Worst Ever Security Flaw in Diebold Voting Machine

WhiteDragon writes "The folks at Open Voting Foundation got their hands on a Diebold AccuVote TS touchscreen voting machine. They took it apart (pictures here), and found the most serious security flaw ever discovered in this machine. A single switch is all that is required to cause the machine to boot an unverified external flash instead of the built-in, verified EEPROM."

When Will Politicians Wake Up?

You'd think in this day and age we'd have some idea of how to create a secure voting system. Unfortunately it doesn't seem like much of a concern to the politicians. They assume computers are more secure than paper because they don't understand them. Nevermind all the computer scientists warning about the pitfalls of electronic voting. Let's just trust this Diebold sales guy over here! We know he's telling the truth because of the billion dollar contract!

Here's a hint for politicians: If in a population of 300,000,000 only 1,000,000 are capable of understanding how the voting system works, and if only 1,000 people are actually allowed to see how it works, and if there's no verifiable paper trail or any simple and legitimate verification system, then democracy is a farce.

wrong question

When will the people wake up? I suspect (some) politicians are well aware of the "flaws" found in the system.

Re:wrong question

Not until after the people wake up.

Re:wrong question

If you let all of those other people wake up first there won't be any hot water left for your shower.

Re:wrong question

When will the people wake up? I suspect (some) politicians are well aware of the "flaws" found in the system.

Good point. I guess I figured the one thing politicians should know something about is voting. If it's up to the people then we're pretty much doomed, because the American people don't know and don't care about politics. At this point we're so swamped between work and entertainment that the only way to generate political awareness is if it becomes a fad like it did in the Vietnam era. Either that or a lot more Katrina-style disasters to destroy people's television sets.

Re:wrong question

Either that or a lot more Katrina-style disasters to destroy people's television sets.

That "Hurricane Katrina" was a pretty popular reality show. It got coverage on multiple networks and got pretty good ratings. That "Bring 'Em On!" guy even had a guest appearance.

I wonder if there will be a new season of it this fall?

Re:wrong question

you suspected correctly. The current rep, Tom Feeney, representing South Florida rigged the US 2004 election election for his post.

http://www.youtube.com/v/7WmC4grXdIk [youtube.com]

http://www.house.gov/feeney/ [house.gov]

very interesting video. The computer programmer explains what he was asked to do. He gets stupid at the end though and starts rambling off topic, but I blame that on too much time on Slashdot.

Re:wrong question

I missed the computer programmer. When did he talk? There was a bit about Diebold in the beginning, but nothing about the programming of the machine.

Re:wrong question

...well aware of the "flaws"...

A flaw? Nahh that one is definitively someone's feature.

Re:wrong question

When will the people wake up? I suspect (some) politicians are well aware of the "flaws" found in the system.

The world makes a lot more sense if you assume that at least a few politicians understand things things quite well.

Re:wrong question

One man's "flaw" is another man's "feature". But really, hacking is not a problem if there is a paper trail mechanism in place.

Is it that hard to put a thermal printer behind a glass shield: a voter can view his vote on paper tape. The current record is hidden when the tape is fed-forward for the next voter.

Random spot-checks can ensure that a machine reported same number of e-votes as paper-votes. Say, check 500 machines at random, if they all function correctly, accept the electronic results for the whole country.

Are you serious?

Paper trails are just as susceptible to fraud as electronic systems.

Do you actually believe that or are you just playing devils advocate?

The only measure in which that can be accurate is the binary "Is fraud possible?" measure, any measure which takes into account degree of susceptibility, paper is the hands down winner.. Just for starters, we have experience investigating paper trails. There is physical evidence left behind when a paper trail is tampered with. Tampering with the paper trial necessarily require physical access. The list of ways in which paper is demonstrably superior goes on, and on...

