Federal Court Upholds Calif. E-voting Ban

[David Farber <dave () farber net>]

Begin forwarded message:

From: gep2 () terabites com
Date: July 7, 2004 11:07:01 PM EDT
To: ElectionProtection () yahoogroups com,  
ElectionProtectionTech () yahoogroups com,  
DigitalDemocrats () yahoogroups com, dfarber () cs cmu edu,  
dallasdemocrats () egroups com
Subject: Federal Court Upholds Calif. E-voting Ban



<---- Begin Forwarded Message ---->
Subject: Federal Court Upholds Calif. E-voting Ban
Date: Wed, 7 Jul 2004 20:27:07 -0500
From: "Harry Nass" <harryn () bridgeheadnetworks com>
To: <gep2 () terabites com>

Gordon:

From ComputerWorld today.  Harry

Federal Court Upholds Calif. E-voting Ban

A federal judge today upheld a directive from the California secretary
of state that decertified touch-screen voting machines and withheld
future certification until the systems meet specific security
requirements, such as offering voter-verifiable paper audit trails.

http://www.computerworld.com/newsletter/0,4902,94372,00.html?nlid=PM
<http://www.computerworld.com/newsletter/0,4902,94372,00.html?nlid=PM>


Federal court upholds Calif. e-voting ban
The decision could have a nationwide impact


News Story by Dan Verton

JULY 07, 2004 (COMPUTERWORLD) - A federal judge today upheld California
Secretary of State Kevin Shelley's April 30 directive that decertified
touch-screen voting machines and withheld future certification until  
vendors of
those systems could meet specific security requirements, including
voter-verifiable paper audit trails (VVPAT).

The decision arose from a lawsuit, Benavidez v. Shelley, brought by  
disability
rights advocates and four California counties -- Riverside, San  
Bernardino, Kern
and Plumas -- that oppose Shelley's VVPAT requirement and  
decertification orders
for direct-recording equipment (DRE) voting systems.

The plaintiffs argued that banning the systems would disenfranchise  
visually or
physically impaired voters.

In an order issued today by the U.S. District Court for the Central  
District of
California (download PDF), Judge Florence-Marie Cooper wrote that "the  
evidence
does not support the conclusion that the elimination of the DREs would  
have a
discriminatory effect on the visually or manually impaired."

Cooper also said that the secretary of state's "decision to suspend the  
use of
DREs pending improvement in their reliability is certainly a rational  
one,
designed to protect the voting rights of the state's citizens." Cooper  
also
characterized Shelley's paper audit trail requirement as consistent  
with his
obligation to ensure the accuracy of election votes.

Cindy Cohn, legal director for the Electronic Frontier Foundation,  
called the
court's decision a "landmark" ruling.

"The court said in clear, unambiguous terms that requiring a paper  
trail for
e-voting machines is consistent with the obligation to assure the  
accuracy of
election results," Cohn said. "That's an enormous victory for secure  
elections."

"This is great news for voters in California and for the rest of the  
country,"
said Kim Alexander, president of the California Voter Foundation.

Specifically, the judge's ruling with regard to the Americans With  
Disabilities
Act "has national ramifications" for e-voting, said Alexander. "This  
landmark
ruling, which takes into account California laws as well as federal  
laws such as
the ADA and the Help America Vote Act of 2002, will have a  
reverberating impact
on states across the country."

The decision comes at a time when state and local elections officials  
are
scrambling to ensure that e-voting systems in different states are  
reliable,
accurate and can be secured from tampering in time for the November  
election.

Two weeks ago, the Brennan Center for Justice at the New York  
University School
of Law and the Leadership Conference on Civil Rights released a report  
by an IT
security panel that outlined a strategy for certifying the security and
reliability of touch-screen DRE voting systems (see story 1 below). The  
systems
will be used in jurisdictions representing about 30% of registered  
voters in the
upcoming presidential election.

And in testimony before the U.S. Election Assistance Commission in May,  
security
researchers said that without paper audit trails, the 50 million  
Americans who
will use electronic voting machines this fall will have no way of  
knowing
whether their votes were recorded properly. The security researchers  
also
testified that the code base powering the systems is so complex that  
election
officials can't be sure it's free of malicious code designed to  
manipulate
election results (see story 2 below).



