Skip to content

Why Your Vote Is Not Secure in Nevada County

Why Your Vote Is Not Secure in Nevada County

November 6, 2012 SVadmin Comments 3 comments

In Nevada County, California, my wife and I are glad to have the option of receiving our ballot by mail, having about a month to study it and fill it out, then hand-delivering it ourselves directly to Clerk-Recorder Greg Diaz’s office at the Rood Center in Nevada City.

We delivered ours about a week ago.

We’ve had the impression that this is the most secure method of voting in this county.

But according to the information I found this morning on the Verified Voter website, our votes are still vulnerable in several serious ways, mostly related to the technology in use at the polling places and at the clerk-recorder’s office itself.

The technologies in use in California vary from county to county, with about a dozen counties using paper-only ballots, as the following map illustrates:



According to the California Secretary of State’s webpage, the technology in use in Nevada County is called the Hart Intercivic, and it is used statewide in only three other counties (Humboldt, San Mateo and Yolo). The Intercivic belongs to the class of voting technologies called “DREs” (Direct-Recording Electronic).

The Secretary of State’s webpage explains DREs this way:

All direct recording electronic (DRE) voting machines used after January 1, 2006, must have an accessible voter-verified paper audit trail, pursuant to California Elections Code Section 19250. All voters voting on an electronic voting machine should review and verify their ballot choices on this printed paper record, prior to finalizing and casting their ballot. Once the ballot is cast, this paper record of the ballot is retained inside the voting machine as part of the election audit trail to verify the accuracy of the votes recorded. In accordance with California law, voters do not get a printed paper record of their vote choices.


CLICK FOR MORE INFORMATION ABOUT THE HART INTERCIVIC

So, what’s the problem?

Here’s what Verified Voter has to say about the Hart Intercivic eScan in use in Nevada County:

Security Concerns1

Unsecured network interfaces Network interfaces in the Hart system are not secured against direct attack. Poll workers can connect to JBCs or eScans over the management interfaces and perform back-office functions such as modifying the device software. The impact of this is that a malicious voter could potentially take over one or more units in a precinct and a malicious poll worker could potentially take over all the devices in a precinct. The subverted machines could then be used to produce any results of the attacker’s choice, regardless of voter input. We emphasize that these are not bugs in the Hart software, but rather features intentionally designed into the system which can be used in a fashion for which they were never intended.

Vulnerability to malicious inputs Because networked devices may be connected to other, potentially malicious devices, they must be prepared to accept robustly any input provided by such devices. The Hart software routinely fails to check the correctness of inputs from other components, and then proceeds to use those inputs in unsafe ways. The most damaging example of this is that SERVO, which is used to back up and verify the correctness of polling place devices can itself be compromised from those same devices. This implies that an attacker could subvert a single polling place device, through it subvert SERVO, and then use SERVO to reprogram every polling place device in the county. Although we have tested some individual components of this attack, we did not have time to confirm it in an end-to-end test.

No or insecure use of cryptography The standard method for securing network communication of the type in use in the Hart system is to use a cryptographic security protocol. However, we iound a notable lack of such techniques in Hart’s system. Instead, communications between devices generally happen in the clear, making attack far easier. Cryptography is used for MBBs, but the key management involves a single county-wide symmetric key that, if revealed, would allow an attacker to forge ballot information and election results. This key is stored insecurely in vulnerable polling-place devices, with the result that compromise of a single polling place device enables an attacker to forge election MBBs carrying election results for any device in the county.

Failure to protect ballot secrecy Hart’s system fails to adequately protect ballot secrecy. A poll worker or election official with access to the raw ballot records can reconstruct the order in which those votes were cast. Combined with information about the order in which voters cast their votes, this can be used to reconstruct how each voter voted.

  1. Hart Red Team Penetration Report, California Secretary of State Top to Bottom Review (2007) ↩

Conclusion

All electronic voting technologies statewide and nationwide share one pernicious feature: they are all proprietary.

