Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Hotel Minibar Key Opens Diebold Voting Machines

Posted by kdawson on Mon Sep 18, 2006 01:47 PM
from the expensive-miniatures-and-macademia-nuts dept.
Security Government Politics
Billosaur writes, "As if Diebold doesn't have enough to worry about! On the Freedom To Tinker blog, Ed Felten, one of the co-authors of the recent report 'Security Analysis of the Diebold AccuVote-TS Voting Machine', reveals an even more bizarre finding related to the initial report. It turns out that you can gain access to an AccuVote-TS machine using a hotel minibar key. In fact, the key in question is a utilitarian type used to open office furniture, electronic equipment, jukeboxes, and the like. They might as well hand them out like candy."
+ -
story

Related Stories

[+] Your Rights Online: The Diebold Voting-Machine Hack 277 comments
Warm John writes to mention a short article on Doctor Dobbs Journal about the Hack that couldn't be done. "Hacking a Diebold voting machine was the focus of Cigital's Gary McGraw's keynote at SD Best Practices. He discussed 'Security Analysis of the Diebold AccuVote-TS Voting Machine,' a paper released by Edward Felten, Ari Feldman, and Alex Halderman of the Princeton Center for Information Technology Policy. 'The paper details a simple method whereby the Princeton team was able to compromise the physical security of a Diebold voting machine, infecting it with a virus that could change voting results and spread by memory-card to other machines of the same type.'"
[+] News: Brave New Ballot 137 comments
Ben Rothke writes "In an important new book Brave New Ballot: The Battle to Safeguard Democracy in the Age of Electronic Voting, Avi Rubin writes 'too often in American life, when it comes to divisive issues, the facts can be less important than the weight of public opinion'. That basically sums up Rubin's story in this fascinating story of his frustrations in dealing with government and corporate officials in his quest to show that e-voting was not as secure as it was originally made out to be." Read the rest of Ben's review.
[+] Politics: Maryland Fights to Keep E-voting 250 comments
crystalattice writes "Apparently Maryland election officials never have computer problems. That's why they're fighting so hard to keep their Diebold e-voting machines. Washington Post reporter Marc Fisher received nothing but bad attitudes, dodges, and excuses when he attempted to discuss the issue with the state elections administration and Diebold." From the article: "I asked the state's elections administrator, Linda Lamone, whether Maryland wasn't just a bit too quick to adopt electronic voting. Doesn't the computer at your desk ever freeze up on you? 'No,' she replied. Never? 'No.' But surely people in your office have had that experience? 'No.' (Maybe we've found the solution to Maryland's voting problem: Everybody head on down to Linda Lamone's office, where the machines work 100 percent of the time.)"
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Hotel Minibar Key Opens Diebold Voting Machines 25 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Why would we expect anything else? (Score:5, Insightful)

    by KingSkippus (799657) * on Monday September 18 2006, @01:48PM (#16131684) Homepage Journal

    I know I'm preaching to the Slashdot choir, and it's been said a thousand times before, but as long as we have closed voting processes, we're going to have people screwing up by doing things like having voting machines accessible with hotel minibar keys. We hate Microsoft for their closed-source software, yet we continue to accept this kind of idiocy.

    Quick question: If we have viable alteratives, such as those presented by the Open Voting Consortium [openvotingconsortium.org], why do we continue to bother with these stupid Diebold machines? I know, dumb answer, because Diebold pays the people who decide lots and lots of money.

    I would say write to your Congresscritters [vote-smart.org] and let them know that you want these screwed up pieces of junk out of our polling locations, but like I said, I know I'm preaching to the Slashdot choir, and you won't do it. >:-( But realistically, just know that until you do, we can look forward to many, many more articles about this kind of thing. Ooh, at least until we see the one that says, "Electronic voting machines hacked! Election results tainted!." Or even better, when we see nothing at all and Richard M. Stallman is mysteriously elected President in a write-in landslide.

    sigh Oh well, it was worth a shot. Just give me my damn +5 and go back to reading about lasers on Intel's chips now.

    • Re:Why would we expect anything else? (Score:4, Funny)

      by Kesch (943326) on Monday September 18 2006, @02:00PM (#16131784)
      Or even better, when we see nothing at all and Richard M. Stallman is mysteriously elected President in a write-in landslide.


      The more I think about this, the more this seems to be a nice solution. Get a bunch of geeks armed with minibar keys and flash cards. Once Mario and Yoshi are the leading candidates in 14 different states, the public will be sure to take voting security seriously.

      Of course you will have to deal with a huge election fiasco along with finding enough people willing to commit election fraud.

      • Re:Why would we expect anything else? (Score:5, Interesting)

        by TubeSteak (669689) on Monday September 18 2006, @02:16PM (#16131936) Journal
        The more I think about this, the more this seems to be a nice solution. Get a bunch of geeks armed with minibar keys and flash cards. Once Mario and Yoshi are the leading candidates in 14 different states, the public will be sure to take voting security seriously.
        Honestly, I don't think that is the solution.

