Forgot your password?
typodupeerror

Critical Security Hole Found in Diebold Machines 306

Posted by Zonk
from the want-my-money-back dept.
ckswift writes "From security expert Bruce Schneier's blog, a major security hole has been found in Diebold voting machines." From the article: "The hole is considered more worrisome than most security problems discovered on modern voting machines, such as weak encryption, easily pickable locks and use of the same, weak password nationwide. Armed with a little basic knowledge of Diebold voting systems and a standard component available at any computer store, someone with a minute or two of access to a Diebold touch screen could load virtually any software into the machine and disable it, redistribute votes or alter its performance in myriad ways."
This discussion has been archived. No new comments can be posted.

Critical Security Hole Found in Diebold Machines

Comments Filter:
  • by eldavojohn (898314) * <eldavojohn@@@gmail...com> on Friday May 12, 2006 @09:15AM (#15316728) Journal
    BBV released a a nice guide [blackboxvoting.org] to how all this works. There appears to be a software access button (bottom of page 11):

    The TSx also has an unmarked button hidden in the casing. On the circuit board, this switch is labeled "battery test". The switch is physically similar to many reset buttons, necessitating application of substantial force to press the button, requiring it to be depressed by about 1/5 - 1/6 inch in order to activate the switch. This switch is also software accessible. It is completely accessible for all voters in the standard voting booth configuration. The logic behind the button is unknown, but for an attacker it presents yet another way to interact with the machine, and an exceptionally convenient button switch for an attack designed to be triggered by a voter.

    Well, this seems very insecure to me. BBV criticizes the three layer architecture and states that it would be very easy to target it three different ways [bbvforums.org] (at each layer):

    - The application can be imagined as written instructions on a paper. If it is possible to replace these instructions, as it indeed seems, then the attacker can do whatever he wishes as long as the instructions are used.

    - The operating system is the man reading the instructions. If he can be brainwashed according to the wishes of the attacker, then even correct instructions on the paper solve nothing. The man can decide to selectively do something different than the instructions. New paper instructions come and go, and the attacker can decide which instructions to follow because the operating system itself is under his control.

    - The boot loader is the supreme entity that creates the man, the world and everything in it. In addition to creating, the boot loader also defines what is allowed in the world and delegates part of that responsibility to the operating system. If the attacker can replace the boot loader, trying to change the paper instructions or the man reading them does not work. The supreme entity will always have the power to replace the man with his own favorite, or perhaps he just modifies the man's eyes and ears: Every time the man sees yellow, the supreme being makes him think he is seeing brown. The supreme entity can give the man two heads and a secret magic word to trigger switching the heads.

    In the world of the Diebold touch-screen voting terminals, all of these attacks look possible.

    The instructions (applications and files) can be changed. The man reading the files (Windows CE Operating System and the libraries) can be changed. Or the supreme entity (boot loader) can be changed, giving total control over the operating system and the files even if they are "clean software."

    Specific conceptual information is contained in the report, with details and filenames in the high-security version which is being delivered under cryptographic and/or personal signature controls to the EAC, Diebold CEO Tom Swidarski and CERT.

    1) Boot loader reflashing
    2) Operating system reflashing
    3) Selective file replacement

    In addition, the casing of the TSx machines lack basic seals and security, and within the casing additional exploitations are found.

    The article talks about a "standard tool you can buy at any computer store" and I believe this is referring to a PCMCIA card (what you use in laptops). I guess these are used to boot, upgrade & ready the machines for use. They do not go into detail but I wager that using a PCMCIA card with a USB port on it, you could load your own data from a thumb/pen drive. This would be small and easy to carry in. If you had access to it outside of the voting window, you could potentially use a PCMCIA card that functions as a NIC (probably with RJ45 cable port) to use cross over cable and a laptop for a 'live' attack.

    • by TripMaster Monkey (862126) * on Friday May 12, 2006 @09:29AM (#15316807)

      Making these devices large, restricted to the government, bulky & containing GPS units in the case of them being stolen.

      Not to sound pessimistic, but the government is precisely the people we need to protect this machine from. I would think that the only way to address this would be to:

      • Hold of on installing the final software load approved by both parties (and perhaps a third, 'impartial' entity) until the device is installed on-site (and bolted down)
      • Install the final software load while overseers from both parties (and the third, 'impartial' entity) verify the installation and the veracity of the software load via checksum.
      • Secure the access door permanently (rivets, welding, whatever), and have all overseers affix tamper-evident seals.
      • Overseers remain present throughout voting, and periodically inspect tamper-evident seals.

