5 Jul 2011: TX Supreme Court Rules on Voting Machine Suit
Last week, the Texas Supreme Court ruled that the NAACP of Austin could have its case dismissed against the Secretary of State of Texas. Tim Lee writing for Ars Technica does a great job of summarizing the case, quoting ACCURATE Acting Director Dan Wallach and Postdoc Joseph Lorenzo Hall.
Dan provides a particularly stark illustration of the most severe technical vulnerabilities found in the 2007 California Top-To-Bottom Review (in which many ACCURATE researchers participated):
Wallach is an expert on Travis County’s eSlate machines because he participated in one of the nation’s only comprehensive DRE machine security audits in California back in 2007. Wallach says the most serious flaws with the machines arise from their networking capabilities. To tally the votes at the end of the election, the Hart InterCivic’s voting machines are taken to a distribution center where they are connected to an ordinary PC running special vote-counting software.
Wallach said that the PC software had a buffer overflow vulnerability, which meant that a single malicious voting machine could take control of the vote-counting PC. And the PC, in turn, had the power to directly modify the memory of the other voting machines which would later be connected to it. Hence, a malicious party with access to a single voting machine could trigger a viral attack on the voting machines used in dozens of precincts.
The Texas Supreme Court essentially ruled that this issue–whether or not to require voting machines be fundamentally auditable–is a policy issue and that the proper resolution is with the Texas legislature or, ultimately, Texan voters.