Hotel Minibar Key Opens Diebold Voting Machines 341
Billosaur writes, "As if Diebold doesn't have enough to worry about! On the Freedom To Tinker blog, Ed Felten, one of the co-authors of the recent report 'Security Analysis of the Diebold AccuVote-TS Voting Machine', reveals an even more bizarre finding related to the initial report. It turns out that you can gain access to an AccuVote-TS machine using a hotel minibar key. In fact, the key in question is a utilitarian type used to open office furniture, electronic equipment, jukeboxes, and the like. They might as well hand them out like candy."
Why would we expect anything else? (Score:5, Insightful)
I know I'm preaching to the Slashdot choir, and it's been said a thousand times before, but as long as we have closed voting processes, we're going to have people screwing up by doing things like having voting machines accessible with hotel minibar keys. We hate Microsoft for their closed-source software, yet we continue to accept this kind of idiocy.
Quick question: If we have viable alteratives, such as those presented by the Open Voting Consortium [openvotingconsortium.org], why do we continue to bother with these stupid Diebold machines? I know, dumb answer, because Diebold pays the people who decide lots and lots of money.
I would say write to your Congresscritters [vote-smart.org] and let them know that you want these screwed up pieces of junk out of our polling locations, but like I said, I know I'm preaching to the Slashdot choir, and you won't do it. >:-( But realistically, just know that until you do, we can look forward to many, many more articles about this kind of thing. Ooh, at least until we see the one that says, "Electronic voting machines hacked! Election results tainted!." Or even better, when we see nothing at all and Richard M. Stallman is mysteriously elected President in a write-in landslide.
sigh Oh well, it was worth a shot. Just give me my damn +5 and go back to reading about lasers on Intel's chips now.
What's needed now (Score:5, Insightful)
Finding out that computer systems can be tampered with and that some large-scale enterprise-class systems can have shoddy security, physical and otherwise, should come as no surprise to us, particularly in this community. On this particular issue, a generic security key is used because of key management issues and the fact that casual access is what's being prevented. Neither of which excuses this or any of the numerous other glaring shortcomings and flaws in this equipment. No one - citizen, politician, or party - benefits from universally shoddy security on electronic voting systems. No one.
Remember, too, that voting legislation, in large part in response to issues in the 2000 election, designed to ensure fair, uniform, and universal access to voting for all citizens by mandating electronic voting equipment, such as HAVA (2002) [fec.gov], were Democratic and bipartisan efforts.
The real issue is that Congress screwed up: they inherently, and erroneously, believed that since we trust so many critically important things to machines, certainly reliable electronic voting is possible, and indeed, we use automation, computers, and machines in almost every aspect of our lives to increase efficiency and reliability - why should voting be any different?
Except for one problem: when you're trying to administer a one-vote-per-person system that also maintains anonymity, and also disallows any external entity from discovering who voted for which candidates, when there is no permanent, voter-verified paper trail, the system as a whole cannot be trusted, since any level of security will always be able to be overridden. This has nothing to do with open source versus proprietary, or how shoddy physical security on e-voting systems is. A permanent, voter-verified paper trail solves all of these problems.
The only problem is that no legislation mandating electronic voting systems includes or speaks to any provisions requiring permanent paper receipt printing capability. All of the major e-voting vendors - Diebold, ES&S, and Sequoia - have this capability, but it's an add-on that requires retrofitting existing equipment, or in some cases, purchasing new equipment. And that takes money many counties and municipalities - particularly in the most hotly contested areas - don't have. (Hint: it's not just poor areas that have long lines [slashdot.org])
Our focus now should be on passing legislation that requires permanent voter-verified paper trail capability on all newly deployed e-voting systems, and allocates funds and creates a timeline for deployment on existing systems. Please, continue to raise this issue with both your county election officials and your elected representatives.
This issue is too important and too critical to the integrity of our election process to let rest.
---
Temporary disclaimer, since this seems to have been an issue for people reading my posts lately: I am not a Republican, did not vote for Bush in the last election, and have always voted for more non-Republican (usually Democratic) candidates since I have been voting.
It's a selling point! (Score:3, Insightful)
And that's exactly what the politicians are looking for.
Can't say I'm surprised... (Score:2, Insightful)
After all, these machines were never seriously designed with security in mind...they were designed to be easily compromised.
I think I'll take a hotel minibar key down to my local ATM to see if I can score some free money. If Diebold is honestly this incompetent, it'll be a snap. If, however, the voting machines are specifically designed to be compromised, I'll probably have a harder time of it.
Any bets on the outcome of my little experiment? Didn't think so.
Re:Why would we expect anything else? (Score:3, Insightful)
It's no surprise that enterprise and commercial vendors of all stripes will maintain closed and proprietary software.
What we need to require is a permanent, voter-verified, auditable paper trail, as I have discussed here [slashdot.org].
