Opening Diebold Source, the Hard Way

Doc Ruby writes to tell us about an article in the Baltimore (MD) Sun, reporting that someone sent a package to a former legislator containing what appears to be Diebold source code. From the article: "Diebold Election Systems Inc. expressed alarm and state election officials contacted the FBI yesterday after a former legislator received an anonymous package containing what appears to be the computer code that ran Maryland's polls in 2004... The availability of the code — the written instructions that tell the machines what to do — is important because some computer scientists worry that the machines are vulnerable to malicious and virtually undetectable vote-switching software. An examination of the instructions would enable technology experts to identify flaws, but Diebold says the code is proprietary and does not allow public scrutiny of it." Read on for more of Doc Ruby's comments and questions.

Maryland's primary elections last month were ruined by procedural and tech problems. Maryland used Diebold machines, even though its Republican governor "lost faith" in them as early as February this year, with months to do something about it before Maryland relied on them in their elections.

The Diebold code was secret, and was used in 2002 even though illegally uncertified — even by private analysts under nondisclosure. Now that it's being "opened by force," the first concern from Diebold, the government, and the media is that it could be further exploited by crackers. What if the voting software were open from the beginning, so its security relied only on hard secrets (like passwords and keys), not mere obscurity, which can be destroyed by "leaks" like the one reported by the Sun? The system's reliability would be known, and probably more secure after thorough public review. How much damage does secret source code employed in public service have to cause before we require it to be opened before we buy it, before we base our government on it?

Closed source?

[insomniac8400 (590226)]

I think the closed source parking garage was a perfect example why the government shouldn't let a private company control government assets or processes.

Source code not even needed to hack these machines

[Salvance (1014001)]

With all the vulnerabilities in voting machines, it amazes me that the states do not mandate paper trails. Someone wouldn't even need access to the source code to start changing votes. For example, in this report from ABC News on October 1st [go.com], they discuss a method to almost invisibly manipulate both votes recorded and logs, all with only a couple minutes access to a voting machine.

Here's an excerpt:
In a paper last month, "Security Analysis of the Diebold AccuVote-TS Voting Machine," (available at http://itpolicy.princeton.edu/voting/ [princeton.edu]) Princeton computer professor Edward W. Felten and two graduate students Ariel J. Feldman and J. Alex Halderman discussed a common Diebold machine. They showed that anyone who gets access to the machine and its memory card for literally a minute or two could easily install the group's invisible vote-stealing software on the machine. (Poll workers and others have unsupervised access for much longer periods.) Changing all logs, counters, and associated records to reflect the bogus vote count that it generates, the software installed by the infected memory card (similar to a floppy disk) would be undetectable. In fact, the software would delete itself at the end of Election Day.

Re:Source code not even needed to hack these machi

[StarfishOne (756076)]

Besides taking the effort to install invisible vote-stealing software, one can just open the MS Access database and edit the values: http://www.scoop.co.nz/stories/HL0307/S00065.htm#v otes [scoop.co.nz]

Re:Source code not even needed to hack these machi

[by Anonymous Coward]

FUCK A PAPER TRAIL. We need PAPER ELECTIONS. Just that simple. Can paper elections be rigged? Of course they can. Can they be rigged as easily, as invisibly, as completely as digital elections? Hell no. What's mind boggling is that there's even a debate here. Get rid of digital voting machines. Hell, get rid of ANALOG voting machines. Piece of paper, ink pen, padlocked metal box. That's how sane people run elections. The notion of there being anything worth debating here is nothing but complete bullshit.

Re:Source code not even needed to hack these machi

[frdmfghtr (603968)]

FUCK A PAPER TRAIL. We need PAPER ELECTIONS. Just that simple. Can paper elections be rigged? Of course they can. Can they be rigged as easily, as invisibly, as completely as digital elections? Hell no. What's mind boggling is that there's even a debate here. Get rid of digital voting machines. Hell, get rid of ANALOG voting machines. Piece of paper, ink pen, padlocked metal box. That's how sane people run elections. The notion of there being anything worth debating here is nothing but complete bullshit.

I have to agree--it has been proven that we, as a technologically advanced society, cannot reliably run an election using any sort of machine to count the ballots. I mean, when a machine counts more votes in a precinct than there are registered voters, that should be a big red flag lit up with a bright spotlight saying (no, SCREAMING) "Hey, something is all screwed up here, better take a look!" I wonder how many "irregularities" like this DON'T get caught.