How has it come to pass that our vote — what Thom Hartmann calls “the beating heart of democracy” — has been privatized?

A national DRE standard should be implemented and include the requirement that all electronic voting machines will be open-source (the internal hardware design and software program should be freely available for public inspection and review).

In truth, voting technology nationwide should be part of the publicly-owned and regulated commons.


Additional Resources

  • “How IHacked an Electronic Voting Machine“
  • “Argonne National Lab Vulnerability Assessment Team“
  • How Hart Intercivic is Connected to Bain Capital:

Print Friendly, PDF & Email

Blog, Local, Politics
Voting

Post navigation

PREVIOUS
GOP Protests Non-Partisan Tax Report Showing No Connection Between Top Tax Rates and Economic Growth
NEXT
“GOP on Ice” (Cartoon by Pat Bagley, Salt Lake Tribune)

Join Our Mailing List

3 thoughts on “Why Your Vote Is Not Secure in Nevada County”

  1. Curtis Walker says:
    November 6, 2012 at 6:08 pm

    One would hope Mr. Diaz, who I have no qualms with nor his office staff, might want to consider bring these issues to the County Big Wigs (Civil Service AND Elected types), immediately after this election’s final totals are verified in accordance with Secretary of State requirements. Start immediately action to fix these problems including the paper trail. How about hand counts of pieces of paper?

  2. Douglas Keachie says:
    November 7, 2012 at 9:00 am

    All of the connections are done by two people, and numbered seals are checked as the are removed and then replaced with new seals with new numbers as they are connected or disconnected. Having been a poll worker, I think it would be very difficult to get two like-minded individuals to try and jigger anything. Possible, yes, practically doable, I doubt it. As for a voter themselves doing it, even less likely, as we sit 6 feet away from the machines, and one person has the responsibility for nothing but the machine, and would surely notice.and efforts at tampering, which would require the removal of a non replaceable seals.

  3. Don Pelton says:
    November 7, 2012 at 9:26 am

    Doug:

    Thanks for your interesting and reassuring comments based on your own personal experience.

    I’m really glad to hear that.

    So, is there some sort of chain of custody of the machine itself after the poll closes?

    Or, is the data moved immediately to a server somewhere? (I suppose I could look up the answer to some of these questions online).

    I’m still amazed that the network ports aren’t managed by protocols that include encryption. That just seems prudent.

    In general, I prefer technologies in which security does not overly depend on human virtue.

    And beyond that, as I said in my post, these machines should all be publicly-owner and regulated open-source (I know, dream on).

Leave a Reply Cancel reply

Your email address will not be published.

CLICK IMAGE BELOW TO WRITE ONLINE LETTER OPPOSING THE MINE

DONATE TO THE FOOD BANK OF NEVADA COUNTY

(CLICK IMAGE)

DONATE TO NEVADA COUNTY RELIEF FUND (click image below)

Subscribe to Sierra Voices Journal

Jack Kornfield: A Steady Heart in Time of Corona Virus (Part I)

Erika Lewis, Shaye Cohn, Craig Flory – Got A Mind To Ramble

“Everlasting Arms”

Tara Brach: A Steady Heart in Time of Corona Virus (Part II)

Recent Posts

  • More Evidence That The West Sabotaged Peace In Ukraine
  • Rain and Heat, Fire and Snow
  • Nuclear Fusion Won’t Save the Climate
  • If You Laughed at the Doomsday Clock Update, You Should Find This Hilarious
  • California’s next flood could destroy one of its most diverse cities. Will lawmakers try to save it?

