Easy Peasy

Rice Students Challenge Electronic Voting Machines
Converge (10/13/08)

As part of an advanced computer science class, Rice University professor Dan Wallach is challenging his students to rig a voting machine. Wallach split his class into teams.

During phase one, teams pretend to be unscrupulous programmers at a voting machine company by trying to make subtle changes to the machines’ software that will alter the election’s outcome without being detected by election officials. The second phase has teams playing the part of election software regulators by trying to certify the code submitted by another team during the first phase of the class.

“What we’ve found is that it’s very easy to insert subtle changes to the voting machine,” Wallach says. “If someone has access and wants to do damage, it’s very straightforward to do it.” He says the experiment shows how vulnerable certain electronic-voting systems are.

Wallach says the students often, but not always, are able to find the hacks, but that in real life it would probably be too late. “In the real world, voting machines’ software is much larger and more complex than the Hack-a-Vote machine we use in class,” Wallach says. “We have little reason to believe that the certification and testing process used on genuine voting machines would be able to catch the kind of malice that our students do in class.”

Well, it LOOKED secure

E-Voting Vendor’s Web Site Hacked
IDG News Service (03/20/08) Montalbano, Elizabeth; McMillan, Robert

Sequoia Voting Systems’ e-voting Web site has been hacked, stirring uproar from New Jersey officials that used the Ballot Blog in a February presidential primary. Princeton University computer science professor Edward Felten reported the breach, following an inquiry from a state county clerks coalition to investigate the e-voting system. Evidence of the infiltration was apparent because the hacker had inserted a message with a cyber tag name. The system was temporarily suspended and users were redirected to a hosting-provider page, but Sequoia later brought the blog back online.

“My guess is that they took the site down temporarily while they were clearing out the stuff left behind by the intruder,” Felten says. The county clerks have asked New Jersey attorney general Anne Milgram to probe Sequoia Voting Systems AVC Advantage e-voting machines, due to discrepancies in vote counts during the primary. Sequoia says different vote totals were due to poll worker mistakes and warned Felten against investigating it further.

————

That last sentence is the scary one.

People, the only way to truly secure a computer is to unplug it from the internet.  With an issue as important as voting, we need a paper trail.  I don’t care if hand counting takes longer.   Correct, honest results are worth waiting for.