E-Voting in CA Original Author: Alan Huch

September 12, 2007

Secretary of State

““Democracy, by definition, is about free, Democracy, by definition, is about free, fair and open elections. fair and open elections. ““My goal is to My goal is to have election results that are beyond have election results that are beyond question or doubt. Right now, far too question or doubt. Right now, far too many voters are wondering about the many voters are wondering about the accuracy of Californiaaccuracy of California’’s election results. s election results. We have three statewide elections next We have three statewide elections next year, which makes it even more essential year, which makes it even more essential that our voting equipment be secure, that our voting equipment be secure, accurate, reliable and accessible.accurate, reliable and accessible.”” Debra Bowen, Secretary of State, California, 2007

The Players

• Allen, Texas • Austin, Texas

• Denver, CO

• Omaha, NE

The Vulnerabilities

• 45 • 30

• 92

• Refused!

The Impacts

• Certifications• Arbitrary election results• Election Results are questionable• Other states joining the hunt• Employees• Egg• $$

Certifications

• Diebold • decertified/conditionally recertified

• Hart • decertified/conditionally recertified

• Sequoia• decertified/conditionally recertified

• ES&S• decertified

Arbitrary election results

• Diebold Potential Attack 1• Paperclip in the card reader goes to

setup menu• Retrieves credentials• Logins to the Jet database• Has fun

Arbitrary election results

• Hart Potential Attack 3• Reflashes eScan software• New SW uploads trojan to server• Server distributes to entire system• Next election is 0wned

Arbitrary election results

• Sequoia Potential Attack 7• Insider directly connects MS SQL

• Bypassing all access controls

• Loads Trojan in database• Loads Trojan on server

Election Results are questionable

• "virus did it" • Avi Rubin, 8/26/7 Blog

The Grassy Knoll

• Chuck Hagel• ES&S Chairman until 1995

• 1995 Nebraska Senate Race• ES&S machines count 85% of the votes• 15 % were counted by hand

• Sen. Chuck Hagel (R-Neb) won the race with 56% of the vote• Historically Democratic state• Polls estimated 18% of the vote• Still owned about 1.5 % share in ES&S

• http://www.wired.com/politics/security/news/2004/03/62790

Key References

• http://www.sos.ca.gov/elections/elections_vsr.htm

• http://www.sos.ca.gov/elections/voting_systems/ttbr/diebold-source-public-jul29.pdf

• http://www.sos.ca.gov/elections/voting_systems/ttbr/Hart-source-public.pdf

• http://www.sos.ca.gov/elections/voting_systems/ttbr/sequoia-source-public-jul26.pdf