Debra Bowen, California's Secretary of State has just completed an incredible project which has dramatically and unquestionably shown leading e-voting systems to be riddled with extremely serious security flaws.
Bowen commissioned a distinguished array of talented computer security academics to review voting systems certified for use in California. The reviews, which included source code analysis, identified a huge number of security vulnerabilities – the number and scope of which has shocked even the most hardened e-voting critics. Bowen decertified the systems reviewed, recertifying some of them in very specific cases, with conditions, such as to enable disabled voters to continue voting unaided.
These voting companies have been saying 'trust us' for years, dodging open reviews and informed criticism based on work by experts such as Harri Hursti. Despite claiming to have fixed the holes previously identified in their systems. The reviews show that the holes hadn't been fixed – and more were found. As Avi Rubin wrote on his blog, “The more these machines are studied, the worse they look.”
ES&S, the only vendor certified in California to have conducted e-voting in the UK this year, directly tried to obstruct the review process by failing to deliver source code and documentation within the timetable specified. Maybe ES&S saw the writing on the wall, and played hardball with a government to protect their business interests of those of the government and voters. This company should not be allowed to do business in the UK.
The reports, hacks, problems and glitches keep piling up; it's only the vendors who are trying to pretend everything is ok. It's tragic that it has taken this long for the United States to start publicly addressing the fundamental problems with e-voting. Thankfully in the UK and across most of Europe we still have chance to stop these systems being introduced before it's too late.
Wonderful coverage of the reports and aftermath: