California's new Secretary of State, Debra Bowen, has flatly rejected a request from Riverside County, CA County Supervisor Jeff Stone to participate in a "hack test" challenge originally proposed to Election Integrity Advocates in response to their concerns about security and accuracy for the county's electronic touch-screen voting machines, The BRAD BLOG has learned.
In a letter sent to Stone last week obtained by The BRAD BLOG (posted in full at the end of this article), Secretary Bowen found that though there was no state law to prohibit such a test, her office would not participate, in part due to the narrow restrictions initially insisted upon by Supervisor Stone.
In her reply to a letter sent in early January to outgoing Secretary of State Bruce McPherson just days before he would leave office, Bowen wrote, "I am not aware of any state law that would prohibit the type of security test that you described in your letter." Unlike Bowen, the former SoS had been seen as far more favorable towards relaxed security issues for electronic voting.
As The BRAD BLOG originally reported last December, Stone had initially challenged local Election Integrity advocates "a thousand to one," during a public hearing, that a programmer would be unable to "manipulate" the county's voting system.
In her letter to McPherson Bowen joined other computer security professionals who had previously rejected Stone's unilateral suggestions for ground rules, calling them "overly narrow," potentially giving voters a "false sense of security." Stone had written to the former SoS that just "15 minutes would be allotted" for the test and the programmer who accepted the challenge --- noted computer security expert Harri Hursti --- would be prohibited from using any tools or reaching around the back of the machine. "In every sense," Stone wrote, "he would be like any voter on Election Day approaching a voting unit at the polls."
Bowen, however, balked at Stone's unilateral ground rules, writing in response...
As you know, voting equipment is subject to tampering in a wide range of settings.
This test you have proposed wouldn't address the issue of whether a someone who can reach around the back of the machine undetected or can bring a tool into the voting booth without being noticed by a poll worker will be able to gain access to the machine.
As well, Bowen also highlighted the point made by Election Integrity Advocates, computer security professionals, and even the Baker/Carter "Blue Ribbon" National Election Reform Commission that made the point that the greatest threat to e-voting security likely comes from election insiders, such as officials or poll workers who have been allowed to take pre-programmed, election-ready systems home with them in the days prior to the election as allowed by Riverside County.
Such insider access is seen as a far greater threat to security than that from voters on Election Day. As Bowen wrote in reply...