Tuesday, October 21, 2008

Not good for the WV voter!

WV Journal, Oct 21.

[WV Secretary of State Betty] Ireland says the machines have been repeatedly tested, and are reliable. She said some could have lost their calibration when they were moved from storage and set up. She also echoed the Putnam and Jackson county clerks, who have said that the complaining voters may have touched the wrong part of the screen.

Charleston Gazette, Oct. 20.

"Election Systems and Software, a company based in Omaha, Neb., has faced problems and controversies in other states.

In California, for example, Secretary of State Debra Brown issued a legal order on Aug. 3, 2007, banning the use of ES&S machines in any future California election. . . ."

Newsvine.com

Once again, the country's largest voting machine vendor, Election Systems & Software, Inc. (ES&S) has failed in yet another state certification process, The BRAD BLOG has learned.

In a letter faxed to the company yesterday, Colorado's Secretary of State Mike Coffman informed the Omaha, Nebraska company that the state has suspended the certification process of ES&S' voting systems due to a failure to provide required documentation and other materials needed to complete testing. That, after several previous deadline extensions had been granted.

"[T]here is a history of coordination issues with your company," Coffman wrote to ES&S' Vice President of Certification, Steve Pearson in the two-page letter, before detailing a litany of problems they've had with the company throughout the testing period.



California Review of the ES&S AutoMARK and M100
Election Systems and Software (ES&S)
By Dan Wallach, Rice University
March 26, 2008

This article was posted on Ed Felten's Freedom to Tinker Blog and is reposted here with permission of the author.

California’s Secretary of State has been busy. It appears that ES&S (manufacturers of the Ink-a-Vote voting system, used in Los Angeles, as well as the iVotronic systems that made news in Sarasota, Florida in 2006) submitted its latest and greatest “Unity 3.0.1.1" system for California certification. ES&S systems were also considered by Ohio’s study last year, which found a variety of security problems.

California already analyzed the Ink-a-Vote. This time, ES&S submitted their AutoMARK ballot marking device, which has generated some prior fame for being more accessible than other electronic voting solutions, as well has having generated some prior infamy for having gone through various hardware changes without being resubmitted for certification. ES&S also submitted its M100 precinct-based tabulation systems, which would work in conjunction with the AutoMARK devices. (Most voters would vote with pen on a bubble sheet. The AutoMARK presents a fancy computer interface but really does nothing more than mark the bubble sheet on behalf of the voter.) ES&S apparently did not submit its iVotronic systems.

The results? Certification denied.


California's Testing Cracks ES&S E-Voting System Wide Open
Election Systems and Software (ES&S)
By Ryan Paul, ars technica
December 05, 2007

Earlier this year, California Secretary of State Debra Bowen established strict new standards for electronic voting machines, requiring independent code audits, Red Team security testing, and support for paper records. The Red Team testing process primarily involves subjecting the machines to review by security experts who attempt to hack the software and bypass the physical security mechanisms. Recent Red Team tests of ES&S voting machines have uncovered serious security flaws.

Previous Red Team tests commissioned by the state of California revealed significant vulnerabilities in devices sold by Diebold and Sequoia. At the time, ES&S declined to participate in the testing, citing lack of preparedness. The tests on the ES&S machines were finally conducted in October, and the results, which were recently published (PDF), show that products from ES&S are as insecure as the rest.

The first round of tests focused on the physical security of the Polling Ballot Counter (PBC), which the Red Team researchers were able to circumvent with little effort. "In the physical security testing, the wire- and tamper-proof paper seals were easily removed without damage to the seals using simple household chemicals and tools and could be replaced without detection," the report says. "Once the seals are bypassed, simple tools or easy modifications to simple tools could be used to access the computer and its components. The key lock for the Transfer Device was unlocked using a common office item without the special 'key' and the seal removed."

No comments: