Martinicity: Tag dieboldMike Blaketag:www.martinicity.net,2005:TypoTypo2006-09-15T00:10:25+00:00Mike Blakeurn:uuid:0b43e91b-9a16-4d41-a689-2a1e532dcd272006-09-14T22:23:00+00:002006-09-15T00:10:25+00:00Security Flaws in Diebold's AccuVote-TS voting machine<p>Princeton researchers have <a href="http://itpolicy.princeton.edu/voting/">clearly demonstrated</a> (watch the video) that the a model of the Diebold AccuVote-TS voting machine which has been used in US elections can easily be altered to steal votes in an election.</p>
<p>In their <a href="http://itpolicy.princeton.edu/voting/ts-paper.pdf">full report</a> The researchers predicted that Diebold would claim that their other products were safe. Diebold went one better and actually tried to <a href="http://newsblogs.chicagotribune.com/news_theswamp/2006/09/diebold_stands_.html">refute the obvious</a> with smoke and mirrors.</p>
<p>There are serious problems with several statements in Diebold’s <a href="</p">rebuttal</a>>
<blockquote><b>
“The unit has security software that was two generations old, and to our knowledge, is not used anywhere in the country.” </b>
</blockquote>
The author’s of the study noted that there is newer software, but the tested software was certified and used in elections. They also go on to say that some of the security flaws they found could only be addressed by hardware upgrades. The Diebold machines are running on a Windows CE operating system. As far as the claim “<b>to our knowlege</b>, not used anywhere in the country” , why because there are no elections today?
<blockquote><b>“Normal security procedures were ignored.”</b>
</blockquote>
Ahem, That’s the point of the demonstration, To show that the security of the machine is flawed. “Our machine works great if no one hacks it!”
<blockquote><b>
“Numbered security tape, 18 enclosure screws and numbered security tags were destroyed or missing so that the researchers could get inside the unit.”</b>
</blockquote>
Right but physically opening the machine was just one of 3 separate possible ways the demonstrators showed to install the malicious software. What about when they had a copy of the key, or when they picked the lock?
<blockquote><b>
“A virus was introduced to a machine that is never attached to a network.”</b>
</blockquote>
<p>Correct! Viruses have been around as long as floppy disks. Sure they don’t spread as fast as over the network, but slow spreading viruses aren’t pretty either.</p>
<blockquote><b>
“By any standard – academic or common sense – the study is unrealistic and inaccurate.”</b>
</blockquote>
A misleading statement not backed up with a single fact. The video of the machine being hacked is all too real.
As the authors of the study note:
<blockquote><b>
“We expect Diebold to respond to this paper by offering similar assurances about other versions of their
software and about their closely related AccuVote-TSx product. In light of past experience, public officials
should remain skeptical until such claims are confirmed by independent investigators with full access to the
machines and software. ”
</b></blockquote>
<p>While future assurances from Diebold may be more cleverly written, let’s hope that public officials are more careful and skeptical in the future.</p>