ES&S TOUCH-SCREEN VULNERABLE TO 'SERIOUS' VIRAL VOTE-FLIPPING

EXCLUSIVE: ES&S TOUCH-SCREEN VOTING SYSTEMS FOUND VULNERABLE TO 'SERIOUS' VIRAL VOTE-FLIPPING ATTACK; U.S. ELECTIONS ASSISTANCE COMMISSION REFUSES TO ISSUE WARNING
Scientific Report Finds 'Serious Security Vulnerability' Similar to 'Princeton Diebold Virus Hack' in Widely Used iVotronic System, Allowing a Single Person to Change Election Results Across Entire County Without Detection

Despite GAO Confirmed Mandate to Serve as Info 'Clearinghouse', Embattled EAC Says They Will Take No Action to Alert Elections Officials, Public

-- By Michael Richardson and Brad Friedman

While revelations surrounding the mysterious 18,000 "undervotes" in the November 2006 U.S. House election between Christine Jennings and Vern Buchanan in Florida's 13th Congressional district continue to inform the nation about the dangers of electronic voting machines, new information has recently come to light exposing a shocking lack of responsible oversight by those entrusted with overseeing the certification of electronic voting systems at the federal level.
An investigation into what may have gone wrong in that election has revealed a serious security vulnerability on all versions of the iVotronic touch-screen voting system widely used across the country. The iVotronic is a Direct Recording Electronic (DRE) touch-screen voting machine manufactured by Elections Systems & Software, Inc. (ES&S), the nation's largest distributor of such systems.
The vulnerability is said to allow for a single malicious user to introduce a virus into the system which "could potentially steal all the votes in that county, without being detected," according to a noted computer scientist and voting system expert who has reviewed the findings.
And yet, despite their federal mandate to serve as a "clearinghouse" to the nation for such information, a series of email exchanges between an Election Integrity advocate and officials at the U.S. Elections Assistance Commission (EAC), has revealed that the federal oversight body is refusing to notify states of the alarming security issue.
The recent email conversation shows that even in light of the EAC's review of the warning from the computer scientist who characterized the "security hole" as severe, needing to be "taken very seriously," and among the most serious ever discovered in a voting system, the EAC is unwilling to take action.
Recent reports by the Government Accountability Office (GAO) have taken the EAC to task for a failure to meet their legislated mandate for informing the public and elections officials about such matters. However, a review of the email communications to and from the EAC's Jeannie Layson, show that the federal body is steadfast in their refusal to take action to alert either elections officials or the public about the security risk recently discovered by a team of eight noted computer scientists.
The EAC's current Chairwoman, Executive Director, Director of Voting System Certification and other top officials at both the National Association of State Election Directors (NASED) and even the GAO were included in the series of email communications, The BRAD BLOG has learned.
The vulnerability was initially discovered by a panel of scientists convened by the State of Florida to study the possible causes for the FL-13 election debacle. The team's discovery revealed a design issue in the widely used iVotronic system could allow for a viral attack, by a single individual, which could then spread unnoticed throughout the electronic election infrastructure of an entire county.
A similar vulnerability was found in DRE touch-screen system made by Diebold last Summer by a team of computer scientists at Princeton University.
Attempts to seek information about EAC plans to notify other states and local jurisdictions who use the same vulnerable voting systems as the ones in FL-13 have been met with an astounding refusal, troubling denial, buck-passing, and a lack of accountability by the federal commission of Presidential-appointees. The agency has also come under fire in recent weeks for a number of questionably partisan decisions and other failures to perform as mandated by the Help America Vote Act (HAVA) of 2002.
Of late, the EAC has been forced to respond to a great deal of controversy, on a number of different operational matters and policies, as revealed by a series of articles on this site and in mainstream outlets such as the New York Times and USA Today. Several of those matters have drawn Congressional notice, questioning of EAC officials and letters of inquiry. Thus, this latest revelation is likely to add to the rising concern of Congress members as new federal legislation introduced by Rep. Rush Holt (D-NJ), and currently facing mark-up by a Congressional committee, would permanently fund the now-embattled EAC. Funding for the agency was originally mandated by HAVA only through 2005.
The new ES&S iVotronic vulnerability first emerged on February 23, 2007, when the Florida Dept. of State released a report detailing their findings from the investigation into what happened in Sarasota's still-contested Jennings/Buchanan race. That election was ultimately decided by just 369 votes. The state's official findings included a report conducted by an eight-member computer science and technology team under the auspices of Florida State University (FSU). The report sought, unsuccessfully, to determine the cause of the unexplained "undervotes" reported by the iVotronic touch-screen voting systems used in Sarasota's portion of the FL-13 race on Election Day and in early voting.
Although the reason thousands of votes turned up missing from those systems remained unknown, the study team did discover a serious security flaw in the iVotronic system that is used in Sarasota and many other jurisdictions across the country (and even the world, as France is set to use the same systems in their upcoming Presidential Election.)
Election integrity watchdog John Gideon, a frequent BRAD BLOG contributer and the Co-Director and Information Manager for VotersUnite.org, says that the security flaw pertains to "every ES&S iVotronic voting machine used in the US and overseas." A total of eight separate versions of the system --- without and without so-called "voter verified paper audit trail" (VVPAT)" printers --- all currently approved as qualified at the federal level, are affected, he explained...

COMPLETE EXCLUSIVE REPORT: http://www.bradblog.com/?p=4396
.

Please advise - what voting system is NOT vulnerable to such antics?

We need to examine ALL voting systems, not just ES&S, which is another reason I support HR 811.



"Every voting system (perhaps every system of any kind) is insecure. Making them more secure is a desirable secondary priority, but unless we focus everyone on ensuring both auditability and effective auditing, we're just going to create an impossible muddle."~ Dr. David L. Dill, Founder of the Verified Voting Foundation

currently not detectable - and those voting methods that can do this undetectable theft of elections should be banned - indeed software inspection does not prevent easy on purpose "virus" infections that disappear after doing their job..

READ DILL'S WORDS AGAIN - no voting system, perhaps none of any kind....

We presented it this way in North Carolina:

Source code review is the up-front protection,
Audits check to see if machines are working,
Voter Verified Paper Ballot is for protection, checking, and for recounts.

We modeled our law after HR 2238 in our first attempts at legislation,
then we re-modeled it after HR 550 and then got our law passed in Aug 2005.

HR 811 would be a much stronger version than NC's law in many aspects,
and would keep us from losing the gains we have made.

HR 811 also gets rid of the toilet paper ballot.

You can't do recounts without paper, and without HR 811, many states will
go into Nov 08 paperless.

difficulty in even discussing the possible changes?

As to software review - guys like me thought it was a must - but smarter folks pointed out the virus amd worm code of today can go and change code at time of use and change it back before exiting with the damage done - the election stolen.

HR811 is - useful - because of the audit and paper trail - but folks have shown that these can be gotten around - and that slight changes in the law and procedure will stop the "getting around".

DRE touchscreen printing is but another computer command - and most folks do not check in practice. So you change votes and print out the changed paper trail, and anticipate a few redo's for those that notice. Touchscreen must be banned.

They will always be prone to theft, no matter what you do. There will always be a way around them. The systems and the fixes will be gamed.

Constant upgrades, constant repairs, constant breakdowns, constant crashes, and constantly expensive, providing a constant income stream for those willing to constantly fight to keep them in play.

Perhaps in the future they can be made trustworthy. But for now, they're a disaster and completely unacceptable.

And they're going to be forced down our throats for some time to come.

that are mandatory and random and of sufficient size to be effective.

ALL voting methods need audits. However, DREs should just plain be banned, period.

n/t

its time for these guys to come clean, the secret vote counting scam is OVER, Audits instead of Hand Counting the Paper Ballots, NOT IN MY COUNTRY!!! :patriot: