Diebold Disks May Have Been For Testers

opencity writes "The Washington Post reports on the two Diebold source disks that were anonymously sent to a Maryland election official this past week. Further investigation has lead individuals involved to believe the disks came from a security check demanded by the Maryland legislature sometime in 2003." From the article: "Critics of electronic voting said the most recent incident in Maryland casts doubt on Lamone's claim that Maryland has the nation's most secure voting system. "There now may be numerous copies of the Diebold software floating around in unauthorized hands," said Linda Schade, co-founder of TrueVoteMD, which has pressed for a system that provides a verifiable paper record of each vote."

These are the disks we returned to the state

[Anonymous Coward]

I was one of the RABA testers. We discussed this today and we returned the disks to the testers. The leaks came from Linda Lamone's OWN OFFICE!

Re:New tag

[DeadboltX]

It is people like you that cause the tagging system to not work properly.

The purpose of the tagging system is so that you can tag an article with words that you would use in order to search for such an article.

Proper tags for this article may include "Diebold" "voting machines" "Maryland"

Then when someone searches for "voting machines" this article shows up, even though the the article summary may not include the words "voting" or "machine". This is sort of a wikipedia approach to tagging articles to make them more easily searchable.

No one is ever going to search for "wretchedhiveofscumandvillainy" and so your tag is not only dumb but also useless.

I hope you appreciate that I am sacrificing modding you down in order to give you a proper rundown of the tagging system

Re:New tag

[bunions]

The tagging system is a joke. 90% of all tags are either words in the article title, or one or more of "fud, notfud, yes, no, maybe."

Diebold machines aren't designed to be secure

[nephridium]

Back in 2004 computer programmer Clint Curtis testified under oath [youtube.com] that he had been asked by a congressman to write software that would make it possible to rig elections. He quite blandly states that "anyone" (with the expertise) could write software to rig elections, because the system has not been secured in any way.

Re:If the attackers can use the source to attack i

[Anonymous Coward]

I know this is an unpopular opinion on Slashdot (which is built around open-source principles), but it is true. I am not saying that diebold should be trusted, but I am saying that your assertion that closed source has to inherently be less secure than open source is flawed. A solid architecture is a solid architecture...

I think the reasoning here on slashdot tends to be that: Without the source code you cannot say whether something is more secure or less secure therefore the safest assumtion is that it is less secure. So not having access to the source doesn't make something inherently less secure, just makes it inherently less trustworthy.

Seeing the source would allow verification of the security of the design. Not seeing the source lends an air of "security through obscurity," sort of a "trust us, it's secure" which doesn't go over well.

Re:New tag

[mortonda]

I just wasted mod points for no reason at all.

What's the point again?

Slight correction

[TubeSteak]

Kagan did the right thing, which was to contact the state elections officials, who in turn contacted the FBI, who went and talked to Kagan.

I went back and looked at the original Baltimore Sun story [baltimoresun.com]

The Baltimore sun says that "Kagan called the attorney general's office, and word of the disks began to spread. Learning of the development, Linda H. Lamone, the state's elections chief, reported Kagan's possession of the code to the FBI yesterday [Oct 19]."

Which only reinforces my point, since
Attorney General > State Election Chief

Re:New tag

[TommydCat]

(To mod: Troll? WTF?)

I agree - I don't have tons of time to surf anymore and I steal a glance at the tags before considering whether to actually RFTA or not. I can't imagine myself using the search function for anything in particular, as fish, relatives and /. articles all get a bit smelly after a few days.

Yes, tags are the greasy new flavor feature, but if it's strictly for indexing, searching, whatever, why bother showing them on the front page? We as the users will abuse anything given a chance...err I mean use as we see fit.

Re:Not 1337 h4x0rs!

[dido]

Ordinarily, I'd agree, but this is a company whose CEO at the time said on the record [commondreams.org] that he is "commited to helping Ohio deliver its electoral votes to the president". He did exactly as promised, looks like. Open partisan bias like this makes me more inclined to believe that malice was involved.

Re:Voting and ATM machines unrelated.

[TFloore]

The fact that diebold also makes ATM's indicates nothing less than malice in the design ...

Diebold BOUGHT the voting machine deisgn (by buying the company that made it). It is unrelated to their ATM designs.

They slapped the company name on it after they bought it. That says "We stake our reputation on this product."

Or at least, that's what it says to me.

Or, looked at another way, they thought the product was good enough to buy and put their name on.

I'd say that makes it related.

This is the same reason (you knew I couldn't hold the rant in, didn't you?) that I want to boycott *all* Sony products after seeing/hearing what Sony BMG did with root kits on audio CDs (and some other things in their consumer electronics lines, yes, I'm talking about DRM in BD). They said "We put our company name behind this product, and you can judge our company by this product."

Well, they did, and I did.

As to the "malice in design" specifically... have you looked at the software people that coded the voting machines? As of a few years ago, a bunch of them had convictions for fun crimes like computer fraud... just the sort of people *I* want coding my voting machine. Check the wiki entry [wikipedia.org] for them.