Posted on 05/10/2006 9:37:36 AM PDT by NormsRevenge
Elections officials in several states are scrambling to understand and limit the risk from a "dangerous" security hole found in Diebold Election Systems Inc.'s ATM-like touch-screen voting machines.
The hole is considered more worrisome than most security problems discovered on modern voting machines, such as weak encryption, easily pickable locks and use of the same, weak password nationwide.
Armed with a little basic knowledge of Diebold voting systems and a standard component available at any computer store, someone with a minute or two of access to a Diebold touch screen could load virtually any software into the machine and disable it, redistribute votes or alter its performance in myriad ways.
"This one is worse than any of the others I've seen. It's more fundamental," said Douglas Jones, a University of Iowa computer scientist and veteran voting-system examiner for the state of Iowa.
"In the other ones, we've been arguing about the security of the locks on the front door," Jones said. "Now we find that there's no back door. This is the kind of thing where if the states don't get out in front of the hackers, there's a real threat."
This newspaper is withholding some details of the vulnerability at the request of several elections officials and scientists, partly because exploiting it is so simple and the tools for doing so are widely available.
A Finnish computer expert working with Black Box Voting, a nonprofit organization critical of electronic voting, found the security hole in March after Emery County, Utah, was forced by state officials to accept Diebold touch screens, and a local elections official let the expert examine the machines.
Black Box Voting was to issue two reports today on the security hole, one of limited distribution that explains the vulnerability fully and one for public release that withholds key technical details.
The computer expert, Harri Hursti, quietly sent word of the vulnerability in March to several computer scientists who advise various states on voting systems. At least two of those scientists verified some or all of Hursti's findings. Several notified their states and requested meetings with Diebold to understand the problem.
The National Association of State Elections Directors, the nongovernmental group that issues national-level approvals for voting systems, learned of the vulnerability Tuesday and was weighing its response. States are scheduled to hold primaries in May, June and July.
"Our voting systems board is looking at this issue," said NASED Chairman Kevin Kennedy, a Wisconsin elections official.
"The states are talking among themselves and looking at plans to mitigate this."
California, Pennsylvania and Iowa are issuing emergency notices to local elections officials, generally telling them to "sequester" their Diebold touch screens and reprogram them with "trusted" software issued by the state capital. Then elections officials are to keep the machines sealed with tamper-resistant tape until Election Day.
In California, three counties San Joaquin, Butte and Kern plan to rely exclusively on Diebold touch screens in their polling places for the June primary.
Nine other counties, including Alameda, Los Angeles and San Diego, will use Diebold touch screens for early voting or for limited, handicapped-accessible voting in their polling places.
California elections officials told those counties Friday that the risk from the vulnerability was "low" and that any vote tampering would be revealed to voters on the paper read-out that prints when they cast their ballots, as well as to elections officials when they recount those printouts for 1 percent of their precincts after the election.
"I think the likelihood of this happening is low," said assistant Secretary of State for elections Susan Lapsley. "It assumes access and control for a lengthy period of time."
But scientists say that is not necessarily true.
Preparations could be made days or weeks beforehand, and the loading of the software could take only a minute or so once the machines are delivered to the polling places. In some cases, machines are delivered several days before an election to schools, churches, homes and other common polling places.
Scientists said Diebold appeared to have opened the hole by making it as easy as possible to upgrade the software inside its machines. The result, said Iowa's Jones, is a violation of federal voting system rules.
"All of us who have heard the technical details of this are really shocked. It defies reason that anyone who works with security would tolerate this design," he said.
Did a government agency select the vendor? Figures.
My local ATM machine works well. Haven't read any articles about it's major holes. lately.
Matter of fact my banking websites seem to work well too.
Hmmmm...
Meanwhile, moonbat heads explode.....
Why the rush to touch-screen? Machine-readable paper ballots are just as fast and leave a better audit trail. They work well for local elections here in Toronto, but don't get me started on the clowns they declare as winners...
As I've been saying since 2000, screw this high tech crap and stick with a directly filled out paper ballot.
Rightly or wrongly, people don't trust computers and electronics to record votes, and inherent mistrust of the American electoral system is undesirable.
Olberman will be all over this tonight.
Didn't read the whole article, but sounds like the "device" could be a USB card reader. Newer computers will boot off of a Compact Flash card. There are even Linux installations that will fit on one.
Yep, and after November, the Democrats will control Congress and oversee who programs what...unless the Republican Senate comes to Jesus on the Mexican Border.
I refuse to use those hackable machines. Will vote absentee, sent by certified mail every time. That gives me a receipt.
We're doomed anyway, so why does it matter?
As in all her previous elections she was swept into office by a landslide 100% vote from her adoring subjects...
Let us remember:
We're using the touch screen machines because the punch card system wasn't good enough for the left. And who's complaining about the touch screen system..... the left.
(Actually, the initial complaints about the punch-card system were basically a ploy to allow a recount under circumstances where the Democrats could change the result. One of the guys involved in Florida was a consultant who'd been marketing for several years his ability to change outcomes if he got his hands on the cards.)
The left will continue griping about voting systems, using their proxies among the "public interest" groups, until someone comes along with one that only has a "D" button on it, at which point they'll pronounce it acceptable. Their main objection at the moment is that the Diebold systems are produced by one of those "evil profit-making corporations."
Wait a cotton-pickin' minute here...
This "vulnerability" requires access to the *inside* of the machine...?
Well, duh? It's pretty much impossible to make any system invulnerable to that level of access. -- including the counting machines for paper ballots.
It's like saying ballot boxes are vulnerable if somebody gets access to the inside of the box.
Why don't they encase the things in Kryponite, thereby thwarting Democrats everywhere.
Ah.. sounds like the dreaded "Rovian Hole".
Touch screen and punch card are not the only two options.
picked up at dembot HQ
ya know, dis new voting machine is killin' me. I cant figure out how to pump in my votes.
As you know wit' da' lever machine it was simple. hit 'da lever wit' as many slots as you had and no prob.
Also no prob wit da punch ballots providin' ya had a good punch....
It is enough that the people know there was an election. The people who cast the votes decide nothing. The people who count the votes decide everything.
- Joseph Stalin
Meanwhile, the Democrats in California are registering ILLEGAL ALIENS hand over fist, which is a federal crime.
I guess there just aren't enough dead people in the cemeteries.
Yep. And every one of them has some form of security flaw. Paper ballots can be erased or replaced. Optical scanners can be reprogrammed, as can the old 'lever-type' voting machines. The central computers which tally the result can be compromised, too.
And... every one of those methods can produce accurate and honest results if used properly. Security or the lack thereof comes from the system, not the tools used.
"We're doomed anyway, so why does it matter?"
Well sure, in the long run we're all doomed.
And political careers rarely have happy endings.
Still, the conservative right doesn't have to be doomed THIS election.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.