These are listed from most recent to oldest. For the most comprehensive understanding,
we recommend reading reports from oldest to newest, starting from the bottom up.
Sept. 25, 2009: Letter of Complaint/Request for Investigation to Attorney General Eric Holder from Black Box Voting; Re. Federal antitrust concerns/Objection to request to investigate proposed acquisition of Diebold's Premier Election Solutions by Election Systems & Software, Inc.
The Costs of Maryland's Electronic Voting System -SAVEourVotes (Jan. 2008)
Maryland's election costs are nearly ten times what they were before the switch to our statewide touch-screen voting system. And county election costs are soaring, too, even with the state picking up half the tab for the equipment costs. Learn how MD can save millions of dollars each year by switching to an optically scanned paper-ballot voting system.
Ohio Everest Voting System Review (December, 2007) The Evaluation & Validation of Election-Related Equipment, Standards & Testing report, known as EVEREST, is a comprehensive review of voting systems revealing startling findings on voting machines and systems used in Ohio and throughout the country. Ohio's electronic voting systems have critical security failures, which could impact the integrity of elections in the Buckeye State, according to a review of the systems commissioned by Secretary of State Jennifer Brunner.
California Top-to-Bottom Review (August 2007) Secretary of State Debra Bowen conducted a top-to-bottom review in 2007 of many of the voting systems certified for use in California. The review, led by computer scientists from the University of California, was designed to restore the public's confidence in the integrity of the electoral process and to ensure that California voters cast their ballots on machines that are secure, accurate, reliable, and accessible. Following the top-to-bottom review, on August 3, 2007, Secretary Bowen strengthened the security requirements and use conditions for certain systems. The following documents detail Secretary Bowen's decisions and the independent experts' findings in the review.
Stones Unturned: Gaps in the Investigation of Sarasota's Disputed Congressional Election.
By David L. Dill and Dan S. Wallach (March 2007)
The November 2006 race for Florida's 13th Congressional District resulted in a 369 vote margin of victory for the winning candidate with more than 18,000 undervotes recorded on the ES&S iVotronic touch-screen voting machines used in Sarasota County. Since then, the losing candidate and a coalition of local voters have filed suit against the state and local election officials (among other defendants), seeking a judicial order to rerun the election. The researchers found many significant gaps in the tests conducted by Florida and its experts, contrary to the public perception that the investigation was thorough and that the voting machines have been exonerated of contributing to the undervote. Read 18-page PDF. (See Also
Contestant Jennings's Memorandum, PDF, 5.6 Mbytes)
Sarasota's Election Debacle Would NOT Have Occurred with Optical Scan
The recent election meltdown in the Congressional District 13 race in Sarasota, is now the most expensive
Congressional race in U.S. history. It is also a perfect example to support Rubin's conclusion. The huge
expenditure of time, energy, and money as a result of this debacle would not have been necessary if the county
had had an optical scan voting system and voter-marked paper ballots as the official record of the election.
NIST White Paper (November 2006)
The National Institute of Standards and Technology White Paper, prepared for the Technical Guidelines Development Committee of the Election Assistance Commission recommends that new standards (VVSG, 2007) should require "Software Independent" voting systems. Systems that are software independent include paper ballot optical scan systems, direct recording electronic (DRE) systems equipped with voter verified paper audit trail (VVPAT) printers, and ballot marking devices like the AutoMARK and VotePAD. The concept of software independence is amplified in a NIST supplemental paper. In addition to the software independence requirement, the STS has submitted another paper that discusses some of the problems with the current generation of DRE with VVPAT systems.Another paper recommends new, more stringent restrictions on the use of radio-based wireless communications devices in voting systems. The use of infrared-based wireless communications would be permitted only under some narrowly defined circumstances.
Freeman, Craft, McGregor Group Report (October, 2006)
In April, 2006, the Maryland State Board of Elections engaged the consulting firm of Freeman, Craft, McGregor Group to review the voting system implemented in the State of Maryland. "Software integrity should be verified before and after the election to make sure no tampering has taken place. Currently there is no ability to validate AccuVote TS software after it has been loaded onto the terminal." (p.15)
University of Connecticut Report (October 2006) The University of Connecticut report identifies a number of new vulnerabilities in the Diebold AccuVote-OS Optical Scan Voting Terminal, which, if exploited maliciously, can invalidate the results of an election process utilizing the terminal. The report also indicates that the AV-OS can be compromised with off-the-shelf equipment in a matter of minutes even if the machine has its removable memory card sealed in place. The basic attack can be applied to effect a variety of results, including entirely neutralizing one candidate so that their votes are not counted, swapping the votes of two candidates, or biasing the results by shifting some votes from one candidate to another. Such vote tabulation corruptions can lay dormant until the election day, thus avoiding detection through pre-election tests. Also see the comments of Avi Rubin, Prof. of Computer Science, Johns Hopkins University, Technical Director of the Information Security Institute and Director of the ACCURATE Center.
