Worst Ever Security Flaw in Diebold Voting Machine

WhiteDragon writes "The folks at Open Voting Foundation got their hands on a Diebold AccuVote TS touchscreen voting machine. They took it apart (pictures here), and found the most serious security flaw ever discovered in this machine. A single switch is all that is required to cause the machine to boot an unverified external flash instead of the built-in, verified EEPROM."

Re:Lever action!

[markwalling]

my district switched to electronic from lever based. in 2004, at 715 when i voted on lever machines, there was no line, and just about as many signatures in the book. in 2005, the line was out the door and around the corner at the same time. the person in front of me took 5 minutes to use the electronic machine. people knew how to use the old machines, and they were reliable. these new things take the old people for ever to use, and then they complain that they were hard to read...

Mirror early, mirror often

[Anonymous Coward]

This is Diebold. Mirror early, mirror often. They love to sue critics like these. Wget may be the only way to save history.

Re:When Will Politicians Wake Up?

[Dare nMc]

>Here's a hint for politicians:

I think the politicians currently in power want to make sure a easy reliable quick voting system doesn't work (or at the least isn't trusted.) otherwise once that system is deployed it would be to easy and cheap to allow the voters to:
  A) vote on any issue directly, or worse yet (for them)
  b) call for a midterm election everytime they screw us with crap legislation, and be able to actually clean up the system.

Re:When Will Politicians Wake Up?

[hackstraw]

Here's a hint for politicians: If in a population of 300,000,000 only 1,000,000 are capable of understanding how the voting system works, and if only 1,000 people are actually allowed to see how it works, and if there's no verifiable paper trail or any simple and legitimate verification system, then democracy is a farce.

First, democracy may not be a farce, but it is clearly an ideal that is nowhere close to a reality.

Good, bad, indifferent, look at the current ratings of the guy who is the President of the US. Also, remember the interesting events that led to him obtaining office.

Now, I'm fairly paranoid. I mean, I felt like I was about to have sex with a known whore with HIV w/o a condom when I used a PC at my bank to access my bank records to dispute some charges by my bank. I just "got over it".

First, sure Diebold has its issues, but aren't these people the people that make most of the ATMs in either the US or the World? I have yet to of heard of or experienced an ATM mistake for or against the customer or bank. I'm sure there will be a flood of counter examples to follow.

But even if the machine has this "serious" flaw of booting an unknown image or OS via a dipswitch, what is the likelihood of this a) happening and b) happening AND changing the results of an election?

Its already known that dead people vote, and all of the other games that people play to skew elections, but even in a close election, some very motivated hackers would have to physically change a significant number of voting machines in multiple key states without any of them being noticed with a small window of time to even change the electoral college by a potential of a couple of votes.

Personally, my beef behind the whole electronic vs paper voting systems is the lack of a paper trail in the electronic methods.

Re:About the only way they'll ever "fix" these thi

[PeeAitchPee]

Not so sure about that. Here in Maryland, our (Republican) governor budgeted $20,000,000 to allow us to use paper ballots instead of the Diebold crap -- and he was shot down by our State Senate (democrat)and prinicpally by our State Administrator of Elections, who claimed that going back to old-style ballots would "stifle development."

I'm sure you can find the parties flip-flopped in other states. The point is that if a) people actually gave a shit and b) people really understood the issue instead of blindly assuming "computer = good, paper = bad," any cronyist jackass who supported Diebold would get booted stratight out of office next election -- assuming their evil scheme hadn't yet been implemented. ;-)

Re:Diebold - Designed for fraud.

[smbarbour]

It actually a bit of a paradox. By implementing better obfuscation, the code becomes unreadable, and therefore cannot be certified as being accurate.

Maybe the solution is to take it to a higher level and reinvent the wheel, so to speak.

Design it from the ground up. Special use processors, memory, OS, communications protocols. Redesign everything from scratch. Make it completely unique.

If it doesn't run code that works on ANY other platform, then no one outside the company can write code for it. (Unless there's a leak, and then the redesign process begins again.)

