[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

computer viruses in Ohio

To: attendees <attendees@xxxxxxx>, cvv-discuss@xxxxxxxxxxxxxxxxx
Subject: computer viruses in Ohio
From: "Margit Johansson" <margitjo@xxxxxxxxx>
Date: Thu, 2 Nov 2006 10:59:48 -0700
Delivered-to: mailing list cvv-discuss@coloradovoter.net
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=hItSnOyROANU4i1d3vFhVCByl1m1k1Y9VvW4kM8QsUoRqUyWkmXks2CO8buxUcX/1YMo/liOJHmvhCUM/HuFgmJzpPKVIM1XqwCEzRJRKrYV6rCgayFXkA1p+ODNCvTGW1Ea8c9v5Fm/riOJbmF7u+jQOCgTO1QZ03kw8BV21i0=
List-help: <mailto:cvv-discuss-help@coloradovoter.net>
List-post: <mailto:cvv-discuss@coloradovoter.net>
List-subscribe: <mailto:cvv-discuss-subscribe@coloradovoter.net>
List-unsubscribe: <mailto:cvv-discuss-unsubscribe@coloradovoter.net>
Mailing-list: contact cvv-discuss-help@coloradovoter.net; run by ezmlm

Thursday, November 02, 2006

Contact
Ed Felten
Princeton University
Tel: (609) 258-5906

Steven Hertzberg
Election Science Institute
Tel: (415) 839-5352

For Immediate Release

Cuyahoga County Ohio Possibly Exposed Election System to Computer Virus

The memory cards that will be used to store votes on Election Day in
Cuyahoga County, Ohio were stuck into ordinary laptop computers in
September, possibly exposing the county's election system to a virus
infection. This serious security lapse was caught on video through
the efforts of Cleveland resident Adele Eisner and Cleveland-area
filmmaker Jeffrey Kirkby, who has graciously made his raw footage
available on the Internet for personal viewing at:

<http://homepage.mac.com/captainkirkby/Data_Crunch/iMovieTheater87.html >http://homepage.mac.com/captainkirkby/Data_Crunch/iMovieTheater87.html

Just one month ago a Princeton evoting study (available at
<http://itpolicy.princeton.edu/voting >http://itpolicy.princeton.edu/voting)
showed that the memory cards used in Diebold touchscreen voting
systems could carry computer viruses that would infect voting
machines and steal votes on the infected machines.

"Diebold has repeatedly stated that this type of security breach is
virtually impossible due to security practices employed by the vendor
and election officials," said Edward Felten, Professor of Computer
Science and Public Affairs at Princeton University. "Anyone who
watches the video can now see for themselves that a virus could
penetrate the election system via tasks performed by election staff."

The new video shows a group of election workers sitting at tables,
each with a laptop computer. An official explains that these laptops
were gathered from around the office, and some are the personal
laptops of election workers. Each worker has a laptop and a stack of
memory cards, and is inserting the memory cards one by one into the
laptop. Cuyahoga County officials claim that every one of the
county's memory cards gets this treatment, in order to archive vote
records from the May 2006 primary election onto CD-ROMs.

Ordinary laptops are of course vulnerable to computer viruses and
other malicious software. Given the number of ordinary laptops in
the room, it is reasonably likely that at least one is infected with
spyware, a virus, or other malware. This puts at risk the memory
cards, and the votes they will record from next week's election.

Given the vulnerability of touch screen voting systems, election
procedures must be stringent and consistently followed. Safe
procedures call for memory cards to be inserted only into computers
that are carefully secured and never connected to the
Internet. Using ordinary laptop computers, borrowed from offices and
homes, to process memory cards is dangerous. The video shows that
this practice is not the isolated act of a few election workers, but
an official plan put in place by election officials.

"Not only does this video demonstrate how potential security threats
can be realized, this is yet another illustration of how election
officials are forced to develop their own processes and procedures in
order to operate their new election systems," said Steven Hertzberg,
Project Director at Election Science Institute. "Often we find that
critical procedures and essential tools were not developed or
deployed with this new election system, leaving election officials to
fend for themselves. Diebold should have provided an archiving
system as part of their delivery to jurisdictions, before this system
went live nationally."

Voting machine vendors and election officials often argue that
rigorous procedures can compensate for the technical weaknesses of
voting machines. Some jurisdictions implement such procedures well,
but many do not. Talking about procedural controls is easy. Putting
them into practice is much harder.

"I first raised concerns to the Cuyahoga County Board of Election in
mid-Summer, after Secretary of State Blackwell released an advisory
about transferring electronic election data to CD ROM. After I
witnessed the transfer, I raised concerns a potential security breach
to Cuyahoga Board of Elections Chairman Bennett and the rest of the
board on October 2nd," said Adele Eisner. "Unfortunately, the board
simply defended its dangerous practice."

Prev by Date: A washingtonpost.com article from: margitjo@gmail.com
Next by Date: Re: computer viruses in Ohio
Previous by thread: A washingtonpost.com article from: margitjo@gmail.com
Next by thread: Re: computer viruses in Ohio
Index(es):
- Date
- Thread