Princeton Report (September 2006)
Entitled, “Security Analysis of the Diebold AccuVote-TS Voting Machine”, this study demonstrated how the security vulnerabilities of the machines used in Maryland could be exploited to rig an election without detection. It stated: "The Diebold AccuVote-TS and its newer relative the AccuVote-TSx are together the most widely deployed electronic voting platform in the United States." In the November 2006 general election, these machines were scheduled for use in 357 counties representing nearly 10% of registered voters (about 15 million).
All of Maryland and Georgia-will employ the AccuVote-TS model. More than 33,000 of the TS machines are in service nationwide. The machine is vulnerable to a number of extremely serious attacks that undermine the
accuracy and credibility of the vote counts it produces.
Malicious software running on a single voting machine can steal votes with little if any risk of detection. The malicious software can modify all of the records, audit logs, and counters kept by the voting machine, so that even careful forensic examination of these records will find nothing amiss. We have constructed demonstration software that carries out this vote-stealing attack.
Anyone who has physical access to a voting machine, or to a memory card that will later be inserted into a machine, can install said malicious software using a simple method that takes as little as one minute. In practice, poll workers and others often have unsupervised access to the machines.
AccuVote-TS machines are susceptible to voting-machine viruses-computer viruses that can spread malicious software automatically and invisibly from machine to machine during normal pre- and post-election activity. We have constructed a demonstration virus that spreads in this way, installing our demonstration vote-stealing program on every machine it infects.
While some of these problems can be eliminated by improving Diebold's software, others cannot be remedied without replacing the machines' hardware. Changes to election procedures would also be required to ensure security.
Open Voting Foundation Report (August, 2006)
Entitled, “WORST EVER SECURITY FLAW FOUND IN DIEBOLD TS VOTING MACHINE”, the report stated: “This may be the worst security flaw we have seen in touch screen voting machines, says Open Voting Foundation president, Alan Dechert. Upon examining the inner workings of one of the most popular paperless touch screen voting machines used in public elections in the United States, it has been determined that with the flip of a single switch inside, the machine can behave in a completely different manner compared to the tested and certified version.”22 high-resolution photos documented the security vulnerabilities.
Common Cause Report (June 2006)
The report concludes that the push to use direct recording electronic (DRE) voting machines was misguided, has resulted in serious security and reliability concerns, and should be reversed. The report also assesses states at greatest risk of having elections compromised due to problems with voting machines, presents information on voting systems used by each state and makes recommendations on safeguarding votes to citizens who must use a DRE in November.The report, "Malfunction and Malfeasance: A Report on the Electronic Voting Machine Debacle," finds that 17 states, including critical swing states such as Pennsylvania, are at "high" risk of having election results compromised due to problems with voting machines known as DREs. States designated as high risk because they use DREs with no paper backup are: Arkansas, Delaware, District of Columbia, Florida, Georgia, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maryland, New Jersey, Pennsylvania, South Carolina, Tennessee, Texas and Virginia.
Brennan Center Task Force Report (June, 2006)
The Brennan Center Task Force on Voting System Security, an initiative of the Brennan Center for Justice at NYU School of Law, released a report and policy proposals concluding that all three of the nation's most commonly purchased electronic voting systems are vulnerable to software attacks that could threaten the integrity of a state or national election. [See full report or executive summary.] The findings include:
All of the most commonly purchased electronic voting systems have significant security and reliability vulnerabilities. All three systems are equally vulnerable to an attack involving the insertion of corrupt software or other software attack programs designed to take over a voting machine.
Automatic audits, done randomly and transparently, are necessary if paper records are to enhance security. The report called into question basic assumptions of many election officials by finding that the systems in 14 states using voter-verified paper records but doing so without requiring automatic audits are of “questionable security value.”
Wireless components on voting machines are particularly vulnerable to attack. The report finds that machines with wireless components could be attacked by “virtually any member of the public with some knowledge of software and a simple device with wireless capabilities, such as a PDA.”