New voting machine design

[ajs318]

I have designed a Direct Recording Mechanical vote recording, anonymising and counting machine. It uses no electronics. It can be scrutinised right up until it is required for an election. You can see your vote going through.

The machine is based around mechanical, add-only tally counters. A column of these are mounted in a transparent polycarbonate housing, one for each candidate and an extra counter for total votes. The candidate counters are surrounded by etched plastic which transmits light but prevents anyone seeing exactly what is behind it. Over each counter except the total counter is a shutter, and a large button. Depressing the button retracts the shutter. If the button is released it will return partway, but the shutter will remain retracted and all the other buttons are now locked: the only way to clear the machine is to depress the button fully. This will advance the adjacent counter and, by means of a slotted bar linkage (which is visible through the clear polycarbonate), also advance the total votes counter. After this, the machine must be primed for another vote by the Presiding Officer: this would probably be done remotely by means of a Bowden cable.

These machines could be made available for scrutiny almost right up to the election. Anyone can observe that the system allows only one vote per priming operation, that the candidate and total vote counters advance together, and that no other counters are advanced. (For this operation, the shutter mechanism can be modified by removing the actual shutter from the moveable supports; thus allowing full observation of all counters. In an election situation we do not really want to give away the number of votes for each candidate so far, so all but the one being voted for are obscured. The etched plastic nonetheless would allow one to see the counter changing even if one could not see what it changed from or to.) At the opening of polling, the numbers on each of the counters are recorded, signed by witnesses, sealed in an envelope and attached to the machine. At the close of polling, all shutters are retracted to read the figures. The original figures are subtracted from the new figures to give the numbers of votes, which can be checked against the total.

Note there is no possibility of post-election verification; since anonymisation, recording and counting are done in one operation. This also obviates any need for post-election verification, since one can be satisfied from having examined the machine before an election that it functions as intended and only as intended. A number of people working in concert might be able to discern an approximate result, but this IMHO is much less insecure than e.g. issuing voters with a record of their vote.

Re:Diebold lobbied slashdot...

[Da_Weasel]

I beg to differ. I belive this is the worst security flaw yet:

http://video.google.com/videoplay?docid=8112825559 202389150&q=hacking+the+vote [google.com]

Re:When Will Politicians Wake Up?

[powerlord]

B) call for a midterm election everytime they screw us with crap legislation, and be able to actually clean up the system.

Considering California's (relatively) recent forey into recalling their Governer, perhaps this is exactly what they are afraid of.

so what?

[enjahova]

You must never be impressed. How can we have a secure election if nobody can physically access the machines? If thats not what you want, we will never have a secure election. I can accept that, but what I can't accept is a private corporation exerting its influence on the election process by directly affecting the machines that count our votes.

This is "impressive" because it shows either incompetence or bad intent. Sure physical access can mean compromising a computer, but that doesn't mean you have to make it EASY or efficient for your corporation to defraud elections.

re: the other party

[BitterAndDrunk]

Call me Machiavellian, but I'd wager this goes across party lines. Self interest of those in power to maintain said power. Just as gerrymandering isn't a one party phenomenon, neither is vote-rigging. (1968 democrats, possibly 2000 and 2004 republicans)

Not the worst yet...

[bhmit1]

It won't be long before someone finds a while to build a targeted virus for these machines that changes the counters on that machine and all other machines it can reach on the network. And I won't be surprised when it's as simple as inserting one of those cards in the front of the machine and is done while the hacker is given privacy to cast their vote. The only question is if someone is good enough to do that, will we be good enough to find out, especially if the virus/worm is only memory resident so there aren't any traces.

Checks & Balances

[TheDarkener]

...and the lack thereof is what really sickens me.

You can't ever trust a computer, no matter what, ESPECIALLY in such an important thing as a governmental election. We *need* checks and balances.