That's the easiest and simplest course of action, and is a goal we should all be working toward, rather than trying to unseat established enterprise equipment vendors.
---
Temporary disclaimer, since this seems to have been an issue for people reading my posts lately: I am not a Republican, did not vote for Bush in the last election, and have always voted for more non-Republican (usually Democratic) candidates since I have been voting.
The point of electronic voting again? (Score:2, Insightful)
I suppose, like upgrading to Microsoft Office 2003, and thus requiring better computing hardware, we did it for the economy.
Re:Can't say I'm surprised... (Score:5, Insightful)
That's bullshit, and you know it.
When these systems are vulnerable, it's just as easy for ANYONE to take advantage of that fact. Not one party or one political stripe.
As for ATM security:
Citibank ATM fiasco "worst ever" [boingboing.net]
ATM reprogrammed to give out 4 times more money [hamptonroads.com]
Diebold ATMs hit by Nachi worm [interesting-people.org]
NOT A RECEIPT! (Score:5, Insightful)
Do not use the word "receipt" in this context. A receipt is something that you take with you, as a personal record of a transaction. A receipt is worse than useless here... you don't WANT people to be able to show the party bosses that they voted the "right way".
What is needed is a "permanent paper ballot capability", where the ballots are retained at the voting place and serve as the primary official paper (ahem) trail.
Re:Why would we expect anything else? (Score:1, Insightful)
And further, initiatives designed to unseat traditional enterprise and commercial vendors in this space may have less chance of getting anything done than just simply working for a paper trail on ANY systems in use, no matter where they come from, "open" or no.
Re:Why would we expect anything else? (Score:2, Insightful)
Simple semi-solution: destroy the machines. (Score:1, Insightful)
I honestly thing we have no good solutions left, except to organize, and on mid-term election day, if faced with an electronic voting machine (with no paper verification of course), we must have the courage and patriotic discipline we have expected of ourselves all our lives, and destroy the machine beyond repair immediately, on the spot. If on election day, I find myself in front of a Diebold machine, I really don't know what aill happen. But if I have confidence that I won't be alone in doing the only thing morally defensible, I certainly DO know what will happen.
So. Anyone interested?
Bad Article Summary (Score:3, Insightful)
As if the American People didn't have enough to worry about. There, fixed that for ya.
How long are we going to tolerate this?
Re:Why would we expect anything else? (Score:3, Insightful)
Or, if that's even too heavy for your tastes, just get everyone you know to wear an office furniture key jewelry (on a necklace or lanyard, perhaps) on voting day. T'would make 'em nervous, no doubt.
Who benefits from shoddy vote counting equipment (Score:3, Insightful)
Sorry, but I disagree with one part what is otherwise an insightful post. Some people do benefit from shoddy vote counting equipment. Who? The party machinery of the two major parties who already have people in the polling places.
There are three qualifications for a person(s) who benefits:
1) they have to have a reasonable excuse for being in physical proximity to the machine.
2) They have to have a reasonable excuse for having a key. According to TFA, this is easy.
3) They have to be part of a group for whom a small margin of change change results in a benefit. ( if a Dem or Rep gets 51% instead of his predicted 48%, nobody really suspects. When some third party candidate gets 51% instead of his predicted 3.5%, that is too obvious. )
There are people who benefit. Unfortunately, these are the same bunch of people who give their stamp of approval on voting machines. The wolves are in charge of the henhouse here.
Re:they make ATM machines for christsakes! (Score:4, Insightful)
Terrorist conspiracy? (Score:3, Insightful)
* <tinfoil_hat=on>Of course the unnamed group could even be a major political party</tinfoil_hat>
Heres why : (Score:3, Insightful)
Things like Diebold are needed tools for fixing elections.
Republicans may not like it, but their candidates for the last 2 elections had the elections fixed.
Nomatter what you do, unless entire entourage of republican party officiers in counties related to suspicious activity are fired off, republican party will always carry a stain of dishonor.
Open Source vs Open Process (Score:5, Insightful)
DOS, here we come; a thought experiment (Score:1, Insightful)
OK, I'm missing the ??? and Profit!! steps, but this seems like a pretty easy way to DOS the machine. Of course, the election officials would catch on, eventually. And does the machine make a beep when it's being tampered with?
Re:Why would we expect anything else? (Score:2, Insightful)
Indeed. It's almost like the people who run elections have a vested interest in preventing anybody other than the Republicans or Democrats from controlling elections.
Shocking, that.
Re:Can't say I'm surprised... (Score:3, Insightful)
Citibank ATM fiasco "worst ever" [boingboing.net]
ATM reprogrammed to give out 4 times more money [hamptonroads.com]
Diebold ATMs hit by Nachi worm [interesting-people.org]
the first two aren't diebold machines, as far as i can tell. and the third has nothing to do with picking a lock.
unless you can show me that a diebold ATM can be easily picked as well, i have to go by the assumption that diebold's voting machines are deliberately lacking in physical security, if they indeed build ATMs which can't be easily picked. there really isn't any other good explanation for it.
Re:Why would we expect anything else? (Score:3, Insightful)
Your's truly,
The Factory Boss
Re:What's needed now (Score:0, Insightful)
Secondly, there is no trick to creating security voting systems--but there is also little profit. This is a tiny, tiny marketplace, with a tiny profit margin, in which no one (vendor, official, or citizen) really wants to pay the high costs of security--be it better systems, better proceedures, or better wages for voting judges. Who else but the retired have the time or desire to spend working a polling site for minimum wage? Who would pay for a bonded courier to get the pieces delivered to and from the site in a guaranteed tamper-proof process? Who would pay to develop for a completely open code, if they could not guarantee a profit? And who should pay the lab costs for the review and certification of the open code, to ensure that it meets necessary standardss?
Re:Can't say I'm surprised... (Score:3, Insightful)
An ATM costs at least $10,000, not counting the cash you stock it with. But I doubt anyone is willing to pay more than $1,000 for a voting machine. So it's natural that the voting machine will have cut-rate security.
Even assuming your first supposition is true, why does that mean worse security?
If the two machines were equally complex, I would agree with you, but I don't think they are. An ATM has some sort of moving parts, or at least some way to move the money around in the machine. It has a magnetic stripe reader. It has some sort of connection to the outside world so it can talk to your bank and check/update the balance, and all the hardware and software logic that entails. It has a printer in it to offer you receipts.
A voting machine? It MAY have a printer--I don't know if the Diebold ones do; lack of a paper trail is something complained about on /. rather constantly--but other than that all it should really do is take a series of inputs and count when the operator presses a button, then store the new tally someplace. It doesn't--it damn well shouldn't!--be talking to the outside world. There are really no moving parts.
You're telling me that the voting machine gets shitty security because it's cheaper to buy? Well it's cheaper to make, too. That's not an excuse. And we're not talking about something complex or expensive here, either. They have a lock so simple a minibar key can open it. Hell, for $15, they could go out and buy a lock from the store retail and that would at least be a half step up in the physical security department. Are you telling me that counties are really going to balk at paying $1100 per machine instead of $1000 to make sure somebody can't walk up and steal the election?
I'm not interested in getting into the conspiracy theory debates, but the way I see it, there are only three possible reasons they could do something this bone-headedly stupid: Either they are incompetent, they do not care about the possibility of people tampering with an election, or they are doing it deliberately.
Why even have a key? (Score:4, Insightful)
I'm also not saying that you guys suck at democracy.
I am saying that you suck at capitalism.
Let's assume that you want to get at the card or whatever is behind the panel.
Why isn't this panel made out of glass that you have to shatter with a little hammer or teflon paper that you have to cut? That way, there's obvious proof of access. The vendor can repair the windows for the next election - it's a revenue stream for them. If the replacement costs $500 or so to install (due to all the fancy features like holograms, RFID, and seals, etc.) then fakes would be prohibitively difficult to get. It would be better physical security than a "Bic" lock.
I think Diebold was lazy, not conspiring. The rest of you were lazy by allowing these lazily built machines to run your election.
Re:NOT A RECEIPT! (Score:3, Insightful)
Paper Ballots (Score:2, Insightful)
I disagree. What we need to retain (and often times regain) is paper ballots.
Voter-verified paper audit trails are a placebo. What assurance do you have that what is printed is the same as what is recorded? None.
All attempts to date to actually audit a VVPAT, to the best of knowledge, have demonstrated just how infeasible the task is. Jill LaVine, Sacramento County's Registrar of Voters testified to the EAC that their audit took 1h 15m per ballot printed on the VVPAT.
Meanwhile, many people, like VerifiedVoting.org are proponents of Rush Holt's HR 550, which would require all electronic voting machines to have a VVPAT. Even though I utterly oppose all electronic voting, I do not oppose HR 550. Why? Because HR 550 requirements would demonstrate the folly of using electronic voting machines and the voter verified paper audit trail.
I will note here that New Mexico (VoterAction.org), Connecticut (TrueVoteCT.org), and others are successfully throwing out the DREs and bringing in voter-correctable precinct-based opticals scanners. That is today's best available solution.
Say NO to Computerized Voting Machines (Score:2, Insightful)
Re:Why would we expect anything else? (Score:3, Insightful)
I don't think those two things are mutually exclusive. When a manufacturer sells enterprise equipment that helps subvert our constitution/constitutional rights we should work toward a voter-verifialbe paper trail, which at the same time should put those companies out of business. I'm talking about simple paper ballots, possibly not even scantrons. I don't know about you but I'm willing to wait a couple of days to get the result if it's the least prone to fraud.