      If an irregularity occurs, the entire process must be repeated and the citizens must be allowed to vote again. This will eliminate the posibility of people just tampering for the purpose of getting the precinct thrown out of the count.
      • Install the final software load while overseers from both parties (and the third, 'impartial' entity) verify the installation and the veracity of the software load via checksum. Right... 'cause noone's ever written a program that "erases" all the cheat sheets from their TI graphing calculator. I agree with the other reply. Computer voting is "ooh, shiny" yet dangerously inferior to paper ballots in the ways that count.

      • by Sepper (524857) on Friday May 12, 2006 @10:04AM (#15317028) Journal
        I still puzzles me why americans don't use something simpler [elections.ca]...

        hell, if India (with a BIGGER population) is capable of holding elections without soo much trouble, why can't the US do it?
        • If I were at all cynical, I'd say because filling out thousands of fake ballots takes longer than tampering with the Diebold machines.
      • the government is precisely the people we need to protect this machine from.

        Umm...who do you think conducts the elections, the Election Fairies? Elections are run by the local county Election Boards, civil servants and (usually) elderly volunteers. No other method has so far been demonstrated to be more fair or less biased. Your comment is nothing but anti-goverment slashbot pandering and generally ill-informed.

        Hold of on installing the final software load approved by both parties (and perhaps a third,
        • Umm...who do you think conducts the elections, the Election Fairies? Elections are run by the local county Election Boards, civil servants and (usually) elderly volunteers. No other method has so far been demonstrated to be more fair or less biased.


          In much of the US, these Election Boards can also double as the campaign managers to one of the candidates (ie. Florida). And I'd like to see the study that shows that no other method is more fair or less biased.
        • It's not pandering (Score:3, Insightful)

          by mariox19 (632969)

          The more local the election boards, the less likely that a wide-spread, concerted, and coordinated effort to perpetrate voter fraud can occur. When the original post states that "government" is whom we should be protecting this from, I'm sure the meaning of government is closer to central government than local government. There is an important distinction -- and I don't think it's "anti-government Slashdot pandering" to say so.

      • Not to sound pessimistic, but the government is precisely the people

        For proof of that, check out politics in chicago, Lousianna, Florida, or Texas. All of them have long history of corruption.

      • Or instead
        - print out a bunch of paper sheets with a bunch of names on them
        - have the voter mark an X next to the name that he likes
        • I've questioned why we don't do something like this, and have the reading done by OCR.

          To reduce errors you'd have to have a few rules: first, no corrections. If you fuck up, new ballot for you. (I'd prefer if you fuck up, no vote for you, but I'm guessing that won't fly.) Second, the marks have to be very distinct. That's why I'd use bingo blotters. They're like really huge magic markers that basically soak through the paper. Every old fart knows how to use one, and you could make them have to color in a fa
    • More Options:

      Use a more secure OS. Win CE is not an OS designed to protect the system from the behavior of its users. Linux / Unix / Solaris would be.

      Use a thin client. Why allow the user to touch the hardware system they're interacting with? That's always asking for trouble.

      Open Source your software. Diebold doesn't sell the software anyway, they sell the system and the support. If they used a somewhat restrictive open source license (no commercial redistribution, etc) they could get some great debug
      • Use a thin client.

        Bad idea IMHO. This allows another attack vector: Just modify the connection from the thin client to the server.
        • Virtual Private Networks anyone?
          SSL/TLS connections?
          SSH tunneling?

          There are so many ways you can secure communication...

          Thin Client will have another advantage is that you would move all security problems to single place - server - single potential point of security breach. Securing single server is magnitude easier task, compared to securing tens of terminals installed around the place.

          In fact, such architecture is mandated in many application fields. For example banking and bankomats. You trust it to secu
    • They do not go into detail but I wager that using a PCMCIA card with a USB port on it, you could load your own data from a thumb/pen drive.
      I have an Epson printer which has a PCMCIA slot and it helpfully came with an adapter for compact flash cards. End result one pcmcia hard disk which would be even less obvious then a usb fob sticking out of the device.
  • by TripMaster Monkey (862126) * on Friday May 12, 2006 @09:16AM (#15316737)

    Considering that Walden O'Dell, chief executive of Diebold Inc., was quoted in August of 2003 as saying that he was "committed to helping Ohio deliver its electoral votes to the president next year" [commondreams.org], this shouldn't be too surprising.
    • by eldavojohn (898314) * <eldavojohn@@@gmail...com> on Friday May 12, 2006 @09:27AM (#15316800) Journal
      I believe that O'Dell resigned [usatoday.com].

