Feeds

Ohio voting machines have 'backdoor', lawsuit claims

Security of e-voting called into question – again

Build a business case: developing custom apps

Video The software used in Ohio voting machines contain a backdoor that would allow third-parties to change electronic votes, claims a lawsuit filed by local Green Party candidate Bob Fitrakis.

The lawsuit, filed on Monday afternoon against Ohio's Republican Secretary of State John Husted, claims that on September 18 he hired Election Systems & Software (ES&S) to provide the electronic voting systems used by the state. ES&S' software is suspect, the complaint states, and it asks the court to allow the use of paper voting in Tuesday's election.

"ES&S has installed a 'back door' into such hardware and software that enables persons who are not under the supervision and control of defendant Husted, and who are not under the supervision and control of Ohio's boards of elections, to access the recording and tabulation of votes," the complaint states.

The software contract was signed off without public bidding or scrutiny, and without being signed off by the state technology review board as is required by local law, the suit claims. There is also an "imminent risk" of outsiders hacking the election results, it states.

In his day job, complainant Fitrakis is a professor of political science at Columbus State Community College and editor of the Freepress.org left-leaning news outlet. He has lined up security experts to testify on his behalf, he says, and the Ohio court is now sitting to consider the issue in a last-minute session.

"An expert, who worked for 37 years for the National Security Agency just told that court that the uncertified and untested software has created vulnerabilities for the Ohio election system and could allow for both a backdoor to tamper the vote and allow for viruses to be inserted," Fitrakis said.

He also claims that the voting machines in question have received untested patches on October 31 that haven't been reviewed or certified as safe for use. A similar round of patching occurred just before the 2004 election, he said.

He has also released footage claiming to show problems with voting screens in a Pennsylvania election booth. Votes for Obama were automatically being reassigned for Romney, the video appears to show.

Legal representatives for the Secretary of State are contesting the suit, saying Fitrakis' claims are "ridiculous," Matt McClellan, a spokesman for Husted told SF Gate. A "reporting tool" was installed into the code that is intended to ease the viewing of results, he said, but that would not affect their integrity.

"We did not touch, update, patch or do anything to the tabulation systems or the voting machines," McClellan said. "There's no vulnerability to the system whatsoever."

In response to the lawsuit, ES&S said it was "frivolous and without merit," and that Fitrakis filed it "with the sole intent of undermining voter confidence." It is confident that the court will find in its favor, it said.

Fitrakis does certainly have an axe to grind on the issue. Last month he claimed that Mitt Romney's son Taggart Romney is a partial owner of Hart Intercivic, which provides election machines used in some of the Ohio districts. The investment house Solamere, set up by Tagg with $10m in seed capital from his parents, along with equity managers HIG Capital, bought control of Hart Intercivic in July last year, he claims.

According to Factcheck.org HIG Capital does own Hart Intercivic, but there's no proof that Tagg's company Solamere has any stake in the voting machine manufacturer, although it does invest in some HIG projects.

"Tagg Romney does not own or control voting machines in Ohio," Factcheck.org states. "There's no evidence that he is even invested in them. There is a lot of money flowing from HIG executives to Romney’s political committees, but that's not evidence of wrongdoing."

Whatever the rights and wrongs of the Ohio case, there are serious problems with electronic voting and security. Around a third of the votes today are going to be cast electronically, especially if you were in the path of "Superstorm Sandy", and the results of most elections will be tabulated on computer.

A case study presented at this year's RSA conference showed how a team of students hacked the Washington DC election board software in a public trial held three weeks before it was to be used in an actual election. In a couple of hours they had spotted a vulnerability and used it to get the drunken Futurama bag o' bolts Bender elected to the head of the Washington DC school board.

None of the voting systems used in US elections is secure, according to Dr. David Jefferson from Lawrence Livermore National Labs, and election hacking is very hard to detect, since the results are seldom examined after the result for evidence of hacking.

"The states are in the habit of certifying voting systems, typically without testing them or seeing the source code," he said. "In many cases the voting system uses proprietary code that government can't legally check, and the running of the systems is outsourced to the vendors. This situation is getting worse." ®

Bootnote

In a tradition American readers would probably consider quaint, we Britons don't use electronic voting in national elections. There's a very simple reason: pen and paper is more efficient.

To rig an election held in such an archaic manner is very difficult, indeed. For a start, you need a large number of people to fill in the ballot papers needed to turn an election result, and someone is bound to let slip. Secondly, you need to get access to the ballot boxes to swap out the votes, and security on them is very tight and in some cases very public.

Attempts to modernize the system have proven fraught with problems. The introduction of postal ballots has increased voting fraud, and moves to go electronic are being fiercely resisted on the grounds that it would make the situation even more unsafe. Yes, getting the results can be slow, but they can also be checked and verified.

Actually going to a polling booth once every few years isn't a great deal of effort for people, and the resulting surety of a result gives citizens far greater confidence that the end result is fair and just.

Maybe the Americans need to take a look at how things are down in the old country, and learn a little.

Update

US District Court Judge Gregory Frost has refused to issue an injunction to stop electronic voting in the middle of the election. He has however left the case open so that it can be returned too later if there is evidence of election fraud.

Endpoint data privacy in the cloud is easier than you think

More from The Register

next story
Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
They're not emails, they're business records, says court
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
Plug and PREY: Hackers reprogram USB drives to silently infect PCs
BadUSB instructs gadget chips to inject key-presses, redirect net traffic and more
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?