Calif.: All Vote Machines Tested Hackable

Electronic voting machines are seen before the opening of polls 07 November, 2006 at the Sudley North Government Center in Prince William County, Virginia.
Getty Images/Karen Bleier
Secretary of State Debra Bowen released the first part of her review of California's voting systems Friday, seven days before she must decide whether to decertify any of the systems for the presidential primary.

It found that computer experts were able to breach all the systems they studied and change the machines' results. But the experts did that under artificial conditions, with unimpeded access to the equipment, a situation that ordinarily would not occur.

Matt Bishop, a computer scientist at the University of California, Davis, who led the team, said the findings must be evaluated in light of the security systems that county election officials have in place before any conclusions can be reached about whether the machines are reliable.

Bowen, who has made electronic voting security the centerpiece of her administration, said she needed to spend the weekend reviewing the reports before commenting on them.

"I am still in analysis mode," she said during a conference call with reporters, "and do not have any conclusion based on reports I have not read."

The review has been rushed because of the earlier-than-ever primary on Feb. 5. It did not include voting systems used in Los Angeles, San Francisco and Contra Costa counties.

Bowen said that was because the company that makes the machines, Election Systems & Software, had refused to give her the information she needed in time. A company spokesman said they delayed because they wanted more information about how the review would be conducted.

By law, Bowen must let counties know six months before the election that she is going to decertify their equipment. That means she must decide by Aug. 3, too soon to complete reviews of Election Systems & Software's equipment.

Instead, a spokeswoman for Bowen said she could subject that equipment to higher standards.

County elections officials see Bowen's "top-to-bottom review" as unnecessary. They say their equipment already meets federal standards and was approved by Bowen's predecessor, Bruce McPherson.

Steve Weir, president of the state association of registrars, said it was not news that voting systems could be breached under ideal conditions.

"They were given permission to get into the systems," he said. "It's not a real world test."

Experts examined systems built by Diebold Election Systems, Hart InterCivic and Sequoia Voting Systems.

One team tried to breach the machines' security. Another tested to see how accessible they were for voters with disabilities. A third group looked at the source code used in the machines. That report was withheld Friday because of concerns that it might contain proprietary information.

Among the findings:

  • The physical security was weak (Testers were able to access the internals of Sequoia's machines by unscrewing screws to bypass locks, and compromise Diebold's AccuVote TSx machine without prompting reminders to voters to check their printed records).
  • Software was overwritable with malicious code (Testers could load a program into a machine's memory which, at the next reboot, loaded malicious firmware, at which point an attacker could manipulate the election results, with no access to source code required; attacks on Diebold's machines allowed testers to overwrite firmware, which could change vote totals, and escalate privileges from those of a voter to a poll worker or central count administrator, enabling them to reset an election, issue unauthorized voter cards, and close polls; testers overwrote Hart's eScan software and issued administrative commands.)