THE MACHINERY OF DEMOCRACY: PROTECTING ELECTIONS IN AN ELECTRONIC WORLD
(A "must-report" for press and a "must-read" for election officials!)
A year-long expert study of US voting systems finds 100's of ways to rig U.S. voting systems and recommends solutions that virtually no states now use.
As reported by USAToday on June 27, the most comprehensive, expert report ever written on US voting systems, "THE MACHINERY OF DEMOCRACY: PROTECTING ELECTIONS IN AN ELECTRONIC WORLD EXECUTIVE SUMMARY", was released by the BRENNAN CENTER FOR JUSTICE AT NYU SCHOOL OF LAW.
Executive Summary: http://www.brennancenter.org/programs/downloads/Executive%20Summary.pdf
The Brennan Center task force evaluated voting systems of Diebold, Sequoia, Hart Intercivic, ES&S, Unilect, and Microvote In the past, local press where these systems are used, have neglected to inform voters about prior expert reports, but have repeated the lies of voting system vendors as told by election officials.
Election officials in the vast majority of states using the studied voting systems, including Utah which was mentioned in the June 27 USAToday article because some Diebold flaws were recently uncovered there and the county clerk who uncovered them was locked out of his own office when he refused to concede, have yet to implement even one of the security recommendations made in the executive summary of the Brennan report.
The Brennan Center task force members are:
Chair Lawrence D. Norden, Brennan Center for Justice
Principal Investigator Eric L. Lazarus, DecisionSmith.
Government Experts:
Dr. David Jefferson, Lawrence Livermore National Laboratory and Chair of the California Secretary of State's Voting Systems Technology Assessment and Advisory Board
John Kelsey, PhD, National Institute of Science and Technology (NIST)
Rene Peralta, PhD, NIST
Professor Ronald Rivest (MIT), Technical Guidelines Committee, Election Assistance Commission
Howard A. Schmidt, Former White House Cyber Security Advisor for George W. Bush; Former Chief Security Officer, Microsoft
Academic Experts:
Professor Matt Bishop, University of California at Davis
Professor David Dill, Stanford University
Professor Douglas W. Jones, University of Iowa
Joshua Tauber, PhD, formerly of the Computer Science and Artificial Intelligence Laboratory at MIT
Professor David Wagner, University of California at Berkeley
Professor Dan Wallach, Rice University
Private Sector Experts (Commercial and Non-Profit):
Georgette Asherman, independent statistical consultant, founder of Direct Effects
Lillie Coney, Electronic Privacy Information Center
Jeremy Epstein, Cyber Defense Agency LLC
Harri Hursti, independent consultant, former CEO of F-Secure PLC
Dr. Bruce Schneier, Counterpane Internet Security
Matthew Zimmerman, Electronic Frontier Foundation
---
CORE FINDINGS
Three fundamental points emerge from the threat analysis in the Security Report:
? All three voting systems have significant security and reliability vulnerabilities, which pose a real danger to the integrity of national, state, and local elections.
? The most troubling vulnerabilities of each system can be substantially remedied if proper countermeasures are implemented at the state and local level.
? Few jurisdictions have implemented any of the key countermeasures that could make the least difficult attacks against voting systems much more difficult to execute successfully.
VOTING SYSTEM VULNERABILITIES
After a review of more than 120 potential threats to voting systems, the Task Force reached the following crucial conclusions:
For all three types of voting systems:
? When the goal is to change the outcome of a close statewide election, attacks that involve the insertion of software attack programs or other corrupt software are the least difficult attacks.
? Voting machines that have wireless components are significantly more vulnerable to a wide array of attacks. Currently, only two states, New York and Minnesota, ban wireless components on all voting machines.
---------
Are election officials going to stop following the falacious advice of voting system vendors; stop passing on hooey to press; and take steps to secure our voting & election systems?
The full executive summary of the Brennan Center report can be found here:
http://www.brennancenter.org/programs/downloads/Executive%20Summary.pdf
The fallacy being promulgated by election officials is that "tampering could be detected and prevented by watching voting machines with video equipment" (Really? Should we believe that election officials can see through voting equipment and read machine language 0's and 1's [on and off bits] that no computer scientist would ever claim to be able to read?)
