Voting machine misery

Bruce Schneier‘s cryptogram mailing for today had an article about the security of voting machines… I suggest you read it if you’re interested in security and voting-machines. It seems not only the Netherlands is using systems that are seriously insecure.

Over the past several months, the state of California conducted the most
comprehensive security review yet of electronic voting machines. People
I consider to be security experts analyzed machines from three different
manufacturers, performing both a red-team attack analysis and a detailed
source code review. Serious flaws were discovered in all machines and,
as a result, the machines were all decertified for use in California
elections.

The reports are worth reading, as is much of the commentary on the
topic. The reviewers were given an unrealistic timetable and had trouble
getting needed documentation. The fact that major security
vulnerabilities were found in all machines is a testament to how poorly
they were designed, not to the thoroughness of the analysis.

At least in California they are doing security analysis on the voting machines _BEFORE_ they decide to use them in an election. Over on this side of the pond hackers have had to prove to the media themselves that the machines are flawed.

Another nice link from the cryptogram list: Ipod Charger considered dangerous