Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

New security glitch found in Diebold system - Officials say machines have 'dangerous' holes
Oakland Tribune ^ | 5/10/06 | Ian Hoffman

Posted on 05/10/2006 9:37:36 AM PDT by NormsRevenge

Elections officials in several states are scrambling to understand and limit the risk from a "dangerous" security hole found in Diebold Election Systems Inc.'s ATM-like touch-screen voting machines.

The hole is considered more worrisome than most security problems discovered on modern voting machines, such as weak encryption, easily pickable locks and use of the same, weak password nationwide.

Armed with a little basic knowledge of Diebold voting systems and a standard component available at any computer store, someone with a minute or two of access to a Diebold touch screen could load virtually any software into the machine and disable it, redistribute votes or alter its performance in myriad ways.

"This one is worse than any of the others I've seen. It's more fundamental," said Douglas Jones, a University of Iowa computer scientist and veteran voting-system examiner for the state of Iowa.

"In the other ones, we've been arguing about the security of the locks on the front door," Jones said. "Now we find that there's no back door. This is the kind of thing where if the states don't get out in front of the hackers, there's a real threat."

This newspaper is withholding some details of the vulnerability at the request of several elections officials and scientists, partly because exploiting it is so simple and the tools for doing so are widely available.

A Finnish computer expert working with Black Box Voting, a nonprofit organization critical of electronic voting, found the security hole in March after Emery County, Utah, was forced by state officials to accept Diebold touch screens, and a local elections official let the expert examine the machines.

Black Box Voting was to issue two reports today on the security hole, one of limited distribution that explains the vulnerability fully and one for public release that withholds key technical details.

The computer expert, Harri Hursti, quietly sent word of the vulnerability in March to several computer scientists who advise various states on voting systems. At least two of those scientists verified some or all of Hursti's findings. Several notified their states and requested meetings with Diebold to understand the problem.

The National Association of State Elections Directors, the nongovernmental group that issues national-level approvals for voting systems, learned of the vulnerability Tuesday and was weighing its response. States are scheduled to hold primaries in May, June and July.

"Our voting systems board is looking at this issue," said NASED Chairman Kevin Kennedy, a Wisconsin elections official.

"The states are talking among themselves and looking at plans to mitigate this."

California, Pennsylvania and Iowa are issuing emergency notices to local elections officials, generally telling them to "sequester" their Diebold touch screens and reprogram them with "trusted" software issued by the state capital. Then elections officials are to keep the machines sealed with tamper-resistant tape until Election Day.

In California, three counties — San Joaquin, Butte and Kern — plan to rely exclusively on Diebold touch screens in their polling places for the June primary.

Nine other counties, including Alameda, Los Angeles and San Diego, will use Diebold touch screens for early voting or for limited, handicapped-accessible voting in their polling places.

California elections officials told those counties Friday that the risk from the vulnerability was "low" and that any vote tampering would be revealed to voters on the paper read-out that prints when they cast their ballots, as well as to elections officials when they recount those printouts for 1 percent of their precincts after the election.

"I think the likelihood of this happening is low," said assistant Secretary of State for elections Susan Lapsley. "It assumes access and control for a lengthy period of time."

But scientists say that is not necessarily true.

Preparations could be made days or weeks beforehand, and the loading of the software could take only a minute or so once the machines are delivered to the polling places. In some cases, machines are delivered several days before an election to schools, churches, homes and other common polling places.

Scientists said Diebold appeared to have opened the hole by making it as easy as possible to upgrade the software inside its machines. The result, said Iowa's Jones, is a violation of federal voting system rules.

"All of us who have heard the technical details of this are really shocked. It defies reason that anyone who works with security would tolerate this design," he said.


TOPICS: News/Current Events; Politics/Elections; US: California
KEYWORDS: california; dangerous; dangerousdiebolds; diebold; dieboldsgonewild; electronicvoting; evoting; glitch; hazardousdiebolds; holes; machines; officials; security
Navigation: use the links below to view more comments.
first previous 1-2021-4041-49 next last
To: Squawk 8888

Don't you remember? Touch Screen voting machines were demanded for by the Democrats after Florida. They said it was Racist not to have the latest technology in those districts. But, isn't difficult to hack into a Stand Alone Machine that is not on a network?


