E-Voting Machines Vulnerable to Viruses

By Cameron
September 13, 2006

Professor Ed Felten at Princeton University (also a member of USACM’s Executive Committee) and two associates (Ari Feldman and Alex Halderman) released a new study today confirming the security vulnerabilities found with a popular model of Diebold direct recording electronic (DRE) voting machines by many previous studies and exposing new, potentially more serious ones. Professor Felten says that this analysis is the first fully independent security review of both the machine’s hardware and software. The study confirms and demonstrates previous findings that someone with technical knowledge and physical access to a machine can insert malicious code that can switch votes, deny service, effectively hide from detection and overwrite security logs.

Among the new findings is that the machine is vulnerable to a virus that can spread its malicious code from machine to machine. Each machine has a memory card that is used both to record votes and update the system. Normally this card is behind a locked door on the machine, which, the paper argues, can be easily picked. A new card can be inserted carrying the malicious code and a viruses that installs itself on the machine. When a new memory card is inserted in that machine by a pollworker or a technical to either count votes or update the machine, the card will become infected. If that card is used in another machine, which is often the practice, the virus will spread.

This is significant because election officials have argued wide-spread fraud requires both technical knowledge and access to each machine. This new research shows that a virus can spread from machine to machine after access to only one machine.

So what is the take away from all this? Professor Felten argues:

“Despite these problems, we believe that it is possible, at reasonable cost, to build a DRE-based voting system—including hardware, software, and election procedures—that is suitably secure and reliable. Such a system would require not only a voting machine designed with more care and attention to security, but also an array of safeguards, including a well-designed voter-verifiable paper audit trail system, random audits and forensic analyses, and truly independent security review.”

ACM and USACM have consistently pointed out (1,2) that we need better engineered and tested system. Reports of security vulnerabilities are on systems that have already been certified as meeting federal voting system standards. Clearly we need to strengthen both the standards and testing process. Beyond that, a voter-verified paper audit trails will provide a safeguard against the security and reliability issues that are inherent in any computer system.