This article appeared in Wired.com's Threat Level Blog and is rposted here with permission of the author.
Premier Election Solutions, formerly Diebold, has patched a serious
security weakness in its election tabulation software used in the
majority of states, according to a lab that tested the new version and
a federal commission that certified it.
The flaw in the tabulation software
was discovered by Wired.com earlier this year, and involved the
program’s auditing logs. The logs failed to record significant events
occurring on a computer running the software, including the act of
someone deleting votes during or after an election. The logs also
failed to record who performed an action on the system, and listed some
events with the wrong date and timestamps.
A new version of the software does record such events, and includes
other security safeguards that would prevent the system from operating
if the event log were somehow shut down, according to iBeta Quality
Assurance, the Colorado testing lab that examined the software for the
It’s not known if Premier will offer the more secure version to
election officials who purchased previous software. The company did not
respond to a call for comment Tuesday.
Called the Global Election Management System, or GEMS, the software
is used to tabulate votes cast on Premier/Diebold touchscreen and
optical-scan machines, among other functions, and is used in more than
1,400 election districts in nearly three dozen states. Maryland and
Georgia, which use Premier systems exclusively, count every vote
statewide with the software. GEMS runs on the Windows 2003 and Windows
XP operating systems./br>
Official federal voting system standards require audit logs to record all normal and abnormal events that occur on the system./br>
Premier publicly acknowledged
the flaw two months after Wired.com’s report, in a public hearing last
March. When asked by a member of the California secretary of state’s
staff if Premier had done anything to address the problem, Justin
Bales, general service manager for Premier’s western region said, “No,
Bales went on to say that the GEMS logs had been the same since the software was first created more than a decade ago./br>
“We never, again, intended for any malicious intent and not to log
certain activities,” Bales said. “It was just not in the initial
program, but now we’re taking a serious look at that.”/br>
At the time, California Secretary of State Debra Bowen called GEMS auditing mechanism “useless.”/br>
Officials at iBeta say the federal officials at the Election
Assistance Commission — which recently began overseeing the testing and
certification of voting systems — specifically asked the lab to pay
careful attention to testing for the audit log issue./br>
Gail Audette, quality manager at iBeta, said Tuesday that version
1.21.5 of the GEMS software passed their tests. The software now
records all “normal and abnormal” events, she says./br>
“It’s really up to interpretation what is an abnormal event and what
is a normal event,” Audette says. “[But] everyone interprets the
deletion of votes as abnormal events.”/br>
IBeta tested Premier’s Assure 1.2 voting
system, which includes its optical-scan and direct-recording electronic
touchscreen devices and version 1.21.5 of the GEMS tabulation software./br>
Audette said the logs in the latest GEMS software record the date
and time that events occur, and also record any attempt to login to the
server, successful or not.
The lab tested the audit logs to ensure that they cannot be deleted
or modified. If the GEMS event logs shut down for some reason, Audette
said the GEMS software will not operate.
Testers also attempted to modify votes in the GEMS database and delete the database, but were unable to do so.
“The database is encrypted and protected by [Windows] WorkSpace,” Audette said.
IBeta’s report on the Premier system (.pdf) and testing plan
offer an interesting and rare look at the testing and certification
procedures for voting systems, which until recently were closely
Voting-machine vendors used to pay labs directly to test their
systems and forced them to sign nondisclosure agreements to prevent
election officials and anyone else from learning about problems the
labs found with the systems.
This changed only recently. In 2002 Congress passed the Help America
Vote Act, which established the Election Assistance Commission, in part
to oversee the testing and certification of election systems. It took
until this last February for the EAC to certify its first voting system.
Under the new scheme, instead of paying labs directly for testing,
voting machine vendors are required to pay into a general fund, from
which the EAC covers the testing costs. Test reports are also now
published on the EAC’s web site.
We’d encourage readers to look closely through the report, particularly Appendix E (.pdf), which lists problems encountered during the tests and the vendor’s responses to them.
Comment on This Article
You must login to leave comments...
Other Visitors Comments
There are no comments currently....