Re:wrong question

"The people who cast the votes decide nothing. The people who count the votes decide everything." -Joseph Stalin

re: the other party

Call me Machiavellian, but I'd wager this goes across party lines. Self interest of those in power to maintain said power. Just as gerrymandering isn't a one party phenomenon, neither is vote-rigging. (1968 democrats, possibly 2000 and 2004 republicans)

Re: the other party

Call me Machiavellian, but I'd wager this goes across party lines. Self interest of those in power to maintain said power. Just as gerrymandering isn't a one party phenomenon, neither is vote-rigging. (1968 democrats, possibly 2000 and 2004 republicans)

1968 Democrats?

If the Democrats rigged the 1968 election, they don't deserve to hold office. Richard Nixon, Republican, won the 1968 election.

Re:When Will Politicians Wake Up?

> If in a population of 300,000,000 only 1,000,000 are capable of understanding how the voting system works, and if only 1,000 people are actually allowed to see how it works, and if there's no verifiable paper trail or any simple and legitimate verification system, then democracy is a farce.

That's not a bug, it's a feature. Using your numbers, that's 1000 government-approved whitew^Wsecurity auditors, and 9,999,000 potential crackers.

Politicians will wake up when President Stallman of the GNU/Hurd Party is sworn in on January 21, 2009, after taking 53% of the votes, against 47% for the OSS Party, led by candidate Eric Raymond. (Raymond credits his near-victory to having a landslide amongst the "Retired CIA/NSA Agents" demographic, on account of his party having "a more intel-friendly acronym" :)

Re:When Will Politicians Wake Up?

You joke, but somebody seriously needs to do this. It's going to be about the only way to get the general public to notice or care.

Re:When Will Politicians Wake Up?

You'd think in this day and age we'd have some idea of how to create a secure voting system.

Of course we do. But you presume that security was a design goal for these machines. I put it to you that this was certainly NOT a design goal of these machines.

There's a reason that Diebold's banking and ATM machines are massively secure and auditable, and their voting machines, well, aren't either of those things.

Re:When Will Politicians Wake Up?

You might want to read this: Fooled Again: How the Right Stole the 2004 Election & Why They'll Steal the Next One Too (Unless We Stop Them) [amazon.com]

Re:When Will Politicians Wake Up?

Yeah, liberals and their damn documented corroborated facts. But they're LIBERAL facts and thus they're not factual.

Re:When Will Politicians Wake Up?

There's a problem- you're basing your argument on reality. And reality has a well know liberal bias. The right wing has been ignoring reality for decades due to that.

Re:When Will Politicians Wake Up?

If he wants to sell an honest analysis he should give the book an honest title.

You can't judge a book by its cover, but I can't waste my time reading every single book out there just to find out whether or not it's been mistitled either.

What about studies from social scientists from UC Berkeley [evoting-experts.com]?

The study found counties with e-voting tended to tilt toward Bush, even after controlling for differences between counties including past voting history, income, percentage of Hispanic voters, voter turnout, and county size.

Then there are peer-reviewed studies [uscountvotes.org] from statisticians and mathematicians which show "Irrefutable Evidence of Vote Miscount" in Ohio's 2004 elections.

Here's an exerpt:


Ohios exit poll discrepancy pattern includes three precincts with virtually impossible outcomes and an
unusually high number of precincts with significant discrepancy.1

Re:When Will Politicians Wake Up?

And can you prove that the scan tron printed was exactly what the voted intended (remember people were confused over the fucking butterfly ballots). Can you also prove that the scantron reported an acurate count for the double check? Can you then prove that the scantron sheets that were sent to be verified are the same ones that made it into the fireproof boxes? Can you then prove that the ones counted from the fireproof boxes are both all of the votes and the same accurate count from the original vote? Finaly, even if you can prove all of that, can you prove the voter voted for the person they wanted to win (again remember the buterfly ballots)?

In short, somewhere along the line, voting requires trust.

Re:When Will Politicians Wake Up?

