Skip to content

Why Your Vote Is Not Secure in Nevada County

Why Your Vote Is Not Secure in Nevada County

November 6, 2012 SVadmin Comments 3 comments

In Nevada County, California, my wife and I are glad to have the option of receiving our ballot by mail, having about a month to study it and fill it out, then hand-delivering it ourselves directly to Clerk-Recorder Greg Diaz’s office at the Rood Center in Nevada City.

We delivered ours about a week ago.

We’ve had the impression that this is the most secure method of voting in this county.

But according to the information I found this morning on the Verified Voter website, our votes are still vulnerable in several serious ways, mostly related to the technology in use at the polling places and at the clerk-recorder’s office itself.

The technologies in use in California vary from county to county, with about a dozen counties using paper-only ballots, as the following map illustrates:



According to the California Secretary of State’s webpage, the technology in use in Nevada County is called the Hart Intercivic, and it is used statewide in only three other counties (Humboldt, San Mateo and Yolo). The Intercivic belongs to the class of voting technologies called “DREs” (Direct-Recording Electronic).

The Secretary of State’s webpage explains DREs this way:

All direct recording electronic (DRE) voting machines used after January 1, 2006, must have an accessible voter-verified paper audit trail, pursuant to California Elections Code Section 19250. All voters voting on an electronic voting machine should review and verify their ballot choices on this printed paper record, prior to finalizing and casting their ballot. Once the ballot is cast, this paper record of the ballot is retained inside the voting machine as part of the election audit trail to verify the accuracy of the votes recorded. In accordance with California law, voters do not get a printed paper record of their vote choices.


CLICK FOR MORE INFORMATION ABOUT THE HART INTERCIVIC

So, what’s the problem?

Here’s what Verified Voter has to say about the Hart Intercivic eScan in use in Nevada County:

Security Concerns1

Unsecured network interfaces Network interfaces in the Hart system are not secured against direct attack. Poll workers can connect to JBCs or eScans over the management interfaces and perform back-office functions such as modifying the device software. The impact of this is that a malicious voter could potentially take over one or more units in a precinct and a malicious poll worker could potentially take over all the devices in a precinct. The subverted machines could then be used to produce any results of the attacker’s choice, regardless of voter input. We emphasize that these are not bugs in the Hart software, but rather features intentionally designed into the system which can be used in a fashion for which they were never intended.

Vulnerability to malicious inputs Because networked devices may be connected to other, potentially malicious devices, they must be prepared to accept robustly any input provided by such devices. The Hart software routinely fails to check the correctness of inputs from other components, and then proceeds to use those inputs in unsafe ways. The most damaging example of this is that SERVO, which is used to back up and verify the correctness of polling place devices can itself be compromised from those same devices. This implies that an attacker could subvert a single polling place device, through it subvert SERVO, and then use SERVO to reprogram every polling place device in the county. Although we have tested some individual components of this attack, we did not have time to confirm it in an end-to-end test.

No or insecure use of cryptography The standard method for securing network communication of the type in use in the Hart system is to use a cryptographic security protocol. However, we iound a notable lack of such techniques in Hart’s system. Instead, communications between devices generally happen in the clear, making attack far easier. Cryptography is used for MBBs, but the key management involves a single county-wide symmetric key that, if revealed, would allow an attacker to forge ballot information and election results. This key is stored insecurely in vulnerable polling-place devices, with the result that compromise of a single polling place device enables an attacker to forge election MBBs carrying election results for any device in the county.

Failure to protect ballot secrecy Hart’s system fails to adequately protect ballot secrecy. A poll worker or election official with access to the raw ballot records can reconstruct the order in which those votes were cast. Combined with information about the order in which voters cast their votes, this can be used to reconstruct how each voter voted.

  1. Hart Red Team Penetration Report, California Secretary of State Top to Bottom Review (2007) ↩

Conclusion

All electronic voting technologies statewide and nationwide share one pernicious feature: they are all proprietary.

How has it come to pass that our vote — what Thom Hartmann calls “the beating heart of democracy” — has been privatized?

A national DRE standard should be implemented and include the requirement that all electronic voting machines will be open-source (the internal hardware design and software program should be freely available for public inspection and review).

In truth, voting technology nationwide should be part of the publicly-owned and regulated commons.


Additional Resources

  • “How IHacked an Electronic Voting Machine“
  • “Argonne National Lab Vulnerability Assessment Team“
  • How Hart Intercivic is Connected to Bain Capital:

Print Friendly, PDF & Email

Blog, Local, Politics
Voting

Post navigation

PREVIOUS
GOP Protests Non-Partisan Tax Report Showing No Connection Between Top Tax Rates and Economic Growth
NEXT
“GOP on Ice” (Cartoon by Pat Bagley, Salt Lake Tribune)

Join Our Mailing List

3 thoughts on “Why Your Vote Is Not Secure in Nevada County”

  1. Curtis Walker says:
    November 6, 2012 at 6:08 pm

    One would hope Mr. Diaz, who I have no qualms with nor his office staff, might want to consider bring these issues to the County Big Wigs (Civil Service AND Elected types), immediately after this election’s final totals are verified in accordance with Secretary of State requirements. Start immediately action to fix these problems including the paper trail. How about hand counts of pieces of paper?

