Ohio Study Confirms Voting Systems Vulnerabilities 91
bratgitarre writes "A comprehensive study of electronic voting systems (PDF) by vendors ES&S, Hart InterCivic and Premier (formerly Diebold) found that 'all of the studied systems possess critical security failures that render their technical controls insufficient to guarantee a trustworthy election'. In particular, they note all systems provide insufficiently protection against threats from election insiders, do not follow well-known security practices, and have 'deeply flawed software maintenance' practices." Some of these machines are the ones California testers found fault with last week.
Re:Power Corrpution Apathy (Score:3, Informative)
Actually, that's one of the major difficulties. With an election, an audit trail must have an important property that isn't required by a financial system's audit trail: The audit trail must not expose a voter's actual votes.
With financial systems, there's no serious problem if the auditing system allows the bank employees to see the numbers in a customer's records. There are even situations where it's considered reasonable for a government agency to access an individual's financial records.
But with voting, exposing an individual's vote to either election employees or government agencies immediately enables such things as vote buying and vote extortion, which would pretty much eliminate the very reason for having the election.
The basic principal of auditing financial systems is to have everything stored redundantly in several different forms, with different people in charge of the different kinds of data, and a lot of cross-checking to spot inconsistencies. This does entail a minor problem of exposure of the data to the outside world, but that's not considered fatal, and can be mostly controlled by fining the people responsible for the exposure. With voting systems, none of this is true. Exposing the votes is a fatal flaw, and the people responsible are very rarely punished. All too often, they're the ones who end up running the government.
It's sorta tricky to come up with an election auditing system that keeps votes secret, while verifying that those votes are accurately counted.
Root cause of election system flaws (Score:1, Informative)
In their defense, this condition is rather common for most small firms (as well as many larger ones). As one used to working in an aggressive private industry regulatory environment, I'd suggest that these election firms become aware that their current process is not capable of sufficiently handling its security requirements and establish an industry body, or expect significantly more aggressive Federal intervention.
Re:Voting is a joke on basic principles! (Score:3, Informative)