I will still support the use of some form of digital voting machine to print these paper ballots with the voter's choice marked, so that the ballots are marked in a consistent fashion and help prevent spoiled ballots (two candidates marked for the same position for example) but to count them, you need people, and only people.

A rep from each candidate's election campaign to monitor the count and an official counter are what you need. Go ahead and use a spreadsheet to total up the counts if you like, since building a spreadsheet that can add two numbers is still something we can do reliably, but the official count for a precinct is done by hand.

Re:Source code not even needed to hack these machi

[maynard (3337)]

The difference is that the Princeton team wrote a vote-switching virus which would spread itself through the smart cards used to tabulate votes. Thus, one infection could -- in time -- spread to any arbitrary number of machines without the knowledge of poll workers (or voters).

That outcome is obviously not possible with manual election rigging.

Re:Source code not even needed to hack these machi

[lawpoop (604919)]

The problem with electronic voting hacks is that a single person can change entire elections, in very little time, without leaving any evidence at all.

With paper ballots, you have to come up with a lot of other ballots if you want to stuff the ballot. That takes time, material, and co-conspirators. If you want to destroy ballots, you have to take them out of the box and get rid of them. You might shred, burn, bury them, or throw them in a river. That takes time, and leaves evidence and possibly witnesses. If you want to destroy enough ballots to change an election, you will probably also need co-conspirators, and will need to avoid witnesses.

So anything you do to change a paper election will take a lot of time, resources, and manpower, where as an electronic theft of an entire election is almost instantaneous, with no witness and no evidence *.

* Aside from exit polling.

Nuanced distinction

[benhocking (724439)]

What if the voting software were open from the beginning, so its security relied only on hard secrets (like passwords and keys), not mere obscurity, which can be destroyed by "leaks" like the one reported by the Sun?

Of course, passwords and keys can also be destroyed by leaks. The important distinction is that - if you're aware of the leak - it's much easier to assign a new password/key than to fix the software.

Due diligence

[turbofisk (602472)]

One would think that the state would require the sourcecode for due diligence...

What is the specific "problem"?

[khasim (1285)]

#1. Flaws in the code that could be exploited by anyone who knew them. The classic "security via obscurity". This is just plain stupid.

#2. Trade Secrets would be revealed. So Diebold has some ingenious work in the system that it does not want revealed.

#3. Stolen code would be revealed. So Diebold illegally incorporated code from someone else in their product and doesn't want anyone to see it.

#4. Legal code re-use. So Diebold uses the same code on their ATM's as their voting machines and they worry that anyone with access to the voting code could POSSIBLY find a flaw in the ATM systems.

Anyone have any other possibilities?

Re:What is the specific "problem"?

[CosmeticLobotamy (155360)]

#5. They're just selling cheap-ass computers running a crappy piece of software at a hideous mark-up, and they don't want to have to compete with 50 other companies selling the same cheap-ass computers running the same crappy software, or software just different enough not to violate their copyright.

Program complexity

[NJVil (154697)]

Apart from a layer of security, just how complex does the software have to be?

(Clear all variables)
Enter selections
Hit accept/enter
Accumulate values for all selections
Clear screen
(Repeat)
Export at end of election

Why the hell does something of this level of incomplexity even need to be closed source?

Re:Program complexity

[From A Far Away Land (930780)]

"(Clear all variables)
Enter selections
Hit accept/enter
Accumulate values for all selections
Clear screen
(Repeat)
Export at end of election"

You forgot the most important steps, and the reason these machines are a scam:
- ??? [Elect who corporation pays for]
- Profit!

Hey, if you can't beat them...

[LuminaireX (949185)]

How long before we can download it on Bittorrent?

Cracker or insider?

[WindBourne (631190)]

If this is an insider, then I have to guess that it is somebody who is concerned about some piece of the code. Otherwise, I would guess that it is a cracker who was able to break through the famous Windows security at diebold and grab the source.

On a related note

[value_added (719364)]

I saw on Lou Dobbs [cnn.com] yesterday a piece that showed election officials rushing out to hire grad students to help out with the coming election. The reasoning was that widespread failures (mechanical, networking, software, etc.) were expected and election officials and staffers unanimously considered themselves as both unprepared and unable to deal with anticipated problems. A quick search for election jobs [monster.com] seems to validate the story.

What's in the code?

[HangingChad (677530)]

Or maybe they're worried that the code contains evidence of tampering with election results? Otherwise it's just code. Just because it's public doesn't mean Diebold loses their copyright.

