By John Wildermuth
Chronicle Staff Writer
July 28, 2007
State-sanctioned teams of computer hackers were able to break through
the security of virtually every model of California's voting machines
and change results or take control of some of the systems' electronic
functions, according to a University of California study released
The researchers "were able to bypass physical and software security in
every machine they tested,'' said Secretary of State Debra Bowen, who
authorized the "top to bottom review" of every voting system certified
by the state.
Neither Bowen nor the investigators were willing to say exactly how
vulnerable California elections are to computer hackers, especially
because the team of computer experts from the UC system had
top-of-the-line security information plus more time and better access to
the voting machines than would-be vote thieves likely would have.
"All information available to the secretary of state was made available
to the testers,'' including operating manuals, software and source codes
usually kept secret by the voting machine companies, said Matt Bishop,
UC Davis computer science professor who led the "red team" hacking
effort, said in his summary of the results.
The review included voting equipment from every company approved for use
in the state, including Sequoia, whose systems are used in Alameda, Napa
and Santa Clara counties; Hart InterCivic, used in San Mateo and Sonoma
Counties; and Diebold, used in Marin County.
Election Systems and Software, which supplied equipment to San
Francisco, Contra Costa, Solano and Los Angeles counties in last
November's election, missed the deadline for submitting the equipment,
Bowen said. While their equipment will be reviewed, Bowen warned that
she has "the legal authority to impose any condition'' on its use.
Bowen said in a telephone news conference Friday that the report is only
one piece of information she will use to decide which voting systems are
secure enough to use in next February's presidential primary election.
If she is going to decertify any of the machines, she must do it by
Friday, six months before the Feb. 5 vote.
A day-long hearing in Sacramento on Monday will give the UC
investigators a chance to present their finding and allow the various
voting machine companies to present a response. The hearing also will be
open for comments from the public.
The study was designed to discover vulnerabilities in the technology of
voting systems used in the state. It did not deal with any physical
security measures that counties might take and "made no assumptions
about constraints on the attackers,'' Bishop said.
"The testers did not evaluate the likelihood of any attack being
feasible,'' he added.
Some county elections officials in the state were among the most
critical of the study, saying they worry that they could be forced to
junk millions of dollars in voting machines if Bowen decertifies them
for the February election.
Letting the hackers have the source codes, operating manuals and
unlimited access to the voting machines "is like giving a burglar the
keys to your house,'' said Steve Weir, clerk-recorder of Contra Costa
County and head of the state Association of Clerks and Election
The study also determined that many voting systems have flaws that make
it difficult for blind voters and those with other disabilities to cast
During her election campaign last year, Bowen made it clear she had
little confidence in the security of electronic voting machines and
vowed to review their use in the state.
"Voting systems are tools of our democracy,'' she said Friday. "We want
to ensure that the voting systems used in the state are secure,
accurate, reliable and accessible to all. This (study result) is not a
big deal to me. It's a big deal for everyone in the country.''
Vendors and other advocates of electronic voting machines have suggested
that because of Bowen's well-publicized concerns, she has her thumb on
the scale when it comes to reviewing the systems. But the secretary of
state said she purposely avoided the scientists doing the study.
Bowen admitted that she's "enough of a geek" that she would have enjoyed
working closely with the study, but "I've stayed out of the way ... It's
not my review,'' she said. "I didn't want (the researchers) to be
influenced by my questions.''
Weir said the UC study "is only a hologram of what could be done
technically without considering the real-world mitigation,'' the locks,
access cards and other physical security measures typically used.
The study found "absolutely no evidence of any malicious source code
anywhere,'' he added. "They found nothing that could cast doubt on the
results of elections.''
Bishop, however, said he was surprised by the weakness of the security
measures, both physical and electronic, protecting the voting systems.
His team of hackers found ways to get into the systems not only through
the high-tech equipment in election headquarters but also through the
machines in the polling places.
If the testers had had more time, they would have found more flaws, he
"The vendors appeared to have designed systems that were not high
assurance (of security)," said Bishop, a recognized expert on computer
security. "The security seems like it was added on.''
This article appeared on page A - 1 of the San Francisco Chronicle
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com