      As the article you quoted states:
      The Aug. 14 letter from Walden O'Dell, chief executive of Diebold Inc. - who has become active in the re-election effort of President Bush - prompted Democrats this week to question the propriety of allowing O'Dell's company to calculate votes in the 2004 presidential election.

      O'Dell attended a strategy pow-wow with wealthy Bush benefactors - known as Rangers and Pioneers - at the president's Crawford, Texas, ranch earlier this month. The next week, he penned invitations to a $1,000-a-plate fund-raiser to benefit the Ohio Republican Party's federal campaign fund - partially benefiting Bush - at his mansion in the Columbus suburb of Upper Arlington.
      And as USA Today reported:
      "The board of directors and Wally mutually agreed that his decision to resign at this time for personal reasons was in the best interest of all parties," said John Lauer, Diebold's non-executive chairman of the board.

      The announcement was made after the stock market closed. Diebold stock fell nearly 2%, or 73 cents, to $37 in after-hours trading. The stock has traded between $33.10 and $57.81 in the past year.
    • Why does Diebold design these machines in such a way that they *CAN* be hacked? I think that involving an Operating System and software in the design of such a machine is a critical error. As a computer engineer, I realize that overcomplicating things can lead to errors. DSP's can make hardware extremely cheap, but there are places where analog circuits are cheaper and more realiable! Why hasn't Diebold designed a hardwired electronic circuit or a mechanical system with failsafes such that the machine can't
      • by TripMaster Monkey (862126) * on Friday May 12, 2006 @09:37AM (#15316851)

        Why does Diebold design these machines in such a way that they *CAN* be hacked?

        Simple. Because that is their intention.

        Acccuse me of left-wing moonbattery all you like, but the fact remains that Diebold has shown themselves to be capable of making reasonably secure ATM machines. There's no defense by incompetence available to them. These ridiculous security holes can only be intentional.
        • by geobeck (924637) on Friday May 12, 2006 @09:53AM (#15316943) Homepage
          These ridiculous security holes can only be intentional.

          My greatest fear regarding American elections is that Diebold machines will be used for a national vote to repeal the 22nd amendment, then for the following presidential acclimation--I mean, election.

          Americans, please, start a grassroots movement to outlaw the use of any electronic, and therefore hackable, voting machines. Look at Canada's election process. Sure, we have only 10% of your population, but we have substantially less than 10% of your election hassles. In Canada, paper ballots are counted manually by Elections Canada volunteers, witnessed at each vote counting station by representatives from all official parties.

          And for the love of Mike, start some new political parties! You may turf out the Republicans in 2008, but your Democrats are no prize either!


          • Don't look now, but such a repeal has already been proposed [loc.gov].

            Now, this seems to be a fairly standard thing, actually. Someone seems to propose the elimination of term limits every [house.gov] administration [washingtontimes.com] or so, but these are truly unusual times...I wouldn't be at all surprised to see this proposed again and ratified in the hysteria following another 'terrorist attack'.

            The day this passes is the day I either join the Michigan Militia or move to Canada.
          • > start a grassroots movement to outlaw the use of any electronic, and therefore hackable, voting machines.
            I will say that is best action to hold the status quo. it is in the best intrest (in my opinion) of the partys in power (Democrat and Republican in the US) to make sure voting can never be so quick and painless to have regular votes on important issues.

            so I think that would be the goal, muck up, and cast so much doubt on one implementation of a electronic system, to get them all outlawed. That pres
            • > muck up, and cast so much doubt on one implementation of a electronic system, to get them all outlawed.

              just to be clear, I think it is in the best intrest of the leaders of both the democrat, and republican partys to cast doubt on any method of accurately, and quickly counting the true opinion of all the people.

              The system in the US currently precludes anyone not part of the republican, or democrat establishments from taking power (not by law, but by implementation). So although the Democrats may not b
        • Never attribute to conspiracy what can be easily attributed to greed.

          Diebold's marketdroids have, I'm sure, come up with the ideal price point for electronic voting machines. I don't know exactly what it is, but it's got to be something less than the old mechanical "pull the lever" machines, but still substantial.

