Opening Diebold Source, the Hard Way

Doc Ruby writes to tell us about an article in the Baltimore (MD) Sun, reporting that someone sent a package to a former legislator containing what appears to be Diebold source code. From the article: "Diebold Election Systems Inc. expressed alarm and state election officials contacted the FBI yesterday after a former legislator received an anonymous package containing what appears to be the computer code that ran Maryland's polls in 2004... The availability of the code — the written instructions that tell the machines what to do — is important because some computer scientists worry that the machines are vulnerable to malicious and virtually undetectable vote-switching software. An examination of the instructions would enable technology experts to identify flaws, but Diebold says the code is proprietary and does not allow public scrutiny of it." Read on for more of Doc Ruby's comments and questions.

Maryland's primary elections last month were ruined by procedural and tech problems. Maryland used Diebold machines, even though its Republican governor "lost faith" in them as early as February this year, with months to do something about it before Maryland relied on them in their elections.

The Diebold code was secret, and was used in 2002 even though illegally uncertified — even by private analysts under nondisclosure. Now that it's being "opened by force," the first concern from Diebold, the government, and the media is that it could be further exploited by crackers. What if the voting software were open from the beginning, so its security relied only on hard secrets (like passwords and keys), not mere obscurity, which can be destroyed by "leaks" like the one reported by the Sun? The system's reliability would be known, and probably more secure after thorough public review. How much damage does secret source code employed in public service have to cause before we require it to be opened before we buy it, before we base our government on it?

Source code not even needed to hack these machines

[Salvance]

With all the vulnerabilities in voting machines, it amazes me that the states do not mandate paper trails. Someone wouldn't even need access to the source code to start changing votes. For example, in this report from ABC News on October 1st [go.com], they discuss a method to almost invisibly manipulate both votes recorded and logs, all with only a couple minutes access to a voting machine.

Here's an excerpt:
In a paper last month, "Security Analysis of the Diebold AccuVote-TS Voting Machine," (available at http://itpolicy.princeton.edu/voting/ [princeton.edu]) Princeton computer professor Edward W. Felten and two graduate students Ariel J. Feldman and J. Alex Halderman discussed a common Diebold machine. They showed that anyone who gets access to the machine and its memory card for literally a minute or two could easily install the group's invisible vote-stealing software on the machine. (Poll workers and others have unsupervised access for much longer periods.) Changing all logs, counters, and associated records to reflect the bogus vote count that it generates, the software installed by the infected memory card (similar to a floppy disk) would be undetectable. In fact, the software would delete itself at the end of Election Day.

Re:Source code not even needed to hack these machi

[StarfishOne]

Besides taking the effort to install invisible vote-stealing software, one can just open the MS Access database and edit the values: http://www.scoop.co.nz/stories/HL0307/S00065.htm#v otes [scoop.co.nz]

Elected officials are teh suck

[An Onerous Coward]

Morrill said two of three disks were never used and that the third was version 4.3.15c, which was used in Maryland during the 2004 primary.
Ross Goldstein, the state's deputy elections administrator, said Maryland now uses version 4.6 and that the public should be confident that their votes are secure.
The disks contain "nothing that's being used in this election," Goldstein said.

This is just sad. We've all seen the security warnings that say, "this exploit affects all versions before 1.51.rc3." Code gets reused between versions, especially between minor revisions. Very likely, whatever vulnerabilities are found in this version are still present.

What he's really saying is, "please, please, please believe that I didn't screw up as badly as it appears I screwed up. Just pretend that the machines are secure, and that democracy as we know it is not in danger."

Politics of Open Source

[Gracenotes]

When a non-geek hears about open source, whether it's a layman or member of a spy agency, they shrink away, basically thinking that open ROM (hardware, software) is open RAM (data transfer), if they could phrase it as such.

Well, those people might not vote in the election either because "It's pointless. Those kids are going to go straight off of my lawn and onto that election-hacking machine of theirs" or "My vote won't count", the latter of which is age-old.

