In 2004, about 32% of voters used electronic voting machines compared to about 80% in 2008.
2004 source:
http://www.reformelections.org/publications.asp?pubid=4752008 source:
http://www.verifiedvotingfoundation.org/article.php?id=6582HERE IS SOME PERTINENT READING MATERIAL THAT SAYS TO BE ALARMED:
August 18, 2008 in Technology-SCIENTIFIC AMERICAN
Planning to E-Vote? Read This First
With less than three months before the presidential election, the hotly contested state, Ohio, along with others, continue to have problems with E-voting technology
By Larry Greenemeier
ELECTRONIC VOTING: Most states have invested in some type of E-voting technology. Are they confident enough to use it on election day?
In their rush to avoid a repeat of the controversy that plagued the 2000 presidential election, and to meet the requirements of Congress's hastily mandated2002 Help America Vote Act (HAVA), states and counties flocked to electronic voting systems they hoped would eliminate hanging chads and other flaws inherent in paper-based systems. Six years later, with another presidential election less than three months away, many e-voting systems are fraught with security glitches, and the technology has yet to prove itself as the solution voters were looking for.
Such systems could allow voters and poll workers to place multiple votes, crash the systems by loading viruses, and fake vote tallies, according to studies commissioned by the states of California and Ohio within the past year. Makers of these systems have countered that the test settings were unrealistic. But that is not helping election officials sleep better at night.
One of the reasons e-voting systems turned out to be such a failure is that the only people involved in checking these systems were the vendors, who wanted to sell their technology, and the local election officials, who were ill-equipped to understand the security issues, says David Dill, a Stanford University computer science professor and founder of the Verified Voting Foundation, a nonprofit organization pushing for the implementation of voting processes that can more easily be verified and audited. "There was a certification process in place," Dill says, "but it had very little to do with security."
Dill is the author of Attackdog, threat modeling software that can examine more than 9,000 potential ways a voting system can be attacked, including computer hacking, ballot tampering and voter impersonation. Attackdog is part of a larger effort called A Center for Correct, Usable, Reliable, Auditable and Transparent Elections (ACCURATE) , which was launched in 2005 by the National Science Foundation with $7.5 million in funding. "Nothing we do now will affect the November election," Dill says. "We don't know how to make secure paperless voting."
This sentiment is echoed in many places throughout the U.S., most prominently in the hotly contested state of Ohio, where Secretary of State Jennifer Brunner has commissioned a series of tests over the past year to determine whether e-voting systems are secure enough to be trusted. Based on these tests Brunner has concluded that they are not secure, a decision that Premier Election Solutions, Inc., in Allen, Tex., took exception to. Premier sued Brunner and one Ohio county board of elections in May in a move to get the courts to rule that the company had fulfilled its contractual obligations to the state.
-snip
http://www.sciam.com/article.cfm?id=electronic-election-dayExamples of Voting System Vulnerabilities and Problems
• Cast ballots, ballot definition files, and audit logs
could be modified.
• Supervisor functions were protected with weak
or easily guessed passwords.
• Systems had easily picked locks and power
switches that were exposed and unprotected.
• Local jurisdictions misconfigured their
electronic voting systems, leading to
election day problems.
• Voting systems experienced operational
failures during elections.
• Vendors installed uncertified electronic
voting systems.
Source: GAO analysis of recent reports and studies.
http://www.gao.gov/highlights/d05956high.pdfSecurity Analysis of the Diebold AccuVote-TS Voting Machine
Ariel J. Feldman, J. Alex Halderman, and Edward W. Felten — September 13, 2006
Abstract This paper presents a fully independent security study of a Diebold AccuVote-TS voting machine, including its hardware and software. We obtained the machine from a private party. Analysis of the machine, in light of real election procedures, shows that it is vulnerable to extremely serious attacks. For example, an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates. An attacker could also create malicious code that spreads automatically and silently from machine to machine during normal election activities — a voting-machine virus. We have constructed working demonstrations of these attacks in our lab. Mitigating these threats will require changes to the voting machine's hardware and software and the adoption of more rigorous election procedures.
Full research paper
(Workshop version )
http://itpolicy.princeton.edu/voting/
Study: Hackers Could Change E-Voting Machine Results
By Erika Morphy
TechNewsWorld
07/30/07 12:35 PM PT
University researchers have demonstrated multiple ways of compromising all three of the electronic voting machine systems certified for use in California. The hacks could result in hijacking machines and altering election results, they claim. Although the system vendors have issued a detailed rebuttal of the study, critics are calling for an investigation into the e-voting certification process.
A test of three electronic voting systems certified for use in California has uncovered serious security flaws. Researchers at the University of California conducted the tests at the behest of Secretary of State Debra Bowen under a US$1.8 million contract.
Their mission was to try to compromise the integrity of the voting systems provided by Diebold Elections Systems, Hart Intercivic and Sequoia Voting Systems. They not only succeeded in breaching all of the systems, but also concluded there were likely more security problems that they did not have time to explore during the limited time frame of the study.
Three Vendors, Numerous Failures
What they did find was worrisome enough.
-snip
http://www.technewsworld.com/story/58572.html
Pull The Plug
Aviel Rubin 09.04.06, 12:00 AM ET
-snip
Consider one simple mode of attack that has already proved effective on a widely used DRE, the Accuvote made by Diebold (nyse: DBD - news -people ). It's called overwriting the boot loader, the software that runs first when the machine is booted up. The boot loader controls which operating system loads, so it is the most security-critical piece of the machine. In overwriting it an attacker can, for example, make the machine count every fifth Republican vote as a Democratic vote, swap the vote outcome at the end of the election or produce a completely fabricated result. To stage this attack, a night janitor at the polling place would need only a few seconds' worth of access to the computer's memory card slot.
Further, an attacker can modify what's known as the ballot definition file on the memory card. The outcome: Votes for two candidates for a particular office are swapped. This attack works by programming the software to recognize the precinct number where the machine is situated. If the attack code limits its execution to precincts that are statistically close but still favor a particular party, it goes unnoticed.
One might argue that one way to prevent this attack is to randomize the precinct numbers inside the software. But that's an argument made in hindsight. If the defense against the attack is not built into the voting system, the attack will work, and there are virtually limitless ways to attack a system. And let's not count on hiring 24-hour security guards to protect voting machines.
DREs have a transparency problem: You can't easily discover if they've been tinkered with. It's one thing to suspect that officials have miscounted hanging chads but something else entirely for people to wonder whether a corrupt programmer working behind the scenes has rigged a computer to help his side.
Aviel Rubin, professor of computer science at Johns Hopkins University and author of Brave New Ballot: The Battle To Safeguard Democracy In The Age Of Electronic Voting.
-snip
http://www.forbes.com/forbes/2006/0904/040.html?partner=alerts&_requestid=2972
Voting Technology
After the 2000 election and the passage of the Help America Vote Act of 2002, states moved to modernize election administration by retiring antiquated lever and punch-card voting machines and implementing new electronic voting machines. Electronic voting machines have not been the panacea to vote-counting woes that many had hoped they would be. Until recently, there has been surprisingly little empirical study on electronic voting systems in the areas of security, accessibility, usability, and cost. The result is that jurisdictions are making purchasing decisions and are adopting laws and procedures that do little to promote these goals.
In 2006, the Brennan Center released two comprehensive, empirical analyses of electronic voting systems in the United States, The Machinery of Democracy: Protecting Elections in an Electronic World and The Machinery of Democracy: Voting System Security, Accessibility, Usability, and Cost. The Brennan Center continued its study of electronic voting security in Post-Election Audits: Restoring Trust in Elections. Since the Brennan Center initiated its study of electronic voting, it has been called upon to provide expert testimony before Congress and to assist election officials in developing procedures that promote secure and reliable voting systems.
-snip
http://www.brennancenter.org/content/section/category/voting_technology/
The Evaluation & Validation of Election-Related Equipment, Standards & Testing report, known as EVEREST, is a comprehensive review of voting systems revealing startling findings on voting machines and systems used in Ohio and throughout the country. The Ohio study tested the systems for:
- risks to vote security,
- system performance, including load capacity,
- configuration to currently certified systems specifications, and
- operations and internal controls that could mitigate risk.
The $1.9 million study, paid for using federal funds, was structured to allow two teams of scientists, corporate and academic, to conduct parallel assessment of the security of the state’s three voting systems - Election Systems & Software (ES&S), Hart Intercivic and Premier Election Solutions (formerly Diebold) - in both voting and board of elections environments. Separate research was conducted on each voting system’s performance, configuration and operations and internal controls management. A bipartisan team of 12 election board directors and deputy directors advised the study and evaluated all reports, participating with the secretary in making recommendations for change.
-snip
http://www.sos.state.oh.us/SOS/elections/voterInformation/equipment/VotingSystemReviewFindings.aspx