21 posted on 05/10/2006 10:30:15 AM PDT by massgopguy (massgopguy)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Beckwith

Meanwhile, the Democrats in California are registering ILLEGAL ALIENS hand over fist, which is a federal crime.

I guess there just aren't enough dead people in the cemeteries.


---

The digging for votes anywhere ya can find them approach,, what can ya say. Using finger print ID could help on more fronts than one combatting voter irregularities.

Beyond that, I wonder what the impact on public health will be as a result of illegals spreading infectious diseases when they vote uisng touchscreens? A potential unintended consequence I don't hear brought up.

Paper ballots and optically scanned , works for me, a paper trail, no hanging chad, I have never voted absentee, maybe its time.. I always enjoyed the process and the people at the polling places, usually there were short lines..


22 posted on 05/10/2006 10:40:02 AM PDT by NormsRevenge (Semper Fi)
[ Post Reply | Private Reply | To 18 | View Replies]

To: Ramius
It's like saying ballot boxes are vulnerable if somebody gets access to the inside of the box.

Yep, and if you dig around the web sites of those raising the issues, you'll see that almost all the 'vulnerabilities' are related to the fact that the machines are reprogrammable. The "Radio Shack component" argument is only true with respect to the ability to purchase the component there, you'd then have to have unsupervised physical access to the machine, and (more importantly) a modified copy of the software, in order to affect the outcome of the election. Using the protester's logic, it would be equally accurate to argue that optical scan ballots have security vulnerabilities because you can buy Whiteout and pens at any office supply store.

All voting tally methods of every kind are vulnerable if you let party operatives have access to them. That's why physical security and non-partisan supervision of the entire process is so important. No amount of hardware is ever going to eliminate the need for that.

The genesis of this whole issue is that Diebold made campaign contributions to Republicans, so the left will find flaws with anything they offer. How we'll get the touch screen voting machines the left demanded without an 'evil corporation' being involved in their manufacturer is an unanswered question.

23 posted on 05/10/2006 10:44:17 AM PDT by ArmstedFragg
[ Post Reply | Private Reply | To 12 | View Replies]

To: NormsRevenge

Only a fool or a criminal would go to computerized voting.

We were sold a bill of goods in Florida, when they tried to convince us that a real paper ballot you can hold in your hand was unreliable. Now we will be offered invisible cyber-ballots instead. Don't like the results? Gonna have a committee count bits in a data base?


24 posted on 05/10/2006 10:45:35 AM PDT by marron
[ Post Reply | Private Reply | To 1 | View Replies]

To: marron

DieBold
All Yur Votes
Are Belong to Us.


25 posted on 05/10/2006 10:47:57 AM PDT by NormsRevenge (Semper Fi)
[ Post Reply | Private Reply | To 24 | View Replies]

To: ArmstedFragg

Exactly.

Security is a *process*, not a piece of hardware or software.


26 posted on 05/10/2006 10:49:39 AM PDT by Ramius (Buy blades for war fighters: freeper.the-hobbit-hole.net --> 1100 knives and counting!)
[ Post Reply | Private Reply | To 23 | View Replies]

To: Ramius

Oh, and...

One of the ongoing complaints from the left is that Diebold refused to release the listing of its software. Which, if you think about it, is exactly what a hacker would need in order to reprogram the machine. So, by demanding the software be public, they're increasing the vulnerabilities of the system, which they can then complain about.

Same ole' left, always wants it both ways.


27 posted on 05/10/2006 10:51:03 AM PDT by ArmstedFragg
[ Post Reply | Private Reply | To 12 | View Replies]

To: marron

There's nothing inherently wrong with any form of balloting, electronic or otherwise. Lord knows, paper ballots have been used for some of the worst forms of election fraud.

The thing that matters is the security policy and procedure, with multiple-person integrity, bipartisan oversight and audit trails.


