Hacked Voting System Stored Accessible Password, Encryption Key: Via Threat Level.

An internet-based voting system that was hacked last week by researchers at the University of Michigan stored its database username, password and encryption key on a server open to attack.

Alex Halderman, a computer scientist at the university, has detailed the vulnerabilities and hacking techniques his students used to completely control the system last week. The hack allowed them to change votes and program the system to play his school’s fight song “Hail to the Victors” after each voter cast their ballot.

The hack, unnoticed by election officials until researchers notified them, forced election officials to take the system offline and adopt a contingency plan for the November elections.

Washington, DC, began testing its internet voting system last Tuesday in advance of the November elections. The system, paid for in part with a $300,000 federal grant, is designed to let overseas military and civilian voters cast ballots quickly, instead of relying on the postal system to deliver their votes in a timely manner.

But within 36 hours of the system going live, Halderman’s team found and exploited a shell-injection vulnerability that “gave us almost total control of the server software, including the ability to change votes and reveal voters’ secret ballots.” [ Read more ... ]

International Day of Democracy - 15 September: Via United Nations.

Democracy is a universal value based on the freely expressed will of people to determine their own political, economic, social and cultural systems and their full participation in all aspects of their lives. 

While democracies share common features, there is no single model of democracy. Activities carried out by the United Nations in support of efforts of Governments to promote and consolidate democracy are undertaken in accordance with the UN Charter, and only at the specific request of the Member States concerned.

The UN General Assembly, in resolution A/62/7 (2007)  encouraged Governments to strengthen national programmes devoted to the promotion and consolidation of democracy, and also decided that 15 September of each year should be observed as the International Day of Democracy.

Read Original Article:(Via UN Web Services Section, Department of Public Information, United Nations.)

Report: Voting Machine Problems Highlight Urgent Need for National Database: Via Threat Level.

In 2008 in Ohio, election officials discovered that voting systems made by Premier Election Solutions dropped at least 1,000 votes in 9 county elections.

Premier (formerly Diebold Election Systems) initially blamed the problem on anti-virus software the county had installed on systems running the election software, but eventually conceded the problem was a logic error in its own software and sent a notice to 29 other states using its voting systems advising them how to work around the problem.

What the notice didn’t mention was that Premier’s voting system had experienced a similar problem years earlier in 2004 in Illinois and might have been avoided in Ohio had the company acted sooner.

In 2002, election officials in Bernalillo County, New Mexico, discovered they’d also been kept in the dark about a known issue with their machines, after their voting system appeared to drop some 12,000 ballots.

Although 48,000 people had cast ballots, tabulation software for touch-screen machines made by Sequoia Voting Systems recorded no more than 36,000 votes in any race, including the governor’s race. Sequoia admitted it was a software problem and disclosed that officials in a Nevada county had experienced the same issue weeks before the election, and received a patch to fix it — a patch the company neglected to install on the system in New Mexico. In fact, Sequoia had even failed to inform its employees in New Mexico that a problem occurred with the system in another state.

These are two of more than a dozen examples cited in a new report arguing for the federal government to establish a public clearinghouse to track voting machine problems nationwide and ensure that voters are not disenfranchised by faulty systems. [ Read more ... ]

The British Tabloid Phone-Hacking Scandal: Via NYTimes.com Magazine.

IN NOVEMBER 2005, three senior aides to Britain’s royal family noticed odd things happening on their mobile phones. Messages they had never listened to were somehow appearing in their mailboxes as if heard and saved. Equally peculiar were stories that began appearing about Prince William in one of the country’s biggest tabloids, News of the World.

The stories were banal enough (Prince William pulled a tendon in his knee, one revealed). But the royal aides were puzzled as to how News of the World had gotten the information, which was known among only a small, discreet circle. They began to suspect that someone was eavesdropping on their private conversations.