Local press in states with deeply flawed voting systems like Georgia, Utah, Mississippi, Nevada, Maryland, Pennsylvania, Ohio, Florida, and many others, need to let the public know what measures are available to secure our democracy and civilization for future generations. People that rig elections do not share mainstream U.S. values!
Please urge candidates not to concede any election in any state that has not fully implemented the Brennan Center recommendations until after following the recommendations of the National Election Data Archive to ensure that the correct candidates are sworn into office (found at http://ElectionArchive.org ).
----
Brennan Center Executive Summary: http://www.brennancenter.org/programs/downloads/Executive%20Summary.pdf
SECURITY RECOMMENDATIONS
There are a number of steps that jurisdictions can take to address the vulnerabilities identified in the Security Report and make their voting systems significantly more secure. We recommend adoption of the following security measures:
1. Conduct automatic routine audits comparing voter verified paper records to the electronic record following every election. A voter verified paper record accompanied by a solid automatic routine audit of those records can go a long way toward making the least difficult attacks much more difficult.
2. Perform "parallel testing" (selection of voting machines at random and testing them as realistically as possible on Election Day.) For paperless DREs, in particular, parallel testing will help jurisdictions detect software-based attacks, as well as subtle software bugs that may not be discovered during inspection and other testing.
3. Ban use of voting machines with wireless components. All three voting systems are more vulnerable to attack if they have wireless components.
4. Use a transparent and random selection process for all auditing procedures. For any auditing to be effective (and to ensure that the public is confident in such procedures), jurisdictions must develop and implement transparent and random selection procedures.
5. Ensure decentralized programming and voting system administration. Where a single entity, such as a vendor or state or national consultant, performs key tasks for multiple jurisdictions, attacks against statewide elections become easier.
6. Institute clear and effective procedures for addressing evidence of fraud or error. Both automatic routine audits and parallel testing are of questionable security value without effective procedures for action where evidence of machine malfunction and/or fraud is discovered. Detection of fraud without an appropriate response will not prevent attacks from succeeding.
-----
A heart-felt "Thank You" to the Brennan Center!
Kathy Dopp
http://electionarchive.org
National Election Data Archive Dedicated to Accurately Counting Elections
"Enlighten the people generally, and tyranny and oppressions of body and mind will vanish like evil spirits at the dawn of day," wrote Thomas Jefferson in 1816
A year-long expert study of US voting systems finds 100's of ways to rig U.S. voting systems and recommends solutions that virtually no states now use.
As reported by USAToday on June 27, the most comprehensive, expert report ever written on US voting systems, "THE MACHINERY OF DEMOCRACY: PROTECTING ELECTIONS IN AN ELECTRONIC WORLD EXECUTIVE SUMMARY", was released by the BRENNAN CENTER FOR JUSTICE AT NYU SCHOOL OF LAW.
Executive Summary: http://www.brennancenter.org/programs/downloads/Executive%20Summary.pdf
The Brennan Center task force evaluated voting systems of Diebold, Sequoia, Hart Intercivic, ES&S, Unilect, and Microvote In the past, local press where these systems are used, have neglected to inform voters about prior expert reports, but have repeated the lies of voting system vendors as told by election officials.
Election officials in the vast majority of states using the studied voting systems, including Utah which was mentioned in the June 27 USAToday article because some Diebold flaws were recently uncovered there and the county clerk who uncovered them was locked out of his own office when he refused to concede, have yet to implement even one of the security recommendations made in the executive summary of the Brennan report.
The Brennan Center task force members are:
Chair Lawrence D. Norden, Brennan Center for Justice
Principal Investigator Eric L. Lazarus, DecisionSmith.
Government Experts:
Dr. David Jefferson, Lawrence Livermore National Laboratory and Chair of the California Secretary of State's Voting Systems Technology Assessment and Advisory Board
John Kelsey, PhD, National Institute of Science and Technology (NIST)
Rene Peralta, PhD, NIST
Professor Ronald Rivest (MIT), Technical Guidelines Committee, Election Assistance Commission
Howard A. Schmidt, Former White House Cyber Security Advisor for George W. Bush; Former Chief Security Officer, Microsoft
Academic Experts:
Professor Matt Bishop, University of California at Davis
Professor David Dill, Stanford University
Professor Douglas W. Jones, University of Iowa
Joshua Tauber, PhD, formerly of the Computer Science and Artificial Intelligence Laboratory at MIT
Professor David Wagner, University of California at Berkeley
Professor Dan Wallach, Rice University
Private Sector Experts (Commercial and Non-Profit):
Georgette Asherman, independent statistical consultant, founder of Direct Effects
Lillie Coney, Electronic Privacy Information Center
Jeremy Epstein, Cyber Defense Agency LLC
Harri Hursti, independent consultant, former CEO of F-Secure PLC
Dr. Bruce Schneier, Counterpane Internet Security
Matthew Zimmerman, Electronic Frontier Foundation
---
CORE FINDINGS
Three fundamental points emerge from the threat analysis in the Security Report:
? All three voting systems have significant security and reliability vulnerabilities, which pose a real danger to the integrity of national, state, and local elections.
