In some parts of the country, all it might take to change someone’s vote this November is three seconds and a $10 USB thumb drive.
That’s what a study conducted by the UCSB Computer Security Group discovered this summer during an analysis of California’s electronic voting systems. The group investigated the reliability of the electronic Sequoia voting system — which is employed in 17 states nationwide — and found the system to be easily corruptible and susceptible to sabotage.
Research leader Giovanni Vigna said the team examined the accuracy of the Sequoia system by producing software mimicking a live virus and unleashing it in the system to alter the computer’s firmware. The team found modifying the voting machine’s computer to be relatively easy.
Even in the presence of a Voter-Verified Paper Audit Trail — a receipt-like print out of the voter’s chosen candidates and propositions — the corrupted firmware assumes the ability to change choices and transfer votes.
According to Vigna, an associate professor in the Computer Science Dept., modifying the system’s fundamental components is as simple as inserting a virus via a USB thumb drive.
“You would like something as critical as a voting machine to be developed with very high security standards,” Vigna said, “but we weren’t that surprised because these machines are very poorly developed.”
California Secretary of State Debra Bowen spearheaded the investigation, recruiting computer security teams from across the state to test the basic integrity of voting machines utilized in California, Vigna said.
“[Bowen] organized this effort in which different academic teams looked at different kinds of systems,” Vigna said. “In every case, major problems were found.”
As a result, the Sequoia system is now no longer used in California, with the exception of several handicap accessible sites designed for disabled voters. The system, however, remains in place in several other states.
“Bowen decertified these machines and came up with serious countermeasures,” Vigna said. “Every voter using electronic ballots in other states runs the risk of compromising their vote.”
Vigna said the vulnerabilities discovered by the team warrant the immediate removal of all faulty devices nationwide.
“If this was air traffic control or something dealing with nuclear power, people would be incredibly enraged,” Vigna said. “The level of criticality is the same but it is not perceived as such.”
With regards to the upcoming election, Vigna recommends voters using electronic ballots proceed with caution and remain aware of any questionable circumstances during the process.
“Don’t rush while voting. If you are confused, ask,” Vigna said. “Make sure your vote is counted.”