Brennan Center Task Force June 2006 report

From dKosopedia

Jump to: navigation, search

"The Machinery of Democracy: Protecting Elections in an Electronic World"

The three major U.S. voting systems that the Brennan Center task force report discusses are: 1. DRE voting systems (touchscreens without paper) 2. DRE voting systems with VVPT (voter verifiable paper trail), and 3. precinct-based optical scan voting systems

Overview

Overview written by Kathy Dopp of USCountVotes.

CORE FINDINGS

Three fundamental points emerge from the threat analysis in the Security Report:

1. All three voting systems have significant security and reliability vulnerabilities, which pose a real danger to the integrity of national, state, and local elections.

2. The most troubling vulnerabilities of each system can be substantially remedied if proper countermeasures are implemented at the state and local level.

3. Few jurisdictions have implemented any of the key countermeasures that could make the least difficult attacks against voting systems much more difficult to execute successfully.

VOTING SYSTEM VULNERABILITIES

After a review of more than 120 potential threats to voting systems, the Task Force reached the following crucial conclusions:

For all three types of voting systems:

  • When the goal is to change the outcome of a close statewide election, attacks that involve the insertion of software attack programs or other corrupt software are the least difficult attacks.
  • Voting machines that have wireless components are significantly more vulnerable to a wide array of attacks. Currently, only two states, New York and Minnesota, ban wireless components on all voting machines.


Full executive summary

SECURITY RECOMMENDATIONS

There are a number of steps that jurisdictions can take to address the vulnerabilities identified in the Security Report and make their voting systems significantly more secure. We recommend adoption of the following security measures:

1. Conduct automatic routine audits comparing voter verified paper records to the electronic record following every election. A voter verified paper record accompanied by a solid automatic routine audit of those records can go a long way toward making the least difficult attacks much more difficult.

2. Perform "parallel testing" (selection of voting machines at random and testing them as realistically as possible on Election Day.) For paperless DREs, in particular, parallel testing will help jurisdictions detect software-based attacks, as well as subtle software bugs that may not be discovered during inspection and other testing.

3. Ban use of voting machines with wireless components. All three voting systems are more vulnerable to attack if they have wireless components.

4. Use a transparent and random selection process for all auditing procedures. For any auditing to be effective (and to ensure that the public is confident in such procedures), jurisdictions must develop and implement transparent and random selection procedures.

5. Ensure decentralized programming and voting system administration. Where a single entity, such as a vendor or state or national consultant, performs key tasks for multiple jurisdictions, attacks against statewide elections become easier.

6. Institute clear and effective procedures for addressing evidence of fraud or error. Both automatic routine audits and parallel testing are of questionable security value without effective procedures for action where evidence of machine malfunction and/or fraud is discovered. Detection of fraud without an appropriate response will not prevent attacks from succeeding.

Personal tools