[E-voting] Irish and USA tabulating computers
Catherine Ansbro
cansbro at eircom.net
Thu Jan 20 22:24:07 GMT 2005
Can someone tell me how the proposed tabulator for Ireland compares with
the GEMS system and set-up? I remember that the Irish system was also
using MS Access so I assume some of the security issues may be the same.
Also--will penetration threat tests ever be done on the components and
whole system proposed for Ireland?
Catherine
-----------------------------------------------
http://www.bbvforums.org/forums/messages/2197/2386.html?1106257120#POST2951
http://www.bbvdocs.org/general/ciber-reports.zip
(Compressed zip file, 1,888 KB)
(Source: Public Records Requests)
Ciber Labs has been the main "ITA" (Independent Testing Authority) for
voting machine software.
Of special interest in these files: Under the section marked
"Penetration Analysis" the examiner wrote "N/A - Not Tested" and
recommended the products for certification.
Not one individual on the NASED voting systems panel objected to the
certification, though it is clear that the security analysis was not
done. Two members of the NASED certification panel are computer
scientists: Dr. Britain Williams (Georgia, Virginia, Maryland) and Paul
Craft (Florida).
They signed off on the GEMS central tabulator system, used in every
county of Georgia and Maryland, and in 30 of Florida's 68 counties.
GEMS uses unpatched Windows and transfers live election data on a TCP/IP
connection using Windows RAS, with easily guessed usernames and
passwords and easily accessible phone access numbers. It uses an MS
Access database constructed without referential integrity, passwords, or
even an auto-numbered audit log.
Taxpayers pay the salaries for both Dr. Williams and Dr. Craft, who
receive the Ciber reports, have access to the GEMS programs, which they
are hired to independently evaluate. Both Williams and Craft pronounced
the GEMS program fit for use, not just in their states, but as NASED
certifiers, they recommended the system nationwide. Williams and Craft
may also be receiving HAVA funds.
GEMS central tabulator was subsequently used to count nearly 40 percent
of the votes in the U.S. in the Nov. 2004 general election.
More information about the E-voting
mailing list