Stories
Slash Boxes
Comments

News for nerds, stuff that matters

Worst Ever Security Flaw in Diebold Voting Machine

Posted by timothy on Mon Jul 31, 2006 12:25 PM
from the oh-but-that's-a-feature dept.
WhiteDragon writes "The folks at Open Voting Foundation got their hands on a Diebold AccuVote TS touchscreen voting machine. They took it apart (pictures here), and found the most serious security flaw ever discovered in this machine. A single switch is all that is required to cause the machine to boot an unverified external flash instead of the built-in, verified EEPROM."

Related Stories

[+] Backslash: Voting Isn't Easy, Even if Cheating Is 260 comments
The Open Voting Foundation's disclsosure that only one switch need be flipped to allow the machine to boot from an unverified external flash drive instead of the built-in, verified EEPROM drew more than 600 comments; some of the most interesting ones are below, in today's Backslash story summary.
[+] US Voting Machines Standards Open To Public 115 comments
Online Voting writes "The U.S. Election Assistance Commission has published new voting systems testing and certification standards for 190 days of public comment. For all the critics of electronic voting, this is your opportunity to improve the process. This will be the second version of the federal voting system standards (the first version is the VVSG 05). To learn more about these Voluntary Voting System Standards see this FAQ."
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Worst Ever Security Flaw in Diebold Voting Machine 50 Comments More | Login /

 Full
 Abbreviated
 Hidden
More | Login
Keybindings Beta
Q W E
A S D
Loading ... Please wait.
  • When Will Politicians Wake Up? (Score:5, Insightful)

    by telbij (465356) * on Monday July 31 2006, @12:26PM (#15818423)
    You'd think in this day and age we'd have some idea of how to create a secure voting system. Unfortunately it doesn't seem like much of a concern to the politicians. They assume computers are more secure than paper because they don't understand them. Nevermind all the computer scientists warning about the pitfalls of electronic voting. Let's just trust this Diebold sales guy over here! We know he's telling the truth because of the billion dollar contract!

    Here's a hint for politicians: If in a population of 300,000,000 only 1,000,000 are capable of understanding how the voting system works, and if only 1,000 people are actually allowed to see how it works, and if there's no verifiable paper trail or any simple and legitimate verification system, then democracy is a farce.
    • wrong question (Score:5, Insightful)

      by BitterAndDrunk (799378) on Monday July 31 2006, @12:28PM (#15818438) Homepage
      When will the people wake up? I suspect (some) politicians are well aware of the "flaws" found in the system.
      [ Parent ]
      • Re:wrong question (Score:5, Insightful)

        by oyenstikker (536040) <slashdot.sbyrne@org> on Monday July 31 2006, @12:38PM (#15818544) Homepage
        Not until after the people wake up.
        [ Parent ]
      • Re:wrong question (Score:5, Insightful)

        by telbij (465356) * on Monday July 31 2006, @12:42PM (#15818590)
        When will the people wake up? I suspect (some) politicians are well aware of the "flaws" found in the system.


        Good point. I guess I figured the one thing politicians should know something about is voting. If it's up to the people then we're pretty much doomed, because the American people don't know and don't care about politics. At this point we're so swamped between work and entertainment that the only way to generate political awareness is if it becomes a fad like it did in the Vietnam era. Either that or a lot more Katrina-style disasters to destroy people's television sets.
        [ Parent ]
        • Re:wrong question (Score:5, Funny)

          by Thuktun (221615) on Monday July 31 2006, @02:15PM (#15819533) Homepage Journal
          Either that or a lot more Katrina-style disasters to destroy people's television sets.

          That "Hurricane Katrina" was a pretty popular reality show. It got coverage on multiple networks and got pretty good ratings. That "Bring 'Em On!" guy even had a guest appearance.