1) Vote with electronic voting machines.
2) Receive a paper reciept with a 'checksum' of sorts that add up to your specific votes (this is the only pitfall right now, since obviously printing a paper reciept is WAY too complex to code by Diebold programmers)
3) Submit your checksum to any number of third party, independent voting "Check & Balance" websites. These sites can independently tally votes from citizens in each voting district, and if descrepencies occur between the official count and any number of these sites, secondary validation routines/alerts can occur.

Why would this be such a hard solution? I'm sure any number of you can code a simple database/website that tallies citizens' votes. I'll do the hosting for free.

Let's open source this muther f*cker, whether they like it or not!

Re:When Will Politicians Wake Up?

[powerlord]

There's a reason that Diebold's banking and ATM machines are massively secure and auditable, and their voting machines, well, aren't either of those things.

To take the "devil's advotate" position for a minute ...

Is that because ... ... ATM's have had years to go through many iterations to get to a "secure" and "reliable" system (that even then can have anomolies)? ... ATM's operate on a different set of assumptions? (installed in a permanent location, so switches like this might exist be be much more easily shielded from the public through physical security). ... ATM's do not have the privacy concern, which may take getting used to for a company used to tying a given transaction back to a given user? ... Electronic Voting Machines (EVM) have a smaller install base and have had less money spent on them for development? I suspect the average voting district (where EVMs are deployed) has more ATMs than EVMs. ... EVMs have to be much more flexable in allowing lists of candidates to be entered (for district elections + school board elections + statewide reforendums + national elections). ATMs have an established, and rather fixed set of functionality (although it could be argued that different ATMs can support different languages, the comparison is closer to every ATM needing to be set to dispense different amounts of money. So ATM1 gives the user a choice of $20, $40, $60, $100 and ATM2 gives a choice of $10, $30, $60, $200, etc.)

On a side note, does anyone know:
- What is the average cost of an ATM vs an EVM?
- What is the average expeted lifespan of an ATM vs an EVM?

Now, all those things aside, these problems need to be addressed, and my comments are NOT meant to be excuses.
All of these problems CAN be addressed through sufficient testing, an open specification and design process, or lots of trial an error / patch and release.

Guess which one the EVM manufactorers have chosen to go with?

Re:Diebold lobbied slashdot...

[AppyPappy]

They are still 200X more secure than previous systems. All you need to do is secure the loyalty of the precinct captain to get your boxes stuffed. It sure worked for JFK.

Vote fraud is a sacrament in the Appalachians and in the inner cities. You don't an ID, you just need a name of someone you are sure will not vote.

This is NOT a reason to register absentee

[WillAffleckUW]

Because absentee voters get a paper ballot that is not only delivered by a trusted source - the US Post Office - who have a verified date/time stamp - and that the ballots can be audited, traced, and verified - now THAT is a reason to register permanent absentee.

Today.

Doesn't matter...

[Beefslaya]

The biggest security flaw is the fact that the machine doesn't check for US citizenship before allowing someone to vote.

If you can't do it on paper, how do you expect the machine to work?

Fix the problems with the paper, then develop the machine.

Re:wrong question

[idesofmarch]

I missed the computer programmer. When did he talk? There was a bit about Diebold in the beginning, but nothing about the programming of the machine.

Re: the other party

[MixmastaKooz]

I think it's of great concern which party it is: since Diebold and the other big supplier of voting machines (whose name eludes me for the moment, but is owned in part by Republican Senator Hagel) are run by major donors of the Republican party. It's a very relevant concern.

(btw: I think you're talking about 1962 Democrats...but then again, the topic is voting technology and not alleged vote dumping in Lake Michigan)

Re:This is NOT a reason to register absentee

[WillAffleckUW]

sorry, I disagree as to your perspective about the recounts, just as the Libertarians who were there disagree with your perspective.

At least we HAD paper ballots to recount.

Re:Voting in the USA

[Peter La Casse]

Everyone who says that Diebold is too incompetent to create a secure voting maschine is following the wrong trail.

We know they're competent enough to do better because they make gambling machines that are more secure than their voting machines. For whatever reason, they've chosen to make their voting machines the way they have.