===================================


http://www.computerworld.com/securitytopics/security/story/ 
0,10801,94311,00.html


Time Running Out for E-voting Security Plan
Panel calls for independent oversight of voting systems, but it may be  
too late



News Story by Dan Verton

JULY 05, 2004 (COMPUTERWORLD) - State and local jurisdictions must act
immediately to ensure the security of the electronic voting systems  
that are to
be used in the November presidential election, according to an IT  
security
panel. But the panel's recommendations may well have come too late.
In a report released last week by the Brennan Center for Justice at the  
New York
University School of Law and the Leadership Conference on Civil Rights,  
the
panel outlined a strategy for certifying the security and reliability of
touch-screen direct recording electronic (DRE) voting systems. The  
systems will
be used in jurisdictions representing about 30% of registered voters in  
the
upcoming presidential election.

While analysts in the security and elections communities praised the  
report,
most agreed that it may have come too late for states and local  
jurisdictions to
act upon.

Chief among the panel's eight recommendations is a call for elections  
officials
to hire a well-qualified, independent security team to examine the  
potential for
operational failures and malicious attacks against DRE voting systems.  
According
to the report, such a team "must be free of any business relationships  
with any
voting system vendors or designers" and must be granted unfettered  
access to all
software code and configuration data.

The panel also recommended that all jurisdictions contract for  
independent "red
team" exercises to uncover any hidden physical or electronic  
vulnerabilities in
DRE systems. And it urged election officials to make public information  
about
the level of cooperation received from DRE system vendors.

Site-specific security procedures and physical security also weighed  
heavily in
the panel's report. For example, the experts urged jurisdictions to use  
"tamper
tape" on all vulnerable hardware devices and to document strict  
procedures for
system repairs.

Jim Adler, CEO of VoteHere Inc., a Bellevue, Wash.-based developer of  
electronic
voting security technologies, said the recommendations are an accurate
reflection of what must be done.

But many of the systems and procedures for the November election are  
either
already in place or are now being deployed. "It's late," said Adler,  
who was
interviewed by the panel for the report. "Where was this a year ago?"

Jeremy Epstein, senior director for product security at Fairfax,  
Va.-based
WebMethods Inc., characterized the panel's report as a set of short-term
recommendations that are "exactly on the mark."

Epstein said he believes the recommendations can be implemented in time  
for the
election. But "over the longer term," he added, "the need is clearly  
there for
voter-verified paper audit trails or perhaps some form of  
cryptographically
protected voting."



Election officials should:

Hire an independent team of security experts to examine the potential  
for
failures and attack, and implement the team's recommendations.
------------------------------------------------------------------------ 
--------
Provide thorough training for all election officials and workers on  
security
procedures.
------------------------------------------------------------------------ 
--------
Develop procedures for random parallel testing of the voting systems in  
use to
detect malicious code or bugs in the software.
------------------------------------------------------------------------ 
--------
Create a permanent independent technology panel to monitor the process.
------------------------------------------------------------------------ 
--------
Establish procedures for regular reviews of audit facilities and  
operating logs
for voting terminals and canvassing systems.
------------------------------------------------------------------------ 
--------
Prepare and follow standardized procedures for response to alleged or  
actual
security incidents.



===================================================

http://www.computerworld.com/governmenttopics/government/policy/story/ 
0,10801,92
950,00.html


E-voting system security, integrity under fire
Researchers, IT vendors square off over the security of electronic  
voting


News Story by Dan Verton

MAY 06, 2004 (COMPUTERWORLD) - WASHINGTON -- IT security researchers  
have
uncovered significant vulnerabilities in the electronic voting systems  
that
nearly 30% of all registered voters will use in the upcoming  
presidential
election, raising concerns about what already looks to be one of the  
most
divisive elections in U.S. history.
In testimony before the U.S. Election Assistance Commission yesterday,  
security
researchers said that without voter-verifiable paper receipts, the 50  
million
Americans who will use electronic voting machines this fall will have  
no way of
knowing if their votes were recorded properly. Even worse, the code base
powering the systems is so large and complex that there's little way for
election officials to be sure it is free of malicious code designed to
manipulate election results.