          I wonder if there will be a new season of it this fall?
          [ Parent ]
      • Re:wrong question (Score:5, Informative)

        by 955301 (209856) on Monday July 31 2006, @12:48PM (#15818650) Journal
        you suspected correctly. The current rep, Tom Feeney, representing South Florida rigged the US 2004 election election for his post.

        http://www.youtube.com/v/7WmC4grXdIk [youtube.com]

        http://www.house.gov/feeney/ [house.gov]

        very interesting video. The computer programmer explains what he was asked to do. He gets stupid at the end though and starts rambling off topic, but I blame that on too much time on Slashdot.

        [ Parent ]
        • Re:wrong question (Score:5, Interesting)

          by idesofmarch (730937) on Monday July 31 2006, @01:50PM (#15819292)
          I missed the computer programmer. When did he talk? There was a bit about Diebold in the beginning, but nothing about the programming of the machine.
          [ Parent ]
      • Re:wrong question (Score:5, Funny)

        by ArcticCelt (660351) on Monday July 31 2006, @01:00PM (#15818767)
        ...well aware of the "flaws"...

        A flaw? Nahh that one is definitively someone's feature.

        [ Parent ]
      • Re:wrong question (Score:5, Insightful)

        by Y2 (733949) on Monday July 31 2006, @01:10PM (#15818867)
        When will the people wake up? I suspect (some) politicians are well aware of the "flaws" found in the system.

        The world makes a lot more sense if you assume that at least a few politicians understand things things quite well.

        [ Parent ]
      • Re:wrong question (Score:5, Insightful)

        by megaditto (982598) on Monday July 31 2006, @01:11PM (#15818877)
        One man's "flaw" is another man's "feature". But really, hacking is not a problem if there is a paper trail mechanism in place.

        Is it that hard to put a thermal printer behind a glass shield: a voter can view his vote on paper tape. The current record is hidden when the tape is fed-forward for the next voter.

        Random spot-checks can ensure that a machine reported same number of e-votes as paper-votes. Say, check 500 machines at random, if they all function correctly, accept the electronic results for the whole country.
        [ Parent ]
          • Are you serious? (Score:5, Insightful)

            by TamMan2000 (578899) on Monday July 31 2006, @02:42PM (#15819784) Journal
            Paper trails are just as susceptible to fraud as electronic systems.

            Do you actually believe that or are you just playing devils advocate?

            The only measure in which that can be accurate is the binary "Is fraud possible?" measure, any measure which takes into account degree of susceptibility, paper is the hands down winner.. Just for starters, we have experience investigating paper trails. There is physical evidence left behind when a paper trail is tampered with. Tampering with the paper trial necessarily require physical access. The list of ways in which paper is demonstrably superior goes on, and on...
            [ Parent ]
      • Re:wrong question (Score:5, Insightful)

        by vertinox (846076) on Monday July 31 2006, @01:33PM (#15819114) Homepage
        "The people who cast the votes decide nothing. The people who count the votes decide everything." -Joseph Stalin
        [ Parent ]
        • re: the other party (Score:5, Interesting)

          by BitterAndDrunk (799378) on Monday July 31 2006, @01:13PM (#15818893) Homepage
          Call me Machiavellian, but I'd wager this goes across party lines. Self interest of those in power to maintain said power. Just as gerrymandering isn't a one party phenomenon, neither is vote-rigging. (1968 democrats, possibly 2000 and 2004 republicans)
          [ Parent ]
          • Re: the other party (Score:5, Insightful)

            by scheming daemons (101928) on Monday July 31 2006, @02:07PM (#15819468)
            Call me Machiavellian, but I'd wager this goes across party lines. Self interest of those in power to maintain said power. Just as gerrymandering isn't a one party phenomenon, neither is vote-rigging. (1968 democrats, possibly 2000 and 2004 republicans)

            1968 Democrats?

            If the Democrats rigged the 1968 election, they don't deserve to hold office. Richard Nixon, Republican, won the 1968 election.

