Feds Move to Break Voting-Machine Monopoly: Via Threat Level.

Citing anti-competitive concerns, the Justice Department sued Election Systems & Software in order to force the company to divest itself of the voting machine assets it obtained from Premier Election Solutions last year.

The department’s Antitrust Division, along with nine state attorneys general, filed the civil antitrust lawsuit (.pdf) in U.S. District Court in Washington, D.C., charging that the acquisition threatened competition. The department proposed a settlement that, if accepted, would dissolve the merger and force ES&S to sell its Premier business to a buyer approved by the Justice Department.

“The proposed settlement (.pdf) will restore competition, provide a greater range of choices and create incentives to provide secure, accurate and reliable voting equipment systems now and in the future,” said Molly S. Boast, deputy assistant attorney general for the Antitrust Division in a statement. [ Read more ... ]

Discussing Citizens United with Larry Lessig: Via Salon: Glenn Greenwald.

Just in case readers here forgot how angry they were with me for my partial defense of the Citizens United decision, permit me to risk once again provoking the hornets' nest by recommending this 20-minute discussion I had on Monday night with Harvard Law Professor Larry Lessig on The Young Turks.  At The Huffington Post, Lessig wrote this response to the arguments I made about the case, and we had what I thought was a very constructive and enlightening discussion of the relevant issues:

Read Original Article:(Via Salon: Glenn Greenwald.)

Hardware Hacker, E-Voting Investigator, and Public Domain Advocate Win Pioneer Awards: Via EFF.org Updates.

San Francisco - The Electronic Frontier Foundation (EFF) is pleased to announce the winners of its 2009 Pioneer Awards: hardware hacker Limor "Ladyada" Fried, e-voting security researcher Harri Hursti, and public domain advocate Carl Malamud.

The award ceremony will be held at 7 p.m., October 22nd, at the Westin San Francisco in conjunction with the Web 2.0 Summit, co-produced by O'Reilly and TechWeb. LinkedIn founder Reid Hoffmann will keynote the event. [ Read more ... ]

Consolidation in E-Voting Market: ES&S Buys Premier: Via Freedom to Tinker.

Yesterday Diebold sold its e-voting division, known as Premier Election Systems, to ES&S, one of Premier's competitors. The price was low: about $5 million.

ES&S is reportedly the largest e-voting company, and Premier was the second-largest, so the deal represents a substantial consolidation in the market. The odds of one major e-voting company breaking from the pack and embracing up-to-date security engineering are now even slimmer than before. Premier had seemed like the company most likely to change its ways. [ Read more ... ]

Diebold Unloads Beleaguered Voting Machine Division: Via Threat Level.

It took about three years but Diebold has finally managed to get out of the election business.

The company announced Thursday that Premier Election Solutions, Diebold’s beleaguered voting machine division, has been acquired by Election Systems and Software (ES&S).

ES&S purchased the company for a mere $5 million in cash, plus 70 percent of any revenue collected on outstanding accounts through the end of August. According to Diebold’s announcement the sale was “consummated” Wednesday. [ Read more ... ]

Voting Tech Experts Sought by Feds to Develop Standards: Via Threat Level.

Want to help improve the design and security of voting systems made by Premier Election Solutions (formerly Diebold Election Systems) and other companies?

The federal Election Assistance Commission (EAC), which oversees the federal testing and certification of voting systems, is seeking four technology experts to serve on the Technical Guidelines Development Committee (TGDC), which will help craft the next version of voting system guidelines.

The guidelines serve as standards for voting equipment makers and are used by testing labs that certify voting machines to measure a system’s suitability for use in elections.

The current guidelines under which all voting machines have been tested and certified have been heavily criticized by computer security experts for their lack of security requirements. [ Read more ... ]

Diebold Quietly Patches Security Flaw in Voting Software: Via Threat Level.

Premier Election Solutions, formerly Diebold, has patched a serious security weakness in its election tabulation software used in the majority of states, according to a lab that tested the new version and a federal commission that certified it.

The flaw in the tabulation software was discovered by Wired.com earlier this year, and involved the program’s auditing logs. The logs failed to record significant events occurring on a computer running the software, including the act of someone deleting votes during or after an election. The logs also failed to record who performed an action on the system, and listed some events with the wrong date and timestamps.

