The machinery of democracy: protecting elections in an electronic world

Preface

Cast Out: New Voter Suppression Strategies

Securing the Vote in Context

Background: How We Got Here

What We Can Do to Ensure That Everyone Who Is Legally Entitled to Vote Can, and That Their Intended Votes Will Be Recorded and Accurately Counted

Brennan Center Efforts to Fight Threats to the Franchise

Machinery of Democracy: Voting System Security Report

Definition of Terms

Introduction

Limitations of Study

Summary of Findings and Recommendations

The Need for a Methodical Threat Analysis

Solid Threat Analyses Should Help Make Voting Systems More Reliable

Methodology

Identification of Threats

Prioritizing Threats: Number of Informed Participants as Metric

Effects of Implementing Countermeasure Sets

Representative Model for Evaluation of Attacks and Countermeasures: Governor's Race, State of Pennasota, 2007

Facts About Pennasota

Evaluating Attacks in Pennasota

Limits on Attacker

Targeting the Fewest Counties

Testing the Strength of Our Findings

The Catalogs

Nine Categories of Attacks

Lessons from the Catalogs: Retail Attacks Should Not Change the Outcome of Most Close Statewide Elections

Software Attacks on Voting Machines

History of Software-Based Attacks

Vendor Desire to Prevent Software Attack Programs

Inserting the Attack Program

Points of Attack: COTS and Vendor Software

Technical Knowledge

Election Knowledge

Creating an Attack Program That Changes Votes

Eluding Independent Testing Authority Inspections

Avoiding Detection During Testing

Avoiding Detection After the Polls Have Closed

Conclusions

Least Difficult Attacks Applied Against Each System

Attacks Against DREs Without VVPT

Attacks Against DREs w/VVPT

Attacks Against PCOS

Prevention of Wireless Communication: A Powerful Countermeasure for All Three Systems

Security Recommendations

Directions for the Future

Witness and Cryptographic Systems

Informing Voters of Their Role in Making Systems More Secure

Additional Statistical Technical Techniques to Detect Fraud

Looking for Better Parallel Testing Techniques

Looking at Other Attack Goals

Looking at Other Races

Appendix

Appendix A. Alternative Threat Analysis Models Considered

Appendix B. Alternative Security Metrics Considered

Appendix C. Voting Machine Testing

Appendix D. Example of Transparent Random Selection Processes

Appendix E. Assumptions

Appendix F. Tables Supporting Pennasota Assumptions

Appendix G. Denial-of-Service Attacks

Appendix H. Chances of Catching Attack Program Through Parallel Testing

Appendix I. Chances of Catching Attack Program Through the ARA

Appendix J. Subverting the Audit

Appendix K. Effective Procedures for Dealing With Evidence of Fraud or Error

Executive Summary

Introduction

Voting System Vulnerabilities

Security Recommendations

Conclusion

About the Task Force

Acknowledgments

Endnotes