            [ Parent ]
    • by Tackhead (54550) on Monday July 31 2006, @12:36PM (#15818519)
      > If in a population of 300,000,000 only 1,000,000 are capable of understanding how the voting system works, and if only 1,000 people are actually allowed to see how it works, and if there's no verifiable paper trail or any simple and legitimate verification system, then democracy is a farce.

      That's not a bug, it's a feature. Using your numbers, that's 1000 government-approved whitew^Wsecurity auditors, and 9,999,000 potential crackers.

      Politicians will wake up when President Stallman of the GNU/Hurd Party is sworn in on January 21, 2009, after taking 53% of the votes, against 47% for the OSS Party, led by candidate Eric Raymond. (Raymond credits his near-victory to having a landslide amongst the "Retired CIA/NSA Agents" demographic, on account of his party having "a more intel-friendly acronym" :)

      [ Parent ]
    • Re:When Will Politicians Wake Up? (Score:5, Insightful)

      by SpryGuy (206254) on Monday July 31 2006, @12:45PM (#15818615)
      You'd think in this day and age we'd have some idea of how to create a secure voting system.

      Of course we do. But you presume that security was a design goal for these machines. I put it to you that this was certainly NOT a design goal of these machines.

      There's a reason that Diebold's banking and ATM machines are massively secure and auditable, and their voting machines, well, aren't either of those things.

      [ Parent ]
        • Re:When Will Politicians Wake Up? (Score:5, Insightful)

          by MoneyT (548795) on Monday July 31 2006, @01:05PM (#15818813) Journal
          And can you prove that the scan tron printed was exactly what the voted intended (remember people were confused over the fucking butterfly ballots). Can you also prove that the scantron reported an acurate count for the double check? Can you then prove that the scantron sheets that were sent to be verified are the same ones that made it into the fireproof boxes? Can you then prove that the ones counted from the fireproof boxes are both all of the votes and the same accurate count from the original vote? Finaly, even if you can prove all of that, can you prove the voter voted for the person they wanted to win (again remember the buterfly ballots)?

          In short, somewhere along the line, voting requires trust.
          [ Parent ]
          • Re:When Will Politicians Wake Up? (Score:5, Insightful)

            by LordKazan (558383) on Monday July 31 2006, @01:22PM (#15818989) Homepage Journal
            A) The user gets to see the scantron, it is one that would be designed to be clearly, easily, human readable (it would take a real IDIOT to be unable to line up the damn rows.. have you ever seen a scantron?) - butterfly ballots and scantrons are A LOT different

            B) There is a reason why the person casting a ballot gets to SEE and CONFIRM the contents of the scantron before depositing it in the firebox - if it's innaccurate a technician cancels their vote and they revote

            C) this problem exists with any paper ballots, and it's is a matter of physical security outside the content of an electronic voting machine discussion - if your system cannot guarauntee this then your system is a fraud and you should just hand your country over to the fascists now [and no, the current US voting regime cannot even gaurantee this in all cases *cough*ohio*cough]

            D) See C

            E) see A

            Butterfly ballots are not a valid analogy for scantrons - a simple correctly printed grid scantron can be read by a 4 year old.
            [ Parent ]
      • Correct Sir, Democracy doesn't work, America's founders realized that and instituted America as a Constitutional Republic. I cringe evertime I hear a politician or judge describe America as a Democracy.
        Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote.
        -Benjamin Franklin
        A democracy is nothing more than mob rule, where fifty-one percent of the people may take away the rights of the other forty-nine.
        -Thomas Jefferson
        [ Parent ]
  • Lever action! (Score:5, Insightful)

    by andrewman327 (635952) on Monday July 31 2006, @12:28PM (#15818433) Homepage Journal
    How do all of the other devices made by this company still work? They are not just a voting technology firm, after all.


    I attribute most of these errors to poor design, not anything intentional. Personally I like the old fashioned lever machines my district uses. It is very hard to hack those, I hear. Unlike computers and paper cards, you never hear bad things spoken about lever voting machines.

