Diebold Quietly Patches Security Flaw in
Vote Counting Software
By Kim Zetter
August 12, 2009
Wired.com
http://www.wired.com/threatlevel/2009/08/diebold-audit-logs
Premier Election Solutions, formerly Diebold, has patched a serious security
weakness in its election tabulation software used in the majority of states,
according to a lab that tested the new version and a federal commission that
certified it.
The flaw in the tabulation software was discovered by Wired.com earlier this
year, and involved the program’s auditing logs. The logs failed to
record significant events occurring on a computer running the software,
including the act of someone deleting votes during or after an election. The
logs also failed to record who performed an action on the system, and listed
some events with the wrong date and timestamps.
A new version of the software does record such events, and includes other
security safeguards that would prevent the system from operating if the event
log were somehow shut down, according to iBeta Quality Assurance, the Colorado
testing lab that examined the software for the federal government.
It’s not known if Premier will offer the more secure version to
election officials who purchased previous software. The company did
not respond to a call for comment Tuesday.
Called the Global Election Management System, or GEMS, the software is
used to tabulate votes cast on Premier/Diebold touchscreen and optical-scan
machines, among other functions, and is used in more than 1,400 election
districts in nearly three dozen states. Maryland and Georgia, which
use Premier systems exclusively, count every vote statewide with the software.
GEMS runs on the Windows 2003 and Windows XP operating systems.
Official federal voting system standards require audit logs to record all
normal and abnormal events that occur on the system.
Premier publicly acknowledged the flaw two months after Wired.com’s report, in
a public hearing last March. When asked by a member of the California secretary
of state’s staff if Premier had done anything to address the problem, Justin
Bales, general service manager for Premier’s western region said, “No, not
yet.”
Bales went on to say that the GEMS logs had been the same since the
software was first created more than a decade ago.
“We never, again, intended for any malicious intent and not to log
certain activities,” Bales said. “It was just not in the initial program, but
now we’re taking a serious look at that.”
At the time, California Secretary of State Debra Bowen called GEMS auditing
mechanism “useless.”
Officials at iBeta say the federal officials at the Election Assistance
Commission — which recently began overseeing the testing and certification of
voting systems — specifically asked the lab to pay careful attention to testing
for the audit log issue.
Gail Audette, quality manager at iBeta, said Tuesday that version 1.21.5 of the
GEMS software passed their tests. The software now records all “normal and
abnormal” events, she says.
“It’s really up to interpretation what is an abnormal
event and what is a normal event,” Audette says. “[But] everyone interprets the
deletion of votes as abnormal events.”
IBeta tested Premier’s Assure 1.2 voting system, which includes its
optical-scan and direct-recording electronic touchscreen devices and version
1.21.5 of the GEMS tabulation software.
Audette said the logs in the latest GEMS software record the date and time that
events occur, and also record any attempt to login to the server, successful or
not.
The lab tested the audit logs to ensure that they cannot be deleted or
modified. If the GEMS event logs shut down for some reason, Audette said the
GEMS software will not operate.
Testers also attempted to modify votes in the GEMS database and delete the
database, but were unable to do so.
“The database is encrypted and protected by [Windows] WorkSpace,” Audette said.
IBeta’s report on the Premier system (.pdf) and testing plan offer an
interesting and rare look at the testing and certification procedures for
voting systems, which until recently were closely guarded secrets.
Voting-machine vendors used to pay labs directly to test their systems and
forced them to sign nondisclosure agreements to prevent election officials and
anyone else from learning about problems the labs found with the systems.
This changed only recently. In 2002 Congress passed the Help America Vote Act,
which established the Election Assistance Commission, in part to oversee the
testing and certification of election systems. It took until this last February
for the EAC to certify its first voting system.
Under the new scheme, instead of paying labs directly for testing, voting
machine vendors are required to pay into a general fund, from which the EAC
covers the testing costs. Test reports are also now published on the EAC’s web
site.
We’d encourage readers to look closely through the report, particularly
Appendix E (.pdf), which lists problems encountered during the tests and the
vendor’s responses to them.
Map image from Premier Election Solutions
[http://www.wired.com/images_blogs/threatlevel/2009/08/premier-diebold-market-map.jpg]
See also:
Diebold Admits Systemic Audit-Log Failure; State Vows Inquiry
Voting-Machine Audit Logs Raise More Questions about Lost Votes in CA Election