A new version of the software does record such events, and includes other security safeguards that would prevent the system from operating if the event log were somehow shut down, according to iBeta Quality Assurance, the Colorado testing lab that examined the software for the federal government. [ Read more ... ]

IRAN ELECTION 2009 | Gathering the news about Iran's 2009 National election in one place.: Via IRAN ELECTION 2009.

IRAN ELECTION 2009 Gathering the news about Iran's 2009 National election in one place.
http://IranElection2009.com/

I just wanted to point out a site that is coming together to try and give a central place to get information about Iran's recent election. [ Read more ... ]

Election Official Moonlights as Political Consultant to Republican Candidates: Via Threat Level.

A Texas registrar of voters has been working a second job selling voter data and campaign services to Republican campaigns, according to local news reports.

Ed Johnson, the associate registrar of voters in Harris County, is the paid director of a small political consulting firm called Computer Data Systems, which he launched in 2003 with a Republican state representative. The company sold $140,000 worth of voter data and election services to Republican politicians and campaigns in 2008, which included conducting targeted mailings on behalf of clients. The information was uncovered by the Lone Star Project, a Texas-based political activist group. [ Read more ... ]

Voting Machine Company Agrees to Hand Over Source Code: Via Threat Level.

Election officials in Washington, DC, are finally going to get source code for voting machines that produced ‘phantom’ votes during the district’s primary election last September.

Sequoia Voting Systems agreed on Friday, after the city threatened a lawsuit, to hand over the proprietary code. Sequoia will also give election officials documentation describing how the source code and machines were created and maintained, according to the Washington Post.

During the city’s primary election last September, Sequoia’s optical-scan machines added about 1,500 ‘phantom’ votes to races on ballots cast in one precinct. [ Read more ... ]

Internet Voting: How Far Can We Go Safely?: Via Freedom to Tinker.

Yesterday I chaired an interesting panel on Internet Voting at CFP. Participants included Amy Bjelland and Craig Stender (State of Arizona), Susan Dzieduszycka-Suinat (Overseas Vote Foundation) Avi Rubin (Johns Hopkins), and Alec Yasinsac (Univ. of South Alabama). Thanks to David Bruggeman and Cameron Wilson at USACM for setting up the panel.

Nobody advocated a full-on web voting system that would allow voting from any web browser. Instead, the emphasis was on more modest steps, aimed specifically at overseas voters. Overseas voters are a good target population, because there aren't too many of them -- making experimentation less risky -- and because vote-by-mail serves them poorly.

Discussion focused on two types of systems: voting kiosks, and Internet transmission of absentee ballots. [ Read more ... ]

Voting System Adds Nearly 5,000 Ballots to Tally: Via Threat Level.

A software glitch in an optical-scan voting system added nearly 5,000 ballots to the tally of a South Dakota election this week. The error was discovered only after the election results were called, according to the Rapid City Journal.

The problem occurred when officials combined tallies from optical-scan machines in three precincts in Rapid City in Pennington County. The tabulation software used to combine the totals added 4,875 phantom ballots to the count. The system indicated 10,488 ballots were cast when, in reality, only 5,613 ballots existed, indicating that the glitch wasn’t simply a matter of doubling the votes. [ Read more ... ]

Is Internet Voting Safe? Vote Here: Via Threat Level.

WASHINGTON — Arizona did something very interesting in the 2008 general election: it accepted votes over the internet. Is it a good idea, or not?

Some individual counties have experimented with allowing online voting for overseas citizens, and the Pentagon considered its own system in 2004, before abandoning it because of security issues. But Arizona was the first to offer internet voting, in a national election, to all its overseas military and civilian families through a central website. Election officials demonstrated their system at the Computers, Freedom and Privacy Conference here Thursday, and they seemed pretty confident that it was secure.

“It’s run over a secured system using industry standard encryption,” said state CIO Craig Stender. “We had many users from over 50 countries using the system in that election.”

Voting rights activists are alarmed over the growing acceptance of internet-enabled voting [ Read more ... ]

NJ Voting-machine Trial: Defense Witnesses: Via Freedom to Tinker.

