WASHINGTON - June 27 - The Brennan Center Task Force on Voting System Security, an initiative of the Brennan Center for Justice at NYU School of Law, today released a report and policy proposals concluding that all three of the nation’s most commonly purchased electronic voting systems are vulnerable to software attacks that could threaten the integrity of a state or national election.
“As electronic voting machines become the norm on Election Day, voters are more and more concerned that these machines are susceptible to fraud,” said Michael Waldman, the Brennan Center’s Executive Director. “In fact, we’ve learned a lot from our study. These machines are vulnerable to attack. That’s the bad news. The good news is that we know how to reduce the risks and the solutions are within reach.”
“I hope that election officials and lawmakers around the country read this report and take a hard look at adopting these policies in time for the 2006 elections,” said Howard A. Schmidt, former White House Cyber Security Advisor and former Chief Security Officer of Microsoft and eBay.
The government and private sector scientists, voting machine experts, and security professionals on the Task Force worked together for more than a year. The members of the non-partisan panel were drawn from the National Institute of Standards and Technology (“NIST”), the Election Assistance Commission (“EAC”), the Lawrence Livermore National Laboratories, leading research universities, and include many of the nation’s foremost security experts.
The Task Force surveyed hundreds of election officials around the country; categorized over 120 security threats; and evaluated countermeasures for repelling attacks. The study examined each of the three most commonly purchased electronic voting systems: electronic machines (“DREs”) with and without a voter verified paper trail, and precinct-counted optical scan systems (“PCOS”). The report, The Machinery of Democracy: Protecting Elections in an Electronic World, is the first-ever systematic analysis of security vulnerabilities in each of these systems. The report’s findings include:
- All of the most commonly purchased electronic voting systems have significant security and reliability vulnerabilities. All three systems are equally vulnerable to an attack involving the insertion of corrupt software or other software attack programs designed to take over a voting machine.
- Automatic audits, done randomly and transparently, are necessary if paper records are to enhance security. The report called into question basic assumptions of many election officials by finding that the systems in 14 states using voter-verified paper records but doing so without requiring automatic audits are of “questionable security value.”
- Wireless components on voting machines are particularly vulnerable to attack. The report finds that machines with wireless components could be attacked by “virtually any member of the public with some knowledge of software and a simple device with wireless capabilities, such as a PDA.”
- The vast majority of states have not implemented election procedures or countermeasures to detect a software attack even though the most troubling vulnerabilities of each system can be substantially remedied.
Among the countermeasures advocated by the Task Force are routine audits comparing voter verified paper trails to the electronic record; and bans on wireless components in voting machines. Currently only New York and Minnesota ban wireless components on all machines; California bans wireless components only on DRE machines. The Task Force also advocated the use of “parallel testing”: random, Election Day testing of machines under real world conditions. Parallel testing holds its greatest value for detecting software attacks in jurisdictions with paperless electronic machines, since, with those systems, meaningful audits are not an option.
The Task Force’s report was made public today in the Rayburn House Office Building. Congressmen Rush Holt (D-NJ) and Tom Cole (R-OK) praised the report’s findings and called for enactment of H.R. 550, the Voter Confidence and Increased Accessibility Act, the most comprehensive bill before Congress addressing electronic voting security.
Said Lawrence Norden, Chair of the Brennan Center Task Force on Voting System Security: “The Brennan Center is committed to all our policy recommendations shared today with the public and Members of Congress, and we have not taken a position yet on any pending legislation. We’ll be working closely with Mr. Holt, Mr. Cole, and other lawmakers dedicated to protecting our elections.”
“I see this as an historic report because it’s the first time we’ve systematically examined security concerns presented by all of the electronic voting systems in use,” said Professor Ronald Rivest of MIT, a member of the Technical Guidelines Committee of the federal Election Assistance Commission. “The report will be invaluable for any election official grappling with electronic security and, hopefully, will pave the way for widespread adoption of better safeguards.”