GAO, Whaddya Know?

The "Non-Partisan" GAO has released its report on our electronic voting machines. Some of the findings:

1. Some electronic voting systems did not encrypt cast ballots or system audit logs, thus making it possible to alter them without detection.


2. It is easy to alter a file defining how a ballot appears, making it possible for someone to vote for one candidate and actually be recorded as voting for an entirely different candidate.


3. Falsifying election results without leaving any evidence of such an action by using altered memory cards.


4. Access to the voting network was easily compromised because not all digital recording electronic voting systems (DREs) had supervisory functions password-protected, so access to one machine provided access to the whole network.


5. Supervisory across to the voting network was also compromised by repeated use of the same user IDs combined with easily guessed passwords.


6. The locks protecting access to the system were easily picked and keys were simple to copy.


7. One DRE model was shown to have been networked in such a rudimentary fashion that a power failure on one machine would cause the entire network to fail.


8. GAO identified further problems with the security protocols and background screening practices for vendor personnel.

You can read John Conyer's take here, and get the whole PDF here.