The most comprehensive analysis of security and operating issues of electronic vote machines ever performed was released in late July by the State of California, and the results from a series of reports provided a body blow to an industry already on the defensive. Tests were done on systems of three vendors, Sequoia Voting Systems, Diebold, and Hart Intercivic by researchers at the University of California under a $1.8 million contract with the California Secretary of State’s Office.

“I had expected them to find problems – but to be able to replace firmware in all three systems is nothing short of an utter takeover of machines, and that shouldn’t be possible,” declared noted computer security and vote machine expert Avi Rubin, a professor at Johns Hopkins University. “I was shocked by how severe the problems were,” he continued. “What’s even scarier is that the researchers were looking at certified systems that have been already used in an election,” he said in a July 30 TechNewsWorld article.

For Montgomery County and other jurisdictions using Sequoia systems, the results further document and confirm basic problems underlying the vulnerabilities of Sequoia DREs (direct recording electronic systems) on a range of security and operating issues. Montgomery County has Sequoia AVC Advantage machines, which use the same basic operating system that was tested and found wanting in California. The Sequoia hardware tested was its Edge machine, which is a newer machine than the Advantage, however it also received low grades.

“We found significant security weaknesses throughout the Sequoia system. The nature of these weaknesses raises serious questions as to whether the Sequoia software can be relied upon to protect the integrity of elections. Every software mechanism for transmitting election results and every software mechanism for updating software lacks reliable measures to detect or prevent tampering,” says one of two official reports on Sequoia, Source Code Review of the Sequoia Voting System.”

Sequoia and the other two systems tested were decertified and then provisionally recertified by the California Secretary of State. As a result of the tests, California will restrict use of the machines to no more than one per precinct to be reserved for voters with disabilities. Most voters apparently will be marking paper ballots for tabulation by optical scan machines. In addition, all votes cast on the suspect DREs will be audited on the basis of a comparison of electronic totals with a one hundred percent hand-count of printed paper records. For the California directive on Sequoia, click here.

The California tests and subsequent ruling provides a national model for states, including Pennsylvania, to reconsider controversial voting machines that previously gained federal and state approvals yet remain vulnerable to hacks and other security threats. In Pennsylvania, 54 of 67 counties now vote on suspect paperless DREs. So far, however, Secretary of State Pedro Cortes remains silent on the issue.

According to a BetaNews story, “the biggest vulnerability any of these systems could possibly face is the overwriting of their firmware through a Trojan file or other means; and in all three cases, University of California ‘red teams’ were able to accomplish this.”

In addition, the UCAL researchers uncovered evidence that a key element of Sequoia’s security strategy was none other than a customer relations campaign to allay fears that tampering would be a problem, according to BetaNews. They cited Sequoia literature that actually explained to customers that since its software does not access any other libraries besides Microsoft SQL server, no one else could possibly have remote or unauthorized access to its SQL Server database. However, that whole notion is simply wrong, the researchers pointed out, noting that it was able to execute arbitrary commands on the Sequoia database using ordinary SQL Server queries.

Back in February of this year, Princeton Computer Science Professor Andrew Appel and his grad students uncovered serious security flaws in Sequoia Advantage machines, which they purchased over the internet. They demonstrated then how easy it can be to manipulate votes when one student was able to pick a lock in seven seconds to gain access to motherboards and memory chips, which can be swapped out for bogus software for vote switching.

According to Appel at the time, “We can take a version of Sequoia’s software program and modify it to do something different – like appear to count votes, but really move them from one candidate to anther. And it can be programmed to do that only on Tuesdays in November, and at any other time. You can’t detect it, he concluded in a Newark Star-Ledger story.”

In other words, if Sequoia customers were paying attention (Are you listening, Montgomery County?), there are no great surprises here. Still, this is the first time that Sequoia has been exposed to such an exhaustive review and the results appear to be a clear indictment of the security mechanisms (or lack of) built into their system. To read Sequoia’s spin on the California reports, click here.