I've previously summarized my own testimony and other plaintiffs' witnesses' testimony in the New Jersey voting machines trial, Gusciora v. Corzine.

The defendant is the State of New Jersey (Governor and Secretary of State). The defense case comprised the following witnesses: [ Read more ... ]

Sunlight on NASED ITA Reports: Via Freedom to Tinker.

Short version: we now have gobs of voting system ITA reports, publicly available and hosted by the NSF ACCURATE e-voting center. As I explain below, ITA's were the Independent Testing Authority laboratories that tested voting systems for many years.

Long version: Before the Election Assistance Commission (EAC) took over the testing and certification of voting systems under the Help America Vote Act (HAVA), this critical function was performed by volunteers. The National Association of State Election Directors (NASED) recognized a need for voting system testing and partnered with the Federal Election Commission (FEC) to establish a qualification program that would test systems as having met or exceeded the requirements of the 1990 and 2002 Voting System Standards.*

However, as I've lamented many, many times over the years, the input, output and intermediate work product of the NASED testing regime were completely secret, due to proprietary concerns on behalf of the manufacturers. [ Read more ... ]

On open source vs. disclosed source voting systems: Via Freedom to Tinker.

Sometimes, working on voting seems like running on a treadmill. Old disagreements need to be argued again and again. As long as I've been speaking in public about voting, I've discussed the need for voting systems' source code to be published, as in a book, to create transparency into how the systems operate. Or, put another way, trade secrecy is anathema to election transparency. We, the people, have an expectation that our election policies and procedures are open to scrutiny, and that critical scrutiny is essential to the exercise of our Democracy. (Cue the waving flags.)

On Tuesday, the Election Technology Council (a trade association of four major American voting system manufacturers) put out a white paper on open-source and voting systems. It's nice to see them finally talking about the issue, but there's a distinctive cluelessness in this paper about what, exactly, open source is and what it means for a system to be secure. For example, in a sidebar titled "Disclosed vs. Open: Clarifying Misconceptions", the report states: [ Read more ... ]

Voting machine expert criticizes "clueless" industry report: Via Law & Disorder Section - Ars Technica.

The Election Technology Council (ETC), a trade group comprised of the most prominent electronic voting machine vendors, has published a paper that argues against mandating source disclosure for electronic voting machine systems. The paper (PDF), which broadly conflates source disclosure and open source software licensing, dubiously contends that enabling public scrutiny of voting technology would lead to compromised security.

The ETC's position is viewed with skepticism by both election transparency advocates and computer security experts. Dan Wallach—a Rice University computer science professor who has testified about voting security issues before various government bodies—wrote a rebuttal, which was published last week on the Freedom to Tinker blog. He laments the "distinctive cluelessness" of the ETC report and accuses the organization of misrepresenting the voting machine security studies that are cited in the document.

Read Original Article:(Via Law & Disorder Section - Ars Technica.)

CIA Expert Decries E-Voting Security: Via Slashdot: Your Rights Online.

ISoldat53 sends this quote from McClatchy DC: "The CIA, which has been monitoring foreign countries' use of electronic voting systems, has reported apparent vote-rigging schemes in Venezuela, Macedonia and Ukraine and a raft of concerns about the machines' vulnerability to tampering. Appearing last month before a US Election Assistance Commission field hearing in Orlando, Fla., a CIA cybersecurity expert suggested that Venezuelan President Hugo Chavez and his allies fixed a 2004 election recount, [ Read more ... ]

Video: Diebold Acknowledging Audit Log Flaws: Via Wired: Threat Level.

Earlier this week Premier Elections Solutions (formerly Diebold Election Systems) admitted in a hearing that the audit logs on its tabulation software fail to record significant events that occur on the machines -- such as when an error in the software deletes votes or when election officials intentionally delete ballots from the system. These, of course, are the most basic events that an audit log should record.

Now you can see a video of the hearing . [ Read more ... ]

Diebold Admits Systemic Audit Log Failure; State Vows Inquiry Via Threat Level :

SACRAMENTO, California -- Premier Election Solutions (formerly Diebold Election Systems) admitted in a state hearing Tuesday that the audit logs produced by its tabulation software miss significant events, including the act of someone deleting votes on election day.

