The concerns over Smartmatic’s acquisition of Sequoia triggered an investigation in the United States. http://www.nytimes.com/2006/10/29/washington/29ballot.html
In December 2006, presumably due to the controversy, Smartmatic announced that it had sold Sequoia. https://maloney.house.gov/media-center/press-releases/smartmatic-announces-sale-sequoia-voting-systems
But questions remained as to whether the sale was a sham transaction designed to fool regulators. https://www.nist.gov/sites/default/files/documents/itl/vote/SequoiaSmartmaticReport61208.pdf
In 2007, the California Secretary of State asked the Computer Security Group at U.C. Santa Barbara to analyze the security of Sequoia’s voting machines. The report found “a number of serious security issues” that “could be exploited by a determined attacker to modify (or invalidate) the results of an election” and that could “be carried out without any knowledge of the source code.” http://votingsystems.cdn.sos.ca.gov/oversight/ttbr/red-sequoia.pdf
An analysis of the source code by @mattblaze and others at UC Berkeley found that “the Sequoia system lacks effective safeguards against corrupted or malicious data injected onto removable media, especially for devices entrusted to poll workers and other temporary staff with limited authority…” http://votingsystems.cdn.sos.ca.gov/oversight/ttbr/sequoia-source-public-jul26.pdf
The researchers further found that “Many of the security features of the Sequoia system, particularly those that protect the integrity of precinct results, employ cryptography” that is “easily circumvented.” http://votingsystems.cdn.sos.ca.gov/oversight/ttbr/sequoia-source-public-jul26.pdf
The researchers concluded that “virtually every important software security mechanism is vulnerable to circumvention.” https://www.wired.com/2007/08/ca-releases-sou/
Based on these reports, California withdrew approval for the use of Sequoia machines, but then granted re-approval for the use of Sequoia’s machines subject to various conditions. http://www.govtech.com/security/California-Decertifies-Voting-Machines-Conditions-Applied.html

No comments: