Every year, security researchers gather at Defcon's Voting Village to probe voting machines and report on the longstanding, systematic security problems with them, in order to give secure voting advocates the ammunition they need to convince Congress and local officials to take action into improve America's voting security.
Whether it's showing that "secure" firmware can be dumped with a $15 electronic component or that voting systems can be hacked in minutes, the Voting Village researchers do yeoman duty, compiling comprehensive reports on the dismal state of America's voting machines, nearly 20 years after Bush v Gore put the country on notice about the defective systems behind our elections.
This year's report is the most alarming yet: it singles out the ES&S M650 tabulating machine, manufactured by Election Systems & Software of Omaha, Nebraska, which still has outstanding defects that were reported to the manufacturer a decade ago. The M650's manifest unsuitability is so terrible that it would be funny if it wasn't so serious: this is a machine that uses an operating system developed for the Blackberry phone (!) and then uses Zip cartridges (!!) to move data around.
The M650 is one of the most widespread pieces of equipment in American election systems, used to count in-person and absentee ballots by optically scanning ballot papers whose bubble-in forms have been filled in by voters. The system -- connected to the internet by default -- is used for county-wide tabulations in 23 states. As the report states: "Hacking just one of these machines could enable an attacker to flip the Electoral College and determine the outcome of a presidential election."
The researchers identified defects in other systems, too: one could be compromised in two minutes, less time than it takes the average voter to cast a ballot on it. Read the rest