Re:wrong question

[Intron]

Here in backward Massachusetts I make a black mark on a card which is read into an optical scanner that also securely holds the cards. The election offcials verify that the box starts out empty and ends up with the number of votes that register on the counter on top. If they don't, they can take the ballots and read 'em through again. They can even look through them by hand to make sure the optical counters are working right.

What do you do when the all-electronic system says that more votes were cast than the number of registered voters in the precinct?

Re:When Will Politicians Wake Up?

[Anonymous Coward]

Hell, I've used the damn butterfly ballots several times. I've always managed to vote for the correct person. I must live in a rare area where the election officals can be trusted. They are from the neighborhood, and if you cannot trust your neighbors, you need to find a better neighborhood.

As for any 4 year old being able to correctly read a scantron form, have you ever known anyone who has difficulty reading? My eyes don't track well across lines. The more lines, the harder it is. I take my time to carefully process what I see and ask myself if it makes sense. If that makes me an IDIOT, then so be it.

Voting is a right and my responsibility. I take it seriously, even if I know the candidates I am voting for do not have a chance to win.

If you are really concerned about our process of government, then get involved in a meaningful way. Sitting on your ass and bitching because someone you can't stand won is about the least productive way to produce a positive change. Volunteer, make yourself and your positions known to your current representatives (even local), or pick a constructive platform and run. Yes, this applies to me too. I strongly dislike what our current leadership, or lack thereof is doing.

Re:When Will Politicians Wake Up?

[Thuktun]

From one of the linked pages:

• Broward Co., FL - ES&S software on their machines only reads 32,000 votes at a precinct then it starts counting backwards (see this update): http://www.news4jax.com/politics/3890292/detail.ht ml [news4jax.com]
• # Guilford Co., NC - ES&S equipment "could report only about 32,600 early and absentee results". This seems very similar to the case above, (see this update) save that Guilford Co. uses optical scan for it absentee voting and may use the older Votronic system for early voting (although it would make a more consistent story if they used optical scan for all absentee and early voting).: http://newsobserver.com/news/story/1852104p-817980 2c.html [newsobserver.com]
  

How interesting. Counting on a 16-bit signed integer (two's complement) and dropping the sign during formatting would do that:

7FFB => 32763
7FFC => 32764
7FFD => 32765
7FFE => 32766
7FFF => 32767
8000 => 32768
8001 => 32767
8002 => 32766
8003 => 32765
8004 => 32764
8005 => 32763

Time for drastic action soon?

[Kadin2048]

It really seems like nothing short of a massively-publicized fraud is going to stop the juggernaut that is Diebold right now. There have been enough vulnerabilities reported, and no action has been taken. It's becoming more and more obvious that until Something Bad happens to a production system -- not a test system, not a "simulated election," until there is real fraud, in a real election, nothing is going to change.

Given that voting is pretty much the most fundamental part of democracy and a free society, maybe we're approaching the point where some sort of "direct action" is going to be required.

Think of it like a bomb that has to be defused; sometimes you need to make the bomb blow up in a controlled manner, in order to keep it from going off at some less convenient time when it would be more damaging.

The only way that Congress is ever going to wake up to the threat that these Diebold machines represent is when there's a major election fraud perpetrated in some painfully obvious way. I know I'm going to sound extreme here, but maybe what's going to be required is for somebody to purposely invalidate an election; delete all the votes from several polling places and replace them with votes for "Santa Claus" or something -- be creative. Or just brick the machines at the very beginning of a voting day; I can't imagine that anything the Diebold salespeople do will be able to preserve their reputation in the face of that level of chaos.

I understand that this path is quite a dangerous one to go down, in fact a person being caught doing it in today's climate would probably run the risk of being labeled a 'terrorist' or worse. However, right now we're heading straight for an iceberg labeled "election fraud" and it's becoming obvious that the American Public in general and Congress in particular is planning on sitting with their thumbs in their ears until we run straight into it.

