by Mike Masnick
Thu, Mar 27th 2008 12:57pm
Remember how e-voting firm ES&S was so against letting California's Secretary of State have an independent security team review their e-voting machines? Well, now we know why. The state had already released one damning security report and sued ES&S for giving the state uncertified machines. Now the state has come out with another report on more ES&S machines and the story gets worse and worse and worse. The good news is that California won't certify any of them. The bad news is that ES&S appears to not only be belligerent in not wanting to let California review its machines, but it also seems to be incompetent as well. As Dan Wallach notes in reviewing the report, ES&S appears to have outright ignored issues that the state asked them to address. As for the machines themselves? There seem to be all sorts of problems, including an awful lot of data stored in cleartext rather than encrypted, easily accessible and easily changed or corrupted data, and seldom-used and easily-broken password protection. Physical locks were all easily picked (some within 5 seconds, the rest within a minute). In other words, the security is a near total joke. This, despite the fact that people have been pointing out these kinds of security concerns for over five years. I wonder if the guy from ES&S who showed up a year ago and told us all we had no clue what we were talking about and swearing up and down that the machines were safe will come back and explain these latest results.
If you liked this post, you may also be interested in...
- Legislators, School Administrators Back Off Cellphone Search Bill After Running Into ACLU Opposition
- The Teddy Bear And Toaster Act Is Device Regulation Done Wrong
- Secret Sorority Handshakes, Questionable Lawsuits, Free Speech, The Right To Be Forgotten And Section 230
- Cause For Concern: 'Experimental' Patches Applied To Ohio Voting Machines Without Certification
- Why Isn't There A Central Database Of E-Voting Problems?