Most Popular Choices
Share on Facebook 11 Printer Friendly Page More Sharing
OpEdNews Op Eds   

COTS and Other Electronic Voting Backdoors

By       (Page 1 of 1 pages)   No comments
Message Rebecca Mercuri
In response to the growing concerns regarding H.R. 811, particularly with regard to the inspection of commercial-off-the-shelf (COTS) voting system components, I wanted to provide this article, previously published in the November 2006 issue of Communications of the Association for Computing Machinery and also available at http://www.csl.sri.com/neumann/insiderisks06.html#197. It is especially important to understand that COTS software products can include both open source (such as Red Hat Linux) and closed (or trade secret) source (such as Microsoft Windows [TM]), and that neither paradigm necessarily guarantees security. Indeed, the examination of source code for "correctness" is well known in the computer industry to be intractable (i.e. not fully solvable in reasonable time), but that does not mean that it should not be inspectable.

R. Mercuri
========================================================================

Inside Risks 197, CACM 49, 11, November 2006
COTS and Other Electronic Voting Backdoors
Rebecca Mercuri, Vincent J. Lipsio, and Beth Feehan

During the U.S. 2006 primary election season, there was a flurry of media attention about electronic voting, when it was revealed that Diebold Election Systems had erroneously reported to a testing authority (CIBER) that certain Windows CE operating system files were commercial-off-the-shelf (COTS) but in fact also contained customized code. This is important because, remarkably, all versions of the federal voting system guidelines exempt COTS hardware and software from inspection, whereas modified components require additional scrutiny.

This loophole is anathema to security and integrity. In other critical computer-based devices (e.g., medical electronics or aviation), COTS components may be unit-tested once for use in multiple products, with COTS software typically integration-tested and its source code required for review. In contrast, for voting equipment, this blanket inspection exemption persists, despite having strenuously been protested by numerous scientists, especially in the construction of guidelines authorized by the Help America Vote Act (HAVA) [1]. Nevertheless, special interests have prevailed in perpetuating this serious backdoor in the advisory documents used for the nation's voting system testing and certification programs.

Indeed, Diebold dismissed the discovered customizations as presenting only ''a theoretical security vulnerability that could potentially allow unauthorized software to be loaded onto the system'' [2]; a Diebold spokesman commented ''for there to be a problem here, you're basically assuming ... you have some evil and nefarious election officials who would sneak in and introduce a piece of software. ... I don't believe these evil elections people exist.'' But such naivete is laughable, as there is a long and well-documented history of such ''political machines'' and operatives in the U.S.

Uninspected COTS has caused other serious voting equipment problems to go undetected, even if tampering is not an issue, as reported in 2001 to the U.S. House Science Committee by Douglas Jones, when he related a 1998 example of ''an interesting and obscure failing [with the Fidlar and Chambers EV 2000] that was directly due to a combination of this exemption and a recent upgrade to the version of Windows being used by the vendor ... the machine always subtly but reliably revealed the previous voter's vote to the next voter.'' [3]

The strong resistance to closing this COTS backdoor was illustrated by the activities of the IEEE's P1583 Voting System Standards working group, while they were drafting a document to be submitted as input to the Election Assistance Commission's (EAC) Technical Guidelines Development Committee. A Special Task Group (STG) was formed to resolve COTS-related issues in the draft. Although all issues were resolved with strong consent by the STG's members [4], P1583's vendor-partisan editing committee unabashedly repeatedly refused (even after having been confronted before the entire working group) to incorporate any of the substantial COTS review requirements into the draft. Therefore, the version of the document released to the EAC still contained the exemption for COTS components, even though the working group had decided otherwise.

Numerous other aspects of America's voting equipment certification process are similarly lax. Another P1583 working group member, Stanley Klein, repeatedly pointed out to the EAC that the legacy low 163-hour Mean Time Between Failures rate specified in all versions of the voting system guidelines translated to an election day malfunction probability (potentially resulting in unrecoverable loss of votes) of 9.2% per machine, to no avail. Attempts to require a Common Criteria style evaluation were frustrated. Bizarrely, the guidelines allow for the risky use of wireless transceivers in voting machines, but do not require that the ballot data be provided in a format such that it is independently auditable. And although there is a federal certification process, there is no provision for decertification, even when a major security flaw has been exposed. The fact that any changes, including security-related ones, require recertification, has even been used as an excuse to avoid making needed updates. Indeed, the nature of U.S. elections is such that federal certification, as poor as it is, is not mandatory; one-fifth of the states have chosen to disregard it, some in lieu of even more haphazard and obfuscated examination processes.

This distressing situation will likely continue until large numbers of citizens, especially those with technical expertise, hold government officials accountable. You can help by communicating with your elected officials, beseeching them to do something about this now.

Beth Feehan (bfeehan@comcast.net) is a researcher focusing on HAVA implementation issues. Vincent Lipsio (vince@lipsio.com) is a software engineer who specializes in real-time and life-critical systems. Rebecca Mercuri (mercuri@acm.org) is a forensic computing expert who has been researching electronic voting since 1989.

1. Charles Corry, Stanley Klein, Vincent Lipsio, and Rebecca Mercuri, Comments to the Election Assistance Commission's Technical Guidelines Development Committee, December 2004. http://www.vote.nist.gov/ECPosStat.htm
2. Monica Davey, New Fears of Security Risks in Electronic Voting Systems, New York Times, May 12, 2006.
3. Douglas Jones, Testimony to the U.S. House Science Committee, May 22, 2001. http://www.cs.uiowa.edu/~jones/voting/congress.html
4. IEEE P1583 working group. http://www.Lipsio.com/COTS, http://grouper.ieee.org/groups/scc38/1583/
========================================================================
Other insightful articles in this regard include:

Security by Insecurity, Rebecca T. Mercuri and Peter G. Neumann, Inside Risks 161, CACM 46, 11, November 2003 http://www.csl.sri.com/users/neumann/insiderisks.html#160

Information System Security Redux, Peter G. Neumann, Inside Risks 160, CACM 46, 10, October 2003, http://www.csl.sri.com/users/neumann/insiderisks.html#159

Voting into Vapor, Craig Lambert, Harvard Magazine, November/December 2004 http://www.harvardmagazine.com/on-line/110471.html
Rate It | View Ratings

Rebecca Mercuri Social Media Pages: Facebook page url on login Profile not filled in       Twitter page url on login Profile not filled in       Linkedin page url on login Profile not filled in       Instagram page url on login Profile not filled in

Rebecca Mercuri has been in the forefront of the voting integrity movement since 1989. She provides expert witness services for elections and other forensic computing matters.

Go To Commenting
The views expressed herein are the sole responsibility of the author and do not necessarily reflect those of this website or its editors.
Writers Guidelines

 
Contact AuthorContact Author Contact EditorContact Editor Author PageView Authors' Articles
Support OpEdNews

OpEdNews depends upon can't survive without your help.

If you value this article and the work of OpEdNews, please either Donate or Purchase a premium membership.

STAY IN THE KNOW
If you've enjoyed this, sign up for our daily or weekly newsletter to get lots of great progressive content.
Daily Weekly     OpEd News Newsletter
Name
Email
   (Opens new browser window)
 

Most Popular Articles by this Author:     (View All Most Popular Articles by this Author)

FBI vs. Apple: Fake Fight?

National Popular Vote Returns to California

Homebuyer Stimulus Plan -- Won't Work -- Do the Math

Connecting the Dots? Rush Holt, HR 811, and Avante International

COTS and Other Electronic Voting Backdoors

Hawai'i's Instant Runoff Legislation -- Veto Needed

To View Comments or Join the Conversation:

Tell A Friend