Yolo County clerk Freddie Oakley was breathing a bit easier Saturday, after California Secretary of State Debra Bowen ruled that the Hart voting machines used in the county could be used for next February’s election. Late on Friday, Bowen decertified three voting systems that a UC study showed had serious security flaws. She then recertified the systems provided strict security precautions were met, but limited the Diebold and Sequoia systems to one per polling place, for use by disabled voters. The Hart Intercivic machines, like those used in Yolo County, could be more widely used, although with additional security.
Locally, Oakey has been working for some time with Matt Bishop, the UC Davis computer science who lead the team that tried to break into the voting machines, to ensure that Yolo county’s elections are secure.
Some of the new security rules are not as strict as those Yolo had already put in place, Oakley said.
For example, Bowen will require that counties train poll workers about the security of machines in their custody. In contrast, Yolo does not allow poll workers sole custody of any machine or store it overnight before Election Day. Instead, each machine is checked out on the election morning to a county employee and a UC Davis computer science student.
Oakley’s office took more time than others to pick a new voting system. She has worked closely with Matt Bishop, a UCD computer science professor and computer security expert, who played a key role in Bowen’s study. It appears the partnership has paid off.
“God bless ‘em, but my colleagues all over the state are panicking and I’m not,” Oakley said.
The Los Angeles Times rounds up some of the reaction from election officials in southern California, including LA county, the largest voter district in the nation.
On Friday (hours before Bowen handed down her decision) Bishop appeared on NPR’s Science Friday show with Ira Flatow. Some critics of Bishop’s study have claimed that the Red Team had weeks to crack the machines, and access to computer codes and documents. Bishop, however, noted that some of the successful attacks were found “in minutes,” some using small, everyday objects that he declined to describe in detail, and pointed out that real hackers can either access such documentation or figure it out for themselves.