By early January 2006, Scotland Yard had confirmed their suspicions. An unambiguous trail led to Clive Goodman, the News of the World reporter who covered the royal family, and to a private investigator, Glenn Mulcaire, who also worked for the paper. The two men had somehow obtained the PIN codes needed to access the voice mail of the royal aides.

Scotland Yard told the aides to continue operating as usual while it pursued the investigation, which included surveillance of the suspects’ phones. [ Read more ... ]

Good News: Security Researcher Released on Bail: Via EFF.org Updates.

Hari Prasad, the Indian security researcher arrested for allegedly stealing an electronic voting machine, has been released on bail.

Earlier this year, an anonymous source gave the machine to Prasad and a team of researchers, who discovered critical security flaws. Under questioning by authorities last weekend, Prasad refused to divulge the identity of the source who gave them the machine. He was then arrested and reportedly charged with theft and trespass on the theory that he stole the machine himself.

According to the Indian news agency PTI, the magistrate who released Prasad on bail noted that "no offence was disclosed with Hari Prasad's arrest and even if it was assumed that [the electronic voting machine] was stolen it appears that there was no dishonest intention on his part...he was trying to show how [electronic voting] machines can be tampered with."

The court reportedly also asked the Election Commission of India to confirm or disprove Prasad's claim that the country's electronic voting machines can be compromised. If Prasad's claims are false, action could be taken against him, the magistrate said.

Read Original Article:(Via EFF.org Updates.)

Indian E-Voting Researcher Freed After Seven Days in Police Custody: Via Freedom to Tinker.

FLASH: 4:47 a.m. EDT August 28 — Indian e-voting researcher Hari Prasad was released on bail an hour ago, after seven days in police custody. Magistrate D. H. Sharma reportedly praised Hari and made strong comments against the police, saying Hari has done service to his country. Full post later today.

Read Original Article:(Via Freedom to Tinker.)

Update: Indian E-Voting Researcher Remains in Police Custody: Via Freedom to Tinker.

In case you're just tuning in, e-voting researcher Hari Prasad, with whom I coauthored a paper exposing serious flaws in India's electronic voting machines (EVMs), was arrested Saturday morning at his home in Hyderabad. The arresting officers told him they were acting under "pressure [from] the top," and demanded that he disclose the identity of the anonymous source who provided the voting machine that we studied. Since then, Hari has been held in custody by the Mumbai police and repeatedly questioned.

Recent Developments

There have several developments in Hari’s case since my last post.

On Sunday, about 28 hours after his arrest, Hari appeared before a magistrate in Mumbai and was formally charged for the first time. The officers who arrested him had not stated a specific charge, but they had told him he would be left alone if he would reveal the identity of the source who provided us the machine . Hari has not named the source, and the authorities are now alleging that he took the machine from the government's warehouse himself. [ Read more ... ]

Security Researcher Arrested for Refusing to Disclose Anonymous Source: Via EFF.org Updates.

An Indian computer scientist was arrested this weekend when he refused to disclose an anonymous source who provided an electronic voting machine to a team of security researchers.

Hari Prasad is the managing director of Netindia Ltd., an Indian research and development firm. He and other researchers have long questioned the security of India's paperless electronic voting machines. Despite repeated reports of election irregularities and concerns about fraud, the Election Commission of India insists that the machines are tamper-proof.

In 2009, the commission publicly challenged Prasad to show that India's voting machines could be compromised, but refused to give him access to the machines to perform a review. Earlier this year, an anonymous source provided an Indian voting machine to a research team led by Prasad, Alex Halderman, and Rop Gonggrijp. The team exposed security flaws that could allow an attacker to change election results and compromise ballot secrecy. They published a paper detailing their findings, which you can read here. [ Read more ... ]

Electronic Voting Researcher Arrested Over Anonymous Source: Via Freedom to Tinker.

