Posted on 05/10/2006 9:37:36 AM PDT by NormsRevenge
Diebold makes pretty secure banking systems, yet they cannot produce an even relatively secure voting system.
The only reason I can see is that their bank customers demand security and accountability, while the government doesn't care.
North Carolina demanded to see their source before they would get certified (look for security bugs, back doors and modifications to affect valid votes). Diebold sued and got certified anyway. They've been certified in various states despite not complying with election laws and policies.
As I said earlier, North Carolina wanted to audit their software, but Diebold didn't let them, and got certified anyway.
Which, if you think about it, is exactly what a hacker would need in order to reprogram the machine.
How do hackers manage to break into Windows servers so often?
Through their attachment to the internet, one which the stand-alone voting machines do not have. These are locked, stand-alone machines. They're programmed, then locked and sealed. Every 'vulnerability' postulated so far involves getting physical access to the machine, an act that would permit a fraudulent outcome with any method of voting... that's why controlling physical access is an important part of securing every voting method.
Not at such a low level. Off the top of my head, I'd do something along these lines:
Each state election office is given a cryptographic certificate server off of a central root, every action being audited. The state election office is responsible for tracking their machines and signing all BIOS and software updates, as well as issuing smart cards to election officials with certificates on them.
The hardware of each machine has a cryptographic key and basic loader hard-burned. We use a non-BIOS machine and flash memory to hold the OS.
The OS of the machine has a cryptographic key that must authenticate with the key of the hardware. It won't boot unless the keys authenticate (like a TiVo).
At the local level, the election official uses his smart card certificate to start up the machines that he's allowed to. Everything being authenticated, the machine generates a key for this voting session and puts it on the smart card and the corresponding key in the session database.
When voting is over, the machine encrypts and signs the vote tally, signs the system using its key, and puts its keys and the session keys on the smart card. The smart card and the files are taken to the state voting authority for counting. At counting time, the vote files are authenticated against the key, and the machine keys are verified.
With the above system, we know that:
You can do even better having it networked.
We're talking about a company that has a "we don't care" attitude about the security of their machines and the validity of their counting. How do we know? Someone leaked their internal memos proving it, and Diebold sued to stop their distribution. Luckily they failed.
The vector is irrelevant to the discussion of whether access to code endangers security.
They're programmed, then locked and sealed.
Then opened back up, played with, closed and used for voting. Not good. The system, from the software up to the process, is broken.
In my county, we recently switched from paper to touch-screen. We get a paper printout of who we voted for, but election officials/monitors don't keep a copy. There is absolutely NO papertrail.
1. How do you know they "don't care." They're a business, trust me, they care.
2. How do we know? OOOWEEEOOOOH? Tinfoil hat time.
3. Of course a business will attempt to stop unsubstantiated allegations.
4. Someone leaked, etc. Please, spare me. There are, of course no Bush haters working for Diebold.
5 Luckily they failed. Luckily for who?
Nuts abound.
The memos were Diebold memos. They tried to stop the publication of the memos based on their copyright on the memos, legally admitting that the memos are authentic. So, no, there are no unsubstantiated allegations about this, only truth as said in Diebold's own words -- words they didn't want anyone to see.
5 Luckily they failed. Luckily for who?
Luckily for anyone who wants a fair election.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.