Systemic Issues in the Hart InterCivic and Premier Voting Systems: Reflections Following Project EVEREST∗

In response to growing concern about the security and integrity of elections in the state of Ohio, Secretary of State Jennifer Brunner set in motion a comprehensive study of the electronic voting equipment used throughout the state. Known as Project EVEREST (Evaluation and Validation of Election Related Equipment, Standards and Testing), this study attempted to assess the risks associated with Ohio’s current voting systems. In this paper, we discuss the systemic vulnerabilities and weaknesses discovered during the academic team’s evaluation of the Hart InterCivic and Premier Elections Solutions (formerly Diebold) hardware and software. We begin by describing a methodology for identifying and confirming vulnerabilities aimed at preventing vendor deniability so prevelant in voting systems analysis. Both systems’ studies began with an independent analysis of known vulnerabilities and quickly expanded. The Hart analysis expanded on previous findings and discovered 27 new vulnerabilities. Most notably, we discovered a large swath of undocumented functionality within the Hart system that could be highly dangerous in an election environment. Like previous evaluations, our analysis of the Premier system notes that the platform is plagued by systemic security issues; however, our evalu-