What's the problem with York County's voting machines?
Since the 2006 primary, York County residents have cast their votes on the Sequoia AVS Edge, a voting machine critics say has "significant security weaknesses."
According to Verified Voting, a nonprofit organization that advocates for accurate, transparent elections, the problems include:
- Precinct election results stored on machine's results cartridge and optical scan memory packs are not effectively protected against tampering. A poll worker with physical access to a results cartridge or memory pack before results are counted can change recorded votes.
- Under some conditions, a corrupted results cartridge may be able to cause damage to the WinEDS election system server, which is used for ballot preparation, voting machine conﬁguration, absentee ballot processing and post-election vote counting.
- The safeguards against introduction of corrupt ﬁrmware into the precinct voting hardware are largely ineffective. An individual with even brief access to polling station hardware can tamper with installed ﬁrmware in a way that causes votes to be recorded incorrectly, security logs to be corrupted or ballots to be presented to voters incorrectly.
- Under some conﬁgurations and conditions, corrupt ﬁrmware may be able to be spread virally from compromised hardware and may persist across more than one election.
- In every case the cryptography, or the process of encrypting data, of systems was examined, it proved to be easily circumvented. Many cryptographic functions are implemented incorrectly, based on weak algorithms with known ﬂaws, or used in an ineffective or insecure manner.
- The access control and other computer security mechanisms that protect against unauthorized use of central vote counting computers and polling place equipment are easily circumvented. In particular, the security features and audit logs in the WinEDS election system server are ineffective against tampering by insider attackers who gain access to WinEDS computers or to the network to which the WinEDS computers are attached.
- The software suffers from numerous programming errors, many of which have a high potential to introduce or exacerbate security weaknesses. These include buffer overﬂows, format string vulnerabilities and type mismatch errors.
- In general, the software does not reﬂect defensive software engineering practices normally associated with high-assurance critical systems. There are many instances of poor or absent error and exception handling, and several cases where the software behavior does not match the comments and documentation. Some of these problems lead to potentially exploitable vulnerabilities.