Just food for thought.

Seen that already, 50 years ago

[coffeechica]

Nice to see that at least the people at Diebold know their Stalin. It's not the people who vote that count, it's who counts the votes.

At least by now it's not a matter of ruining your wrist by filling out a few million ballots just so you can get the vote you want. Gotta love technology. It makes things so much easier.

Chomsky

[James Cape]

A couple years ago, I went to Fermilab to see a Chomsky talk. Kucinich bumper-stickers spread thine selves across the parking lot... Anyhow, someone there (I was in the overflow CCTV room) asked Mr. Chomsky what he thought of the electronic voting machines, paper trails, etc. mugging for a tirade about the death of democracy. His heavily paraphrased response:

Why are you worried about one side of the 'Business Party' playing with the margins? 50% of the eligable voters don't even bother. Further, abstension in U.S. elections occurs for the same reasons as abstensions occur everywhere else: there's no "None of the Above" box to punch. Fix that problem (which in practice prevents half of the populace from voting) before you get all worried about the one-half-of-one-percent that's being fudged.

Re:Diebold lobbied slashdot...

[apotheon]

I don't think there has ever been a nontrivial population in a democratic system wherein a majority of citizens turned out to vote. Unless that was just a clever way of saying "It never ended because it never began," it's wrong.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Diebold lobbied slashdot...

[awol]

Actually in Australia voting is compulsory. No vote, you get fined. Pretty trivial amount, maybe a couple of tens of dollars, but a fine nonetheless. So every four years or so about 95% of the electorate show up and fill in a number of ballot papers for the national government (about the same frequency for state and local government although IIRC local is not compulsory) http://www.aec.gov.au/_content/What/voting/turnout /index.htm [aec.gov.au] and between 3 and 6 percent of votes are informal. Some discussion of informal voting http://www.aec.gov.au/_content/How/research/papers /paper1/index.htm [aec.gov.au]

Re:Diebold lobbied slashdot...

[nido]

... and a low incidence of the ability to reason clearly, that is the problem with the US electorate.

This is why it's important to subvert a country's system of education first, before taking over the rest of the government.

Horace Mann (instigator of the compulsory government school) was much enamored with the Prussian system of schooling, which inspired in the subjects passive obedience to the government (source: Two Hundred Years of American Educational Thought, by Henry J. Perkinson). He thought he could take the good parts of the system without the bad. Haha...

... But his [Mann's] contention is that this spirit of the system is separable from the manner of teaching itself. And here American teachers can learn much.

The Prussian schoolmaster, he [Mann] discovered, combined complete mastery of subject matter with superb pedagogical finesse. They taught from "the head," never relying on a textbook. Beginning not with abstract theories -- neither principles, rules, nor axioms -- but with objects and phenomena familiar to each child, these master teachers encompassed elements of reading, spelling, writing, grammar, drawing, and general information into every lesson. Students in the Prussian schools, unhampered by the artificial formalisms of rote memorization, enjoyed learning; the liked their teachers and held them in high esteem. The teachers rarely used physical punishment; they secured discipline through the affection and respect -- even awe -- the students had for them. The Prussian schoolmaster was the complete authority; children unquestionably accepted and believed what he said.

Horace Mann dreamed of making American teachers as authroitative as their Prussian counterparts. ... (Perkinson pg. 77. Italics in original, bold my emphasis)

See also John Gatto's Underground History of American Education [johntaylorgatto.com]. Gatto tells us in his works [edflix.org] that a Prussian "education" is exactly what we receive in the standardized government school experience.

So remember: The purpose of government schooling is the installation of obedience in the population, so the masses won't mutiny when word gets out that we're being screwed [prisonplanet.net] (this story also) in a dog-and-pony-show [m-w.com] sorta way.

Re:Diebold lobbied slashdot...

[Anonymous Coward]

Approval voting [google.com] is a necessary change before third parties can be meaningfully widespread without simply changing the name of one of the two major parties. Please focus your energies on supporting a change to the system.