    • Re:Lever action! (Score:5, Interesting)

      by markwalling (863035) <markwalling@gmail.com> on Monday July 31 2006, @12:33PM (#15818485)
      my district switched to electronic from lever based. in 2004, at 715 when i voted on lever machines, there was no line, and just about as many signatures in the book. in 2005, the line was out the door and around the corner at the same time. the person in front of me took 5 minutes to use the electronic machine. people knew how to use the old machines, and they were reliable. these new things take the old people for ever to use, and then they complain that they were hard to read...
      [ Parent ]
  • Not a bug, but a feature (Score:5, Insightful)

    Electronic voting machines with no paper trail are an insult to democracy. That they come with switches to bypass even the dubious "safeguards" provided is hardly a surprise.
  • "AccuVote" (Score:5, Funny)

    by truthsearch (249536) on Monday July 31 2006, @12:28PM (#15818437) Homepage Journal
    a Diebold AccuVote...

    At least their marketing department has a sense of humor.
  • There are many good reasons to switch to American Idol call-in voting.
    1. They still have the electoral college, so it's not like a spam vote will elect the "wrong" candidate.
    2. Since the NSA monitors all phone calls, they could track cheaters really easily, compared with this mess we have now.
    3. Way more voter participation, you don't have to go anywhere, you just call in with your social or something, etc.
  • yarrr (Score:5, Insightful)

    by not already in use (972294) on Monday July 31 2006, @12:36PM (#15818513)
    Any company with devotion to a fair and secure voting system would not make such an obvious oversight. If it was in fact an oversight, it shows that Diebold is far too incompetent to be creating voting machines. You would also think that a company in charge of something so important wouldn't show blatant partisanship either. Why are they still employed?
  • Bug or Feature? (Score:5, Insightful)

    by Doc Ruby (173196) on Monday July 31 2006, @12:39PM (#15818551) Homepage Journal
    I thought the biggest flaw was their certification by states for use in actual elections.
  • What's wrong with paper ballots? (Score:5, Insightful)

    by slofstra (905666) on Monday July 31 2006, @12:43PM (#15818593) Homepage
    Sorry, I have never seen the point of these machines. Paper ballots are auditable, user friendly, and if electronics is put into the reporting system, can be counted in a few minutes and submitted. Voting machine are a perfect example of a technology fetish at work. It would make an interesting case study to examine the economic and sociological reasones why we sometimes buy technology that we don't need, don't want and further, serves no useful purpose.
  • Why? (Score:5, Insightful)

    by Iamthefallen (523816) * <Gmail name: Iamthefallen> on Monday July 31 2006, @12:43PM (#15818594) Homepage Journal
    Has anyone answered the question regarding need for automated vote counting in a satisfactory way?

    Seems to me that manual counting of votes would be vastly more secure as it would take a huge conspiracy to affect the result either way.

    Counting a hundered million votes is hard, counting a thousand votes in a hundered thousand locations is easy.

  • by Anonymous Coward on Monday July 31 2006, @12:43PM (#15818600)
    This article is a little high on the hype. The general rule is that if you have physical access to any computer system you can compromize its security.

    Don't you think that a flaw that would allow people to vote multiple times or a flaw in the security by which the voting machine uploads results to the central server or flaws in the central server itself are worse than this.

    Gee, we have physical access to the guts of a machine and we can do things to it. I'm not terribly impressed.

  • more aggressive on this issue.

    Electronic Voting machines are not a trustworthy technology. They can be made reasonably trustworthy, but only with significant and constant public involvement and oversight. The core element to this happens to be our requirement of anonyminity for our votes. Being unable to link votes to voters means we must then capture the actual votes themselves if we are to be sure the election is just and true.

    Roughly 80 percent of Americans will be using these machines in the coming elections. That should scare the tar out of every one of you, regardless of your political bent.