Recent Comments

  • If You Laughed at the Doomsday Clock Update, You Should Find This Hilarious on The Grim Poetry of Science
  • In Praise of Warriors, and Criticism of War on Celebrated to Death: Memorial Day Is Killing Us
  • Why Should I Believe This Guy When He Complains About Diversity and Immigrants and the Fight to Prevent Climate Change? on IN PRAISE OF WARRIORS, NOT WAR
  • Why Isn’t Biden on the Phone with Putin? on Reinforcing Failure in Ukraine
  • car reviews on Obama Says He Never Campaigned for the Public Option

Archives

  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • November 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • July 2018
  • June 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • March 2017
  • February 2017
  • January 2017
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • December 2015
  • June 2015
  • May 2015
  • April 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • January 2014
  • November 2013
  • October 2013
  • September 2013
  • August 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • April 2012
  • March 2012
  • February 2012
  • January 2012
  • December 2011
  • November 2011
  • October 2011
  • September 2011
  • August 2011
  • July 2011
  • June 2011
  • May 2011
  • April 2011
  • March 2011
  • February 2011
  • January 2011
  • December 2010
  • November 2010
  • October 2010
  • September 2010
  • August 2010
  • July 2010
  • June 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009

Categories

  • Abortion
  • Afghan Trap
  • Afghanistan
  • Aging
  • American Empire
  • Anti-Depressant
  • Anti-Semitism
  • Arms Sales
  • Articles
  • Atlas Obscura
  • Authoritarianism
  • Black Lives
  • Black Lives Matter
  • Blog
  • Buddhism
  • Budget
  • Buskers
  • California
  • Capitalism
  • Carbon Offsets
  • Cartoon
  • China
  • Climate Change
  • Compassion
  • Constitution
  • Corona Virus
  • Corruption
  • Cosmology
  • Coup
  • COVID-19
  • Dams
  • De-Dollarization
  • Democracy
  • Democrats
  • Depression
  • Disenfranchisement
  • Douglas Macgregor
  • Drought
  • Economics
  • Education
  • Election Fraud
  • Electoral College
  • Empire
  • Environment
  • Extinction
  • Farming
  • Fascism
  • Filibuster
  • Fire!
  • Flood Control
  • Floods
  • Food Insecurity
  • Foreign Policy
  • Forest Ecology
  • Forest Management
  • Fracking
  • Freedom of the Press
  • Gardening
  • Gender
  • Genocide
  • GOP
  • Great Movies
  • Grist
  • Groundwater
  • Halloween
  • Health Care
  • High Country News
  • History
  • Humor
  • Hunger
  • Idaho-Maryland Mine
  • Ignorance
  • Immigration
  • Indigenous Peoples' Day
  • Insects
  • Iran
  • Israel
  • Labor
  • Lobbying
  • Local
  • Lunar Influence
  • Marijuana
  • Masks
  • Medical Care
  • Men
  • Men's Issues
  • Mental Health
  • Middle Class
  • Military Industrial Complex
  • Mining
  • MMT
  • Modern Monetary Theory
  • Moral Obligations
  • Music
  • Native Americans
  • NATO
  • Neocons
  • Neoliberalism
  • New Cold War
  • Nuclear Fusion
  • Nuclear War
  • Nuclear Winter
  • Nutrition
  • Oligarchy
  • Palestine
  • Pandemic
  • Parenting
  • Peace
  • Pharmaceuticals
  • Physics
  • Poetry
  • Police
  • Politics
  • Populism
  • Press
  • Propaganda
  • Race
  • Religion
  • Republican Derangement
  • Reviews
  • Revolution
  • Right-wing terrorism
  • Rights of Nature
  • Rise Gold
  • Rivers
  • Roe v. Wade
  • Romance
  • Russia
  • Russiagate
  • Science
  • Scott Ritter
  • Slavery
  • Sleep
  • Smoke Inhalation
  • Spineless
  • Student Debt
  • Summer
  • Supreme Court
  • Technology
  • The Hartmann Report
  • Trump Virus
  • Tuba Skinny
  • Tyranny
  • Ukraine
  • Uncategorized
  • Unipolar vs. Multipolar
  • Vaccine Refusal
  • Vaccine Safety
  • Voting
  • War
  • War on Government
  • Water
  • Watersheds
  • Wells
  • Wildfires
  • Winter
  • Women's Issues
  • Work
  • Yemen

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
© 2023   All Rights Reserved.