So I agree with the concept making voting open source. In my subjective slippery-slope universe, this will cause news-ussavvy "I voted Democrat since 1948" non-nerds not to vote and have the generally better informed of us vote. (Sounds elitist, I suppose.) Top hackers across the country could review the code for vulnerabilities, instead of us downloading "Diebold Security Patches" every 2 minutes under the current system. I realize that the US government will almost never accept this, but in my opinion it's good anyway, and maybe as secure as a completely hidden source code.

Of course, Diebold would lose profit. But that's a sacrifice they'll have to make for the red, white and blue, for the eagle soaring above, soaring... majestically! and the Americanness (Britishness) of apple pie (cobbler) all those other American cliches.

Re:Source code not even needed to hack these machi

[Anonymous Coward]

Ballot box are never left unsupervized. That's the difference.

Voting computers in The Netherlands

[Anonymous Coward]

Here in the Netherlands there is a group under the name of (translated) "we do not trust voting computer" (http://www.wijvertrouwenstemcomputersniet.nl/ [wijvertrou...ersniet.nl] in Dutch) who is actively discussing the accuracy and validity of voting computers. They posted on YouTube (http://www.youtube.com/watch?v=B05wPomCjEY [youtube.com]) a movie about how to scan the machines about what they registered as a vote. I think that software ruling democracy should be open source just as the entire democracy should be transparant.

They even posted a security analysis (in English) of the voting computer used in the netherlands http://www.wijvertrouwenstemcomputersniet.nl/other /es3b-en.pdf [wijvertrou...ersniet.nl].

Re:I forget the Link...

[daveinthesky]

"Computer programmer Clinton Eugene Curtis testifies under oath before the U.S. House Judiciary Members in Ohio (back in 2004)"

Is this the link?

http://www.alternet.org/blogs/video/40755 [alternet.org]

Count em' by hand

[PenGun]

It's very hard to beat and scales effortlessly. We've been doing it in Canada for a long time. Usually takes 4 - 5 hours after the last poll closes. Why do it the hard and screwed up way?

    PenGun
  Do What Now ??? ... Standards and Practices !

Re:Source code not even needed to hack these machi

[lawpoop]

The problem with electronic voting hacks is that a single person can change entire elections, in very little time, without leaving any evidence at all.

With paper ballots, you have to come up with a lot of other ballots if you want to stuff the ballot. That takes time, material, and co-conspirators. If you want to destroy ballots, you have to take them out of the box and get rid of them. You might shred, burn, bury them, or throw them in a river. That takes time, and leaves evidence and possibly witnesses. If you want to destroy enough ballots to change an election, you will probably also need co-conspirators, and will need to avoid witnesses.

So anything you do to change a paper election will take a lot of time, resources, and manpower, where as an electronic theft of an entire election is almost instantaneous, with no witness and no evidence *.

* Aside from exit polling.

Re:Disappointed! Period.

[daigu]

The elections in the U.S. are different from third world countries. Elections in the U.S. are by and large, worse [prospect.org]. The U.S. has never been concerned about the integrity of elections, much less anything that could be described as free or fair by a third party observer.

be cautious of a Diebold paper trail - not right!

[arete]

You, the voter, need to physically move your verified ticket into a box under the watchful eye of the election judge. This MUST NOT be done by machine, unless the machine also does it in an easily visible fashion under the watchful eye of an election judge - which is simply not what's going on.

I early voted on a Diebold voter verified machine - and it's NOT good enough. I even had a nice conversation with the technical election judge, and since it did print a verified trail I did have to go home and think about this before I realized how it sucked.

They totally and complete circumvented the idea of a voter verified paper trail.

The way this machine works is you vote, it prints, you can see-but-not-touch the printout. You can vote AGAIN (up to 3 times) and it voids the previous printouts. Again, without you touching them. Which means the process expects that some percentage of its paper trail will be voided. The printouts get sent into some magic compartment.

So 1) there's no way except by noise for the election monitors to know if it printed a variety of extra votes. And they were pretty quiet.

2) There's absolutely zero way to know if it went back and voided your vote, because there's plenty of precedent for voiding votes.

3) It can absolutely tell via paper alone who voted in which order; it's on a spool. Which could be easily tracked by anyone who watched what order people voted at that machine. Your votes are even less anonymous.

*sigh*

Life imitating art or vice versa?

