Electronic voting has spread throughout the U.S. and the world without sufficient attention to reliability, security, or transparency. Today's e-voting systems use proprietary code, and vendors have often asserted the confidentiality of this code when independent reviews of certified systems were requested. This confidentiality conflicts with the transparency required for public elections.

In order to provide an independent assessment of the voting systems certified for use in California, Secretary of State Debra Bowen initiated a top-to-bottom review of those e-voting systems. She asked us to recruit a team of experts and gave us access to all the equipment, source code, and technical information that the Secretary of State's office had.

The results showed that the systems appeared not to be designed or implemented with security in mind. The design and implementation ignored basic security principles, and we found serious security vulnerabilities in all three vendors' systems. The security flaws were systemic and surprisingly similar across the three systems.

For example, malicious code could exploit vulnerabilities in the voting software to spread virally from machine to machine. As a result, when the voting machines return results to election central to count the votes, a virus could infect the county's election management systems. At the next election, the infected election management systems could then infect every voting machine in the county.

This virus could be introduced at several points in the process. An attacker could tamper with an e-voting machine while it is stored unattended over-night in a polling place. For some of the systems, a voter could introduce malicious code in under a minute, while voting.

Read the Entire Article at the ACM Digital Library