Thursday, August 16, 2007

e-voting woes: Hart InterCivic's e-Slates

Kristen Mack, from earlier this month:

A recent study of the electronic voting machine used in Harris County found that attacks on the system could compromise the accuracy, secrecy and availability of the machine.

The California secretary of state's office conducted a "top-to-bottom review" of the voting machines certified for use in California, including the Hart InterCivic system used here.

The tests, administered by the University of California at Davis, found that absent tighter procedures, hackers could alter vote totals, violate the privacy of individual voters and delete audit trails.

Debra Bowen, the CA SOS, decertified the Hart machines (.pdf) for use in her state. She tentatively will re-approve them if they use an updated, more secure version of their (still-proprietary) software.

The Harris County Democratic Party's Elections Integrity Working Group, an offshoot of the Progressive Populist Caucus' efforts to thwart the assortment of voter suppression tactics throughout the largest county in Texas, will meet today with Houston mayor Bill White, Harris County clerk Beverley Kaufman and others to discuss the issues swirling around Hart's e-Slates.

Kaufman's office doesn't think the California hackfest is anything to worry about:

"The laboratory experiment, as conducted by the UC-Davis researchers, seems almost impossible to replicate outside that laboratory environment. Thus, voters in Harris County should be aware, but not be concerned by the results," said Hector DeLeon, a spokesman for Harris County Clerk Beverly Kaufman, whose office administers elections.

DeLeon called the test unrealistic because it is "premised on providing unfettered access to the voting equipment to a malicious individual with the technological savvy and ingenuity to violate the system."

Excuse me, Hector?

"Relying on security through obscurity is a terrible thing to do," UC-Davis computer science professor Matt) Bishop said. "(Hackers) can get the info, the only question is how hard do they have to work to get it. Any defense that relies on ignorance underestimates how ingenious attackers can be and overestimates how fallible people are."

The county, under contract, conducts all of the city of Houston's municipal elections. Harris County officials from top to bottom are Republicans; Houston's mayor and a predominant majority of city council members are Democratic.

The possibility of having paper trails -- much less a paper ballot -- in time for the November 2008 election is slim and none, and Slim just rode out of town. The city is disinclined from a cost aspect to add printers to the e-Slates; the county genuinely unconcerned by the risk assessment to do so. Today's meeting likely won't move those positions much.

Still, the recommendations of the task force will include following the guidelines set forth in the Texas Secretary of State's Election Advisory #2006-16, along with the 'best practices' suggestions of Travis County clerk Dana DeBeauvoir in her "Method for Developing Security Procedures in a DRE Environment" (.pdf) which include logic and accuracy tests, parallel and hash code testing and post-election and audit protocols to prevent -- or failing that, detect -- electronic vote tampering.

That's not too much to ask, is it?

No comments: