Feeds

Diebold e-voting software includes delete audit logs button

No confirmation necessary

SANS - Survey on application security programs

Vote tabulation software currently in use throughout the United States contains a button to permanently delete audit logs that are required under federal voting-system guidelines, according to a report submitted to California's top elections official.

The button is included in version 1.18.19 of the GEMS, or Global Election Management System, manufactured by Premier Election Solutions, formerly known as Diebold Election Systems. That was the piece of software that silently dropped 197 votes from November's final vote count in Northern California's Humboldt county. The report warns that the feature could be used to intentionally or unintentionally delete logs needed to conduct audits into the accuracy of an election.

"GEMS 1.18.19 not only includes 'Clear' buttons that permit deletion of these records, it provides no warning to the operator that exercising the 'Clear' command will result in permanent deletion of the records in the log, nor does it require the operator to confirm the command before GEMS executes it," the report states.

"Deletion of the records in either log would make it impossible to monitor operator access to GEMS or to reconstruct the sequence of operator access, defeating the purpose of [federal guidelines] that GEMS version 1.18.19 was required to adhere to."

Under guidelines established by the Federal Election Commission in 1990, tabulation software used in all US elections must automatically create and permanently retain electronic audit logs of important system events while tallying votes. The guidelines state they are intended to provide a "concrete, indestructible archival record of all system activity" and are "essential for public confidence in the accuracy of the tally."

Premier removed the delete button in later versions of GEMS but three counties in California and several jurisdictions in Texas and Florida continue to use the older program, the report says.

Word of the delete button, which was reported earlier by Wired.com, came as California Secretary of State Debra Bowen was investigating the dropped votes in Humboldt County. The glitch came to light only after a volunteer outfit known as the Humboldt County Election Transparency Project passed every ballot cast through an optical scanner after it was officially counted.

The dropped votes were the result of another deficiency in Central Count Server of GEMS 1.18.19 that in some cases silently drops all tallied votes from the first batch of optical ballots, the report (PDF) concludes. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.