The company acknowledged that the problem exists with every version of its tabulation software.

The revelation confirmed that a problem uncovered by Threat Level in January, and reiterated in a report released two weeks ago by the California secretary of state's office, has widespread implications for election jurisdictions around the country that use any version of the company's Global Election Management System (GEMS) software to tabulate votes. [ Read more ... ]

Diebold Admits Systemic Audit Log Failure; State Vows Inquiry Via Threat Level :

SACRAMENTO, California -- Premier Election Solutions (formerly Diebold Election Systems) admitted in a state hearing Tuesday that the audit logs produced by its tabulation software miss significant events, including the act of someone deleting votes on election day.

The company acknowledged that the problem exists with every version of its tabulation software.

The revelation confirmed that a problem uncovered by Threat Level in January, and reiterated in a report released two weeks ago by the California secretary of state's office, has widespread implications for election jurisdictions around the country that use any version of the company's Global Election Management System (GEMS) software to tabulate votes. [ Read more ... ]

NJ Voting-machine trial update Via Freedom to Tinker :

Earlier this month I testified in Gusciora v. Corzine, the trial in which the plaintiffs argue that New Jersey's voting machines (Sequoia AVC Advantage) can't be trusted to count the votes, because they're so easily hacked to make them cheat.

I've previously written about the conclusions of my expert report: in 7 minutes you can replace the ROM and make the machine cheat in every future election, and there's no practical way for the State to detect cheating machines (in part because there's no voter-verified paper ballot).

The trial started on January 27, 2009 and I testified for four and a half days. I testified that the AVC Advantage can be hacked by replacing its ROM, or by replacing its Z80 processor chip, so that it steals votes undetectably. I testified that fraudulent firmware can also be installed into the audio-voting daughterboard by a virus carried through audio-ballot cartridges. I testified about many other things as well. [ Read more ... ]

Rethinking the voting system certification process: Via Freedom to Tinker

Lawsuits! Everybody's filing lawsuits. Premier Election Systems (formerly Diebold) is suing SysTest, one of the EAC's testing authorities (or, more properly, former testing authorities, now that the EAC is planning to suspend their accreditation). There's also a lawsuit between the State of Ohio and Premier over whether or not Premier's voting systems satisfy Ohio's requirements. Likewise, ES&S is being sued by San Francisco, the State of California, and the state of Oregon. A Pennsylvania county won a judgment against Advanced Voting Systems, after AVS's systems were decertified (and AVS never even bothered showing up in court to defend themselves). And that's just scratching the surface.

What's the real problem here? Electronic voting systems were "certified", sold, deployed, and then turned out to have a variety of defects, ranging from "simple" bugs to a variety of significant security flaws. [ Read more ... ]

The First Federally Certified Voting System: Via Slashdot

InternetVoting writes "The Election Assistance Commission has announced the first ever federally certified voting system. While the Election Management System (EMS) 4.0 by MicroVote General Corporation has successfully completed 17 months of testing, many questions still remain about the United States' voting system Testing and Certification program. Many systems are still being tested to obsolete standards, the current standards are set to become obsolete soon and cost estimates for future certifications are skyrocketing. The future of improved innovating voting systems does not look bright."

Read Original Article ( Via Slashdot. )

Card Processor Admits to Large Data Breach: Via Threat Level

href="http://blog.wired.com/27bstroke6/">Threat Level

A large credit card processing company was breached in an attack late last year that may have compromised more than 100 million accounts.

Heartland Payment Services, which processes debit and credit card transactions for 250,000 businesses, said it first learned around late October that it might have been hacked, but wasn't able to determine that its system had indeed been breached until last week. The company said it notified the public Tuesday as soon as it confirmed it was the victim of a "highly sophisticated" attack.

Law enforcement officials are investigating the breach as potentially part in a wider cyber fraud operation with multiple victims, according to Robert Baldwin, Heartland's president and chief financial officer.

"They are working on an active investigation on a gang [and] all the hallmarks are that this is associated with that," Baldwin said. "They have said that investigation is focused on a significant number of breaches of financial institutions." [ Read more ... ]