A) The user gets to see the scantron, it is one that would be designed to be clearly, easily, human readable (it would take a real IDIOT to be unable to line up the damn rows.. have you ever seen a scantron?) - butterfly ballots and scantrons are A LOT different

B) There is a reason why the person casting a ballot gets to SEE and CONFIRM the contents of the scantron before depositing it in the firebox - if it's innaccurate a technician cancels their vote and they revote

C) this problem exists with any paper ballots, and it's is a matter of physical security outside the content of an electronic voting machine discussion - if your system cannot guarauntee this then your system is a fraud and you should just hand your country over to the fascists now [and no, the current US voting regime cannot even gaurantee this in all cases *cough*ohio*cough]

D) See C

E) see A

Butterfly ballots are not a valid analogy for scantrons - a simple correctly printed grid scantron can be read by a 4 year old.

Re:When Will Politicians Wake Up?

Correct Sir, Democracy doesn't work, America's founders realized that and instituted America as a Constitutional Republic. I cringe evertime I hear a politician or judge describe America as a Democracy.

Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote.
-Benjamin Franklin

A democracy is nothing more than mob rule, where fifty-one percent of the people may take away the rights of the other forty-nine.
-Thomas Jefferson

Lever action!

How do all of the other devices made by this company still work? They are not just a voting technology firm, after all.

I attribute most of these errors to poor design, not anything intentional. Personally I like the old fashioned lever machines my district uses. It is very hard to hack those, I hear. Unlike computers and paper cards, you never hear bad things spoken about lever voting machines.

Re:Lever action!

my district switched to electronic from lever based. in 2004, at 715 when i voted on lever machines, there was no line, and just about as many signatures in the book. in 2005, the line was out the door and around the corner at the same time. the person in front of me took 5 minutes to use the electronic machine. people knew how to use the old machines, and they were reliable. these new things take the old people for ever to use, and then they complain that they were hard to read...

Not a bug, but a feature

Electronic voting machines with no paper trail are an insult to democracy. That they come with switches to bypass even the dubious "safeguards" provided is hardly a surprise.

"AccuVote"

a Diebold AccuVote...

At least their marketing department has a sense of humor.

Let's switch to American Idol call-in voting

There are many good reasons to switch to American Idol call-in voting.
1. They still have the electoral college, so it's not like a spam vote will elect the "wrong" candidate.
2. Since the NSA monitors all phone calls, they could track cheaters really easily, compared with this mess we have now.
3. Way more voter participation, you don't have to go anywhere, you just call in with your social or something, etc.

yarrr

Any company with devotion to a fair and secure voting system would not make such an obvious oversight. If it was in fact an oversight, it shows that Diebold is far too incompetent to be creating voting machines. You would also think that a company in charge of something so important wouldn't show blatant partisanship either. Why are they still employed?

Re:yarrr

Diebold is Oceana's voting solution. Diebold has always been Oceana's voting solution.

Bug or Feature?

I thought the biggest flaw was their certification by states for use in actual elections.

What's wrong with paper ballots?

Sorry, I have never seen the point of these machines. Paper ballots are auditable, user friendly, and if electronics is put into the reporting system, can be counted in a few minutes and submitted. Voting machine are a perfect example of a technology fetish at work. It would make an interesting case study to examine the economic and sociological reasones why we sometimes buy technology that we don't need, don't want and further, serves no useful purpose.

Why?

Has anyone answered the question regarding need for automated vote counting in a satisfactory way?

Seems to me that manual counting of votes would be vastly more secure as it would take a huge conspiracy to affect the result either way.

Counting a hundered million votes is hard, counting a thousand votes in a hundered thousand locations is easy.

Physical access ALWAYS means all bets are off.

This article is a little high on the hype. The general rule is that if you have physical access to any computer system you can compromize its security.

Don't you think that a flaw that would allow people to vote multiple times or a flaw in the security by which the voting machine uploads results to the central server or flaws in the central server itself are worse than this.

Gee, we have physical access to the guts of a machine and we can do things to it. I'm not terribly impressed.

If you value your country, you need to be

more aggressive on this issue.

Electronic Voting machines are not a trustworthy technology. They can be made reasonably trustworthy, but only with significant and constant public involvement and oversight. The core element to this happens to be our requirement of anonyminity for our votes. Being unable to link votes to voters means we must then capture the actual votes themselves if we are to be sure the election is just and true.