          Since the price is basically fixed, they then have a motivation to produce the cheapest, shoddiest piece of shit that they possibly can, to maximize their profit.

          I have no doubt that, if a major co
        • by Analogy Man (601298) on Friday May 12, 2006 @10:06AM (#15317048)
          Suppose DieBOLD's ATM machines had a backdoor key sequence that would enable me to get the whole stack of 20's. How long would it take them to slam that door shut?
        • Acccuse me of left-wing moonbattery all you like, but the fact remains that Diebold has shown themselves to be capable of making reasonably secure ATM machines. There's no defense by incompetence available to them. These ridiculous security holes can only be intentional.

          You underestimate the venality of American corporate management. Many of them would bottle toxic waste and sell it as a health tonic if they thought that there was an easy dollar to be made and that they could get away with it.

        • Diebold makes their voting machines hackable for two relatively legitimate reasons:

          1: Saves engineering time and money to use commodity components, both hardware and software.
          2. Easy to upgrade/update/patch in the field is a good selling point. In this case, "hack" is s synonym of "upgrade", so hacking is possible, too.

          ATMs are more secure because the customers (banks) demand more security. Paper tape transaction logs are an excellent audit tool in case something goes wrong, whether intentional or acci

  • by GaryPatterson (852699) on Friday May 12, 2006 @09:17AM (#15316738)
    So the closed-source company with apparent links to the incumbent government and a record of blocking any attempts to investigate their code turn out to have security flaws?

    Okay - closed-source versus open-source is a non-issue, but I expected something like this from Diebold sooner or later.

    I'm seriously worried though. Here in Australia a lot of ATMs have been replaced recently with shiny new Diebold machines. I've no doubt they're harder to hack, but it's not an encouraging sign.
  • Why doesn't diebold just use the same security system [diebold.com] it uses on its ATMs? After all (quoting):
    Sygate defends your ATM with multiple layers of security:

    First, the system locks down all electronic points of entry - making them invisible to hackers, viruses, and worms.

    Next, it monitors, analyzes, and authenticates any external source attempting to connect to the ATM- and blocks anything the software doesn't recognize.
    Failing that, they should just use the blue force shields that feature prominently in their Digital Security Video [diebold.com]hahahaha - as long as your attacker is using little yellow balls to stage their attack.
    • by RoffleTheWaffle (916980) on Friday May 12, 2006 @09:24AM (#15316791) Journal
      "Failing that, they should just use the blue force shields that feature prominently in their Digital Security Video - as long as your attacker is using little yellow balls to stage their attack."

      Yes, because I'm fairly certain that somebody somewhere has come up with an insidious plot to rig the elections with a Nerf gun.
      • Yes, because I'm fairly certain that somebody somewhere has come up with an insidious plot to rig the elections with a Nerf gun.

        God damnit ... back to the drawing board. It was such a good plan, too.

    • Why doesn't diebold just use the same security system it uses on its ATMs?
      i wouldn't really assume that they aren't, which says something about the ATMs. but i'm guessing that banks that buy the ATMs are probably doing more testing on their own of the final product, which would force the vendor to be more careful designing it. banks care more about losing their money than the goverment has been caring about altered votes.
    • hahahahaha... i never thought of droping an atm on a would be robber...... but it would be ammusing
  • Funny isn't it? (Score:2, Informative)

    by Trigun (685027)
    Diebold can make a box that handles your money with no issues. They make a voting machine that is atrocious and faulty. Goes to show where priorities lie across the board.
    • If my money gets lost, I can sue the bank, Diebold, or whomever I think is responsible for this.



      If my vote gets lost, I can get sued under various laws that come into existence because of this (DMCA/PATRIOT-ACT/etc).

    • Re:Funny isn't it? (Score:5, Insightful)

      by typical (886006) on Friday May 12, 2006 @09:33AM (#15316831) Journal
      They make a voting machine that is atrocious and faulty.

      To be fair, even if it were someone else, voting machines that submit the vote in electronic form simply have fundamental problems with accountability. Yes, Diebold has had some atrocious engineering problems, but even if you took the best group of engineers on the planet and asked them to replace the pencil or hole punch machine with a fully electronic form, they'd still have a vastly more exploitable system than the traditional system.

      I view Diebold as representative of a lot of companies that get government contracts -- obtaining unneeded pork, doing a fairly half-assed job. However, while some things (like the criminal records of people presiding over the project) were a little disturbing, I'm more willing to say that Diebold probably has nothing more malicious in mind than getting as much money as possible and not caring much as to how useful (or dangerous) their work is.

      The real problem is that no voting administrator wants to be in the shoes of the Florida people, where questionable ballots exceeded the margin by which Bush won. An electronic form throws away all data other than a simple vote -- it may not be more accurate, but it covers the asses of voting administrators.

      The fact that the whole system is much less accountable and more open to abuse and attacks than a physical system is more an issue that not of the involved people (voting officials and Diebold) just don't care about than one that I expect that they intend to personally exploit.
      • Diebold probably has nothing more malicious in mind than getting as much money as possible and not caring much as to how useful (or dangerous) their work is.

        Of course you can say the same about e.g. the Mafia.
        (For those who don't get it: No, I'm not claiming Diebold is like the Mafia; I just point out a flawed argument.)
    • Diebold can make a box that handles your money with no issues.

      Well, not exactly [slashdot.org]. Diebold ATMs have been featured rather prominently on Slashdot before...
  • Installing "Goatse.cx Screensaver", please wait...
  • by Billosaur (927319) * <wgrotherNO@SPAMoptonline.net> on Friday May 12, 2006 @09:21AM (#15316769) Journal

    A Finnish computer expert working with Black Box Voting, a nonprofit organization critical of electronic voting, found the security hole in March after Emery County, Utah, was forced by state officials to accept Diebold touch screens, and a local elections official let the expert examine the machines.

    Black Box Voting was to issue two reports today on the security hole, one of limited distribution that explains the vulnerability fully and one for public release that withholds key technical details.

    The computer expert, Harri Hursti, quietly sent word of the vulnerability in March to several computer scientists who advise various states on voting systems. At least two of those scientists verified some or all of Hursti's findings. Several notified their states and requested meetings with Diebold to understand the problem.

    Oh, those plucky Finns and the trouble they cause...

    Does anybody get the idea that Diebold simply threw these machines together, cobbled the code together from stuff lying around the shop, slapped some paint on them, and expected states to use them no questions asked? You would think somewhere along the line, someone would have stood up at a development meeting and said, "we'd better make sure these things are secure."

    Diebold will of course now hem, haw, blame others, attack the media and anti-electronic voting groups, and reluctantly fix the problem. Just in time for the next one to crop up. Do they have any competition in this market? I don't hear a lot about other companies creating voting machines -- either there aren't any or they do a lot better job.

    • Honestly, with Dibold's documented contempt for the democratic process and the lack of something as simple as a paper trail, I'm half suspicious they delivered these machines, and then told the government how "a hacker might access these systems" and then "untracably alter the vote" (wink wink).

      ~D
    • "Does anybody get the idea that Diebold simply threw these machines together, cobbled the code together from stuff lying around the shop, slapped some paint on them, and expected states to use them no questions asked?"

      I think it's equal parts crappy production and braindead design -- you know, design where the manager says "Make sure the system is secure and has passwords, but make the passwords easy to remember so that we don't get locked out of the system." In this case "Make sure that there is someway
    • Diebold will of course now hem, haw, blame others, attack the media and anti-electronic voting groups, and reluctantly fix the problem.

      You are optimistic in believing that they will fix the problem.
  • I have noticed that last time I took some cash from BoA ATM machine.

    This is scary.
    • The difference is that banks have a large amount of money riding on the fact that the ATMs must be secure. The requirements are stiff, and the inspections are thorough. Thus, Diebold makes secure ATMs.

      Election boards who request the machines have a vague list of requirements, and being mostly staffed by partisan volunteers, have less inclination to protect something they want to steal from you anyways. Now, add in the mix of being able to pay for it with unlimited taxpayer money, and you have a nice de
    • Hmmm. Half the Time when I use a Diebold ATM, an extra $2 dissapears from my account as well.
  • Sweet! (Score:2, Funny)

    by raider_red (156642)
    I'm getting myself elected emporor!
  • by DingerX (847589) on Friday May 12, 2006 @09:22AM (#15316778) Journal
    Anyone else think this is sweet?

    A Finnish computer expert working with Black Box Voting, a nonprofit organization critical of electronic voting, found the security hole in March after Emery County, Utah, was forced by state officials to accept Diebold touch screens, and a local elections official let the expert examine the machines.


    That's right. We've seen this before [slashdot.org].

