Trusted Agent Report Diebold AccuVote-TS Voting System


Citation

Paper

About This Report

From the Executive Summary:

At the request of the State of Maryland, RABA Technology’s Innovative Solution Cell (RiSC) performed a review of the DIEBOLD touch-screen electronic voting system. A team of security experts reviewed the SAIC report commissioned by Maryland and went on to hold a “Red Team” exercise to discover vulnerabilities in the actual voting system as it will be deployed for the March 2004 primary.

The key findings of this effort are two-fold. The State of Maryland election system (comprising technical, operational, and procedural components), as configured at the time of this report, contains considerable security risks that can cause moderate to severe disruption in an election. However, each of these vulnerabilities has a mitigating recommendation that can be implemented in time for the March 2004 primary. With all these near-term recommendations in place, we feel, for this primary, that the system will accurately render the election and is worthy of voter trust. However, between the March and November elections we strongly feel that additional actions must be taken to mitigate increasing risks incumbent on a system that will receive broad scrutiny. Ultimately we feel there will be a need for paper receipts, at least in a limited fashion.

Background

Mike Wertheimer invited me to join the RABA team. It was a fun application of penetration testing to a system; the test turned out to be very useful to lots of places (including California, a year later).