Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Election tabulator security / How not to use Access
Message
From
03/11/2004 19:11:23
Alan Popow
Toronto, Ontario, Canada
 
General information
Forum:
Visual FoxPro
Category:
Other
Title:
Re: Election tabulator security / How not to use Access
Miscellaneous
Thread ID:
00957752
Message ID:
00957899
Views:
16
Jeez... what can I say! This goes way beyond horrifying.

>Alan,
>
>It isn't a joke. I've seen the app personally (as it happens, one of my closest friends is a nationally recognized e-voting expert who has testified before our Congress on this issue).
>
>The report he talks about is accurate. The DB is in Access, and is completely insecure. There's no encryption and very little relational design. The TV reporter, within about ninety seconds, was able to completely alter the results of a sample "election" with absolutely no audit trail or any type of log entries hinting that a change was made.
>
>The difficulty, however, is with the two companies that are the primary suppliers of election booth hardware and electronic voting software (Diebold and ESS). They are both under suspicion of rigging the software to the benefit of one party or the other -- and (as I understand it) they still refuse to allow anyone to view their proprietary code and algorithms.
>
>And YES, I've had discussions with my friend about writing something. His response: Don't waste your time. It's not worth the effort, the governmental agencies that would buy the software won't talk to you unless you're a big company, and the big companies would eat you alive with lawsuits. They're heavily funded and politically backed. You'd have a better chance of successfully suing Microsoft because your laptop locked up when you installed XP Service Pack 2.
>
>
>>Personally, I think it's so looney-tunes that I won't believe it until I see proof.
>>
>>Alan
>>
>>>Now I've heard it all. I saw a program last week - I think it was 60 Minutes - talking about the flaws of this particular system. To hear that the backend is MSAccess just blows me away. Something so important, and they use Access - scary stuff.
>>>
>>>>Hi all
>>>>
>>>>There was a show here yesterday that was discussing the GEMS database. This is apparently the system used to tabulate voting in parts of the US.
>>>>
>>>>The guest claims the system, (written in Access of all things), has severe security problems. Is it just me, or shouldn't something this sensitive be housed in SQL Server?
>>>>
>>>>Apparently all one needs to access ;) this database is a telephone number.
>>>>
>>>>The guest claimed that he obtained the phone number via the freedom of information act.
>>>>
>>>>The guest quoted a university professor as saying if his students brought this system to him for review they'd have gotten a failing grade.
>>>>
>>>>This should curl your hair, even if you're not an American.
>>>>
>>>>http://www.ejfi.org/Voting/Voting-30.htm
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform