Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Worst Ever Security Flaw in Diebold Voting Machine

Posted by timothy on Mon Jul 31, 2006 01:25 PM
from the oh-but-that's-a-feature dept.
Government Security United States Politics
WhiteDragon writes "The folks at Open Voting Foundation got their hands on a Diebold AccuVote TS touchscreen voting machine. They took it apart (pictures here), and found the most serious security flaw ever discovered in this machine. A single switch is all that is required to cause the machine to boot an unverified external flash instead of the built-in, verified EEPROM."
+ -
story

Related Stories

[+] Backslash: Voting Isn't Easy, Even if Cheating Is 260 comments
The Open Voting Foundation's disclsosure that only one switch need be flipped to allow the machine to boot from an unverified external flash drive instead of the built-in, verified EEPROM drew more than 600 comments; some of the most interesting ones are below, in today's Backslash story summary.
[+] News: US Voting Machines Standards Open To Public 115 comments
Online Voting writes "The U.S. Election Assistance Commission has published new voting systems testing and certification standards for 190 days of public comment. For all the critics of electronic voting, this is your opportunity to improve the process. This will be the second version of the federal voting system standards (the first version is the VVSG 05). To learn more about these Voluntary Voting System Standards see this FAQ."
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Worst Ever Security Flaw in Diebold Voting Machine 25 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • When Will Politicians Wake Up? (Score:5, Insightful)

    by telbij (465356) * on Monday July 31 2006, @01:26PM (#15818423)
    You'd think in this day and age we'd have some idea of how to create a secure voting system. Unfortunately it doesn't seem like much of a concern to the politicians. They assume computers are more secure than paper because they don't understand them. Nevermind all the computer scientists warning about the pitfalls of electronic voting. Let's just trust this Diebold sales guy over here! We know he's telling the truth because of the billion dollar contract!

    Here's a hint for politicians: If in a population of 300,000,000 only 1,000,000 are capable of understanding how the voting system works, and if only 1,000 people are actually allowed to see how it works, and if there's no verifiable paper trail or any simple and legitimate verification system, then democracy is a farce.

  • Lever action! (Score:5, Insightful)

    by andrewman327 (635952) on Monday July 31 2006, @01:28PM (#15818433) Homepage Journal
    How do all of the other devices made by this company still work? They are not just a voting technology firm, after all.


    I attribute most of these errors to poor design, not anything intentional. Personally I like the old fashioned lever machines my district uses. It is very hard to hack those, I hear. Unlike computers and paper cards, you never hear bad things spoken about lever voting machines.

    • Re:Lever action! (Score:5, Interesting)

      by markwalling (863035) <mark-slashdot@markwalling.org> on Monday July 31 2006, @01:33PM (#15818485) Homepage
      my district switched to electronic from lever based. in 2004, at 715 when i voted on lever machines, there was no line, and just about as many signatures in the book. in 2005, the line was out the door and around the corner at the same time. the person in front of me took 5 minutes to use the electronic machine. people knew how to use the old machines, and they were reliable. these new things take the old people for ever to use, and then they complain that they were hard to read...
  • Electronic voting machines with no paper trail are an insult to democracy. That they come with switches to bypass even the dubious "safeguards" provided is hardly a surprise.

  • "AccuVote" (Score:5, Funny)

    by truthsearch (249536) on Monday July 31 2006, @01:28PM (#15818437) Homepage Journal
    a Diebold AccuVote...

    At least their marketing department has a sense of humor.
  • There are many good reasons to switch to American Idol call-in voting.
    1. They still have the electoral college, so it's not like a spam vote will elect the "wrong" candidate.
    2. Since the NSA monitors all phone calls, they could track cheaters really easily, compared with this mess we have now.
    3. Way more voter participation, you don't have to go anywhere, you just call in with your social or something, etc.

  • yarrr (Score:5, Insightful)

    by not already in use (972294) on Monday July 31 2006, @01:36PM (#15818513)
    Any company with devotion to a fair and secure voting system would not make such an obvious oversight. If it was in fact an oversight, it shows that Diebold is far too incompetent to be creating voting machines. You would also think that a company in charge of something so important wouldn't show blatant partisanship either. Why are they still employed?

  • Bug or Feature? (Score:5, Insightful)

    by Doc Ruby (173196) on Monday July 31 2006, @01:39PM (#15818551) Homepage Journal
    I thought the biggest flaw was their certification by states for use in actual elections.

  • What's wrong with paper ballots? (Score:5, Insightful)

    by slofstra (905666) on Monday July 31 2006, @01:43PM (#15818593) Homepage
    Sorry, I have never seen the point of these machines. Paper ballots are auditable, user friendly, and if electronics is put into the reporting system, can be counted in a few minutes and submitted. Voting machine are a perfect example of a technology fetish at work. It would make an interesting case study to examine the economic and sociological reasones why we sometimes buy technology that we don't need, don't want and further, serves no useful purpose.

  • Why? (Score:5, Insightful)

    by Iamthefallen (523816) * <Gmail name: Iamthefallen> on Monday July 31 2006, @01:43PM (#15818594) Homepage Journal
    Has anyone answered the question regarding need for automated vote counting in a satisfactory way?

