Today the Brennan Center Task Force on Voting System Security released a report and policy proposals concluding that all three of the nation’s most commonly purchased electronic voting systems are vulnerable to software attacks that could threaten the integrity of a state or national election. New York can learn a thing or two from this report. As we all know, in March, the Justice Department sued New York State for failing to comply with the federal Help America Vote Act of 2002, which called on the states to overhaul their voting systems.
Our report was put together by the Security Task Force, a team of government and private sector scientists, voting machine experts, and security professionals on the Task Force worked together for more than a year. The members of the non-partisan panel were drawn from the National Institute of Standards and Technology (“NIST”), the Election Assistance Commission (“EAC”), the Lawrence Livermore National Laboratories, leading research universities, and include many of the nation’s foremost security experts.
The Task Force surveyed hundreds of election officials around the country; categorized over 120 security threats; and evaluated countermeasures for repelling attacks. The study examined each of the three most commonly purchased electronic voting systems: electronic machines (“DREs”) with – and without – a voter verified paper trail, and precinct-counted optical scan systems (“PCOS”). The report, The Machinery of Democracy: Protecting Elections in an Electronic World, is the first-ever systematic analysis of security vulnerabilities in each of these systems. The report’s findings include:
• All of the most commonly purchased electronic voting systems have significant security and reliability vulnerabilities. All three systems are equally vulnerable to an attack involving the insertion of corrupt software or other software attack programs designed to take over a voting machine.
• Automatic audits, done randomly and transparently, are necessary if paper records are to enhance security. The report called into question basic assumptions of many election officials by finding that the systems in 14 states using voter-verified paper records but doing so without requiring automatic audits are of “questionable security value.”
• Wireless components on voting machines are particularly vulnerable to attack. The report finds that machines with wireless components could be attacked by “virtually any member of the public with some knowledge of software and a simple device with wireless capabilities, such as a PDA.”
• The vast majority of states have not implemented election procedures or countermeasures to detect a software attack even though the most troubling vulnerabilities of each system can be substantially remedied.
Stay tuned for our upcoming report on voting machine accessibility, usability, and cost.
Categories: General, Voting