Security flaws found in US e-vote machines

An independent review in the US of electronic voting machines from four companies has found security flaws sufficient for a US...

An independent review in the US of electronic voting machines from four companies has found security flaws sufficient for a US state to delay implementation of the devices until problems can be remedied.

Systems tested on Ohio's behalf by Compuware included machines from Diebold, Election Systems & Software, Sequoia Voting Systems and Hart InterCivic.

Compuware examined the source code for each company's system and looked at the potential for intrusion and points of failure. A total of 57 potential security risks were identified that could be exploited in an election. The risks were categorised as low, medium and high.

Of the high-risk areas, Diebold had five, Hart had four, Sequoia had three and ES&S had one.

With the US states now eligible for a total of $3.8bn of funds to update their voting systems as a result of the federal Help America Vote Act of 2002, the issue of how to secure the latest generation of electronic-voting machines has taken centre stage.

Among the risks identified for the Diebold AccuVote-TS are that an unauthorised person can gain access to a supervisor card, all of which use the same PIN nationwide, and access supervisor functions on the machine.

Compuware also found that an unauthorised person with access to the system's database server, which uses Microsoft Access to store election results, could change election results.

The risks for the other companies' machines include potential access to supervisor functions, ability to disrupt voting and ability to close polls early.

Compuware recommended that the US secretary of state implement an IT and security policy standard for any election using a direct recording electronic (DRE) system, and said that the state needs to consider the creation of a security director position to oversee policies, procedures, IT and security concerns in any election in which a DRE system is used.

Such a position would require someone with a broad security background including IT, secure VPNs, Lan-Wan management and policy and standards creation.

Meanwhile, a review of the suppliers' procedures and processes by InfoSentry Services has led the Ohio secretary of state to "ask vendors to implement industry standard security and quality practices and procedures".

The review also encouraged the secretary of state to require voting machine suppliers to demonstrate their software development capabilities by achieving Software Engineering Institute CMM Level 2 certification within one year and achieving CMM Level 3 certification within three years.

The systems were set for implementation in March 2004, but Blackwell said that August 2004 special elections will now be the first scheduled use of the new systems.

Suppliers are now fixing the problems identified by Compuware, after which they will undergo additional verification testing by Compuware and InfoSentry.

Elizabeth Heichler writes for IDG News Service

Read more on IT risk management