    Turns out Diebold has a strong interest in keeping their security systems proprietary.
  • Why go to the trouble to rig a machine when you can just bribe the electoral college? Wouldn't that be a much more effective way to swing an election, since they are the ones that actually do the voting?
  • by phlegmofdiscontent (459470) on Friday May 12, 2006 @09:27AM (#15316802)
    What's so bad about the optical scanners and the ballots where you fill in a circle? I remember a study that showed they were the most secure, you have a paper trail, and any idiot can figure it out after 13 years of standardized testing. Electronic voting, on the other hand, smacks of boodoggle, fraud & overall shoddiness.
  • ... surely only an EVIL TERR'IST would do such a thing, right?
    • I've seen the way those tourrists drive. They're teh deadly. Can't wait for tourrist season. Want to bag me one with bigguns.
  • by Yvanhoe (564877) on Friday May 12, 2006 @09:37AM (#15316850) Journal
    How come no political party makes this a central campaign argument ?
    • How come no political party makes this a central campaign argument ?

      That's an easy one. What grabs the eyes and attention of Bobby the Wal-Mart checker more effectively?

      (a) Gays are planning to marry...to *take over*!

      (b) There is a computer security problem related to unverifiability (Bobby just stopped reading here, guys) in voting kiosks produced by a certain company. Flash drives could be used to...

      There are a *lot* more Bobbys than Slashdotters in the US. That means Bobby's vote matters a lot more.

      No
    • Well, the Republicans aren't for obvious reasons -- even if there was no deliberate tampering (which I'm somewhat inclined to believe), it's hardly a good idea to say "Wow, the party that is completely in power got there through completely unreliable voting machines! Vote for them again, because they'll fix this problem!" It just brings up uncomfortable questions they don't even want people thinking about, at least not until they're out of power.

      The Democrats aren't because it would be political suicide t

  • by imkonen (580619) on Friday May 12, 2006 @09:43AM (#15316881)
    Jeez...what's everyone so paranoid about? How could a hacker possibly get access to a voting machine for a minute or two with enough privacy to load malicious software? He'd need to find one that for some reason or another had a curtain around it and hope no one thinks it's suspicious that he'd be in there alone with the machine.
  • by Keichann (888574)
    It's pointless talking about securing something that's inherently a terrible idea. You can't have voting performed by something that is, for most people, magical.

    A good way to be certain these machines are sending the correct votes is to have a paper trail. When a person votes, a transaction id and their vote are printed to a piece of card or something, which is then put in a ballot box.

    To verify that no votes have been sent by the machine without interaction, a random set of votes is selected from the re
    • Why remove the paper from the device? Instead use a roll of paper inside the machine viewable through a window. The design would have to ensure that the previous vote is not disclosed but other then that each machine would have a complete paper record of it's votes in an easy to read format which you could feed to a fast scanning machine to verfiy the entire voter trail. In case of any discrepencies the paper version is counted and once enough tally's are tested and accurate results are found you can

  • someone with a minute or two of access to a Diebold touch screen could load virtually any software into the machine

    <sarcasm>Far be it from me to perpetuate Slashdot cliches</sarcasm> but

    • Will it run Linux, and
    • Imagine a Beowulf cluster of these!
    Ladies and gentlemen, I give you President Torvalds...
  • A little searching here on /. and Google will remind people how these kinds of issues have come up with Diebold Touch Screen Voting Machines before. I have to wonder why they, in particluar, seem to have more problems than other voting maching manufacturers? (no sarcasm intended).

    Most of the articles I have read, including this one, point to the fact that it can only be done by someone who knows how the system works and has the correct tools, lending some politicos (including Diebold reps) to say that they
    • I know this is not exactly what you meant by "proprietary", but much of the trouble that Diebold is having is in fact becuase their systems are not proprietary. The reliance of "security through obscurity" in the electronic voting machine business is aggravated by Diebold's extensive use of non-proprietary hardware and software.

      One of Diebold's competitors, ES&S, has their own troubles, but their machines are far more prorprietary and thus more obscure. You would need more specialized software and eq

  • Vote Stealing Song (Score:3, Insightful)

    by gorehog (534288) on Friday May 12, 2006 @10:08AM (#15317061)
    ---sung to the tune of Woody Guthrie's Hard Travelling
    D
    Diebold's stealing elections, I thought you knowed.

    Diebold's stealing elections
    A7
    on machines with closed source code.
    D
    We dont need no double dealing,
    G
    electronic vote stealing.
    A7
    Diebold's stealing elections,
    D
    Lord.