[BrianRagle]

For a (slight) glimpse at the stakes of a game like this, consider the recent Robin Williams film "Man of the Year". The movie was okay, but the truly frightening thing was how likely a scandal like a rigged election, purposefully or otherwise, might take place. However, before I go into some facts I found through surfing about Diebold and electronic voting, I wanted to point out that even if it was demonstrated beyond a shadow of a doubt that Bush was elected through vote fraud of some kind (not that many of us need any further convincing), it doesn't mean Kerry automatically gets to take the White House and Bush is out. What would most likely happen, along with a series of investigations and lawsuits, is the Supreme Court court would invalidate the election results and declare a new election, at a reasonable time period. Dennis Hastert would assume the throne until the new election results were confirmed but nothing Bush has done would be invalidated, at least, not right away. Even if he was fraudulently elected, he was still the de-facto sitting President and so his actions would be legal (in a manner of speaking). Congress could take some action to reverse some of his doings, but that assumes they want to in the first place. Now, on to Diebold. Found via a Google of "Diebold facts": 1. 80% of all votes in America are counted by only two companies: Diebold and ES&S. http://www.onlinejournal.com/evoting/042804Landes/ 042804landes.html [onlinejournal.com] http://en.wikipedia.org/wiki/Diebold [wikipedia.org] 2. There is no federal agency with regulatory authority or oversight of the U.S. voting machine industry. http://www.commondreams.org/views02/0916-04.htm [commondreams.org] http://www.onlinejournal.com/evoting/042804Landes/ 042804landes.html [onlinejournal.com] 3. The vice-president of Diebold and the president of ES&S are brothers. http://www.americanfreepress.net/html/private_comp any.html [americanfreepress.net] http://www.onlinejournal.com/evoting/042804Landes/ 042804landes.html [onlinejournal.com] 4. The chairman and CEO of Diebold is a major Bush campaign organizer and donor who wrote in 2003 that he was "committed to helping Ohio deliver its electoral votes to the president next year." http://www.cbsnews.com/stories/2004/07/28/sunday/m ain632436.shtml [cbsnews.com] http://www.wishtv.com/Global/story.asp?S=1647886 [wishtv.com] 5. Republican Senator Chuck Hagel used to be chairman of ES&S. He became Senator based on votes counted by ES&S machines. http://www.motherjones.com/commentary/columns/2004 /03/03_200.html [motherjones.com] http://www.onlinejournal.com/evoting/031004Fitraki s/031004fitrakis.html [onlinejournal.com] 6. Republican Senator Chuck Hagel, long-connected with the Bush family, was recently caught lying about his ownership of ES&S by the Senate Ethics Committee. http://www.blackboxvoting.com/modules.php?name=New s&file=article&sid=26 [blackboxvoting.com] http://www.hillnews.com/news/012903/hagel.aspx [hillnews.com] http://www.onlisareinsradar.com/archives/000896.ph p [onlisareinsradar.com] 7. Senator Chuck Hagel was on a short list of George W. Bush's vice-presidential candid

Re:Source code not even needed to hack these machi

[Anonymous Coward]

It's funny my parent post got a score of 0. I was speaking in reference to a lecture I heard from a lady from Renton, WA, who stepped upon an FTP site with the Diebold software. There was a directory called "Rob-Georgia", I might add. In this was 3+ Gigabytes of files from Diebold. This stuff was uploaded and when she tried to get people to pay attention, no one bothered to (like the moderator who decided not to score the parent post).

To make a long story short, she uploaded the files to an area where technologically savvy people frequent, and said, "Hey guys, take a look at this." The only people that replied were the people willing to take a stand, i.e. the programmers at Princeton.

So, for an "unimportant post", I divulged information that actually happened. You see, after government officials became aware of flaws in the software, they still kept the Diebold machines in their budgets (hundred of millions of dollars in sum, mind you). Huge amounts of money is being spent on machines that have software programmed by douchebags up in Canada. These machines can be telephoned into to be monitored (good ole' Windows RAS). Oh, and the whistle blower lady was harrassed, her house being broken into subsequently and her being monitored by a government agency, which she has had to talk with regularly.

