Electronic voting systems are touted as a modern solution for fast and accurate vote tallies, but without appropriate safeguards, these systems run the very serious risk of eroding public confidence in election results.
In Georgia, we’ve been using the iconic AccuVote TSX machines from Diebold for as long as I’ve lived here. The way it works with this system is that voters are given a ‘smart’ card similar to a chip-based credit card. This card is then inserted into an available voting machine to load the correct ballot. The voter uses a touch screen to complete the ballot, which is then reviewed on-screen before being submitted. The smart card is then ejected from the machine and returned to a polling place worker who will reprogram it for use by another voter. Rather than using paper ballots to track votes, each machine is responsible for accurately recording and counting the votes. Georgia is one of the few states where there are no paper ballots used at the polling stations.
The integrity of our election rests in no small part on the security of an aging fleet of computers, yet there has been no apparent attempt to even keep the custom Microsoft Windows installation up to date with security patches over the years.
In general, many people would likely assume the risks are largely mitigated through strong physical protections of voting machines and networks, but the reality is that election workers often take the machines home with them the night before an election. This practice is so common that it is casually referred to as a “sleepover.”
Thanks to unpatched OS vulnerabilities and cheap locks, it is next to impossible to know with certainty whether a given machine has been tampered with.
The roaring national and local debate on this topic (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Craig Young. Read the original post at: https://www.tripwire.com/state-of-security/government/election-georgias-electronic-voting-machines/