Posted on 09/18/2006 6:28:50 PM PDT by dickmc
Like other computer scientists who have studied Diebold voting machines, we were surprised at the apparent carelessness of Diebold’s security design. It can be hard to convey this to nonexperts, because the examples are technical. To security practitioners, the use of a fixed, unchangeable encryption key and the blind acceptance of every software update offered on removable storage are rookie mistakes; but nonexperts have trouble appreciating this. Here is an example that anybody, expert or not, can appreciate:
The access panel door on a Diebold AccuVote-TS voting machine — the door that protects the memory card that stores the votes, and is the main barrier to the injection of a virus — can be opened with a standard key that is widely available on the Internet.
On Wednesday we did a live demo for our Princeton Computer Science colleagues of the vote-stealing software described in our paper and video. Afterward, Chris Tengi, a technical staff member, asked to look at the key that came with the voting machine. He noticed an alphanumeric code printed on the key, and remarked that he had a key at home with the same code on it. The next day he brought in his key and sure enough it opened the voting machine.
This seemed like a freakish coincidence — until we learned how common these keys are.
Chris’s key was left over from a previous job, maybe fifteen years ago. He said the key had opened either a file cabinet or the access panel on an old VAX computer. A little research revealed that the exact same key is used widely in office furniture, electronic equipment, jukeboxes, and hotel minibars. It’s a standard part, and like most standard parts it’s easily purchased on the Internet. We bought several keys from an office furniture key shop — they open the voting machine too. We ordered another key on eBay from a jukebox supply shop. The keys can be purchased from many online merchants.
Using such a standard key doesn’t provide much security, but it does allow Diebold to assert that their design uses a lock and key. Experts will recognize the same problem in Diebold’s use of encryption — they can say they use encryption, but they use it in a way that neutralizes its security benefits.
The bad guys don’t care whether you use encryption; they care whether they can read and modify your data. They don’t care whether your door has a lock on it; they care whether they can get it open. The checkbox approach to security works in press releases, but it doesn’t work in the field.
*******************************************
Also, see the Princeton site at http://itpolicy.princeton.edu/voting/ for the related Security Analysis of the Diebold AccuVote-TS Voting Machine
Wouldn't put anything passed diebold.
Some of their ATM's are as secure as tissue paper in a rain storm.
A more important question: Do hotel minibar keys work on Diebold ATM machines?
Classic!!
Very, very clever...I must say!
Because it's a false argument for them.
Dems have been manipulating paper balloting for years. Chicago, Baltimore and Philly come to mind. After their temper tantrum in 2000, they demanded touchscreens so their stupid voters in South Florida could vote without choosing Pat Buchanan.
Now they complain that touchscreens aren't good enough. Of course this is just a smokescreen so all of the Dimwit Cynthia McKinneys out there have something to jump up and down whine about when they lose.
The funny thing is all of this "proof" that touchscreens suck always boils down to (lack of) physical security: the same damn reason paper ballots suck.
I live in South Texas in a small ranching community. We still use the old paper ballot. The kind you mark your choice with a pencil and you can even "write in" a name if you want.
I know we are light years behind the times down here but I like it that way.
I assumed that feinswinesuksass was making reference to the old paper ballot such as we still use here. So I am in agreement with her.
I hope this answers your question.
Correct. The Dems are already trying to cover the stage with excuses for why they lose in November.
Then watch the fox news video to see what happens after a hackers pops open the machine with or without a key http://www.youtube.com/watch?v=8JESZiLpBLE&mode=related&search=
Cool! I never realized those Diebold keys Karl Rove gave me to distribute his minions on election day would help me score free booze!
That Princeton Prof was on FoxNews Morning Show and they did a quick demo on there..
They did a 3 vote quicky election, everyone voted for George..(Washington) and when the count was printed out, George only got one vote, Benedict Arnold got two..
All the software has to do is insure the "selected" candidate recieves the majority of the votes..
If a virus or other program can guarantee that 60% of all votes cast will be for the Dem candidate, that candidate will win the election..
Without a printed (and filed) hard copy of each ballot cast, there is no way to go back and do a recount..
Any voting precinct that does not provide individual hard copies of each voters ballot should be suspect..
Valid point, and it showed me I used the wrong approach.
As we all know, all of these so-called voting glitches occur only in Democratic precincts. Only Democratic voters get disenfranchised.
(a bit of sarcasm to start with)
What I should have said was how could it effect only Democrat precincts. In that case, only those machines that would be used in Democratic precincts would have to be affected, but in order for that to occur, each machine would have to be individually programmed.
Rather hard for me to see that happening.
By the way, I fully support a back up paper trail on electronic voting machines but also believe the number of instances of problems are no more than the number of instances of problems with punch card ballots, or any other voting method.
Still, why do you think the media is now reporting, almost on a daily basis, voting machine 'problems' that all just happen to be in Democratic precincts?
I certainly know that the media carefully picks and chooses every single story shown. And the national media does this always with their agenda in mind.
Well, looks to me like they are laying the groundwork for claims of (ho-hum) voting manipulation and disenfranchisement by those mean, nasty, Republicans after the November elections.
Seems like their confidence in taking over the House is not quite as cocky as before.
Hmmm, an S100 key? A lot of low security containers come with a default key setting. It's up to you and the local locksmith to change it.
Low security containers aren't designed to be particularly difficult to break into, simply (like hotel minibars) to clearly show signs of tampering.
This just shows the paranoia of the Left.
Diebold was hired for one reason: So that Karl would have unlimited access to hotel minibars.
I think you're on to something.
About 90% of my financial transactions are just computers swapping photons. (they don't even swap electron spit anymore, it's so damn platonic.) No dead presidents necessary. All indications are that electronic transactions are safer, more accurate and more secure than "paper ballots".
ATMs are vastly more reliable and secure than human tellers.
Of course, if you torture those ballots long enough, they'll confess to anything.
All your votes are belong to us!
Electronic voting is our masters' collective wet dream.
Hey, they are only $10 away from proving that the Ohio election was stolen!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.