Former CIA director R. James Woolsey and legendary free software creator Brian "bash" Fox took to the New York Times's op-ed page to explain that proprietary software and voting machines don't mix, because unless anyone who wants to can audit the software that powers the nation's elections, exploitable bugs will lurk in them, ready to be used by bad guys to screw up the vote-count.
Chris Msando is the Kenyan electoral commission IT manager who oversaw the country's computerized voting systems; now, just days before a hotly contested election, his body has been found in the Kikuyu area in Nairobi's outskirts, and the Independent Electoral and Boundaries Commission says he was tortured and murdered.
Since the 2000 Bush-Gore election crisis and the hanging-chad controversy, voting machine vendors have been offering touchscreen voting machines as a solution to America's voting woes — and security researchers have been pointing out that the products on offer were seriously, gravely defective.
The news of attempts by Russian hackers to compromise US voting systems will forever throw into question the results of close US elections — but that's not just because voting machines are security tire-fires, it's because they're security tire-fires whose vote-counts cannot be audited.
It's been thirteen years since we started writing here about the shenanigans of the electronic voting machine industry, who were given a gift when, after the contested 2000 elections, Congress and the Supreme Court signaled that elections officials had to go and buy new machines.
"Canadians have until October 7, 2016 to provide their feedback to the Parliamentary Special Committee on Electoral Reform, which is studying the possibility of national online voting, along with having consultations about using electronic voting machines in national elections."
It's been more than 16 years since faulty voting machine technology called into question a US presidential election, and in the ensuing 1.6 decades, the voting machine industry has used bafflegab, intimidation and salesmanship to continue selling faulty goods, whose flaws surface with despressing regularity.
Wichita State University's Beth Clarkson (who is also chief statistician of WSU's National Institute for Aviation Research) discovered "odd patterns" in Kansas electoral voting records, so she requested public docs to help her get to the bottom of things — requests that state officials ignored, dodged, and stalled.
Tagg Romney doesn't own Ohio's voting machines. And Joseph Lorenzo Hall, senior staff technologist at the Center for Democracy and Technology in D.C., says that a lot of the fears the public has about electronic voting are equally unfounded. The biggest thing to worry about, he tells The Awl's Maria Bustillos, is that we're so busy sending around email forwards about ostensible vast conspiracies that we're not paying enough attention to the very real security and tech problems that do exist in the voting system. — Read the rest
Republican Ohio Secretary of State Jon Husted has asked voting machine giant ES&S to install last-minute, unverified, custom firmware updates on the state's voting machines. This is highly irregular, and the details of it are shrouded in secrecy and silence — the few, terse statements from Husted's office on the matter have been self-contradictory and unhelpful. — Read the rest
Oldsma sez, "DC election officials put a test version of their voting system up in a mock primary and invited white hat attacks. U. Michigan broke it completely within 36 hours. DC officials reply, in a nutshell, 'Well, that's why we asked people to test it.'" — Read the rest
Hari Prasad is one of the winners of this year's Electronic Frontier Foundation Pioneer Awards; in Prasad's case, the prize was awarded based on his excellent work dissecting the (deeply flawed) electronic voting machines used in India's elections. Prasad was imprisoned by Indian authorities for pointing out the many vulnerabilities he and his colleagues discovered. — Read the rest
Over at the Submitterator, lbigbadbob points us to this video of a Sequoia AVC Edge touch-screen DRE voting machine hacked to, er, play Pac-man. This was done without breaking any of the tamper-evident seals. Nice work, J. Alex Halderman, University of Michigan, and Ariel J. — Read the rest
E-voting security researcher J Alex Halderman writes,
India, the world's largest democracy, votes entirely on paperless electronic voting machines. There are an incredible 1.4 million machines in use. Authorities claim they are "tamperproof", "infallible", and "perfect," but they've prevented anyone from doing an independent security analysis by denying access on secrecy and intellectual property grounds.
Sequouia, a company that makes many of the electronic voting machines used in the US and elsewhere, has inadvertently leaked much of the secret source-code that powers its systems. The first cut at analysis shows what looks like illegal election-rigging code ("code that appears to control or at least influence the logical flow of the election") in the source. — Read the rest
The Security Group at
the University of California in Santa Barbara has released the video that shows the attacks carried out against the Sequoia
voting system. I heard about the video when talking to some members of the
group, but it was never made available to the public before.
Adam sez, "Ed Felten of Princeton University followed the news coming out of NJ during the recent (non-presidential) primaries. Some of the Sequoia machines couldn't handle a name containing a 'n' with a tilde, but more surprising of all, voting machines were left unattended overnight in schools and churches all around Princeton, NJ. — Read the rest