Roughly 80 percent of Americans will be using these machines in the coming elections. That should scare the tar out of every one of you, regardless of your political bent.

In 2004, this number was about 30 percent and the problems were so great, we really have no assurance our election results actually reflect the will of the American people, whatever that may be.

Think of it this way. Let's say I'm the voting machine counting votes. You tell me what your vote is, and I update my mental count. Can you see that I updated the count correctly? I could report your vote back to you correctly, yet still maintain a different internal count. There is no way to really know is there? That's the problem we face with electronic votes.

The votes are encoded into states stored on devices nobody can directly observe, other than via the proxy of other electronic technology. Essentially, we are voting by proxy when we vote electronically. Without an accounting in the form of a serial voter-verified paper record, or the use of vote storage that is both human and machine readable, we cannot oversee the election results in a manner that brings confidence to the whole affair.

These machines are general purpose computers for the most part. We all know how easily these things are tinkered with because it's what most of us do! Biggest problems are:

-no direct accountability on elections officials to actually hold a just and true election. Technology can and will be blamed for problems, leaving these folks off the hook for failed / unjust elections. Not good. Where the incentive for corruption and manupulation exists, you can bet it's happening. There is too much at stake for it to be otherwise.

-poor understanding of the core technology differences between paper voting and electronic voting. I summarized it above and have a longer, easy to understand, paper here. Mail it to your legislators along with a request for their position on the matter. If you do the mailing, please also do the request. That forces a response, which helps increase the overall perception of the importance of the issue. http://www.opednews.com/dingusDoug_112604_electron ic_voting.htm [opednews.com]

Said poor understanding extends to all of us really, legislators and citizens alike. Too many people consider electronic data processing systems as being better than they actually are. Consider this: If they are so infallable, why do ATM machines deliver receipts? Also, be careful about ATM comparisons. The primary difference between an ATM machine and an electronic voting machine lies in the anonymous nature of voting. ATM transactions are keyed to people, electronic voting records are not --thus the need for a voter-verified paper trail.

What do we need to ask for?

Voter verified paper trails that are human readable, serial in nature and easily handled / processed for recounts. Flimsy, thermal rolls that can discolor from improper storage and or handling won't cut it.

Audits at the precinct level. These can catch abnormalities easily and quickly before too much damage is done. Use the paper record to verify issues and act accordingly.

Strong exit polling. Notice how that is being downplayed now? The reason is simple. In 2004, the exit polls did not jive with the voting records, yet we have been exit polling for a good long time. The differences did not appear in this way until the advent of the electronic machines.

Legislation that reinfo

Tamper seal??

Given taxi meters and electricity meters both have tamper seals, you would have thought that these would have visible tamper seals as well. If in doubt you could even have two tamper seals: one from Diebold and another from the voting commission, in order to ensure that both parties are satisfied with the state of the machine.

Voting in the USA

20 Amazing Facts About Voting in the USA [nightweed.com]

Everyone who says that Diebold is too incompetent to create a secure voting maschine is following the wrong trail.

This is NOT a reason to register absentee

Because absentee voters get a paper ballot that is not only delivered by a trusted source - the US Post Office - who have a verified date/time stamp - and that the ballots can be audited, traced, and verified - now THAT is a reason to register permanent absentee.

Today.

A Depressing Comparison

Here's a depressing comparison, showing the rules surrounding slot machines in Vegas vs. voting machines:

Vegas vs. Electronic Voting Machines [washingtonpost.com]

Slot machine standards are much tighter

The Nevada Gaming Control Board has technical standards for slot machines. [nv.gov] They've had enough fraud over the years that they know what has to be done. Some highlights:

• ... must resist forced illegal entry and must retain evidence of any entry until properly cleared or until a new play is initiated. A gaming device must have a protective cover over the circuit boards that contain programs and circuitry used in the random selection process and control of the gaming device, including any electrically alterable program storage media. The cover must be designed to permit installation of a security locking mechanism by the manufacturer or end user of the gaming device.
• ... must exhibit total immunity to human body electrostatic discharges on all player-exposed areas. ... A gaming device may exhibit temporary disruption when subjected to electrostatic discharges of 20,000 to 27,000 volts DC ... but must exhibit a capacity to recover and complete an interrupted play without loss or corruption of any stored or displayed information and without component failure. ... Gaming device power supply filtering must be sufficient to prevent disruption of the device by repeated switching on and off of the AC power. ... must be impervious to influences from outside the device, including, but not limited to, electro-magnetic interference, electro-static interference, and radio frequency interference.
• All gaming devices which have control programs residing in one or more Conventional ROM Devices must employ a mechanism approved by the chairman to verify control programs and data. The mechanism used must detect at least 99.99 percent of all possible media failures. If these programs and data are to operate out of volatile RAM, the program that loads the RAM must reside on and operate from a Conventional ROM Device.
• All gaming devices having control programs or data stored on memory devices other than Conventional ROM Devices must:
  (a) Employ a mechanism approved by the chairman which verifies that all control program components, including data and graphic information, are authentic copies of the approved components. The chairman may require tests to verify that components used by Nevada licensees are approved components. The verification mechanism must have an error rate of less than 1 in 10 to the 38th power and must prevent the execution of any control program component if any component is determined to be invalid. Any program component of the verification or initialization mechanism must be stored on a Conventional ROM Device that must be capable of being authenticated using a method approved by the chairman.

  (b) Employ a mechanism approved by the chairman which tests unused or unallocated areas of any alterable media for unintended programs or data and tests the structure of the storage media for integrity. The mechanism must prevent further play of the gaming device if unexpected data or structural inconsistencies are found.
  (c) Provide a mechanism for keeping a record, in a form approved by the chairman, anytime a control program component is added, removed, or altered on any alterable media. The record must contain a minimum of the last 10 modifications to the media and each record must contain the date and time of the action, identification of the component affected, the reason for the modification and any pertinent validation information.
  (d) Provide, as a minimum, a two-stage mechanism for validating all program components on demand via a communication port and protocol approved by the chairman. The first stage of this mechanism must verify all control components. The second stage must be capable of completely authenticating all program components, including graphics and data components in a maximum of 20 minutes. The mechanism for extracting the authentication information must be stored on a Con

Re:About the only way they'll ever "fix" these thi

Not so sure about that. Here in Maryland, our (Republican) governor budgeted $20,000,000 to allow us to use paper ballots instead of the Diebold crap -- and he was shot down by our State Senate (democrat)and prinicpally by our State Administrator of Elections, who claimed that going back to old-style ballots would "stifle development."

I'm sure you can find the parties flip-flopped in other states. The point is that if a) people actually gave a shit and b) people really understood the issue instead of blindly assuming "computer = good, paper = bad," any cronyist jackass who supported Diebold would get booted stratight out of office next election -- assuming their evil scheme hadn't yet been implemented. ;-)

Re:democracy

The difference is that with a paper voting system there are a lot of participants. For election fraud you need very many persons to know and participate.
With electronic systems, it is possible to modify something in the sofware with only very few people knowing and participating, and still have influence on the end result.

It is of course much easier to have 3-10 persons work with you, than 10.000

Re:Diebold lobbied slashdot...

These are not flaws, this is intentional and is part of the process of how the criminals in the white house got there and are able to stay there. Democracy ended in this country over 6 years ago.

Re:Diebold lobbied slashdot...

Your number is a bit low. It's more likely Democracy ended when the people running the country stopped being called "Statesmen" and became "Politicians".

BTW: The mod war on the above post should prove interesting.

Re:Diebold lobbied slashdot...

I got another one you'll love:

Q: Does it run Linux?
A: It does now!

Re:Diebold lobbied slashdot...

I think the real question is: How long can I play TUX Racer off of a bootable flash card before the voting officials figure out that something is up?

Re:Diebold lobbied slashdot...

I beg to differ. I belive this is the worst security flaw yet:

http://video.google.com/videoplay?docid=8112825559 202389150&q=hacking+the+vote [google.com]