Re: Ohio Elections Official Calls Machines Flawed

[InfoSec News <alerts () infosecnews org>]

Forwarded from: Dave Dittrich <dittrich (at) u.washington.edu>

InfoSec News wrote:
> http://www.nytimes.com/2007/12/15/us/15ohio.html
>
> By Bob Driehaus
> The New York Times
> December 15, 2007
>
> CINCINNATI - All five voting systems used in Ohio ...have critical 
> flaws...

> At polling stations, teams working on the study were able to pick 
> locks to access memory cards and use hand-held devices to plug false 
> vote counts into machines. At boards of election, they were able to 
> introduce malignant software into servers.
>
> Ms. Brunner proposed replacing all of the states voting machines, 
> including the touch-screen ones used in more than 50 of Ohios 88 
> counties.

So when will we see a call for a refund on the millions of dollars spent 
on those highly flawed systems after the 2000 election? Or at minimum a 
legislatively mandated discount that will cap the profits on the next 
generation?

When there is a shortage of funds available for computer security R&D, 
its a shame to see orders of magnitude more money spent on systems that 
would have benefited from the R&D had that been done first, not after 
the problems are discovered.

Do we always have to do things backwards? Sigh...

-- 
Dave Dittrich                          Information Assurance Researcher,
dittrich (at) u.washington.edu         The iSchool
http://staff.washington.edu/dittrich   University of Washington

PGP key      http://staff.washington.edu/dittrich/pgpkey.txt
Fingerprint  FE97 0C57 0843 F3EB 49A1  0CD0 8E0C D0BE C838 CCB5


__________________________________________________________________      
Visit InfoSec News
http://www.infosecnews.org/