music: Lance Canales
CAL VOTE MACHINES LOSE TO HACKERS
John Wildermuth, Chronicle Staff Writer
Saturday, July 28, 2007
State-sanctioned teams of computer hackers were able to break through the security of virtually
every model of California's voting machines and change results or take control of some of the
systems' electronic functions, according to a University of California study released Friday.
The researchers "were able to bypass physical and software security in every machine they
tested,'' said Secretary of State Debra Bowen, who authorized the "top to bottom review" of
every voting system certified by the state.
Neither Bowen nor the investigators were willing to say exactly how vulnerable California
elections are to computer hackers, especially because the team of computer experts from the UC
system had top-of-the-line security information plus more time and better access to the voting
machines than would-be vote thieves likely would have.
"All information available to the secretary of state was made available to the testers,'' including
operating manuals, software and source codes usually kept secret by the voting machine companies,
Matt Bishop, UC Davis computer science professor who led the "red team" hacking effort, said in
his summary of the results.
The review included voting equipment from every company approved for use in the state, including
Sequoia, whose systems are used in Alameda, Napa and Santa Clara counties; Hart InterCivic, used
in San Mateo and Sonoma Counties; and Diebold, used in Marin County.
Election Systems and Software, which supplied equipment to San Francisco, Contra Costa, Solano
and Los Angeles counties in last November's election, missed the deadline for submitting the
equipment, Bowen said. While their equipment will be reviewed, Bowen warned that she has "the
legal authority to impose any condition'' on its use.
Bowen said in a telephone news conference Friday that the report is only one piece of information
she will use to decide which voting systems are secure enough to use in February's presidential
If she is going to decertify any of the machines, she must do it by Friday, six months before the Feb.
A day-long hearing in Sacramento on Monday will give the UC investigators a chance to present
their finding and allow the various voting machine companies to present a response. The hearing
also will be open for comments from the public.
The study was designed to discover vulnerabilities in the technology of voting systems used in the
state. It did not deal with any physical security measures that counties might take and "made no
assumptions about constraints on the attackers,'' Bishop said.
"The testers did not evaluate the likelihood of any attack being feasible,'' he added.
Some county elections officials in the state were among the most critical of the study, saying they
worry that they could be forced to junk millions of dollars in voting machines if Bowen decertifies
them for the February election.
Letting the hackers have the source codes, operating manuals and unlimited access to the voting
machines "is like giving a burglar the keys to your house,'' said Steve Weir, clerk-recorder of Contra
Costa County and head of the state Association of Clerks and Election Officials.
The study also determined that many voting systems have flaws that make it difficult for blind voters
and those with other disabilities to cast ballots.
During her election campaign last year, Bowen made it clear she had little confidence in the security of
electronic voting machines and vowed to review their use in the state.
"Voting systems are tools of our democracy,'' she said Friday. "We want to ensure that the voting systems
used in the state are secure, accurate, reliable and accessible to all. This (study result) is not a big deal to me.
It's a big deal for everyone in the country.''
Vendors and other advocates of electronic voting machines have suggested that because of Bowen's well-
publicized concerns, she has her thumb on the scale when it comes to reviewing the systems. But the
secretary of state said she purposely avoided the scientists doing the study.
Bowen admitted that she's "enough of a geek" that she would have enjoyed working closely with the study,
but "I've stayed out of the way ... It's not my review,'' she said. "I didn't want (the researchers) to be
influenced by my questions.''
Weir said the UC study "is only a hologram of what could be done technically without considering the real-
world mitigation,'' the locks, access cards and other physical security measures typically used.
The study found "absolutely no evidence of any malicious source code anywhere,'' he added. "They found
nothing that could cast doubt on the results of elections.'' Bishop, however, said he was surprised by the
weakness of the security measures, both physical and electronic, protecting the voting systems. His team of
hackers found ways to get into the systems not only through the high-tech equipment in election
headquarters but also through the machines in the polling places.
If the testers had had more time, they would have found more flaws, he added.
"The vendors appeared to have designed systems that were not high assurance (of security)," said Bishop, a
recognized expert on computer security. "The security seems like it was added on.''
Return to main voting questions page