    Diebold's stealing our votes, the right that makes us free.
    Diebold's stealing our votes, oh cant you see.
    How can they say I'm free if their machines can vote for me?
    Diebold's stealing our votes, Lord.

    Diebold's stealing our votes, I thoought you knowed.
    They've been shredding the paper trail at the end of the road.
    It doesn't matter who you choose, when you're sure you're gonna lose.
    Diebold's stealing our votes, Lord.

    I'm gonna vote with pen and paper I thought you knowed.
    I'm gonna see it counted at the end of the road.
    I'm gonna vote with pen and paper so I know that there's a record.
    And I'm gonna go vote my conscience Lord.

    A quick couple of notes (so to speak)...
    The chords are right as far as I know. The words are mine, though they dont fit quite right in all the places. Either apply Tom Leherer's rule that "it doesnt even matter if you fit a few extra syllables into a line" or use the folk process to make it fit so you can sing it.

    Also, I've got one line with no verse to put around it...

    "Voting wont be so scary if the countings not binary"

    The main thrust of this song is to educate and protest on the issue of electronic voting. I am a New York State resident and for those who dont know we are being sued by the feds to upgrade our nice mechanical voting machines to electronic voting. If we do not they are going to withhold federal money for the upkeep of our voting system. This is blackmail, the same kind of blackmail that was used to put the 55 mph speed limit in place.

    Our voting machines have worked for a century with the same design. We trust them to do the job and know where the flaws and weak spots in the security are. We, as a group, when polled, do not show a desire to change the system at this point and our state voting commission and legeslative review boards have rejected electronic voting as an unsecure and immature technology. The peculiarities of how a state does it's voting is a state's right to decide, which is why different states have different rules about every aspect of the electoral process. Some states are proportional, some are by district. Some states use machines and others use punchcards. Election laws are made at the local level.

    The lawsuit by the federal government smacks of blackmail and manipulation. Why is the federal gov trying to control the electoral process at the local level? What do they hope to gain?
  • Think about it...ATMs are the machines you want to go after, with the large sums of $$$ and all, but besides the obvious security cameras and such, they're typically embedded in a wall; you have access to the slot for the card, the screen, and buttons (if it has buttons). You can't tamper with the machines if you're not given any way to do so. Yes, there are free-standing ATMs but they are like today's voting machines...untrustworthy and I won't use 'em.

    So why not design the voting machines in such a way as
  • "someone with a minute or two of access to a Diebold touch screen could load virtually any software into the machine and disable it, redistribute votes or alter its performance in myriad ways."

    One could argue that it may have happened already...in 2004...in Ohio.

    Yeah, yeah, I know.... So it's a troll.

  • I wouldn't say the core problem of voting is faulty machines in itself but voter apathy and centralized voting commitee.

    What we really need is either two things:

    1. Election Day as a National Holiday (like 4th of July or Christmas) in which everyone gets off of work to go vote. And make a big deal out of Americans participating in the election.

    2. Make it easier to vote. During the 2004 election, many places out 2-4 hour waits to vote. If you had to work that day, well... Many people gave up and went to work.
    • Ayup, we're one of the few western countries with a voting holiday or (luckily)
      compulsory voting; think T-shirt of stick man pointing an AK at another stick
      man in a booth, "Vote. Because you still have a choice."

      As I've mentioned elsewhere, if certain parties would balk at yet another
      (federal) holiday, why not celebrate Martin Luther King day on November 2nd?
      Or maybe Memorial Day? Get people to put two and two together and *maybe*
      just *maybe* come up with an answer other than "three"....

      As for all those bit
  • ...it's not a "security hole" if it was designed that way to begin with. It provides a great illusion of voting while maintaining the status quo, okay? Everyone's happy this way... Of course there's "security holes" everywhere, they weren't designed to be secure to begin with.
  • If there were enough flagrant changes to voting machine records, people might finally start yelling about it. Maybe Bozo the clown should win in a nationwide vote?
  • ...because this device allows Republicans to win races they otherwise would lose. As long as their machines ensure Republican wins there will be no stopping them.

    Note that this has nothing to do with whether or not the Republican candidate is the better or worse person. This is about a simple numbers game being played by our President and the corporations that wanted him in power. They want as many Republicans elected as possible to secure their power base and Diebold helps provide that.

    Power works very har

If you would know the value of money, go try to borrow some. -- Ben Franklin

Working...