  2. Douglas Keachie says:
    November 7, 2012 at 9:00 am

    All of the connections are done by two people, and numbered seals are checked as the are removed and then replaced with new seals with new numbers as they are connected or disconnected. Having been a poll worker, I think it would be very difficult to get two like-minded individuals to try and jigger anything. Possible, yes, practically doable, I doubt it. As for a voter themselves doing it, even less likely, as we sit 6 feet away from the machines, and one person has the responsibility for nothing but the machine, and would surely notice.and efforts at tampering, which would require the removal of a non replaceable seals.

  3. Don Pelton says:
    November 7, 2012 at 9:26 am

    Doug:

    Thanks for your interesting and reassuring comments based on your own personal experience.

    I’m really glad to hear that.

    So, is there some sort of chain of custody of the machine itself after the poll closes?

    Or, is the data moved immediately to a server somewhere? (I suppose I could look up the answer to some of these questions online).

    I’m still amazed that the network ports aren’t managed by protocols that include encryption. That just seems prudent.

    In general, I prefer technologies in which security does not overly depend on human virtue.

    And beyond that, as I said in my post, these machines should all be publicly-owner and regulated open-source (I know, dream on).

Leave a Reply Cancel reply

Your email address will not be published.

DONATE TO THE FOOD BANK OF NEVADA COUNTY

(CLICK IMAGE)

DONATE TO NEVADA COUNTY RELIEF FUND (click image below)

Erika Lewis, Shaye Cohn, Craig Flory – Got A Mind To Ramble

Jack Kornfield: A Steady Heart in Time of Corona Virus (Part I)

Tara Brach: A Steady Heart in Time of Corona Virus (Part II)

Subscribe to Sierra Voices Journal

Recent Posts

  • After the Desperate Ignorance of the Trump Years, Biden’s Words About Science Make Me Weep With Gratitude
  • Mask News We Can All Use
  • Chaos agent: Right-wing blames US Capitol riot on notorious instigator banished by Black Lives Matter
  • How to stop an Insurrection Caucus: These reforms could reduce GOP extremism and save our democracy
  • The U.S. Capitol raid was a failed self-coup previously seen in dying regimes

Recent Comments

  • (Posted by) Don Pelton on GOP Warns Dems About Court Packing (Cartoon)
  • Criminal Incompetence, Malignant Ignorance Will Lead to Hunger and Violence on A Nice Depression Now Benefits the GOP in 2022 and 2024
  • togel singapura hari ini on How Wall Street Has Turned Housing Into a Dangerous Get-Rich-Quick Scheme — Again
  • Ao Corrente on How Wall Street Has Turned Housing Into a Dangerous Get-Rich-Quick Scheme — Again
  • forex forum on How Wall Street Has Turned Housing Into a Dangerous Get-Rich-Quick Scheme — Again

Archives

  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • November 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • July 2018
  • June 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • March 2017
  • February 2017
  • January 2017
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • December 2015
  • June 2015
  • May 2015
  • April 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • January 2014
  • November 2013
  • October 2013
  • September 2013
  • August 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • April 2012
  • March 2012
  • February 2012
  • January 2012
  • December 2011
  • November 2011
  • October 2011
  • September 2011
  • August 2011
  • July 2011
  • June 2011
  • May 2011
  • April 2011
  • March 2011
  • February 2011
  • January 2011
  • December 2010
  • November 2010
  • October 2010
  • September 2010
  • August 2010
  • July 2010
  • June 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009

Categories

  • Aging
  • Articles
  • Atlas Obscura
  • Authoritarianism
  • Black Lives
  • Black Lives Matter
  • Blog
  • Buddhism
  • Cartoon
  • Climate Change
  • Corona Virus
  • Corruption
  • Disenfranchisement
  • Economics
  • Education
  • Election Fraud
  • Environment
  • Farming
  • Fascism
  • Fire!
  • Food Insecurity
  • Foreign Policy
  • Forest Management
  • Gender
  • Health Care
  • History
  • Humor
  • Hunger
  • Ignorance
  • Labor
  • Local
  • Masks
  • Medical Care
  • Men
  • Middle Class
  • Mining
  • MMT
  • Modern Monetary Theory
  • Music
  • Native Americans
  • Pandemic
  • Parenting
  • Poetry
  • Police
  • Politics
  • Press
  • Race
  • Reviews
  • Revolution
  • Right-wing terrorism
  • Russiagate
  • Science
  • Technology
  • Trump Virus
  • Tyranny
  • Uncategorized
  • Voting
  • War
  • War on Government
  • Water
  • Watersheds
  • Wildfires

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
© 2021   All Rights Reserved.