? The most troubling vulnerabilities of each system can be substantially remedied if proper countermeasures are implemented at the state and local level.
? Few jurisdictions have implemented any of the key countermeasures that could make the least difficult attacks against voting systems much more difficult to execute successfully.
VOTING SYSTEM VULNERABILITIES
After a review of more than 120 potential threats to voting systems, the Task Force reached the following crucial conclusions:
For all three types of voting systems:
? When the goal is to change the outcome of a close statewide election, attacks that involve the insertion of software attack programs or other corrupt software are the least difficult attacks.
? Voting machines that have wireless components are significantly more vulnerable to a wide array of attacks. Currently, only two states, New York and Minnesota, ban wireless components on all voting machines.
---------
Are election officials going to stop following the falacious advice of voting system vendors; stop passing on hooey to press; and take steps to secure our voting & election systems?
The full executive summary of the Brennan Center report can be found here:
http://www.brennancenter.org/programs/downloads/Executive%20Summary.pdf
The fallacy being promulgated by election officials is that "tampering could be detected and prevented by watching voting machines with video equipment" (Really? Should we believe that election officials can see through voting equipment and read machine language 0's and 1's [on and off bits] that no computer scientist would ever claim to be able to read?)
Local press in states with deeply flawed voting systems like Georgia, Utah, Mississippi, Nevada, Maryland, Pennsylvania, Ohio, Florida, and many others, need to let the public know what measures are available to secure our democracy and civilization for future generations. People that rig elections do not share mainstream U.S. values!
Please urge candidates not to concede any election in any state that has not fully implemented the Brennan Center recommendations until after following the recommendations of the National Election Data Archive to ensure that the correct candidates are sworn into office (found at http://ElectionArchive.org ).
----
Brennan Center Executive Summary: http://www.brennancenter.org/programs/downloads/Executive%20Summary.pdf
SECURITY RECOMMENDATIONS
There are a number of steps that jurisdictions can take to address the vulnerabilities identified in the Security Report and make their voting systems significantly more secure. We recommend adoption of the following security measures:
1. Conduct automatic routine audits comparing voter verified paper records to the electronic record following every election. A voter verified paper record accompanied by a solid automatic routine audit of those records can go a long way toward making the least difficult attacks much more difficult.
2. Perform "parallel testing" (selection of voting machines at random and testing them as realistically as possible on Election Day.) For paperless DREs, in particular, parallel testing will help jurisdictions detect software-based attacks, as well as subtle software bugs that may not be discovered during inspection and other testing.
3. Ban use of voting machines with wireless components. All three voting systems are more vulnerable to attack if they have wireless components.
4. Use a transparent and random selection process for all auditing procedures. For any auditing to be effective (and to ensure that the public is confident in such procedures), jurisdictions must develop and implement transparent and random selection procedures.
5. Ensure decentralized programming and voting system administration. Where a single entity, such as a vendor or state or national consultant, performs key tasks for multiple jurisdictions, attacks against statewide elections become easier.
6. Institute clear and effective procedures for addressing evidence of fraud or error. Both automatic routine audits and parallel testing are of questionable security value without effective procedures for action where evidence of machine malfunction and/or fraud is discovered. Detection of fraud without an appropriate response will not prevent attacks from succeeding.
-----
A heart-felt "Thank You" to the Brennan Center!
Kathy Dopp
http://electionarchive.org
National Election Data Archive Dedicated to Accurately Counting Elections
"Enlighten the people generally, and tyranny and oppressions of body and mind will vanish like evil spirits at the dawn of day," wrote Thomas Jefferson in 1816
rudkla - 28. Jun, 12:34
