Most vote machines lose test to hackers
John Wildermuth, Chronicle Staff Writer
Saturday, July 28, 2007
State-sanctioned teams of computer hackers were able to break through the security of virtually every model of California's voting machines and change results or take control of some of the systems' electronic functions, according to a University of California study released Friday.
The researchers "were able to bypass physical and software security in every machine they tested,'' said Secretary of State Debra Bowen, who authorized the "top to bottom review" of every voting system certified by the state.
Neither Bowen nor the investigators were willing to say exactly how vulnerable California elections are to computer hackers, especially because the team of computer experts from the UC system had top-of-the-line security information plus more time and better access to the voting machines than would-be vote thieves likely would have.
"All information available to the secretary of state was made available to the testers,'' including operating manuals, software and source codes usually kept secret by the voting machine companies, said Matt Bishop, UC Davis computer science professor who led the "red team" hacking effort, said in his summary of the results.
The review included voting equipment from every company approved for use in the state, including Sequoia, whose systems are used in Alameda, Napa and Santa Clara counties; Hart InterCivic, used in San Mateo and Sonoma Counties; and Diebold, used in Marin County.
Election Systems and Software, which supplied equipment to San Francisco, Contra Costa, Solano and Los Angeles counties in last November's election, missed the deadline for submitting the equipment, Bowen said. While their equipment will be reviewed, Bowen warned that she has "the legal authority to impose any condition'' on its use.
Bowen said in a telephone news conference Friday that the report is only one piece of information she will use to decide which voting systems are secure enough to use in next February's presidential primary election.
If she is going to decertify any of the machines, she must do it by Friday, six months before the Feb. 5 vote.
A day-long hearing in Sacramento on Monday will give the UC investigators a chance to present their finding and allow the various voting machine companies to present a response. The hearing also will be open for comments from the public.
The study was designed to discover vulnerabilities in the technology of voting systems used in the state. It did not deal with any physical security measures that counties might take and "made no assumptions about constraints on the attackers,'' Bishop said.
"The testers did not evaluate the likelihood of any attack being feasible,'' he added.
Some county elections officials in the state were among the most critical of the study, saying they worry that they could be forced to junk millions of dollars in voting machines if Bowen decertifies them for the February election.
Letting the hackers have the source codes, operating manuals and unlimited access to the voting machines "is like giving a burglar the keys to your house,'' said Steve Weir, clerk-recorder of Contra Costa County and head of the state Association of Clerks and Election Officials.
The study also determined that many voting systems have flaws that make it difficult for blind voters and those with other disabilities to cast ballots.
During her election campaign last year, Bowen made it clear she had little confidence in the security of electronic voting machines and vowed to review their use in the state.
"Voting systems are tools of our democracy,'' she said Friday. "We want to ensure that the voting systems used in the state are secure, accurate, reliable and accessible to all. This (study result) is not a big deal to me. It's a big deal for everyone in the country.''
Vendors and other advocates of electronic voting machines have suggested that because of Bowen's well-publicized concerns, she has her thumb on the scale when it comes to reviewing the systems. But the secretary of state said she purposely avoided the scientists doing the study.
Bowen admitted that she's "enough of a geek" that she would have enjoyed working closely with the study, but "I've stayed out of the way ... It's not my review,'' she said. "I didn't want (the researchers) to be influenced by my questions.''
Weir said the UC study "is only a hologram of what could be done technically without considering the real-world mitigation,'' the locks, access cards and other physical security measures typically used.
The study found "absolutely no evidence of any malicious source code anywhere,'' he added. "They found nothing that could cast doubt on the results of elections.''
Bishop, however, said he was surprised by the weakness of the security measures, both physical and electronic, protecting the voting systems. His team of hackers found ways to get into the systems not only through the high-tech equipment in election headquarters but also through the machines in the polling places.
If the testers had had more time, they would have found more flaws, he added.
"The vendors appeared to have designed systems that were not high assurance (of security)," said Bishop, a recognized expert on computer security. "The security seems like it was added on.''