But if that code contains evidence of treason...which is what tampering with election results would be...then anyone involved deserves to be stood up against the nearest wall and shot. Then leave the bodies as a permanent reminder to anyone else thinking about ballot stuffing.

The real question is if the results were rigged, what's that do to the Bush presidency? It would seem to invalidate the '04 election. That means anything he's done while in office should be voided and Kerry should be allowed to serve out the rest of his term. It gets really interesting to consider that the deciding vote on the Supreme Court would be one of those invalidated actions.

Re:What's in the code?

[Sven Tuerpe (265795)]

Or maybe they're worried that the code contains evidence of tampering with election results?

My favorite conspiracy theory at this point is this:

If you were in a position to tamper with election results by manipulating the code of voting machines, what would be the most obvious cover-up?

Exactly. You would make sure that a clean version of the code "leaks", which shows no evidence of any tampering whatsoever.

Wave your rights..

[msimm (580077)]

Voting is public. How can a company legally be allowed *not* to disclose the mechanics of a system built to be used in public elections. What .. we should just assume we can trust the democratic system in the hands of big business? Every programmer? Every engineer? They might as well just hire a bunch of staff that go house to house promise to vote for us.

There are lots of things that you should be able to keep secret, but not how my voting system works. We might as well do away with it altogether.

Here's one thing I want to know

[erroneus (253617)]

Who are the people, other than DieBold, that support DieBold's secrecy? Who are the people who would like to preserve things as they are rather than fix the problems that the rest of the interested public is concerned about?

I think that when we can publically identify who these people are, we can either have a proper public debate on the topic or we can put the matter to rest by exposing the corruption that has been going on.

Re:Open source & Availability

[N3Roaster (888781)]

It's true that with open source, someone could potentially find a flaw, not tell anybody about it, and then exploit that flaw to manipulate an election. Why would someone do that? Obviously to advance an agenda, either by getting a win for a particular candidate who supports that agenda (so you'd want to manipulate the votes in a sneaky way) or if your agenda is getting rid of these voting machines, producing results that are clearly absurd (landslide victory for the Stallman write in campaign). I think the former is more subversive and likely to have financial support either from the candidates themselves or organizations supporting those candidates. Given this, it is reasonable to assume that if you are going to fix the vote for the win, your opponent will too, which means you need to either escalate the fraud operation, increasing the risk such fraud will be exposed, or you need to prevent your opponent from taking advantage of the flaws by having them patched and using that labor you saved by not escalating to instead get out the vote.

I might also be way off in this analysis, but I think having the code open to public scrutiny and the hardware securely locked down (any potential tampering should be evident) would be the way to go if computers are used at all.

Re:Open source & Availability

[mabhatter654 (561290)]

the whole issue revolves around that issue. The machines sit in closets for 6 months then are drug out for an election. Diebold is supposed to be installing and using certified software, but they can't even do that right. The issues started because Maryland election officials were catching Diebold personel putting patches on without the proper paperwork... and they got VERY upset, wanting to know what they were doing. Even the company refused to cooperate... private software and doing their job and all.

That's what's so screwed up about all this, even Diebold employees weren't following their own companies rules and election offical rules (remember they are the customer). Several Diebold run elections have had outcomes highly suspect... and Diebold is answering concerns with contept for the customers and citizens instead of openness and cooperation.

Re:Unusual scenario

[ip_fired (730445)]

These machines exist more than the 30 seconds that you'll be using one. Someone who is dedicated could get their hands on one (through old fashioned thievery) and then have the months you mentioned probing for exploits. Then they still just need 30 seconds to exploit it. The point is, now I have to place *my* trust in this machine, without knowing how it tallies everything.

Keeping the source code hidden doesn't stop people from finding exploits, but allowing the source code to be open allows the public to see how their vote will be tallied (well, those who have programming knowledge, but I would be more likely to trust it several groups did a code audit and signed off on it).

Re:Hopefully

[megaditto (982598)]

Don't be caught by this bullshit bait.

What we need is legal access to the actual code (+source, compiler, bootstrap process) running on the machines, not an illegal access to a piece of code someone chose to 'leak'.

And more importantly, we need voter-verified paper trail.

Re:Disappointed! Period.

[daigu (111684)]

The elections in the U.S. are different from third world countries. Elections in the U.S. are by and large, worse [prospect.org]. The U.S. has never been concerned about the integrity of elections, much less anything that could be described as free or fair by a third party observer.