The vast majority of states have not implemented election procedures or countermeasures to detect a software attack even though the most troubling vulnerabilities of each system can be substantially remedied.
Hursti II Reports (May 2006)
This report made clear that the vulnerabilities of the Diebold systems extended all the way down to the level of the bootloader.The documents describe several security issues with the Diebold electronic voting terminals TSx and TS6. These touch-pad terminals are widely used in US and Canadian elections and are among the most widely used touch pad voting systems in North America. Several vulnerabilities are described in this report.
One of them, however, seems to enable a malicious person to compromise the equipment even years before actually using the exploit, possibly leaving the voting terminal incurably compromised.
These architectural defects are not in the election-processing system itself. However, they compromise the underlying platform and therefore cast a serious question over the integrity of the vote. These exploits can be used to affect the trustworthiness of the system or to selectively disenfranchise groups of voters through denial of service. See the unredacted Hursti TSx reports & photos.
UMBC Survey: Md. Voters Opinions About Voting & Vote Technology (February 2006)
California Diebold Report (February 2006)
In December 2005, shortly after the Hursti Hack took place, the states of California & Pennsylvania took measures to check for this vulnerability in their equipment. The hack exposed the problem of “interpreted code” in the Diebold systems. Interpreted code is prohibited by federal voting system standards. A letter from Diebold to Pennsylvania in January, 2006, revealed that MD's Accu-Vote TS system contained this interpreted code.The “Security Analysis of the Diebold AccuBasic Interpreter” issued by the California Voting Systems Technology Advisory Board on Feb. 14, 2006, described how serious this vulnerability was. See the full 38-page report or the summary of the relevant parts of the report and the implications for Maryland, written by Bob Ferraro.
DNC Report (December 2005) "Jurisdictions should be encouraged to use precinct-tabulated optical scan systems with a computer assisted device at each precinct, in preference to touchscreen (“direct recording equipment” or “DRE”) machines.”“Touchscreen (DRE) machines should not be used until a reliable voter verifiable audit feature can be uniformly incorporated into these systems. In the event of a recount, the paper or other auditable record should be considered the official record.” Read the full report.
Carter-Baker Commission Report (September 2005) Former Secretary of State James A. Baker III and former President Jimmy Carter, who were co-chairs of the bipartisan Commission on Federal Election Reform, warned in their 2005 final report that (fraud) could happen.
"Software can be modified maliciously before being installed into individual voting machines. There is no reason to trust insiders in the election industry any more than in other industries." See the Wall Street Journal article about the report, 'Reversing Course on Electronic Voting.”
GAO Report on Electronic Voting Systems (September 2005)
This 107-page report [and synopsis by Missourians for Honest Elections] details flaws in voting system security, access, and hardware controls, weak security management practices by vendors, and identified multiple examples of failures in real elections. According to the GAO report, although national initiatives to improve security and reliability of electronic voting systems are underway, "it is unclear when these initiatives will be available to assist state and local election authorities."Voting system vulnerabilities and problems found include:
Cast ballots, ballot definition files, and audit logs could be modified
Supervisor functions were protected with weak or easily guessed passwords
Systems had easily picked locks and power switches that were exposed and unprotected
Local jurisdictions misconfigured their electronic voting systems, leading to election day problems
Voting systems experienced operational failures during elections
Vendors installed uncertified software
Some electronic voting systems did not encrypt cast ballots or system audit logs, and it was possible to alter both without being detected
It was possible to alter the files that define how a ballot looks and works so that the votes for one candidate could be recorded for a different candidate
Hursti I Report (July 2005)
The Hursti Hack, referred to as “the mother of all security holes” was first exposed in a formal report on July 4, 2005. This report concerned the memory cards of the Diebold Precinct-Based Optical Scan 1.94w system, the same one that is used in Maryland for absentee and provisional votes. In response, Diebold insisted to election officials across the country that changing votes on the memory cards was impossible. Then, in December of 2005, Ion Sancho, election director of Leon County, Fla., asked Finnish security expert Harri Hursti, together with Black Box Voting, to test the hack in a mock election. Susan Pynchon, director of the Florida Fair Election Coalition, observed the test hack and wrote a description.
