Diebold evoting machines certified in California

Election officials in California have certified controversiale-voting gear from Diebold Election Systems Inc. for the 2006voting season, despite security concerns raised by e-votingopponents.

The machines are the AccuVote-TSx touch screen and the AccuVote-OSoptical scan devices. California Secretary of State Bruce McPhersonannounced Feb. 17 that he had given conditional approval for thegear with the proviso that special security procedures be observedwhen using it. Additionally, in the long term, Diebold must fix thesecurity vulnerabilities if it wishes to keep itscertification.

California, like a number of other states, will use these machinesto comply with the Help America Vote Act (HAVA), which stipulatesthat every voting precinct have a touch screen or optical scansystem that is handicapped-accessible. States that arenon-compliant, such as New York, face legal action from the U.S.Department of Justice.

Over the past few months, California has been scrambling to attaincompliance and working to certify voting machine vendors. However,there have been questions around the security of Diebold’smachines, including the AccuVote-OS, in particular. That hardwarewas the subject of high-profile hacks by experts. So, as part ofthe California certification process, which included both state andfederal reviews of the devices, the state sponsored special testingon the source code in the Diebold systems’ memory cards by a VotingSystems Technology Advisory Board. Working with the board werecomputer scientists from the University of California atBerkeley.

According to McPherson’s spokeswoman, these reviewers are among”some of the harshest critics” of electronic voting machines. Theirfindings indicated the machines had security vulnerabilities thatcould be mitigated by using best practices, she said.

As part of the certification, McPherson is mandating that anycounty employing the Diebold gear implement a set of new securityprocedures, which will also require poll working re-training. Themandates require that administrators reset the cryptographic keyson every AccuVote-TSx machine from the factory-installed defaultprior to use in an election. Additionally, each memory card must beprogrammed in a secured facility under the supervision of theregistrar of voters. After being programmed for the election, thecard must immediately be inserted into its device and sealed.

The spokeswoman also said that McPherson’s office has requestedthat Diebold fix weaknesses in the machines’ firmware if thecompany wants to be a vendor in the state after 2006. After thosefixes are completed, Diebold will have to be re-certified, shesaid. “In the meantime, we are confident that this system has beenthrough the most rigorous process in the nation,” she said.

In a statement, Diebold said it “wholeheartedly agrees” with theproposed security procedures. Diebold also said it intendsimmediately to harden the security in its optical-scan firmware, aswell as use strong cryptography technology to create digitalsignatures that would help detect any tampering with the devices.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now