"My biggest concern is that in a very large trusted computing base, the  
threat
of somebody with access to the development environment of the code base,
particularly the vendor, basically is in position to make the outcome  
of the
election come out how they would like, and it's virtually  
undetectable," said
Avi Rubin, a professor at the Johns Hopkins University Information  
Security
Institute. "The trusted computing base is approximately 50,000 lines of  
computer
code sitting on top of tens of millions of lines of [operating system]  
code. It
is impossible to secure such a large trusted computing base," said  
Rubin.

Commission members also expressed concern about the potential for  
vendors to
influence elections, especially since some have taken active roles in  
operating
polling stations and, in the case of Diebold Election Systems' CEO  
Walden
O'Dell, stated publicly the intent to deliver election results to  
President
George W. Bush.

Rubin recently had 40 Ph.D. candidates design Trojan horse programs to  
assess
the security of the systems. "I was astounded to see the cleverness and  
ease
with which the malicious code was hidden and how difficult it was to  
find,"
Rubin told the commission. "In the short term, meaning November 2004, a
voter-verifiable paper ballot is necessary. It's the only way to get  
around all
of the security problems in the machines" and, if necessary, to conduct
meaningful recounts.

Rubin, who has come under fire from IT vendors and their Washington  
lobby, the
Information Technology Association of America, recently worked as a  
polling
official to observe the process firsthand. While that experience forced  
him to
rethink some of his early concerns about the security of the system, he  
came
away with new concerns about the risk of manipulation and fraud.

"At the end of the day, the memory cards were taken out of all of the  
machines
and put into one machine ... and then they were [transmitted via modem]  
to
back-end servers," said Rubin, noting that the polling station used a  
broken
cipher for encryption and a key that was hard-wired to all of the  
machines.

He called that "a single point of vulnerability" and pointed out that  
there is
no encryption to protect the transmission.

Ted Selker, a professor at MIT and a former IBM fellow, said there are  
ways to
counter such vulnerabilities. But encryption would be too difficult to  
deploy in
time for the November vote, he said. And in some cases, registration  
databases
remain full of errors -- a problem that led to between 1.5 million and  
3 million
votes being lost during the 2000 election.

The IT vendors that make the systems in question, sought to discredit  
Rubin's
research by characterizing it as laboratory work that has little  
relevance to a
real-world voting environment. Some also complained that until last  
year,
election officials were more interested in usability improvements than  
better
security.

"What's been missing from these laboratory-originated critiques has  
been the
real-world experience of the voting booth," said Mark Radke, director of
marketing at McKinney, Texas-based Diebold Election Systems Inc., which  
made the
system tested by Rubin and his students. The questions and doubts  
raised are
"theoretical in nature," he said.

Neil McClure, general manager of Hart Intercivic Inc. in Austin, said  
product
changes should be based on risk assessments, not solely on the  
existence of
vulnerabilities. He discounted the threat of electronic tampering,  
saying it
would require a long-term commitment by a motivated attacker.

Unfortunately, both the IT vendors and the researchers agreed that  
properly
securing the existing systems would take equally as long. "For 2004, we  
have the
equipment we have," said Selker.


[picture]

IT vendors of electronic voting systems said the threat of manipulation  
is
overblown. (L to R) Alfie Charles, vice president of business  
development for
Sequoia Voting Systems; William F. Welsh, board member of Election  
Systems &
Software Inc.; Kevin Chung, founder and CEO of Avante International  
Technology
Inc.; Mark Radke, director of marketing at Diebold Election Systems;  
and Neil
McClure, general manager of Hart Intercivic Inc.  (Image Credit: Dan  
Verton)


<----  End Forwarded Message  ---->

Gordon Peterson                  http://personal.terabites.com/
1977-2002  Twenty-fifth anniversary year of Local Area Networking!
Support free and fair US elections!   
http://stickers.defend-democracy.org
12/19/98: Partisan Republicans scornfully ignore the voters they  
"represent".
12/09/00: the date the Republican Party took down democracy in America.


-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/