Post on 30-Jun-2015
Voting Machines: The Good, The Bad, and The Ugly
Cara Monical, Centre College ‘13
Brown Fellow Project Exploration:
Last summer: 6 weeks in Spain where I first discovered my passion for computer security and gained a more international outlook
This summer: 8 weeks in South Carolina doing research in analyzing voting machines
Next summer (intended): internship with NSA or FBI Partnership: working with election officials to improve the
system Academic/Research Leadership: wanted to gain research
experience in a larger environment
Importance of Elections Results of elections have a
major impact on the people, the country, and the world
The government’s right to rule is based on the people’s faith in the electoral process
General Chaos
The Good The blind community is able to vote independently for
the first time Voting machines often make running an election easier
for the poll workers, who are often volunteers well past retirement age with very little training
Tabulating results is almost instantaneous The public, in general, prefers voting machines to past
mechanisms for voting
The Bad Current voting technology
is fundamentally insecure and flawed
No meaningful audit trail for verifying results
Elections are so close that machine malfunctions could change the result of the election
PEB
PDA
iVotronic
The Ugly
The already bad system is made worse by preventable human errors
Votes counted without data support
Votes in the data support but not counted
Incorrect timestamps
Analyzing the Current System Worked on iVotronics made by ES&S Produce an event log that records iVotronic ID, PEB ID,
PEB type, date, time, event code, and event message for each event
Try to find ways to improve from election to election with the current system
Methodology
Parse event logCount events for each iVotronic,
PEB
Look for consistent patterns
Check for procedural
irregularities
Check abnormal events
Compare results between counties
Normal event logTime Event07:29:44 0001510 Vote cast by voter07:41:02 0001510 Vote cast by voter07:47:28 0001510 Vote cast by voter07:49:16 0001510 Vote cast by voter07:54:34 0001510 Vote cast by voter08:00:13 0001510 Vote cast by voter
Partial event log for iVotronic 5122975, used in Lexington County, with all events from 7:35 am to 8 am on November 2, 2011
Problematic Event LogTime Event07:31:56 0001510 Vote cast by voter07:32:03 0002400 PEB access failed07:32:03 0002400 PEB access failed07:32:15 0002400 PEB access failed07:32:15 0000706 Failed to retrieve EQC from PEB07:32:15 0001635 Terminal shutdown - IPS exit07:35:30 0001510 Vote cast by voter07:39:44 0001510 Vote cast by voter07:39:51 0002400 PEB access failed07:39:51 0002400 PEB access failed07:40:03 0002400 PEB access failed07:40:03 0000706 Failed to retrieve EQC from PEB
Partial event log for iVotronic 5101203, used in Lexington County, with all events from 7:35 am to 7:40 am on November 2, 2011
Types of Results Identified…
Specific iVotronics and PEBs likely to have a problem Lapses in election procedure Differences between counties Differences between elections
Found evidence of poor programming practices in the software behind the event logs
Found some evidence of hardware failures
Hardware Problems Sumter, general election, iVotronic 5137877
11/02/2010 14:25:43 0002504 CF - file read error11/02/2010 14:25:43 0002513 File - Read or write error11/02/2010 14:59:12 0002207 TF - chip vs chip crc error11/02/2010 14:25:46 0002184 UNKNOWN11/02/2010 14:25:46 0002449 UNKNOWN
11/02/2010 14:25:12 0001204 Terminal vote image is corrupted…
11/02/2010 14:57:20 0002504 CF - file read error 11/02/2010 14:57:20 0002513 File - Read or write error 11/02/2010 19:17:27 0002207 TF - chip vs chip crc error 11/02/2010 19:17:27 0002207 TF - chip vs chip crc error
…..
11/03/2010 11:23:00 0001404 Warning - no valid term audit data
Programming Problems UNKNOWN event codes Prints the hardware error messages for hours, pages of
events The event “vote cancelled– printer problem” appears
despite the lack of printers “Terminal shutdown” in some instances could be sleep
mode, in others– definitely not The standard PEB access fail sequence is illogical
Future Work I hope to perform similar analysis on the iVotronics used
in some counties in Kentucky I also plan to analyze the data from the upcoming South
Carolina Republican primary The completed analysis will be submitted for the USENIX
conference and to a computer science journal
Acknowledgements Dr. Buell Dean Crepes and Carolyn Bledsoe of the Lexington
County Election Commission Mrs. Laura Boccanfuso, Dr. Eastman, and Dr. Bowles National Science Foundation University of South Carolina The Brown Foundation and Centre College
Questions or More Information
For more information about my research, my project, or the voting machine situation, please contact me at
cara.monical@centre.edu