California decertifies ‘vulnerable' voting machines

Voting machines from Diebold and Sequoia were decertified, then given conditional re-certification for limited use. Secretary of State Debra Bowen's ruling allows only one machine from each company per polling place, and the companies' products will be required to comply with increased security and post-election auditing procedures for recertification.

The state also decertified voting machines from Hart InterCivic. That company, too, received conditional recertification — it will be required to comply with increased security and post-election auditing procedures — but the state will not limit the number of Hart machines at polling places.

Because the company did not meet a deadline for submitting information, the state also withdrew approval for voting systems from Elections Systems and Software.

The decision means that most voters in California will have to rely on paper ballots in the state’s Feb. 5 presidential election. It likely will lead to long lines and delays in election day results, California election officials said.

The state gave the manufacturers 30 days to develop plans for ensuring the security of their systems' internal configuration and 45 days to propose a network security hardening plan before their systems can be submitted for use in the Feb. 5 primary.

Bowen's decision came in the wake of a report last week by researchers from the University of California that uncovered IT and physical security vulnerabilities in three electronic voting systems. Teams using penetration testing techniques found that electronic voting systems from Diebold, Hart InterCivic and Sequoia are not secure enough to fend off hackers or physical tampering, according to a report from Matt Bishop, principal investigator based at the University of California, Davis.

The researchers found a variety of security flaws in the voting systems. These ranged from weak cryptography keys to ways to overwrite the firmware and boot loader to easily guessable passwords.

"I think voters and counties are the victims of a federal certification process that hasn't done an adequate job of ensuring that the systems made available to them are secure, accurate, reliable and accessible," Secretary Bowen said in a prepared release. "Congress enacted the Help America Vote Act, which pushed many counties into buying electronic systems that — as we've seen for some time and we saw again in the independent UC review — were not properly reviewed or tested to ensure that they protected the integrity of the vote."

Ryan Berg, co-founder and chief scientist of Ounce Labs, a developer of software risk-analysis products, called the vulnerabilities in the systems "very serious." The systems' developers "quite obviously weren't using core security principles" when developing code for the voting machines, he said.

He noted that some of the voting systems had "hard-coded passwords, system information was uploadable without secure procedures, and they were open to buffer overflows." These are "very basic, very simple things to identify" in development, he told SCMagazine.com.

"Just to think our voting system is not susceptible to fraud is a dangerous game," he added. "It's a dangerous game to say we'll rely on honor system, that no one is ever going to do something bad — but that's not the way it works." The security vulnerabilities could be exploited to infect voting systems with viruses or other malicious code that would allow unauthorised access to the voting machines, he added.