Posted on 09/18/2006 6:28:50 PM PDT by dickmc
Like other computer scientists who have studied Diebold voting machines, we were surprised at the apparent carelessness of Diebold’s security design. It can be hard to convey this to nonexperts, because the examples are technical. To security practitioners, the use of a fixed, unchangeable encryption key and the blind acceptance of every software update offered on removable storage are rookie mistakes; but nonexperts have trouble appreciating this. Here is an example that anybody, expert or not, can appreciate:
The access panel door on a Diebold AccuVote-TS voting machine — the door that protects the memory card that stores the votes, and is the main barrier to the injection of a virus — can be opened with a standard key that is widely available on the Internet.
On Wednesday we did a live demo for our Princeton Computer Science colleagues of the vote-stealing software described in our paper and video. Afterward, Chris Tengi, a technical staff member, asked to look at the key that came with the voting machine. He noticed an alphanumeric code printed on the key, and remarked that he had a key at home with the same code on it. The next day he brought in his key and sure enough it opened the voting machine.
This seemed like a freakish coincidence — until we learned how common these keys are.
Chris’s key was left over from a previous job, maybe fifteen years ago. He said the key had opened either a file cabinet or the access panel on an old VAX computer. A little research revealed that the exact same key is used widely in office furniture, electronic equipment, jukeboxes, and hotel minibars. It’s a standard part, and like most standard parts it’s easily purchased on the Internet. We bought several keys from an office furniture key shop — they open the voting machine too. We ordered another key on eBay from a jukebox supply shop. The keys can be purchased from many online merchants.
Using such a standard key doesn’t provide much security, but it does allow Diebold to assert that their design uses a lock and key. Experts will recognize the same problem in Diebold’s use of encryption — they can say they use encryption, but they use it in a way that neutralizes its security benefits.
The bad guys don’t care whether you use encryption; they care whether they can read and modify your data. They don’t care whether your door has a lock on it; they care whether they can get it open. The checkbox approach to security works in press releases, but it doesn’t work in the field.
*******************************************
Also, see the Princeton site at http://itpolicy.princeton.edu/voting/ for the related Security Analysis of the Diebold AccuVote-TS Voting Machine
And another Urban Legend is born!
I wouldn't worry about this - those minibar keys are under tight security/sarc.
more pre-election ca-ca. Just an intelligent guess!
I've noticed for a couple of years my Diebold key would unlock hotel mini-bars, but was trying to keep it secret.
Now just look what some wise-ass has done. They'll confiscate all the thousands of Diebold keys now.
Geez, is nothing sacred?
:)
Just try getting drunk on those little plastic bottles. What a ripoff. Rove really has it in for us.
Yeah, but if you use the hotel mini bar key on the Diebold machine, you get charged $8.50 for every vote that you steal.
Here's a link to the post that tells the whole sad story about this.
If you have the time and are a little geeky, the .pdf file of their paper is interesting reading. Link to the paper at that link.
I tried running an expense report at the local VRWC Hall, per the instruction on the secret letter, and they sent back a "insufficient documentation" notice.
As usual, some freepers are too quick to mock & deride. This is not good news. No voting system is perfect, but I trust paper ballots that can be verified much more than a machine.
Just be thankful no idiot decided to post a viking kitty picture.
Damn! I have been enjoying the use of my Diebold key in hotel mini-bars all across the land, but now the hotels may start to tighten up on their security.....
This is good news! In my precinct I use a bump key (klopf klinkel) to hack the voting machine. The hotel bar key will be quieter.
I almost got caught in '04!
These commies are just mad because its a lot harder to cheat with a Diebold than it is with chads and the idiots that used to steal elections for the democraps can't do it any more.
Ditto!
I was going to use the key to my Social Security lock box.
I think all the Chicago politicians are upset that they have to learn how to fix a new type machine. Learning new technology is difficult for old-time politicians.
What a critical decision for a Kennedy; use the hotel bar or fix the voting machines.
Paper ballots and photo IDs, and finger ink.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.