Posted on 07/26/2003 2:22:10 AM PDT by kattracks
BALTIMORE (AP) — The manufacturer of an electronic voting system criticized in a new study as being vulnerable to fraud defended its product Friday, saying the researchers reached faulty conclusions because they had several technical misunderstandings.
Diebold Election Systems said computer security experts at Johns Hopkins University in Baltimore reached their conclusions by using outdated computer code for its touchscreen software. The company also said the researchers ran the software on a device on which it was not designed to work.
In addition, Diebold said many of the weaknesses attributed to the operating system on which the software was tested are inapplicable to the operating system used by the North Canton, Ohio-based company.
Last year, about 33,000 Diebold voting stations were used in elections in Maryland, Georgia, California, Kansas and other locations.
Avi Rubin, the lead researcher on the report for Johns Hopkins' Information Security Institute, stood by the study, which was released Thursday. But he added that the researchers had used a version of the code posted anonymously earlier this year on the Internet to analyze the system.
Rubin, the institute's technical director and an associate professor of computer science, described the code he examined as designed by "the neighborhood corner baseball team as opposed to the major leagues. And for something like this, you really need the major leagues."
Rubin said he wants Diebold to release the code currently used in the system so his group can examine it, but company president Tom Swidarski said that is proprietary information.
Swidarski said the researchers failed to grasp the complexities of the operation.
"The whole processing — the auditing, the security of this — it's complex, it's extensive, it's multilayered, and unless you're involved in the election process, I never heard any of that even mentioned."
Swidarski said elections officials at federal and state levels subjected the system to more rigorous tests than the Johns Hopkins team, which spent less than a month analyzing the code.
The study released Thursday concluded the system was vulnerable to unscrupulous voters as well as "insiders such as poll workers, software developers and even janitors."
The researchers were critical of the system's "smart cards," given to voters to ensure each casts only one ballot. The researchers said voters could cast multiple votes using counterfeit cards.
The company said voting booths were not "enclosed structures the researchers may be used to," and that it would be difficult to use phony cards with elections officials nearby.
___
On the Net:
Johns Hopkins Information Security Institute:
Diebold Election Systems:
The card has a stub; on the card and on the stub, are the same, unique bar code with serial number. (Card readers search for the votes on the card and the bar code/serial no.)
You, the voter, write your name on the card and the stub. The voting booth offical confirms your signature with the voter registration directory for your elections district; and, if you wish, records the serial number of the card.
After you vote, the voting machine additionally processes your card by laminating it, thereby sealing it. The lamination process includes serration(sp?), so that, when you take the card from the machine, you can --- without bringing along some "terrorist tools" such as a "box cutter" or "scissors" --- tear off the stub and take it with you.
The problem with this whole process is, it's simple; with a little more effort, it lends itself to honesty in the areas that have been disputed and exploited by politicians.
Therefore, enough politicians will probably not approve it; they will focus on the costs.
My answer is, I am more concerned than they, about costs.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.