28 posted on 05/10/2006 10:53:42 AM PDT by Ramius (Buy blades for war fighters: freeper.the-hobbit-hole.net --> 1100 knives and counting!)
[ Post Reply | Private Reply | To 24 | View Replies]

To: senorjosef
Diebolds banking software works great.
Now why didn't they use it on these voting machines instead of Windows.
29 posted on 05/10/2006 10:59:53 AM PDT by grjr21
[ Post Reply | Private Reply | To 2 | View Replies]

To: NormsRevenge
I want voting machines that are tied in to a central server and which timestamps the votes so it can spot voting before the polls open, after the polls close, and impossibly fast clusters of votes. There should also be a local copy of each vote.
30 posted on 05/10/2006 11:07:27 AM PDT by Question_Assumptions
[ Post Reply | Private Reply | To 1 | View Replies]

To: NormsRevenge
No wonder that demorats can get more votes than there are registered voters.
31 posted on 05/10/2006 11:07:56 AM PDT by mountainlyons (Hard core conservative)
[ Post Reply | Private Reply | To 1 | View Replies]

To: NormsRevenge
machines have 'dangerous' holes

So does my cheese grater. I'm not fooling around here, man!

32 posted on 05/10/2006 12:15:35 PM PDT by GingisK
[ Post Reply | Private Reply | To 1 | View Replies]

To: ArmstedFragg
you'd then have to have unsupervised physical access to the machine, and (more importantly) a modified copy of the software

and thousands or tens of thousands of hackers. Imagine keeping that secret?
33 posted on 05/10/2006 12:27:31 PM PDT by Beckwith (The liberal media has picked sides and they've sided with the Jihadists.)
[ Post Reply | Private Reply | To 23 | View Replies]

To: Beckwith
Beyond any of this, it's all part of the Democratic Play Book.

Just raise any kind of crazy conspiracy or issue, just as long as they can get their slimy, pro-bono lawyers on the case.

And don't forget the Democrat's Special Team, the lame-stream media, that would use 11 million barrels of ink reporting another Republican attempt to subvert democracy.
34 posted on 05/10/2006 12:31:17 PM PDT by Beckwith (The liberal media has picked sides and they've sided with the Jihadists.)
[ Post Reply | Private Reply | To 33 | View Replies]

To: WhiteGuy
which is a federal crime.

Not unless GW says it is, which ain't likely.

35 posted on 05/10/2006 1:27:17 PM PDT by itsahoot
[ Post Reply | Private Reply | To 17 | View Replies]

To: itsahoot

uh....I didn't mention anything about a federal crime in my post...............

But, you're right, 'ol gw IS indeed the decider! Yeppers, he gets the final say on EVERYTHING!


36 posted on 05/10/2006 1:30:45 PM PDT by WhiteGuy ("Every Generation needs a new revolution" - Jefferson)
[ Post Reply | Private Reply | To 35 | View Replies]

To: Squawk 8888
Machine-readable paper ballots are just as fast and leave a better audit trail

That's precisely the problem with them. It's harder to "fix" elections with paper ballots.

37 posted on 05/10/2006 2:00:17 PM PDT by Theo
[ Post Reply | Private Reply | To 4 | View Replies]

To: NormsRevenge

There they go again .. setting the stage for faulty voting.

Don't they ever figure out this doesn't work ..??


38 posted on 05/10/2006 5:44:44 PM PDT by CyberAnt (Drive-by Media: Fake news, fake documents, fake polls)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ArmstedFragg
One of the ongoing complaints from the left is that Diebold refused to release the listing of its software.

There is no other way to confirm its security.

39 posted on 05/12/2006 6:33:52 AM PDT by steve-b (A desire not to butt into other people's business is eighty percent of all human wisdom)
[ Post Reply | Private Reply | To 27 | View Replies]

To: steve-b
There is no other way to confirm its security.

The listing has been provided to those agencies charged with reviewing the security. Moreover, an older version found its way onto the internet, and there has been no proof that the software itself is producing inaccurate results. The machines are stand-alone, not networked, so the ordinary network related vulnerability questions aren't relevant. As far as outside third parties checking accuracy, the same method used for all other voting tally systems is available, namely, feeding in a bunch of known data and seeing what comes out.

Oh, and by the way, the subsidiary software, that related to one specific election, is re-written for each election, that's what's supposed to be so great about using computers for this process. So you'd be talking about publicly releasing listings every few months.

40 posted on 05/12/2006 9:48:05 AM PDT by ArmstedFragg
[ Post Reply | Private Reply | To 39 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-49 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson