Security flaws in existing voting systems by Slavik Krassovsky
Introduction HAVA $3.9 billion appropriated in states aid DRE Vendors: Diebold ES&S MicroVote WINvote Sequoia Hart InterCivic
DRE Machine Architecture
Certification process Is done per FEC guidelines ITAs Ciber Wyle SysTest Off-the-shelf hardware and software is exempt
Media reported problems 01/04, Broward County, Florida: 134 out of 10,844 votes are missing 11/03, Boone County, Indiana: 144,000 votes were cast but Boone County contains fewer than 19,000 01/04, Hinds County, Mississippi: Machines stayed down all day
Diebold Analyzed by researches: Hardcoded DES key No Smart card authentication Unsecure smart card deactivation Hardcoded PIN Etc...
Attacks Attacks on the machine Undetectable rigging
Other problems No way to verify that their votes were recorded correctly No way to publicly count the votes No meaningful recounts are possible
Conclusion Some problems can be solved by strict certification But some problems are inherent It’s best to look for alternatives