Yep, you trust your election security to software programmed by dumbasses using Microsoft Access as a database. You trust your election security to individuals that are allowed to bring the Diebold machines home with them after elections are conducted. You trust people to count elections who are ex-convicts hired out by contracting firms.

Why? Um, well, because, um, I think they can be trusted? Oh, that sounds sooooo comforting.

Let's ignore the whole issue about suffrage that was fought so hard for.

My only logical conclusion if people can possibly ignore what I just wrote is that they are idiots. I just hope slashdot readers are a set above the curve.

Re:Due diligence--some places practiced it

[JimBobJoe]

One would think that the state would require the sourcecode for due diligence...

My county (Franklin County, Ohio) expressed a "strong preference" for their voting machine vendor to provide the source code to a 3rd party elections systems assessor.

It was not a requirement, but the fact that Diebold wouldn't, but ES&S [essvote.com] would was one of the reason why Franklin County chose the ES&S system.

Keep in mind, there was no directive from the Ohio Secretary of State on this issue, nor a law from the General Assembly requiring it. Franklin County probably has the most concerned and intelligent leadership running its board of elections, and in that regard, establishes great precedence for the other 87 counties, but they are certainly not under obligation to follow its lead.

As a Maryland Election Judge...

[mrfett]

So I'm going to be an election judge here in Montgomery County this election day. Lots of people have been asking "how can a state government allow closed-source machines to be used?" The answer, unfortunately, is simple and disgusting. Readers of the daily paper should be familiar with Representative Bob Ney, he's pleaded guilty to illegal dealings with Jack Abramoff. Congressman Ney's committee was in charge of the Help America Vote Act (HAVA). This was a thoroughly modern piece of legislation (and by modern I mean written entirely by the industry it funnels taxpayer money to). Congressman Ney actively blocked attempts to mandate a paper trail. He was doing the bidding of his corporate constituents (I don't mean to imply that there is any other kind) who had paid a few disability groups to endorse mandating zero paper voting due to supposed "privacy" concerns. In summary, it has been the voting companies who have pushed us in this direction, and their reasoning is HIGHLY suspect. Let me be clear: I cannot fathom any reason other than a desire to manipulate elections for the resistance to paper trails. Laws mandating paper use would only funnel more money into these firm's pockets. Their resistance to making the process more transparent seems to stem from not wanting to sever a more lucrative revenue stream they want to keep under wraps.

So the deal is, concerned citizens now have to come and babysit elections. We train on all the fine points of who can access the machines and are basically there to watch the Diebold personnel to ensure they don't "patch" the machines at the last minute. It's fucking insane. As you can probably tell, I'm highly suspect of America's status as a democracy anymore, but I'm doing my best to help us recover. I'll give it a few more years, but the state of affairs is pathetic. We seem set to turn our elections over to the corporations that are running our country (and, as a consequence, our foreign and domestic policy). If Americans don't start giving a shit, this country is over.

You say the Diebold source code was put on an FTP

[falconwolf]

That's old news
Adam Stubblefield [techtarget.com], a Johns Hopkins University doctoral student, along with Yosh Kohno from the University of California, San Diego, last year produced a report detailing the security problems with Diebold Election Systems' source code after it was left on an open FTP server and eventually leaked to the Internet.

Here's another one:
Gary McGraw, CTO of Cigital Inc. [techtarget.com], cited the formerly proprietary code that runs Diebold Election Systems' AccuVote-TX electronic voting machines as an example. A voting activist was able to download the source code from a Diebold FTP site, which led to the exposure of a number of security flaws in the software and widespread questions about the accuracy of the machines and the integrity of votes cast with them.

Falcon

e-voting

[falconwolf]

What we need is legal access to the actual code (+source, compiler, bootstrap process) running on the machines, not an illegal access to a piece of code someone chose to 'leak'.

And more importantly, we need voter-verified paper trail.

India's e-voting seems to be a pretty good system: Learning from India's Electronic Voting System [sepiamutiny.com]

Falcon

Do you understand what "paper trail" means

[benhocking]

If so, how would a "paper trail" reveal any trade secrets - unless the secret was that the machine was cheating, of course?