        A more relevant question is: What are the penalties (criminal or civil) for using a key to open a voting machine during polling and doing nothing else.

        You don't have to actively fsck things up to get the machine pulled. IMHO, merely opening the machine up would make for a good act of civil disobediance.

        If the punishment is not something trivial, videotape yourself in the act and release it anonymously onto the internet the same day.

        Even if the election officials do absolutely nothing, it'll show up on the evening and nightly news. That will be good or bad, depending on your perspective, but will definitely be noticed.
    • You raise a number of valid points, and while I...

      Wait a minute... Did you say lasers !?!

    • Re:Why would we expect anything else? (Score:5, Informative)

      by Beryllium Sphere(tm) (193358) on Monday September 18 2006, @03:59PM (#16133039) Homepage Journal
      >I know, dumb answer, because Diebold pays the people who decide lots and lots of money.

      That's a documented fact, not random cynicism:

      Voting machine vendors offer cruises, funding and jobs to election officials [nytimes.com].

  • Where can I buy one of these voting machines? (Score:5, Funny)

    by east coast (590680) on Monday September 18 2006, @01:48PM (#16131686)
    I'd like to have access to the minibar.

  • What's needed now (Score:5, Insightful)

    by daveschroeder (516195) * <das@doit.3.14wisc.edu minus pi> on Monday September 18 2006, @01:48PM (#16131688) Homepage
    Electronic systems - including electronic voting machines [princeton.edu] - will always be able to be tampered with, no matter who makes them, no matter what their CEOs stupidly say, no matter what ongoing audit mechanisms are implemented, whether they're open or proprietary, and no matter what legislation or other initiatives mandate or recommend them.

    Finding out that computer systems can be tampered with and that some large-scale enterprise-class systems can have shoddy security, physical and otherwise, should come as no surprise to us, particularly in this community. On this particular issue, a generic security key is used because of key management issues and the fact that casual access is what's being prevented. Neither of which excuses this or any of the numerous other glaring shortcomings and flaws in this equipment. No one - citizen, politician, or party - benefits from universally shoddy security on electronic voting systems. No one.

    Remember, too, that voting legislation, in large part in response to issues in the 2000 election, designed to ensure fair, uniform, and universal access to voting for all citizens by mandating electronic voting equipment, such as HAVA (2002) [fec.gov], were Democratic and bipartisan efforts.

    The real issue is that Congress screwed up: they inherently, and erroneously, believed that since we trust so many critically important things to machines, certainly reliable electronic voting is possible, and indeed, we use automation, computers, and machines in almost every aspect of our lives to increase efficiency and reliability - why should voting be any different?

    Except for one problem: when you're trying to administer a one-vote-per-person system that also maintains anonymity, and also disallows any external entity from discovering who voted for which candidates, when there is no permanent, voter-verified paper trail, the system as a whole cannot be trusted, since any level of security will always be able to be overridden. This has nothing to do with open source versus proprietary, or how shoddy physical security on e-voting systems is. A permanent, voter-verified paper trail solves all of these problems.

    The only problem is that no legislation mandating electronic voting systems includes or speaks to any provisions requiring permanent paper receipt printing capability. All of the major e-voting vendors - Diebold, ES&S, and Sequoia - have this capability, but it's an add-on that requires retrofitting existing equipment, or in some cases, purchasing new equipment. And that takes money many counties and municipalities - particularly in the most hotly contested areas - don't have. (Hint: it's not just poor areas that have long lines [slashdot.org])

    Our focus now should be on passing legislation that requires permanent voter-verified paper trail capability on all newly deployed e-voting systems, and allocates funds and creates a timeline for deployment on existing systems. Please, continue to raise this issue with both your county election officials and your elected representatives.

    This issue is too important and too critical to the integrity of our election process to let rest.

    ---
    Temporary disclaimer, since this seems to have been an issue for people reading my posts lately: I am not a Republican, did not vote for Bush in the last election, and have always voted for more non-Republican (usually Democratic) candidates since I have been voting.

    • NOT A RECEIPT! (Score:5, Insightful)

      by argent (18001) <peter AT slashdo ... taronga DOT com> on Monday September 18 2006, @02:06PM (#16131838) Homepage Journal
      The only problem is that no legislation mandating electronic voting systems includes or speaks to any provisions requiring permanent paper receipt printing capability.

      Do not use the word "receipt" in this context. A receipt is something that you take with you, as a personal record of a transaction. A receipt is worse than useless here... you don't WANT people to be able to show the party bosses that they voted the "right way".

      What is needed is a "permanent paper ballot capability", where the ballots are retained at the voting place and serve as the primary official paper (ahem) trail.

  • Moo (Score:4, Funny)

    by Chacham (981) on Monday September 18 2006, @01:50PM (#16131702) Homepage Journal
    the key in question is a utilitarian type

    That's the problem right there. You should never religion and state, it always makes one cross.
  • Let me see, this key opens voting machines, mini-bars, jukeboxes, etc? Sounds pretty shiny, where do I get one! I need to add it to my lil' bastard music-copying, alcohol-drinking, electrion-throwing kit.