    In 2004, this number was about 30 percent and the problems were so great, we really have no assurance our election results actually reflect the will of the American people, whatever that may be.

    Think of it this way. Let's say I'm the voting machine counting votes. You tell me what your vote is, and I update my mental count. Can you see that I updated the count correctly? I could report your vote back to you correctly, yet still maintain a different internal count. There is no way to really know is there? That's the problem we face with electronic votes.

    The votes are encoded into states stored on devices nobody can directly observe, other than via the proxy of other electronic technology. Essentially, we are voting by proxy when we vote electronically. Without an accounting in the form of a serial voter-verified paper record, or the use of vote storage that is both human and machine readable, we cannot oversee the election results in a manner that brings confidence to the whole affair.

    These machines are general purpose computers for the most part. We all know how easily these things are tinkered with because it's what most of us do! Biggest problems are:

    -no direct accountability on elections officials to actually hold a just and true election. Technology can and will be blamed for problems, leaving these folks off the hook for failed / unjust elections. Not good. Where the incentive for corruption and manupulation exists, you can bet it's happening. There is too much at stake for it to be otherwise.

    -poor understanding of the core technology differences between paper voting and electronic voting. I summarized it above and have a longer, easy to understand, paper here. Mail it to your legislators along with a request for their position on the matter. If you do the mailing, please also do the request. That forces a response, which helps increase the overall perception of the importance of the issue. http://www.opednews.com/dingusDoug_112604_electron ic_voting.htm [opednews.com]

    Said poor understanding extends to all of us really, legislators and citizens alike. Too many people consider electronic data processing systems as being better than they actually are. Consider this: If they are so infallable, why do ATM machines deliver receipts? Also, be careful about ATM comparisons. The primary difference between an ATM machine and an electronic voting machine lies in the anonymous nature of voting. ATM transactions are keyed to people, electronic voting records are not --thus the need for a voter-verified paper trail.

    What do we need to ask for?

    Voter verified paper trails that are human readable, serial in nature and easily handled / processed for recounts. Flimsy, thermal rolls that can discolor from improper storage and or handling won't cut it.

    Audits at the precinct level. These can catch abnormalities easily and quickly before too much damage is done. Use the paper record to verify issues and act accordingly.

    Strong exit polling. Notice how that is being downplayed now? The reason is simple. In 2004, the exit polls did not jive with the voting records, yet we have been exit polling for a good long time. The differences did not appear in this way until the advent of the electronic machines.

    Legislation that reinfo
  • Tamper seal?? (Score:5, Insightful)

    by Midnight Thunder (17205) on Monday July 31 2006, @12:54PM (#15818707) Homepage Journal
    Given taxi meters and electricity meters both have tamper seals, you would have thought that these would have visible tamper seals as well. If in doubt you could even have two tamper seals: one from Diebold and another from the voting commission, in order to ensure that both parties are satisfied with the state of the machine.
  • Voting in the USA (Score:5, Informative)

    20 Amazing Facts About Voting in the USA [nightweed.com]

    Everyone who says that Diebold is too incompetent to create a secure voting maschine is following the wrong trail.
  • by WillAffleckUW (858324) on Monday July 31 2006, @01:32PM (#15819102) Homepage Journal
    Because absentee voters get a paper ballot that is not only delivered by a trusted source - the US Post Office - who have a verified date/time stamp - and that the ballots can be audited, traced, and verified - now THAT is a reason to register permanent absentee.

