Calif.: All Vote Machines Tested Hackable
Secretary of State Debra Bowen released the first part of her review of California's voting systems Friday, seven days before she must decide whether to decertify any of the systems for the presidential primary.
It found that computer experts were able to breach all the systems they studied and change the machines' results. But the experts did that under artificial conditions, with unimpeded access to the equipment, a situation that ordinarily would not occur.
Matt Bishop, a computer scientist at the University of California, Davis, who led the team, said the findings must be evaluated in light of the security systems that county election officials have in place before any conclusions can be reached about whether the machines are reliable.
Bowen, who has made electronic voting security the centerpiece of her administration, said she needed to spend the weekend reviewing the reports before commenting on them.
"I am still in analysis mode," she said during a conference call with reporters, "and do not have any conclusion based on reports I have not read."
The review has been rushed because of the earlier-than-ever primary on Feb. 5. It did not include voting systems used in Los Angeles, San Francisco and Contra Costa counties.
Bowen said that was because the company that makes the machines, Election Systems & Software, had refused to give her the information she needed in time. A company spokesman said they delayed because they wanted more information about how the review would be conducted.
By law, Bowen must let counties know six months before the election that she is going to decertify their equipment. That means she must decide by Aug. 3, too soon to complete reviews of Election Systems & Software's equipment.
Instead, a spokeswoman for Bowen said she could subject that equipment to higher standards.
County elections officials see Bowen's "top-to-bottom review" as unnecessary. They say their equipment already meets federal standards and was approved by Bowen's predecessor, Bruce McPherson.
Steve Weir, president of the state association of registrars, said it was not news that voting systems could be breached under ideal conditions.
"They were given permission to get into the systems," he said. "It's not a real world test."
Experts examined systems built by Diebold Election Systems, Hart InterCivic and Sequoia Voting Systems.
One team tried to breach the machines' security. Another tested to see how accessible they were for voters with disabilities. A third group looked at the source code used in the machines. That report was withheld Friday because of concerns that it might contain proprietary information.
Among the findings:
The physical security was weak (Testers were able to access the internals of Sequoia's machines by unscrewing screws to bypass locks, and compromise Diebold's AccuVote TSx machine without prompting reminders to voters to check their printed records).
Software was overwritable with malicious code (Testers could load a program into a machine's memory which, at the next reboot, loaded malicious firmware, at which point an attacker could manipulate the election results, with no access to source code required; attacks on Diebold's machines allowed testers to overwrite firmware, which could change vote totals, and escalate privileges from those of a voter to a poll worker or central count administrator, enabling them to reset an election, issue unauthorized voter cards, and close polls; testers overwrote Hart's eScan software and issued administrative commands.)
© 2009 The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. It found that computer experts were able to breach all the systems they studied and change the machines' results. But the experts did that under artificial conditions, with unimpeded access to the equipment, a situation that ordinarily would not occur.
Matt Bishop, a computer scientist at the University of California, Davis, who led the team, said the findings must be evaluated in light of the security systems that county election officials have in place before any conclusions can be reached about whether the machines are reliable.
Bowen, who has made electronic voting security the centerpiece of her administration, said she needed to spend the weekend reviewing the reports before commenting on them.
"I am still in analysis mode," she said during a conference call with reporters, "and do not have any conclusion based on reports I have not read."
The review has been rushed because of the earlier-than-ever primary on Feb. 5. It did not include voting systems used in Los Angeles, San Francisco and Contra Costa counties.
Bowen said that was because the company that makes the machines, Election Systems & Software, had refused to give her the information she needed in time. A company spokesman said they delayed because they wanted more information about how the review would be conducted.
By law, Bowen must let counties know six months before the election that she is going to decertify their equipment. That means she must decide by Aug. 3, too soon to complete reviews of Election Systems & Software's equipment.
Instead, a spokeswoman for Bowen said she could subject that equipment to higher standards.
County elections officials see Bowen's "top-to-bottom review" as unnecessary. They say their equipment already meets federal standards and was approved by Bowen's predecessor, Bruce McPherson.
Steve Weir, president of the state association of registrars, said it was not news that voting systems could be breached under ideal conditions.
"They were given permission to get into the systems," he said. "It's not a real world test."
Experts examined systems built by Diebold Election Systems, Hart InterCivic and Sequoia Voting Systems.
One team tried to breach the machines' security. Another tested to see how accessible they were for voters with disabilities. A third group looked at the source code used in the machines. That report was withheld Friday because of concerns that it might contain proprietary information.
Among the findings:
- no previous page
- next
1/2
Popular in Politics
- FBI director acknowledges domestic drone use 153 Comments
- Obama and Berlin: Faded echoes meet new realities
- Obama on NSA programs: Americans "not getting the complete story" 261 Comments
- Smooth, on-time Obamacare rollout no sure thing: GAO
- House Republicans pass 20-week limit on abortions 514 Comments
- GOP Sen. Murkowski backs same-sex marriage
- Obama renews push for a nuclear disarmament legacy
- Immigration reform would cut deficit, analysis shows















The next president will be whoever big-money wants and most Americans couldn't care less.
"Today we need a nation of minute men; citizens who are not only prepared to take up arms, but citizens who regard the preservation of freedom as a basic purpose of their daily life and who are willing to consciously work and sacrifice for that freedom.
The cause of liberty, the cause of American, cannot succeed with any lesser effort."
- President John F. Kennedy, January 29, 1961
Imagine a candidate getting an extra 3893 votes in just 1% of the precincts nationwide. Is it coincidence that the machines that gave bush the 3893 extra votes were by Diebold, whose CEO Walden O'Dell had promised to deliver Ohio's electoral votes for Bush?
Posted by firststate at 09:55 PM : Jul 30, 2007"
That is exactly the point. Now these machines are qualified to be put 2008 November elections. Good job Diebold & 2008 is to be delivered .
There are noteworthy errors. In 2004, Franklin Co., Ohio Bush got 3893 extra votes from nowhere, Bush 4258 to Kerry 260, with 638 total votes in that precinct. In Florida, a machine allowed only 32,000 votes, after it hit 32,000 it started counting backward. In North Carolina 4,500 votes were lost after there was simply no more hard disk space available. According to USA Today, more than 20% of the machines tested failed to accurately record votes. These are problems with the machines, before any hacking or tampering.
Imagine a candidate getting an extra 3893 votes in just 1% of the precincts nationwide. Is it coincidence that the machines that gave bush the 3893 extra votes were by Diebold, whose CEO Walden O'Dell had promised to deliver Ohio's electoral votes for Bush?
Of course the government will try hard to keep you thinking your vote actually counts.....
Posted by starleo146 at 01:56 PM : Jul 30, 2007
We won't. We now have Stevens and Roberts! :) It went from 5-4 leaning left to 5-4 leaning right. nice of you to blame the lefties for siding with Bush! LOL
Ironic really. America has INSISTED that there be POLL WATCHERS in third world elections.
There were some poll watchers in 2006 and guess what - they found some really interesting irregularities that they'd probably not even find in those third world countries. Nothing like America showing the world CORRUPTION rather than Democracy.