About four months ago, Ed Felten blogged about a research paper in which Hari Prasad, Rop Gonggrijp, and I detailed serious security flaws in India's electronic voting machines. Indian election authorities have repeatedly claimed that the machines are "tamperproof," but we demonstrated important vulnerabilities by studying a machine provided by an anonymous source.

The story took a disturbing turn a little over 24 hours ago, when my coauthor Hari Prasad was arrested by Indian authorities demanding to know the identity of that source.

At 5:30 Saturday morning, about ten police officers arrived at Hari's home in Hyderabad. They questioned him about where he got the machine we studied, and at around 8 a.m. they placed him under arrest and proceeded to drive him to Mumbai, a 14 hour journey.

The police did not state a specific charge at the time of the arrest, but it appears to be a politically motivated attempt to uncover our anonymous source. The arresting officers told Hari that they were under "pressure [from] the top," and that he would be left alone if he would reveal the source's identity. [ Read more ... ]

The South Carolina Primary and Voting Machine Fraud: Via Slashdot.

cSeattleGameboy writes "South Carolina sure knows how to pick 'em. Alvin Greene is a broke, unemployed guy who is facing a felony obscenity charge. He made no campaign appearances and raised no money, but he is the brand new Democratic Senate nominee from South Carolina. Tom Schaller at FiveThirtyEight.com does a detailed analysis of how a guy like this wins a primary race, and many of the signs point to voting machine fraud. There seem to have been irregularities on all sides. 'Dr. Mebane performed second-digit Benford's law tests on the precinct returns from the Senate race. ... If votes are added or subtracted from a candidate's total, possibly due to error or fraud, Mebane's test will detect a deviation from this distribution. Results... showed that Rawl's Election Day vote totals depart from the expected distribution at 90% confidence. In other words, the observed vote pattern for Rawl could be expected to occur only about 10% of the time by chance. ... An unusual, non-random pattern in the precinct-level results suggests tampering, or at least machine malfunction, perhaps at the highest level. [ Read more ... ]

NJ Voting Machines Left Unattended, Despite Court Order: Via Freedom to Tinker.

It's Election Day in New Jersey. Longtime readers know that in advance of elections I visit polling places in Princeton, looking for voting machines left unattended, where they are vulnerable to tampering. In the past I have always found unattended machines in multiple polling places.

I hoped this time would be different, given that the state is now under a court order not to leave voting machines unattended in public. The order was issued by Judge Feinberg back in February, in her ruling on the New Jersey voting machine case.

Despite the court order, I found voting machines unattended in three of the four Princeton polling places I visited on Sunday and Monday. Here are my photos from three polling places.

[...]

This morning I cast my ballot on one of these machines.

Read Original Article:(Via Freedom to Tinker.)

A Privacy Shield Against the Campaigns via Washington Post

While John McCain and Barack Obama have plenty to fight about, there is at least one thing that they agree on: Voters who interact with their campaigns have no privacy rights.

What does this mean?

It's simple: Voters do not have the right to opt out of unwanted campaign communications, either online or off-line. Voters don't have the right to decide who will contact them or how they will be contacted by the presidential campaigns.

This invasion of the voters' privacy is bipartisan. Republicans do it. Democrats do it. Heck, even Libertarians do it.

This week, I received an e-mail from the Obama campaign that had the subject line: "Your Neighbors." Intrigued, I opened the message and learned that the campaign was launching a sophisticated program called "Neighbor-to-Neighbor" that makes "it easier than ever to connect with potential supporters in your community by phone or door-to-door." [ Read more ... ]

Check Out EFF's Favorite Books: Via EFF.org Updates.

We are a bookish crowd here at the Electronic Frontier Foundation, so we figured it might be interesting to share a list of some of our favorite books. Choosing categories was a contentious process, but we ultimately decided to split up the list into the following rough categories:

• Copyright, Trademark and Innovation
• Privacy, Surveillance, and Security
• Technology and Internet Culture
• International Internet Issues
• Economics and Business
• History, Politics, and Electronic Voting

The top 3 in each category are standouts or classics, but every book in the list has inspired fresher, smarter considerations about technology, civil liberties, and what it means to be on the electronic frontier. Enjoy!

