Minutes before a looming midnight deadline,California Secretary of State Debra Bowen Friday night decertified e-voting machines manufactured byDiebold Election Systems,Hart Intercivic andSequoia Voting Systems and adopted for use in 39 California counties. The vendors will have 30 days to submit their products for recertification.
Bowen also issued new security requirements to be implemented for any e-voting systems approved for use in the state’s upcoming February elections.
Last week, the University of Californiamade public the results of a study Bowen commissioned to evaluate the security of the Diebold, Hart Intercivic and Sequoia e-voting machines. The report identified several troublesome issues, including the ability to replace firmware in each of the systems.
Among the new election protections Bowen ordered: reinstalling software before the election to ensure it has not already been hacked; placing special seals at insecure areas of the machines; securing the machines during early voting; assigning a specific election monitor for each machine; and conducting a manual count of all votes cast.
She also limited the number of certified e-voting machines to one per polling place to reduce hacking opportunities.
Bowen withdrew approval of a fourth e-voting machine vendor, Election Systems and Software, which did not submit its equipment in time for analysis.
Not surprisingly, the vendors — all of which decried the study’s findings when they were released — are displeased with Bowen’s action.
“We are disappointed that Secretary Bowen has taken action to severely limit the options available to local election officials and voters in California,” said Diebold Election Systems President Dave Byrd.
“Local election officials in California have put in place proper policies and procedures which complement the security features of DESI’s voting solutions,” he said.
The researchers did not simulate a “real world” attack, Byrd emphasized.
“Secretary Bowen’s top-to-bottom review was designed to ignore security procedures and protocols that are used during every election,” he claimed. “Her team of hackers was given unfettered access to the equipment, the source code, and all other information on security features provided by DESI to the Secretary of State’s office. And she refused to include in the review the current version of DESI’s touch screen software with enhanced security features.”
Such arguments are disingenuous at best, said Brad Friedman, publisher of theBrad Blog, which follows e-voting and electoral issues.
“The fact of the matter is, the greatest danger comes from insiders — election officials and employees of voting machine companies,” he told TechNewsWorld.
He pointed to his own sleuthing over the weekend as an example: Friedman drove by one of the vendor’s warehouses on Saturday night and took a few pictures. Among the photos was one of a bunch of touch screen systems sitting on a pallet in the warehouse, right by the loading dock, presumably about to be shipped out somewhere.
“As there was no security around the outside of the building,” he said, “I was able to see into the fully lit warehouse where presumably any employee — and there were some 25 cars there on Sat. at 10:30 p.m., but no people seen in the warehouse — could have accessed one or more of those systems, destined to be shipped out directly to a county for use in an election somewhere.”
One probable development that both critics and supporters of e-voting machines agree upon is that Bowen’s decision is likely to have a ripple effect, and other states will follow California’s example.
On the other hand, similar research in Florida recentlyuncovered several flaws in e-voting systems used there, but the secretary of state has signaled willingness to work with the vendors to certify the machines for use.