Ohio's electronic voting systems have such significant security vulnerabilities that the machines do little to ensure the integrity of the elections, stated a report released on Friday by Ohio's Secretary of State.
The report, dubbed the Evaluation and Validation of Election Related Equipment, Standards and Testing (EVEREST), described the conclusions of two analysis firms -- Denver-based SysTest Labs and Columbus, Ohio-based MicroSolved -- and three academic teams to test election systems made by Premier, ES&S and Hart InterCivic. The manufacturers' systems failed to meet any of twelve baseline security criteria -- such as the use of a firewall, end-to-end encryption and secure development practices -- except for ES&S's system, which met one of the criteria.
Because of the lack of effective security measures, the report's authors stated that the integrity of the vote is provided purely by the integrity and honesty of election officials.
The results underscore the need for a fundamental change in the structure of Ohios election system to ensure ballot and voting system security while still making voting convenient and accessible to all Ohio voters, Jennifer Brunner, Ohio's Secretary of State, said in a statement published on Friday. In an era of computer-based voting systems, voters have a right to expect that their voting system is at least as secure as the systems they use for banking and communication."
Ohio, and at least a handful of other states, had problems with election machines during the 2006 general election. Many security researchers have focused on Diebold Election Systems' machines, following a leak of some of the source code used in that system. In 2006, a problem with an election system's ballot configuration likely confused voters in Florida, leading to a much higher-than-normal undervote for a contested seat in the U.S. House of Representatives.
All three voting machine makers -- Premier, ES&S and Hart -- took issue with the EVEREST report.
"We can say that, based on our initial review, we strongly disagree with some of the technical findings in the report," ES&S said in a statement. Hart and Premier (PDF) also posted statements on the report.
Secretary Brunner recommended that Ohio move to central counting of ballots, allowing absentee voting, and eliminate voting that does not create a tangible record of the vote, relying on optical scan ballots.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos