April 20, 2014

avatar

Cuyahoga County Possibly Exposed Election System to Computer Virus

The Election Science Institute just released a statement revealing that the memory cards that will be used to store votes on Election Day in Cuyahoga County, Ohio were stuck into ordinary laptop computers in September.

The release points to an online video shot by Cleveland-area filmmaker Jeffrey Kirkby, shows a group of election workers sitting at tables, each with a laptop computer. An official explains that these laptops were gathered from around the office, and some are the personal laptops of election workers. Each worker has a laptop and a stack of memory cards, and is inserting the memory cards one by one into the laptop.

Our e-voting study) showed that the memory cards used in Diebold touchscreen voting systems can carry computer viruses that can infect voting machines and steal votes on the infected machines.

The risk here is that one of the laptops is infected with malicious software that could infect a memory card that will eventually be inserted into a voting machine. Safe procedures call for memory cards to be inserted only into computers that are carefully secured and never connected to the Internet. Using ordinary laptop computers, borrowed from offices and homes, to process memory cards is dangerous.

Voting machine vendors and election officials often argue that rigorous procedures can compensate for the technical weaknesses of voting machines. Some jurisdictions implement such procedures well, but many do not. Talking about procedural controls is easy. Putting them into practice is much harder.

Comments

  1. Scott Karlin says:
  2. Robert says:

    More and more I m glad that I am now registered as a permanent absentee voter. My ballot is cast on paper. Still no guarantee that my vote is counted correctly, but at least I don’t have to worry about using one of these machines.

  3. Scott Karlin says:

    Robert: I’m told that at many places absentee votes are counted with an electronic voting machine. That is, an election official takes the stack of absentee ballots and casts your vote the same way you would have had you used the machine yourself. The difference is that there is a paper trail. An absentee vote doesn’t necessarily mean that you are avoiding an electronic voting machine altogether.

  4. Dave says:

    Wow. This is the way votes are archived on Diebold systems? With random notebooks running Windows and unknown combinations of other apps? Untrained users dragging and dropping files into folders under the supervision of one technical guy? Wow.

    BTW, the time of the post above says it’s 10:45am but it was actually 9:45am. Looks like a DST problem.

  5. QrazyQat says:

    Maybe we could switch to some better, safer system, like jars of different color jelly beans? Anything sounds better than this mess.

  6. the_zapkitty says:

    QrazyQat Says:

    “Maybe we could switch to some better, safer system, like jars of different color jelly beans?”

    You are infringinging upon the proprietary trade secrets of
    NekoPaws Inc. Peanut Butter Cookies with M&M’s nonelectronic voting system.

    The penalty for attempting to violate the technological protection measures of Peanut M&M’s vs. Plain M&M’s secret balloting is death.

    You are hereby required by Homeland Security to immediately present yourself to your local Registrar of Voters for summary execution.

    Thank you,
    The Management.

  7. Robert says:

    Scott: “The difference is that there is a paper trail.”

    That was exactly my point. My apologies for not making that more clear.

    I too, have heard that some places count absentee ballots in that manor. Still, the more I learn about the current state of the art in electronic voting machines, the less comfortable I feel using them. (I do admit that I have used them in the past.)

  8. Ronald Crane says:

    I’m disgusted, but not shocked. Our governments handle elections — the foundation of our democratic republic — as an afterthought worth only substandard effort. And we don’t punish them for it and force them to adopt procedures worthy of our votes.

  9. CharlieHorse says:

    C’mon – why the surprise here. This is EXACTLY what the machine wants: People that don’t understand the technology they are charged with running and the absence of simple standardized procedures that could mitigate many of the problems and security risks involved. The new “voting” system was arguably deliberately built to be susceptible to manipulation. Building a secure electronic voting system is trivial. Yet the companies producing truly secure voting solutions (http://www.votehere.net/default.php) are routinely denigrated in the press and by our congress critters (beware the government/media complex!).

    Why the unnecessary added complexity and lack of any relevant procedures? My guess is that it was done so that each election would be “open to the highest bidder.” Crazy? Cynical? Whacko conspiracy theory? … maybe … but, in any case …

    welcome to the machine.

  10. the_zapkitty says:

    CharlieHorse Said:

    “Building a secure electronic voting system is trivial.”

    Do tell… :)

  11. Ronald Crane says:

    VoteHere has a variety of issues, not the least of which that its use of cryptography makes it unverifiable by all but a tiny subset of the population. Also it doesn’t protect against presentation frauds (e.g., modulating the sensitivity of touchscreens, omitting candidates from the ballot, reordering the ballot, etc., so as to influence malleable voters’ actual choices).

    The only “secure” voting system is one that is publicly supervised and audited every step of the way.

  12. joe says:

    Prof. Felten, it should be made clear in your post that the TSx would not be vulnerable in any way shape or form to the tens of thousands of Windows PC viruses (the TSx does not use an x86 CPU, etc.). Of course, that doesn’t mean that a PC couldn’t carry a TSx-specific virus.

  13. Ed Felten says:

    Joe,

    Yes, I should have made that more clear in the original post. I updated the post with a clarification.

  14. Rich Gibbs '74 says:

    This story points up once more one of the most significant risks of the new electronic voting systems, a risk that often seem to go unnoticed: the people responsible for running the election do not understand the system they are using. It is ridiculous to suppose that the average election worker understands the system’s security model, and what the significant threats are.

    Paper ballots are slow, inefficient, etc,, but I think any normally intelligent person can understand their security model: each voter gets one ballot paper, all ballots go in the box, no one can open or otherwise monkey with the box, and so on.

  15. Ronald Crane says:

    Rich Gibbs: You’re exactly correct. We should use election systems that any person of ordinary intelligence and training can administer properly and securely by relying on her intuition. This is because most people — even professionals — rely on intuition most of the time. Unless everyone who must maintain a security perimeter intuitively understands the reasons for each defense, they are unlikely to maintain the perimeter adequately.

  16. Crosbie Fitch says:

    Absolutely. Transparency is a key requirement.

    Any security system that involves a ‘black box’ that is not open to scrutiny is not a secure system.

    The choice is:
    a) Paper, ballot boxes, and people
    b) PKI public distributed system open to continuous and anonymous challenge by technically adept all-comers.

    A proprietary system relying upon security through obscurity is what those in power would term a Trusted Electoral Platform, i.e. a democratically elected government is trusted to ensure that democracy is preserved – as they in turn trust the electoral platform to ensure they are elected to preserve democracy and earn the nation’s trust.