North Carolina Experts: Justin Moore of Durham, a computer scientist and adviser to the North Carolina Joint Select Committee on Electronic Voting, member of the  National Committee for Voting Integrity,of 2004, gave presentation about software engineering and security (PPT, 452 KB) to a Joint Special Committee of the North Carolina State Assembly. In March of 2005, Moore gave a presentation (PPT, 100 KB) about software engineering and preliminary statistical results to various citizens' groupsMoore recently helped edit and contribute to the written testimony submitted to the U.S. Election Assistance Committee.  Read the Analysis of 2004 Election by Justin Moore, fifth-year PhD candidate at Duke Computer Science studying networked systems and a member of the National Committee for Voting Integrity.http://www.cs.duke.edu/~justin/voting/ Read more about Justin Moore, his bio, and his revealing study of the undervotes tied to paperless voting here   David Allen - High Point, NC. Has investigated and written about the voting machine industry.. Systems engineer and owns a publishing business Plan Nine Publishing. Helped break the story on Diebold's election database left un-secure on the internet. David's website, www.blackboxvoting.com and www.votewatchnc.org   Chuck Herrin -   North Carolina Resident CISSP – Certified Information Systems Security Professional CISA – Certified Information Systems Auditor MCSE – Microsoft Certified Systems Engineer on Windows 2000 CEH – Certified Ethical Hacker CHCP – Certified Hacking and Countermeasures Professional President – Winston-Salem Triad chapter of ISSA Contributing author – "The Security Sage’s Guide to Attacking and Defending Windows Server 2003", 2004 by Syngress Publishing. see website:  www.chuckherrin.com     Other Experts: Bryan Pfaffenberger, University of Virginia Professor, on Logic and Accuracy Testing: "Logic and accuracy tests are dangerously vulnerable to a trivial exploit that involves inserting time-oriented code into the machine; the technique, described by Prof. Doug Jones of the University of Iowa, is so elementary that it is routinely assigned as a student exercise at Rice University." "Elections officials argue 'There are many other built in security features -- both in process and in equipment and software' (Charlottesville, VA Registrar of Voters, Frequently Asked Questions)   Perhaps so, but because vendors regard the voting machine software as a trade secret and will not permit objective outsiders to analyze the code, it is impossible to know whether the vendor's security features are effective.] In addition, state certification boards are insensitive to computer security issues and rush to approve systems that are full of security holes." http://pfaff.tcc.virginia.edu/home/MT/archives/000200.html                                      Dr. David L. Dill, Stanford University, on need for voter verifiable audit trail: Computer scientists at John Hopkins released a report this summer stating that one company’s machines “had significant and wide reaching security vulnerabilities” also that “a malevolent developer could easily make changes to the code.”                                                                                       The threat seems so great to Stanford computer scientist David Dill that he began a campaign to prevent Santa Clara county from using these machines calling it “crucial that voting equipment provide a voter-verifiable audit trail, by which we mean a permanent record of each vote that can be checked for accuracy by the voter before the vote is submitted, and is difficult or impossible to alter after it has been checked.    Many of the electronic voting machines being purchased do not satisfy this requirement.”       His petition was quickly signed by leaders in the computer security industry. http://verify.stanford.edu/dill/EVOTE/endorsements.html AVI RUBEN: Professor of Computer Science at Johns Hopkins University, on the source code of Diebold voting systems: and has appointment as the Technical Director of the Hopkins Information Security Institute. His website: http://avirubin.com/ His testimony for the Federal Election Assistance Commission on May 5, 2004, read here  http://avirubin.com/eac.pdf                                                                                                                                                           He also has worked as an Election Judge this year. Examined the source code in one of the Diebold systems. Reports and Analysis: September 3, 2004 NC gets a "D" in the Free Congress Foundation report - not ready for a re-count.      Grades were based on reliability of equipment and verifiable recount preparedness. Article here - http://www.freecongress.org/media/040903.asp View the report cards: http://www.freecongress.org/media/statevotingscorecard.pdf Compuware Report:  examined for the state of Ohio the following election systems: the Diebold Election Systems AccuVote-TS, the Election Systems and Software (ES&S) iVotronic, the Hart InterCivic eSlate 3000, and the Sequoia Voting Systems AVC Edge. The press release is here: Compuware: Press Conference Presentation (PDF) and the report here: Compuware: Technical Security Assessment Report (PDF) InfoSENTRY Report: company based in Raleigh, NC, conducted (for Ohio) on-site vendor inspections and interviews to assess voting system vendors’ security plans, procedures and processes. The review included all information systems security procedures utilized by voting system vendors. InfoSENTRY also assessed Ohio administrative security procedures and made recommendations for improvement.  Report here: InfoSENTRY: Summary of Findings & Recommendations (PDF) The SAIC Report: Risk Assessment report for Maryland from September 2003 ("several high-risk vulnerabilities) report:    The RABA Technologies Report:   http://www.raba.com/press/TA_Report_AccuVote.pdf  Testimony by Avi Rubin http://avirubin.com/vote/