ballots repeatedly
hand-counted over a period of (say) a few weeks: don’t you think that democracy’s worth
that minor delay and trifling inconvenience?)
ES&S has installed pcanywhere which allows anyone even overseeas
To hack those voting machines. Roy Moore’s election has proof his totally of votes were hacked and I believe it was done or recorded by inforwars people. I saw it but it has disappeared right now I saw the numbers change. There is NO security in that product and now a judge has blocked the ditical footprint to count the votes to see if they were right. Roy Moore’s election was not right and in my opinion the Secretary of State is covering it up!