For Immediate Release
Thursday, September 28, 2006
Lawrence Norden, Brennan Center, 212 998–6322
Jonathan Rosen, BerlinRosen Public Affairs, 646 452–5637
Brennan Center Urges House Committee to Address
Crisis in Electronic Voting
Software Attacks Danger to All Electronic Voting Machines
Washington, DC Today, the Brennan Center for Justice at NYU School of Law urged members of the House Administration Committee to immediately address the security crisis in electronic voting systems.
On June 28, 2006 the Brennan Centers Task Force on Voting System Security released a report and policy proposals concluding that all three of the nations most commonly purchased electronic voting systems are vulnerable to software attacks that could threaten the integrity of a state or national election.
As electronic voting machines become the norm on Election Day, voters are more and more concerned that these machines are susceptible to fraud, said Lawrence Norden, chair of the Brennan Center Task Force. In fact, weve learned a lot from our study. These machines are vulnerable to attack. Thats the bad news. The good news is that we know how to reduce the risks and the solutions are within reach.
I hope that lawmakers at todays hearing read the Brennan Centers report and take a hard look at adopting these policies, said Howard A. Schmidt, former White House Cyber Security Advisor under President Bush and former Chief Security Officer of Microsoft and eBay, as well as a member of the Brennan Center Task Force.
The members of the non-partisan panel were drawn from the Lawrence Livermore National Laboratories, the National Institute of Standards and Technology (NIST), leading research universities, and include many of the nations foremost security experts.
For more than a year the Task Force surveyed hundreds of election officials around the country; categorized over 120 security threats; and evaluated countermeasures for repelling attacks. The study examined each of the three most commonly purchased electronic voting systems: electronic machines (DREs) with and without a voter verified paper trail, and precinct-counted optical scan systems (PCOS). The report, The Machinery of Democracy: Protecting Elections in an Electronic World, is the first-ever systematic analysis of security vulnerabilities in each of these systems. The reportu2019s findings include:
All of the most commonly purchased electronic voting systems have significant security and reliability vulnerabilities. All three systems are equally vulnerable to an attack involving the insertion of corrupt software or other software attack programs designed to take over a voting machine.
Automatic audits, done randomly and transparently, are necessary if paper records are to enhance security. The report called into question basic assumptions of many election officials by finding that the systems in 22 states using voter-verified paper records but doing so without requiring automatic audits are of questionable security value.
Wireless components on voting machines are particularly vulnerable to attack. The report finds that machines with wireless components could be attacked by virtually any member of the public with some knowledge of software and a simple device with wireless capabilities, such as a PDA.
The vast majority of states have not implemented election procedures or countermeasures to detect a software attack even though the most troubling vulnerabilities of each system can be substantially remedied.
Among the countermeasures advocated by the Task Force are routine audits comparing voter verified paper trails to the electronic record; and bans on wireless components in voting machines. Currently only New York and Minnesota ban wireless components on all machines; California bans wireless components only on DRE machines. The20Task Force also advocated the use of parallel testing: random, Election Day testing of machines under real world conditions. Parallel testing holds its greatest value for detecting software attacks in jurisdictions with paperless electronic machines, since, with those systems, meaningful audits are not an option.
After the hearing Norden joined with lawmakers to call attention to H.R. 550, the Voter Confidence and Increased Accessibility Act, the most comprehensive bill before Congress addressing electronic voting security. Norden joined advocates and members of Congress from both parties in calling for immediate House action on the bill.