The Secretary of State of California, Debra Bowen has released the results of their top to bottom review of the Sequoia, Diebold, and Hart voting systems. This is perhaps the most anticipated voting system analysis ever. I just read the executive summary of the report, and the results are devastating for these machines. In all cases, the analysts were able to rewrite the firmware on the machines. This means that an attacker could change every aspect of the behavior of the voting systems. In a sense, these voting machines provide no protection against the most basic attack, which is the complete an unobservable reprogramming of the all the functionality of the voting machines.
One of the attacks against Sequoia that got my attention was that the team was able to determine when the machine was in test mode and thus could cheat but behave correctly whenever the machine was not in a real election. This undermines the common argument made by some that the machines are tested extensively. The analysts were able to defeat the physical security, bypassing the seals, on Sequoia and on Diebold. This undermines another argument often made by supporters of the machines that nobody could have undetectable access to the machines.
There are many other examples of attack that are much more serious than what I expected from this report - and I was expecting a lot. I don't see how anybody can possible condone continuing to use these e-voting machines, given the results that are summarized in the executive summary of the report. I will now read the detailed reports, and if I have anything more to say, I'll blog again over the weekend.
What is really disturbing is that these tests are taking place after the machines have been certified and deployed. This kind of top to bottom testing should be done before any voters actually vote on them.
