What's the problem with York County's voting machines?

Logan Hullinger
York Dispatch

Since the 2006 primary, York County residents have cast their votes on the Sequoia AVS Edge, a voting machine critics say has "significant security weaknesses."

York County Voting Technology Coordinator Casey Brady said there are 45 non-working voting machines at a storage warehouse in an undisclosed area Thursday, June 7, 2018. He said the county has 624 working machines. In April, Gov. Tom Wolf directed all counties to replace machines, like those used in York County, with new voting machines—all offering paper trails—by 2020. Bill Kalina photo

According to Verified Voting, a nonprofit organization that advocates for accurate, transparent elections, the problems include:

More:Replacing York County's outdated voting machines: Looming deadline, big bill

  • Precinct election results stored on machine's results cartridge and optical scan memory packs are not effectively protected against tampering. A poll worker with physical access to a results cartridge or memory pack before results are counted can change recorded votes.
  • Under some conditions, a corrupted results cartridge may be able to cause damage to the WinEDS election system server, which is used for ballot preparation, voting machine configuration, absentee ballot processing and post-election vote counting.
  • The safeguards against introduction of corrupt firmware into the precinct voting hardware are largely ineffective. An individual with even brief access to polling station hardware can tamper with installed firmware in a way that causes votes to be recorded incorrectly, security logs to be corrupted or ballots to be presented to voters incorrectly.
  • Under some configurations and conditions, corrupt firmware may be able to be spread virally from compromised hardware and may persist across more than one election.
  • In every case the cryptography, or the process of encrypting data, of systems was examined, it proved to be easily circumvented. Many cryptographic functions are implemented incorrectly, based on weak algorithms with known flaws, or used in an ineffective or insecure manner. 
  •  The access control and other computer security mechanisms that protect against unauthorized use of central vote counting computers and polling place equipment are easily circumvented. In particular, the security features and audit logs in the WinEDS election system server are ineffective against tampering by insider attackers who gain access to WinEDS computers or to the network to which the WinEDS computers are attached.
  • The software suffers from numerous programming errors, many of which have a high potential to introduce or exacerbate security weaknesses. These include buffer overflows, format string vulnerabilities and type mismatch errors.
  • In general, the software does not reflect defensive software engineering practices normally associated with high-assurance critical systems. There are many instances of poor or absent error and exception handling, and several cases where the software behavior does not match the comments and documentation. Some of these problems lead to potentially exploitable vulnerabilities.