Feeds

Sequoia attack dogs kill review into e-voting discrepancies

'Your investigation into fair democracy infringes our rights'

Top three mobile application threats

Updated New Jersey elections officials have scrapped plans to inspect electronic voting machines suspected of malfunctioning during the recent presidential primary election, following legal threats by their manufacturer, Sequoia Voting Systems.

Officials from New Jersey's Union County had requested the audit by Princeton University computer scientist Ed Felten after finding discrepancies that raised doubts about the accuracy of the results returned in the February election. Earlier this week, they reversed course after Sequoia threatened legal action if the county turned the machines over to Felten. The company's attorneys argued the independent review would violate its trade-secret rights,

The episode underscores constraints placed on government agencies that use e-voting machines to conduct elections. It's by no means clear that Sequoia's legal claims are valid, but in this case the issue is moot. Sequoia's threats were adequate in shutting down a key part of an investigation into what went wrong. It's doubtful that suppliers of less sophisticated paper ballots would have been able to exert that kind of influence on officials charged with carrying out free and fair elections.

Felten - an expert on the hardware and software using in e-voting machines - has already demonstrated how to hack Diebold e-voting equipment to alter voting results.

In a statement on its website, Sequoia argued the machines have already undergone a "complete and independent review" by federally accredited consultants. Additional tests have been conducted by state authorities, including those in California, Colorado and Illinois. "Sequoia does not support any and all unauthorized activities that violate or circumvent our product licensing agreements," the company stated.

Union County Clerk Joanne Rajoppi told the New Jersey Star-Ledger she shut down the review on the advice of attorneys. An attorney for the Constitutional Officers Association of New Jersey, the statewide clerks' association that was to hire Felten, said: "We don't have access to the machines, so we can't do anything."

Union County requested the review after discovering anomalies in results from the February 5 election. On some machines, the paper-tape backups showing how many Democrats and Republicans casted ballots didn't match the same data contained on cartridge printouts. Officials from four other counties later identified the same errors. According to BlackBoxVoting, all five counties use the AVC Advantage, a touch-screen machine in use since 1988.

Sequoia has said the errors were the result of mistakes by poll workers, but absent a thorough investigation, it remained unclear how they could be sure of that determination. Now, thanks to the footwork Sequoia's legal department, none of us will.

Update

Felten has published a detailed rebuttal to Sequoia's explaination that the discrepancies were the result of clerical errors. He summarizes: "An investigation is needed — an independent investigation, done by someone not chosen by Sequoia, not paid by Sequoia, and not reporting to Sequoia."

Also, Sequoia has announced it is undertaking a "comprehensive external review" of the AVC Advantage machine that involves a federally accredited consulting company called Wyle Laboratories of Huntsville, Alabama, and an independent firm known as Kwaidan Consulting of Houston, Texas.

"We are confident that the review will show that Sequoia’s product bulletin issued recently to our Advantage customers does indeed explain how the reporting issue that occurred during the February 5th Primary Elections happened, and how it can be prevented," the company says.

Sequoia didn't describe the scope or methodology of the review and didn't say whether New Jersey officials would be able to participate.

Finally, InfoWorld is reporting that hackers have attacked a section of Sequoia's website containing a detailed explanation of the voting machine errors. Sites Felten, InfoWorld says the content from the company's Ballot Blog was replaced by a message saying the page was hacked and naming the individuals responsible.

At the time of this update, the hackers' message no longer appeared, but the content had not been restored. ®

SANS - Survey on application security programs

More from The Register

next story
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Whoever you vote for, Google gets in
Report uncovers giant octopus squid of lobbying influence
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.