    Seems to me that manual counting of votes would be vastly more secure as it would take a huge conspiracy to affect the result either way.

    Counting a hundered million votes is hard, counting a thousand votes in a hundered thousand locations is easy.

  • Physical access ALWAYS means all bets are off. (Score:5, Insightful)

    by Anonymous Coward on Monday July 31 2006, @01:43PM (#15818600)
    This article is a little high on the hype. The general rule is that if you have physical access to any computer system you can compromize its security.

    Don't you think that a flaw that would allow people to vote multiple times or a flaw in the security by which the voting machine uploads results to the central server or flaws in the central server itself are worse than this.

    Gee, we have physical access to the guts of a machine and we can do things to it. I'm not terribly impressed.

  • more aggressive on this issue.

    Electronic Voting machines are not a trustworthy technology. They can be made reasonably trustworthy, but only with significant and constant public involvement and oversight. The core element to this happens to be our requirement of anonyminity for our votes. Being unable to link votes to voters means we must then capture the actual votes themselves if we are to be sure the election is just and true.

    Roughly 80 percent of Americans will be using these machines in the coming elections. That should scare the tar out of every one of you, regardless of your political bent.

    In 2004, this number was about 30 percent and the problems were so great, we really have no assurance our election results actually reflect the will of the American people, whatever that may be.

    Think of it this way. Let's say I'm the voting machine counting votes. You tell me what your vote is, and I update my mental count. Can you see that I updated the count correctly? I could report your vote back to you correctly, yet still maintain a different internal count. There is no way to really know is there? That's the problem we face with electronic votes.

    The votes are encoded into states stored on devices nobody can directly observe, other than via the proxy of other electronic technology. Essentially, we are voting by proxy when we vote electronically. Without an accounting in the form of a serial voter-verified paper record, or the use of vote storage that is both human and machine readable, we cannot oversee the election results in a manner that brings confidence to the whole affair.

    These machines are general purpose computers for the most part. We all know how easily these things are tinkered with because it's what most of us do! Biggest problems are:

    -no direct accountability on elections officials to actually hold a just and true election. Technology can and will be blamed for problems, leaving these folks off the hook for failed / unjust elections. Not good. Where the incentive for corruption and manupulation exists, you can bet it's happening. There is too much at stake for it to be otherwise.

    -poor understanding of the core technology differences between paper voting and electronic voting. I summarized it above and have a longer, easy to understand, paper here. Mail it to your legislators along with a request for their position on the matter. If you do the mailing, please also do the request. That forces a response, which helps increase the overall perception of the importance of the issue. http://www.opednews.com/dingusDoug_112604_electron ic_voting.htm [opednews.com]

    Said poor understanding extends to all of us really, legislators and citizens alike. Too many people consider electronic data processing systems as being better than they actually are. Consider this: If they are so infallable, why do ATM machines deliver receipts? Also, be careful about ATM comparisons. The primary difference between an ATM machine and an electronic voting machine lies in the anonymous nature of voting. ATM transactions are keyed to people, electronic voting records are not --thus the need for a voter-verified paper trail.

    What do we need to ask for?

    Voter verified paper trails that are human readable, serial in nature and easily handled / processed for recounts. Flimsy, thermal rolls that can discolor from improper storage and or handling won't cut it.

    Audits at the precinct level. These can catch abnormalities easily and quickly before too much damage is done. Use the paper record to verify issues and act accordingly.

    Strong exit polling. Notice how that is being downplayed now? The reason is simple. In 2004, the exit polls did not jive with the voting records, yet we have been exit polling for a good long time. The differences did not appear in this way until the advent of the electronic machines.

    Legislation that reinfo

  • Tamper seal?? (Score:5, Insightful)

    by Midnight Thunder (17205) on Monday July 31 2006, @01:54PM (#15818707) Homepage Journal
    Given taxi meters and electricity meters both have tamper seals, you would have thought that these would have visible tamper seals as well. If in doubt you could even have two tamper seals: one from Diebold and another from the voting commission, in order to ensure that both parties are satisfied with the state of the machine.

  • Voting in the USA (Score:5, Informative)

    by slashflood (697891) <<flow> <at> <howflow.com>> on Monday July 31 2006, @02:01PM (#15818773) Homepage Journal
    20 Amazing Facts About Voting in the USA [nightweed.com]

    Everyone who says that Diebold is too incompetent to create a secure voting maschine is following the wrong trail.

    • Re:About the only way they'll ever "fix" these thi (Score:5, Interesting)

      by PeeAitchPee (712652) on Monday July 31 2006, @01:49PM (#15818658)

      Not so sure about that. Here in Maryland, our (Republican) governor budgeted $20,000,000 to allow us to use paper ballots instead of the Diebold crap -- and he was shot down by our State Senate (democrat)and prinicpally by our State Administrator of Elections, who claimed that going back to old-style ballots would "stifle development."

      I'm sure you can find the parties flip-flopped in other states. The point is that if a) people actually gave a shit and b) people really understood the issue instead of blindly assuming "computer = good, paper = bad," any cronyist jackass who supported Diebold would get booted stratight out of office next election -- assuming their evil scheme hadn't yet been implemented. ;-)

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.