Lunch & Learn: Princeton team issues report on voting machine security with J. Alex Halderman and Andrew Appel

ballot.jpg
With the presidential election less than a month away, and with market volatility at levels that are unprecedented for generations, we can all hope that November 4 generates an unambiguous result, at least for the presidential race. In the aftermath of the 2000 election debacle, we all share the additional hope that each of our votes will be accurately counted.
During 2007, two speakers in our Lunch ‘n Learn series summarized the inherent difficulties of current vote-tabulating technologies. J. Alex Halderman described the efforts of Princeton researchers to examine several widely used electronic voting systems. In the wake of that analysis, which discovered that the machines were susceptible to attacks that could alter election results, Computer Scientist Andrew Appel spoke of the need for Voter-Verifiable paper ballots and random hand audits of selected precincts.


AndrewAppel.jpg
In a Freedom to Tinker blog entry dated October 2, 2008, Appel noted that NJ Superior Court judge Linda Feinberg prohibited the release of a report on the security of the Sequoia Voting Systems source code. Part of a lawsuit brought by the Rutgers Constitutional Litigation Clinic, the examination by Appel and five other Princeton researchers sought to determine whether the voting computer would actually count votes as cast. The Princeton team was troubled by what they regarded as a temporary restraining order on free speech.
The report has now been issued. In his blog entry dated October 17 Appel provides access to the report , a video, and a summary of the findings. It may come as no surprise to followers of the Princeton effort that Appel and his team found that the voting machine they examined is easily hacked by installing fraudulent firmware. Such an installation takes just seven minutes. There are ways for poll workers to commit fraud, with the result that some votes are either not counted or changed
The report also finds that Sequoia employed sloppy software practices; Appel notes that such software errors have already led to anomalies in NJ elections. Appel concludes that the Sequoia machines are too unreliable for use in New Jersey. He recommends that the state immediately implement the 2005 law, approved by the legislature, that requires individual voter-verified records for every vote cast by adopting precinct-count optical scan voting equipment.

This entry was posted in Lunch & Learn, Training and Outreach and tagged , , , , , , , , . Bookmark the permalink.