  • The lock is even less sophisticated than that. (Score:5, Informative)

    by JaredOfEuropa (526365) on Monday September 18 2006, @02:04PM (#16131829) Journal
    If you watch the video of the university guys explaining the hack, you'll see a good closeup of the lock. The lock looks like a real cheapy one; something you'd find on one of those floppy disk / CD storage boxes, or the kind they put on suitcases. I betya the keys for those boxes/suitcase will open this lock as well, with a little jiggling. Hell, these locks can be opened with 2 paper clips.
  • With the Diebold UberFascer 6000, you can Fix elections AND enjoy a hard-earned single malt scotch!

  • This is not a problem for our Administration (Score:4, Funny)

    by bill_kress (99356) on Monday September 18 2006, @02:16PM (#16131938)
    Your current administration will have no problem fixing this, it's simply a case of outlawing office equipment/minibar keys.

    You shouldn't be locking stuff in your desk anyway, what are you a terrorist?

    As for minibar keys--it is the view of our administration that you shouldn't be drinking on business in the first place, it's not good for America! Do you really want to help the terrorists win???

    We will ensure all minibars are re-keyed with special locks, the keys to which will be restricted to government employees only (Our administration has proven itself to be Above all Laws but God's, and God never said not to drink, so we therefore deserves access)

    When minibar keys are outlawed, only outlaws will have minibar keys--then we know who to detain, harass or shoot (our call).
  • These Voting machines actually do what they say they do. They vote for us. Thanks to the advances in voting machine technology, humans will be relieved the burden of actually voting altogether! Voting machines are clearly a terrific labor saving device.

    I, for one, welcome our new......oh. Too late.
  • Pretty please...with sugar on top.

    Either make voting machines as secure as slot machines, or let mini bar keys open up slot machines.

    Either or. I'm not picky.

    • After all, these machines were never seriously designed with security in mind...they were designed to be easily compromised.

      That's bullshit, and you know it.

      When these systems are vulnerable, it's just as easy for ANYONE to take advantage of that fact. Not one party or one political stripe.

      As for ATM security:

      Citibank ATM fiasco "worst ever" [boingboing.net]
      ATM reprogrammed to give out 4 times more money [hamptonroads.com]
      Diebold ATMs hit by Nachi worm [interesting-people.org]

      • Re:Can't say I'm surprised... (Score:4, Interesting)

        by spun (1352) <loverevolutionar ... m ['oo.' in gap]> on Monday September 18 2006, @02:31PM (#16132081) Journal
        That's bullshit, and you know it.

        Really, do you think so? On the surface, that's a perfectly rational response, I mean, everyone has the same access to these machines, right? What's the point of deliberately making a system everyone can cheat at?

        Perhaps not everyone does have the same access. Peerhaps certain voting machine companies favor one party or the other, and provide detailed instructions to their favored candidates. Perhaps something is going on further behind the scenes, giving certain favored groups privileged access to the counting machines themselves, making cheating at the machine level a moot point.

        It just seems odd that a company with the skills to make ATM machines nearly impenetrable can't make a voting machine as secure. The track record of ATMs seems to rule out incompetance. Despite your scanty anecdotal evidence to the contrary, ATMs are on the whole very secure. Banks are notoriously picky about that sort of thing, and any company that could not make a secure ATM would find themselves out of the ATM market very quickly, and probably facing massive lawsuits.

        What, then, is your explanation of why these machines are so insecure?

      • Re:Can't say I'm surprised... (Score:5, Interesting)

        by Minwee (522556) <dcr@neverwhen.org> on Monday September 18 2006, @02:41PM (#16132180) Homepage
        When these systems are vulnerable, it's just as easy for ANYONE to take advantage of that fact. Not one party or one political stripe.

        The phrase you are looking for is "Plausible Deniability". If you design a machine that can only be comprimised by a single party then you're clearly a crook. If it can be hacked by a pre-school class with plastic hammers then you can claim to be merely hopelessly incompetant.

    • Most of those smaller lock cylinders use the same key patterns. Those desk drawer keys and cabinet keys use a very common key blank (usually a Y11 based on a Yale brand cylinder) and from that point there are only a few combinations of cut. Cash drawer manufacturers and receipt printer companies use the same common key, so that explains why you can open McDonald's cash registers..you can likely open mine as well. For cash drawers the key is really just functioning as a latch...same wtih desk drawers and cabinets. A determined thief will get in anyway so it's just to keep the casual thief from pulling the drawer open without delay.

      For a voting machine one would hope that they would have used more secure cylinders like the round 7-pin cylinders or maybe Medeco style. The voting machine locks should be at least as secure as unattended machines that hold money, like soda machines, slot machines, even pay phones. Those machines have secure locks with tough-to-duplicate keys. I guess protecting Pepsi is more important than our protecting electoral process.

      John

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.