In 2010, computer scientists from the University of Michigan and Princeton hacked a touch-screen voting machine, installing the video game Pac-Man. Could comparable voting systems in Ohio be subverted to alter the presidential vote tally? As it happens, a 2007 Ohio-sponsored election equipment study provides numerous methods for attacking the touch-screen ES&S iVotronic machines used in eight Ohio counties--Delaware, Franklin, Knox, Lake, Pickaway, Ross, Union, and Wyandot--that total about 16% of the state's registered voters.
Below is an abridged version of the 2007 study's attack scenario entitled, "Compromising Entire Election Process with a Virus" (read the study's full "Evaluation and Validation of Election-Related Equipment, Standards and Testing" (EVEREST) report here):
The Windows-based Unity election management software initializes the Personalized Electronic Ballot (PEB) cartridge, which in turn initializes the iVotronic DRE (direct-recording electronic) machines with ballot information. The PEB also activate the DRE for voting, powers the machines on, activates supervisor functions, and transports the election results from the iVotronics back to Unity.
The compromised PEB implements the propagation of malicious code from an infected iVotronic to another iVotronic--"infected" refers to a running malicious firmware. Similarly, the payload also implements spreading from an infected iVotronic to Unity, such that subsequent PEBs generated from an infected Unity will propagate this payload to all iVotronic machines in its jurisdiction...
In the case of spreading from iVotronic to iVotronic, a PEB is infected when it is inserted into an infected DRE to activate it for voting. This allows a malicious firmware to infect a master PEB used for pre-election logic and accuracy tests. Then, on election day, the master PEB can spread the infection to all machines in a polling location...A program will be installed to infect all future PEBs generated from that Unity installation with the malicious code to implement the previous component of this virus. Modified code puts a virus on all of the PEBs that are distributed to all of the precincts. These PEBs, in turn, spread the virus to all of the iVotronics in all of the precincts.
The result is that every iVotronic now has the malicious code that compromises the election.
EVEREST also showed that anyone with a magnet and a PDA could gain privileged access to the iVotronic. Not surprisingly, the study concluded that the ES&S system "lack[ed] the fundamental technical controls necessary to guarantee a trustworthy election."
During the November 2008 election, The Columbus Dispatch reported cases of vote-flipping by iVotronics in both Franklin County and Knox County. These were hardly isolated instances. From 2008-2010, Kansas, Colorado, Florida, Pennsylvania, Texas, North Carolina and South Carolina produced similar stories. And in Jackson County, West Virginia, a vote-flipping iVotronic was caught on video.
Fortunately, there is no evidence of foul-play in the current election.
As one of the eight Ohio county board of elections directors said to me, "Who would do that?"
Should you still be inclined to err on the side of caution, Verified Voting offers several ideas, including calling the Election Protection Coalition (866-OUR-VOTE or 888-VE-Y-VOTA in Spanish) if you encounter any problems.
In addition, due in part to the deficiencies of the iVotronic and its Real-Time Audit Log--a cash-register-printout-like version of a voter-verified paper audit trail--all Ohio voters now have the option of requesting a paper ballot at any state polling place. The "Brunner Ballot," as it's known, named after former Ohio Secretary of State Jennifer Brunner, who commissioned the EVEREST study.
Follow Keith Thomson on Twitter: www.twitter.com/kqthomson