[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: computer viruses in Ohio

To: Margit Johansson <margitjo@xxxxxxxxx>, attendees <attendees@xxxxxxx>, cvv-discuss@xxxxxxxxxxxxxxxxx
Subject: Re: computer viruses in Ohio
From: Lou Puls <lpuls@xxxxxxxxxxxxx>
Date: Thu, 2 Nov 2006 11:20:32 -0700 (GMT-07:00)
Delivered-to: mailing list cvv-discuss@coloradovoter.net
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=earthlink.net; b=NspsY1ut975234q9/y1IwWdyuTzCDwif09r4R9MyYFEwePM3wR8k8FwzYM1KZrR5; h=Message-ID:Date:From:Reply-To:To:Subject:Mime-Version:Content-Type:Content-Transfer-Encoding:X-Mailer:X-ELNK-Trace:X-Originating-IP;
List-help: <mailto:cvv-discuss-help@coloradovoter.net>
List-post: <mailto:cvv-discuss@coloradovoter.net>
List-subscribe: <mailto:cvv-discuss-subscribe@coloradovoter.net>
List-unsubscribe: <mailto:cvv-discuss-unsubscribe@coloradovoter.net>
Mailing-list: contact cvv-discuss-help@coloradovoter.net; run by ezmlm
Reply-to: Lou Puls <lpuls@xxxxxxxxxxxxx>

To me this validates the BlackBoxVoting plea to poll watchers to take a video camera to the polls.
Also, of course, that DRE's should have nothing in them based on the Micro$oft OS or any other proprietary software.
Lou

-----Original Message-----
>From: Margit Johansson <margitjo@xxxxxxxxx>
>Sent: Nov 2, 2006 10:59 AM
>To: attendees <attendees@xxxxxxx>, cvv-discuss@xxxxxxxxxxxxxxxxx
>Subject: computer viruses in Ohio
>
>Thursday, November 02, 2006
>
>Contact
>Ed Felten
>Princeton University
>Tel: (609) 258-5906
>
>
>
>Steven Hertzberg
>Election Science Institute
>Tel:  (415) 839-5352
>
>For Immediate Release
>
>Cuyahoga County Ohio Possibly Exposed Election System to Computer Virus
>
>The memory cards that will be used to store votes on Election Day in
>Cuyahoga County, Ohio were stuck into ordinary laptop computers in
>September, possibly exposing the county's election system to a virus
>infection.  This serious security lapse was caught on video through
>the efforts of Cleveland resident Adele Eisner and Cleveland-area
>filmmaker Jeffrey Kirkby, who has graciously made his raw footage
>available on the Internet for personal viewing at:
>
><http://homepage.mac.com/captainkirkby/Data_Crunch/iMovieTheater87.html>
>http://homepage.mac.com/captainkirkby/Data_Crunch/iMovieTheater87.html
>
>Just one month ago a Princeton evoting study (available at
><http://itpolicy.princeton.edu/voting>http://itpolicy.princeton.edu/voting)
>showed that the memory cards used in Diebold touchscreen voting
>systems could carry computer viruses that would infect voting
>machines and steal votes on the infected machines.
>
>"Diebold has repeatedly stated that this type of security breach is
>virtually impossible due to security practices employed by the vendor
>and election officials," said Edward Felten, Professor of Computer
>Science and Public Affairs at Princeton University.  "Anyone who
>watches the video can now see for themselves that a virus could
>penetrate the election system via tasks performed by election staff."
>
>The new video shows a group of election workers sitting at tables,
>each with a laptop computer.  An official explains that these laptops
>were gathered from around the office, and some are the personal
>laptops of election workers.  Each worker has a laptop and a stack of
>memory cards, and is inserting the memory cards one by one into the
>laptop.  Cuyahoga County officials claim that every one of the
>county's memory cards gets this treatment, in order to archive vote
>records from the May 2006 primary election onto CD-ROMs.
>
>Ordinary laptops are of course vulnerable to computer viruses and
>other malicious software.  Given the number of ordinary laptops in
>the room, it is reasonably likely that at least one is infected with
>spyware, a virus, or other malware.  This puts at risk the memory
>cards, and the votes they will record from next week's election.
>
>Given the vulnerability of touch screen voting systems, election
>procedures must be stringent and consistently followed.  Safe
>procedures call for memory cards to be inserted only into computers
>that are carefully secured and never connected to the
>Internet.  Using ordinary laptop computers, borrowed from offices and
>homes, to process memory cards is dangerous.  The video shows that
>this practice is not the isolated act of a few election workers, but
>an official plan put in place by election officials.
>
>"Not only does this video demonstrate how potential security threats
>can be realized, this is yet another illustration of how election
>officials are forced to develop their own processes and procedures in
>order to operate their new election systems," said Steven Hertzberg,
>Project Director at Election Science Institute.  "Often we find that
>critical procedures and essential tools were not developed or
>deployed with this new election system, leaving election officials to
>fend for themselves.  Diebold should have provided an archiving
>system as part of their delivery to jurisdictions, before this system
>went live nationally."
>
>Voting machine vendors and election officials often argue that
>rigorous procedures can compensate for the technical weaknesses of
>voting machines.  Some jurisdictions implement such procedures well,
>but many do not.  Talking about procedural controls is easy.  Putting
>them into practice is much harder.
>
>"I first raised concerns to the Cuyahoga County Board of Election in
>mid-Summer, after Secretary of State Blackwell released an advisory
>about transferring electronic election data to CD ROM.  After I
>witnessed the transfer, I raised concerns a potential security breach
>to Cuyahoga Board of Elections Chairman Bennett and the rest of the
>board on October 2nd," said Adele Eisner.  "Unfortunately, the board
>simply defended its dangerous practice."

Prev by Date: computer viruses in Ohio
Next by Date: Daily Show
Previous by thread: computer viruses in Ohio
Next by thread: Daily Show
Index(es):
- Date
- Thread