    Today.
  • A Depressing Comparison (Score:5, Insightful)

    by PunkXRock (512777) on Monday July 31 2006, @01:48PM (#15819274) Homepage Journal
    Here's a depressing comparison, showing the rules surrounding slot machines in Vegas vs. voting machines:

    Vegas vs. Electronic Voting Machines [washingtonpost.com]
  • by Animats (122034) on Monday July 31 2006, @02:35PM (#15819725) Homepage

    The Nevada Gaming Control Board has technical standards for slot machines. [nv.gov] They've had enough fraud over the years that they know what has to be done. Some highlights:

    • ... must resist forced illegal entry and must retain evidence of any entry until properly cleared or until a new play is initiated. A gaming device must have a protective cover over the circuit boards that contain programs and circuitry used in the random selection process and control of the gaming device, including any electrically alterable program storage media. The cover must be designed to permit installation of a security locking mechanism by the manufacturer or end user of the gaming device.
    • ... must exhibit total immunity to human body electrostatic discharges on all player-exposed areas. ... A gaming device may exhibit temporary disruption when subjected to electrostatic discharges of 20,000 to 27,000 volts DC ... but must exhibit a capacity to recover and complete an interrupted play without loss or corruption of any stored or displayed information and without component failure. ... Gaming device power supply filtering must be sufficient to prevent disruption of the device by repeated switching on and off of the AC power. ... must be impervious to influences from outside the device, including, but not limited to, electro-magnetic interference, electro-static interference, and radio frequency interference.
    • All gaming devices which have control programs residing in one or more Conventional ROM Devices must employ a mechanism approved by the chairman to verify control programs and data. The mechanism used must detect at least 99.99 percent of all possible media failures. If these programs and data are to operate out of volatile RAM, the program that loads the RAM must reside on and operate from a Conventional ROM Device.
    • All gaming devices having control programs or data stored on memory devices other than Conventional ROM Devices must:
      (a) Employ a mechanism approved by the chairman which verifies that all control program components, including data and graphic information, are authentic copies of the approved components. The chairman may require tests to verify that components used by Nevada licensees are approved components. The verification mechanism must have an error rate of less than 1 in 10 to the 38th power and must prevent the execution of any control program component if any component is determined to be invalid. Any program component of the verification or initialization mechanism must be stored on a Conventional ROM Device that must be capable of being authenticated using a method approved by the chairman.

      (b) Employ a mechanism approved by the chairman which tests unused or unallocated areas of any alterable media for unintended programs or data and tests the structure of the storage media for integrity. The mechanism must prevent further play of the gaming device if unexpected data or structural inconsistencies are found.
      (c) Provide a mechanism for keeping a record, in a form approved by the chairman, anytime a control program component is added, removed, or altered on any alterable media. The record must contain a minimum of the last 10 modifications to the media and each record must contain the date and time of the action, identification of the component affected, the reason for the modification and any pertinent validation information.
      (d) Provide, as a minimum, a two-stage mechanism for validating all program components on demand via a communication port and protocol approved by the chairman. The first stage of this mechanism must verify all control components. The second stage must be capable of completely authenticating all program components, including graphics and data components in a maximum of 20 minutes. The mechanism for extracting the authentication information must be stored on a Con

    • by PeeAitchPee (712652) on Monday July 31 2006, @12:49PM (#15818658) Homepage

      Not so sure about that. Here in Maryland, our (Republican) governor budgeted $20,000,000 to allow us to use paper ballots instead of the Diebold crap -- and he was shot down by our State Senate (democrat)and prinicpally by our State Administrator of Elections, who claimed that going back to old-style ballots would "stifle development."

      I'm sure you can find the parties flip-flopped in other states. The point is that if a) people actually gave a shit and b) people really understood the issue instead of blindly assuming "computer = good, paper = bad," any cronyist jackass who supported Diebold would get booted stratight out of office next election -- assuming their evil scheme hadn't yet been implemented. ;-)

      [ Parent ]
    • Re:democracy (Score:5, Insightful)

      by pe1chl (90186) on Monday July 31 2006, @01:01PM (#15818780)
      The difference is that with a paper voting system there are a lot of participants. For election fraud you need very many persons to know and participate.
      With electronic systems, it is possible to modify something in the sofware with only very few people knowing and participating, and still have influence on the end result.

      It is of course much easier to have 3-10 persons work with you, than 10.000
      [ Parent ]