Election officials in California have certified controversiale-voting gear from Diebold Election Systems Inc. for the 2006voting season, despite security concerns raised by e-votingopponents.
The machines are the AccuVote-TSx touch screen and the AccuVote-OSoptical scan devices. California Secretary of State Bruce McPhersonannounced Feb. 17 that he had given conditional approval for thegear with the proviso that special security procedures be observedwhen using it. Additionally, in the long term, Diebold must fix thesecurity vulnerabilities if it wishes to keep itscertification.
California, like a number of other states, will use these machinesto comply with the Help America Vote Act (HAVA), which stipulatesthat every voting precinct have a touch screen or optical scansystem that is handicapped-accessible. States that arenon-compliant, such as New York, face legal action from the U.S.Department of Justice.
Over the past few months, California has been scrambling to attaincompliance and working to certify voting machine vendors. However,there have been questions around the security of Diebold’smachines, including the AccuVote-OS, in particular. That hardwarewas the subject of high-profile hacks by experts. So, as part ofthe California certification process, which included both state andfederal reviews of the devices, the state sponsored special testingon the source code in the Diebold systems’ memory cards by a VotingSystems Technology Advisory Board. Working with the board werecomputer scientists from the University of California atBerkeley.
According to McPherson’s spokeswoman, these reviewers are among”some of the harshest critics” of electronic voting machines. Theirfindings indicated the machines had security vulnerabilities thatcould be mitigated by using best practices, she said.
As part of the certification, McPherson is mandating that anycounty employing the Diebold gear implement a set of new securityprocedures, which will also require poll working re-training. Themandates require that administrators reset the cryptographic keyson every AccuVote-TSx machine from the factory-installed defaultprior to use in an election. Additionally, each memory card must beprogrammed in a secured facility under the supervision of theregistrar of voters. After being programmed for the election, thecard must immediately be inserted into its device and sealed.
The spokeswoman also said that McPherson’s office has requestedthat Diebold fix weaknesses in the machines’ firmware if thecompany wants to be a vendor in the state after 2006. After thosefixes are completed, Diebold will have to be re-certified, shesaid. “In the meantime, we are confident that this system has beenthrough the most rigorous process in the nation,” she said.
In a statement, Diebold said it “wholeheartedly agrees” with theproposed security procedures. Diebold also said it intendsimmediately to harden the security in its optical-scan firmware, aswell as use strong cryptography technology to create digitalsignatures that would help detect any tampering with the devices.