An independent review in the US of electronic voting
machines from four companies has found security flaws sufficient
for a US state to delay implementation of the devices until
problems can be remedied.
Systems tested on Ohio's behalf by Compuware included machines
from Diebold, Election Systems & Software, Sequoia Voting
Systems and Hart InterCivic.
Compuware examined the source code for each company's system and
looked at the potential for intrusion and points of failure. A
total of 57 potential security risks were identified that could be
exploited in an election. The risks were categorised as low, medium
and high.
Of the high-risk areas, Diebold had five, Hart had four, Sequoia
had three and ES&S had one.
With the US states now eligible for a total of $3.8bn of funds
to update their voting systems as a result of the federal Help
America Vote Act of 2002, the issue of how to secure the latest
generation of electronic-voting machines has taken centre
stage.
Among the risks identified for the Diebold AccuVote-TS are that
an unauthorised person can gain access to a supervisor card, all of
which use the same PIN nationwide, and access supervisor functions
on the machine.
Compuware also found that an unauthorised person with access to
the system's database server, which uses Microsoft Access to store
election results, could change election results.
The risks for the other companies' machines include potential
access to supervisor functions, ability to disrupt voting and
ability to close polls early.
Compuware recommended that the US secretary of state implement
an IT and security policy standard for any election using a direct
recording electronic (DRE) system, and said that the state needs to
consider the creation of a security director position to oversee
policies, procedures, IT and security concerns in any election in
which a DRE system is used.
Such a position would require someone with a broad security
background including IT, secure VPNs, Lan-Wan management and policy
and standards creation.
Meanwhile, a review of the suppliers' procedures and processes
by InfoSentry Services has led the Ohio secretary of state to "ask
vendors to implement industry standard security and quality
practices and procedures".
The review also encouraged the secretary of state to require
voting machine suppliers to demonstrate their software development
capabilities by achieving Software Engineering Institute CMM Level
2 certification within one year and achieving CMM Level 3
certification within three years.
The systems were set for implementation in March 2004, but
Blackwell said that August 2004 special elections will now be the
first scheduled use of the new systems.
Suppliers are now fixing the problems identified by Compuware,
after which they will undergo additional verification testing by
Compuware and InfoSentry.
Elizabeth Heichler writes for IDG News
Service