Association for Computing Machinery(ACM) Policy Recommendations on Electronic Voting Systems (September 2004)
Voting systems should also enable each voter to inspect a physical (e.g., paper) record to verify that his or her vote has been accurately cast and to serve as an independent check on the result produced and stored by the system. Making those records permanent (i.e., not based solely in computer memory) provides a means by which an accurate recount may be conducted.
RABA Report (January 2004)
In the fall of 2003, the MD General Assembly's Department of Legislative Services (DLS) was asked to conduct an independent review of the issues concerning the purchase of the voting system and to examine and assess security and voting verification issues related to the voting system. DLS' review included a review of the two prior analyses and overall security of Maryland's election procedures. A Columbia, MD, consulting firm, RABA Technologies, was contracted to do the study. It confirmed the findings of the Rubin and SAIC reports, found additional vulnerabilities.
From a good article about the report by Wired News reporter Kim Zetter. "Computer security experts hired to hack electronic voting machines manufactured by Diebold Election Systems found that flaws in the machines could result in malicious insiders or outsiders stealing an election.”
Also see SBE's Response to DLS' Trusted Agent Report on Diebold AccuVote-TS Voting System (updated July 22, 2004).
OHIO Compuware Report on DRE Voting Systems (November 2003) This technical security assessment examined four voting systems: Diebold Election Systems AccuVote-TS, the Election Systems and Software (ES&S) iVotronic, the Hart InterCivic eSlate 3000, and the Sequoia Voting Systems AVC Edge. It also found similar vulnerabilities with the Diebold system Maryland uses. Identified high risks including:
With access to the supervisor card, someone could guess the four digit PIN. The four digit PIN is a factory default from Diebold and cannot be changed. In our test it was guessed in less than two minutes of testing.
Smart Card Writer - with access to the small handheld writer, someone could use a voting card more than once while at the voting booth.
Diebold's voting system uses MS Access as the database to store the Ballot definition, Audit logs and Tally results. The Database has no password protection. The audit logs and the tally results can be changed.
SAIC Risk Assessment Report (September 2003)
In early August 2003, the state of Maryland hired a third-party consulting firm (SAIC) to perform an analysis of Diebold's AccuVote-TS voting system. On Sept. 24, 2003, Maryland made public a redacted version (40 pages) of SAIC's report, which found, [t]he system, as implemented in policy, procedure, and technology, is at high risk of compromise.” In November of 2006, the complete unredacted version of the report (197 pages) was leaked to the media:
Doug Jones USENEX Security Symposium Paper (August 2003)
Entitled, “The Diebold AccuVote TS Should be Decertified and What This Tells Us about the Certification Process," this paper revealed that Dr. Jones had warned Diebold (then Global Election Systems) of some of the major security flaws identified by the Rubin study way back in 1997 and showed that the entire certification process was broken. See the thorough review (with extensive links) by Dr. Jones of the story of the Diebold FTP Site and the Rubin, SAIC and RABA studies that followed. Here's an excerpt:
“I want to emphasize that this story represents more than just a black eye for Diebold. As I said in my 1997 letter, it represents a black eye for the entire system of Voting System Standards promulgated by the Federal Election Commission and the National Association of State Election Directors. Not only did the I-Mark/Global/Diebold touch screen system pass all of the tests imposed by this standards process, but it passed them many times, and the source code auditors even gave it exceptionally high marks. Given this, should we trust the security of any of the other direct recording electronic voting systems on the market?”
Analysis of an Electronic Voting System (July 2003) The report that started it all, by Avi Rubin, et al., is this analysis of the source code of a Diebold touch-screen voting system found on an unsecured Internet site by Bev Harris of Black Box Voting. From the abstract: “Our analysis shows that this voting system is far below even the most minimal security standards applicable in other contexts,” and, “We conclude that this voting system is unsuitable for use in a general election. Any paperless electronic voting system might suffer similar flaws, despite any "certification" it could have otherwise received. We suggest that the best solutions are voting systems having a "voter-verifiable audit trail," where a computerized voting system might print a paper ballot that can be read and verified by the voter.” See also:
Please email us if you find broken links or other problems - original links often quickly become outdated. Articles and other information on this website are presented as a service to readers and may not always reflect the opinions of Save our Votes or its allied organizations. In accordance with Title 17 U.S.C. section 107, this material is distributed without profit or payment to those who have expressed a prior interest in receiving this information for nonprofit research and educational purposes only. Save Our Votes has no affiliation whatsoever with the originator of this article, nor is Save Our Votes endorsed or sponsored by the originator.
