Académique Documents
Professionnel Documents
Culture Documents
Hernandez Executive Director Lance Gough Dominion Voting Executive Vice President Howard Cramer When we discussed the need for a vulnerability assessment of the EdgePlus2 DRE machines at the last Chicago Board of Elections meeting, we agreed that we would present a description of the vulnerability assessment and work on developing common ground. As such, we anticipate there will be measures where we agree and others where further discussion will be required. This document was prepared by Defend the Vote in conjunction with Dr. Roger Johnston in his official capacity as the head of the Vulnerability Assessment Team at Argonne National Laboratory. There are three parts: a description of the vulnerability assessment, particulars of the assessment, and a description of various levels of a vulnerability assessment on election machines. Dr. Johnston completed the third part. This vulnerability assessment focusses on the Edge2Plus, Haat, Insight and the WinEDS systems currently in use in Chicago. In addition, we would like to test the 400c but it is not specified in this particular document.
A vulnerability assessment of voting machines strives to find simple low cost improvements in security without requiring radical changes to the voting machines. Recommendations will dramatically improve security without requiring a lot of cost, time, or effort. The purpose of this vulnerability assessment is to improve security of the vote and it is designed to be public in nature.
Scope: This security-based vulnerability assessment looks at the processes, procedures, and the operations of the Edge2Plus, Haat, Insight, and WinEDS 4.0 voting systems. The assessment seeks to find remedies for security-based vulnerabilities when they are identified. Reports: A preliminary report will be produced which will present the result of the assessment. This will be provided to Defend the Vote, the Chicago Board of Elections, and to Dominion Voting for comment and feedback. A final report will then be issued which will include comments, feedback, and any subsequent followup. This report will be made public; however, protected and proprietary information will not be included in the public report.
7. Demonstrate the most viable attacks. [Though usually not to perfection due to time and cost constraints.] 8. Experiment with various countermeasures to the discovered attacks and vulnerabilities. Can include design changes, but also suggestions for modified use protocols. [Practical countermeasures are almost always discovered.] 9. Demonstrate the countermeasures. [If time and funding permit.] 10. Propose an optimum set of use protocols to minimize vulnerabilities. Typically a menu of prioritized options, rather than one fixed protocol. Defend the Vote believes that when the public has faith in their elections, they are more motivated to vote. Likewise, Defend the Vote believes when the publics faith in their elections is lost, the government loses its legitimacy in the eyes of the citizens.
Sharon Meroni
Executive Director Vulnerability Assessment Project Defend the Vote 1 West Surrey Lane Barrington Hills, IL 60010 847-382-1100 Phone 224-357-6366 fax 847-778-3495 mobile Sharon@DefendTheVote.com