Read Original Article:(Via EFF.org Updates.)

Feds Move to Break Voting-Machine Monopoly: Via Threat Level.

Citing anti-competitive concerns, the Justice Department sued Election Systems & Software in order to force the company to divest itself of the voting machine assets it obtained from Premier Election Solutions last year.

The department’s Antitrust Division, along with nine state attorneys general, filed the civil antitrust lawsuit (.pdf) in U.S. District Court in Washington, D.C., charging that the acquisition threatened competition. The department proposed a settlement that, if accepted, would dissolve the merger and force ES&S to sell its Premier business to a buyer approved by the Justice Department.

“The proposed settlement (.pdf) will restore competition, provide a greater range of choices and create incentives to provide secure, accurate and reliable voting equipment systems now and in the future,” said Molly S. Boast, deputy assistant attorney general for the Antitrust Division in a statement. [ Read more ... ]

Discussing Citizens United with Larry Lessig: Via Salon: Glenn Greenwald.

Just in case readers here forgot how angry they were with me for my partial defense of the Citizens United decision, permit me to risk once again provoking the hornets' nest by recommending this 20-minute discussion I had on Monday night with Harvard Law Professor Larry Lessig on The Young Turks.  At The Huffington Post, Lessig wrote this response to the arguments I made about the case, and we had what I thought was a very constructive and enlightening discussion of the relevant issues:

Read Original Article:(Via Salon: Glenn Greenwald.)

Hardware Hacker, E-Voting Investigator, and Public Domain Advocate Win Pioneer Awards: Via EFF.org Updates.

San Francisco - The Electronic Frontier Foundation (EFF) is pleased to announce the winners of its 2009 Pioneer Awards: hardware hacker Limor "Ladyada" Fried, e-voting security researcher Harri Hursti, and public domain advocate Carl Malamud.

The award ceremony will be held at 7 p.m., October 22nd, at the Westin San Francisco in conjunction with the Web 2.0 Summit, co-produced by O'Reilly and TechWeb. LinkedIn founder Reid Hoffmann will keynote the event. [ Read more ... ]

Consolidation in E-Voting Market: ES&S Buys Premier: Via Freedom to Tinker.

Yesterday Diebold sold its e-voting division, known as Premier Election Systems, to ES&S, one of Premier's competitors. The price was low: about $5 million.

ES&S is reportedly the largest e-voting company, and Premier was the second-largest, so the deal represents a substantial consolidation in the market. The odds of one major e-voting company breaking from the pack and embracing up-to-date security engineering are now even slimmer than before. Premier had seemed like the company most likely to change its ways. [ Read more ... ]

Diebold Unloads Beleaguered Voting Machine Division: Via Threat Level.

It took about three years but Diebold has finally managed to get out of the election business.

The company announced Thursday that Premier Election Solutions, Diebold’s beleaguered voting machine division, has been acquired by Election Systems and Software (ES&S).

ES&S purchased the company for a mere $5 million in cash, plus 70 percent of any revenue collected on outstanding accounts through the end of August. According to Diebold’s announcement the sale was “consummated” Wednesday. [ Read more ... ]

Voting Tech Experts Sought by Feds to Develop Standards: Via Threat Level.

Want to help improve the design and security of voting systems made by Premier Election Solutions (formerly Diebold Election Systems) and other companies?

The federal Election Assistance Commission (EAC), which oversees the federal testing and certification of voting systems, is seeking four technology experts to serve on the Technical Guidelines Development Committee (TGDC), which will help craft the next version of voting system guidelines.

The guidelines serve as standards for voting equipment makers and are used by testing labs that certify voting machines to measure a system’s suitability for use in elections.

The current guidelines under which all voting machines have been tested and certified have been heavily criticized by computer security experts for their lack of security requirements. [ Read more ... ]

Diebold Quietly Patches Security Flaw in Voting Software: Via Threat Level.

Premier Election Solutions, formerly Diebold, has patched a serious security weakness in its election tabulation software used in the majority of states, according to a lab that tested the new version and a federal commission that certified it.

The flaw in the tabulation software was discovered by Wired.com earlier this year, and involved the program’s auditing logs. The logs failed to record significant events occurring on a computer running the software, including the act of someone deleting votes during or after an election. The logs also failed to record who performed an action on the system, and listed some events with the wrong date and timestamps.

A new version of the software does record such events, and includes other security safeguards that would prevent the system from operating if the event log were somehow shut down, according to iBeta Quality Assurance, the Colorado testing lab that examined the software for the federal government. [ Read more ... ]

IRAN ELECTION 2009 | Gathering the news about Iran's 2009 National election in one place.: Via IRAN ELECTION 2009.

IRAN ELECTION 2009 Gathering the news about Iran's 2009 National election in one place.
http://IranElection2009.com/

I just wanted to point out a site that is coming together to try and give a central place to get information about Iran's recent election. [ Read more ... ]

Election Official Moonlights as Political Consultant to Republican Candidates: Via Threat Level.

A Texas registrar of voters has been working a second job selling voter data and campaign services to Republican campaigns, according to local news reports.

Ed Johnson, the associate registrar of voters in Harris County, is the paid director of a small political consulting firm called Computer Data Systems, which he launched in 2003 with a Republican state representative. The company sold $140,000 worth of voter data and election services to Republican politicians and campaigns in 2008, which included conducting targeted mailings on behalf of clients. The information was uncovered by the Lone Star Project, a Texas-based political activist group. [ Read more ... ]

Voting Machine Company Agrees to Hand Over Source Code: Via Threat Level.

Election officials in Washington, DC, are finally going to get source code for voting machines that produced ‘phantom’ votes during the district’s primary election last September.

Sequoia Voting Systems agreed on Friday, after the city threatened a lawsuit, to hand over the proprietary code. Sequoia will also give election officials documentation describing how the source code and machines were created and maintained, according to the Washington Post.

During the city’s primary election last September, Sequoia’s optical-scan machines added about 1,500 ‘phantom’ votes to races on ballots cast in one precinct. [ Read more ... ]

Internet Voting: How Far Can We Go Safely?: Via Freedom to Tinker.

Yesterday I chaired an interesting panel on Internet Voting at CFP. Participants included Amy Bjelland and Craig Stender (State of Arizona), Susan Dzieduszycka-Suinat (Overseas Vote Foundation) Avi Rubin (Johns Hopkins), and Alec Yasinsac (Univ. of South Alabama). Thanks to David Bruggeman and Cameron Wilson at USACM for setting up the panel.

Nobody advocated a full-on web voting system that would allow voting from any web browser. Instead, the emphasis was on more modest steps, aimed specifically at overseas voters. Overseas voters are a good target population, because there aren't too many of them -- making experimentation less risky -- and because vote-by-mail serves them poorly.

Discussion focused on two types of systems: voting kiosks, and Internet transmission of absentee ballots. [ Read more ... ]

Voting System Adds Nearly 5,000 Ballots to Tally: Via Threat Level.

A software glitch in an optical-scan voting system added nearly 5,000 ballots to the tally of a South Dakota election this week. The error was discovered only after the election results were called, according to the Rapid City Journal.

The problem occurred when officials combined tallies from optical-scan machines in three precincts in Rapid City in Pennington County. The tabulation software used to combine the totals added 4,875 phantom ballots to the count. The system indicated 10,488 ballots were cast when, in reality, only 5,613 ballots existed, indicating that the glitch wasn’t simply a matter of doubling the votes. [ Read more ... ]