Diebold Voting Systems Grossly Insecure

Several well-known security researchers have examined the code for Diebold's voting machines (which we last mentioned two weeks ago) and produced an extensive report (pdf). The NYT has a story on the report, which cuts to the bone: 'Our analysis shows that this voting system is far below even the most minimal security standards applicable in other contexts. We highlight several issues including unauthorized privilege escalation, incorrect use of cryptography, vulnerabilities to network threats, and poor software development processes. For example, common voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal.'

google

[gokubi]

story [nytimes.com]

Re:I'll just wait for the link

[securitas]

Read the story at the Atlanta Journal Constitiution [ajc.com] or the NY Times [nytimes.com].

Re:Ah-ha!

[Anonymous Coward]

Were they testing these in Florida a few years ago?

No, they were using a ballot designed by the Democratic Party, home of such paragons of fair voting as Richard Daley Sr., Tammany Hall, and "Landslide" Lyndon Johnson.

Also read...

[DrCreep]

Found this a while back on

www.whatreallyhappened.com

http://www.infernalpress.com/Columns/election.ht ml

Are Diebold ATMs more secure?

[holt_rpi]

From the NYT Article:

The systems, in which voters are given computer-chip-bearing smart cards to operate the machines, could be tricked by anyone with $100 worth of computer equipment, said Adam Stubblefield, a co-author of the paper.

"With what we found, practically anyone in the country -- from a teenager on up -- could produce these smart cards that could allow someone to vote as many times as they like," Mr. Stubblefield said.

It would be interesting to see how worried Diebold is about fraudulent misrepresentation in its voting machines as opposed to its ATMs. I wonder aloud how vigilant they are (read: how much money they spend in a year) in each area.

Just from the above quote, this doesn't sound like the kind of security that any bank would tolerate. Is this a case of lawmakers awarding contracts under duress after being wowed by cool "tecknoligee" in order to avoid being the next "Florida 2000," or is Diebold simply a victim of its own success for having potentially higher standards for commerce than voting?

[sarcasm]
It almost seems like the authentication process to make this work would need something as stringent as, say, a National ID card [privacy.org]...

Ooh, and we could use a Poll tax [wikipedia.org] to pay for the equipment!
[/sarcasm]

Re:Well...DUH!!!

[Asprin]

Why would you trust [acm.org] the CRC?

Secondhand experience

[cybermace5]

A couple years ago, some guys I knew in school were testing voting machines as their senior project. Basically they did every possible thing they could think of, to see how idiot-proof the machines were. Card in backwards, different speeds, bumps, button-mashing, etc.

Actually I think they were only allowed to test machines from two out of four companies. The companies were quite rude about the idea of some external group testing their machines. They would not provide a machine for testing, and actually forbade them from finding one of their machines elsewhere and testing it. They were threatened with legal trouble if they performed an "unauthorized" test and released the results.

They probably had good reason to be so wary. On one of the other machines at least, I believe you could vote twice by zipping the card through quickly or something. I don't recall exactly what you had to do, but it apparently wasn't difficult to learn or accidentally come across.

Re:Don't you realize that ...

[Blue Stone]

Choicepoint.

Read all about it [gregpalast.com]. [PDF] Get over that.

Re:*sigh*

[kannibal_klown]

I take it you haven't been unemployed too recently. Fortunately, I'm still employed right now, but I can see the writing on the wall. Our department has been doing some machete-style slashing of the budget, and has been letting A LOT of IT people go (programmers and technicians). And those they let go were great at their job.

A bunch of people at work were saying the SAME THING YOU ARE. They said their skills were current, had qualifications, and were good at their job. Now, it's 3 months later and they're still outta work.

Sure, I know some people (from elsewhere) that got jobs reasonably quick, but that's because they KNEW SOMEONE on the inside, or had some high connections. I'm not being bitter, they've admitted it to me.

Some people with jobs or in school tend to think that everything is fine-and-dandy for people so long as they know their stuff and look hard. But those people are usually the first to start freaking out that they can't find jobs.

It's a cliche, but in today's market it's not what you know, but who you know.

Re:*sigh*

[cduffy]

It's a cliche, but in today's market it's not what you know, but who you know.

I can agree with that. The startup I work for is starved for qualified coders -- but half of what we seem to hire these days are people with unremarkable skills who are old friends with our VP of Engineering. He'll personally vouch for the qualifications of each and every one of them, though.

*sigh*.

Re:*sigh*

[stefanlasiewski]

Very good point.

In fact, Diebold laid off a good number of their QA, code integrity staff and software developers in late-2001/early-2002, when this product was under heavy development.

Re:*sigh*

[Karhgath]

That's exactly what is happening with my dad. 15+ years of experience in databases, analysis and programming, but he's been unemployed for nearly 2 years. Every interview he goes to has about 5 to 20 people of about equal skills looking for the job. The IT industry is a harsh place right now.

Re:Flaws still unfixed after ***5 Years***

[Anonymous Coward]

Let me tell you a story about Diebold.. I almost went to work for them in their North Canton, OH office in the mid-nineties. They were doing some smartcard work themselves (research) and some interested crypto projects that I thought would keep me busy. At least, that was the story I got during the interviews.

But then I talked to a low-level employee. He was worried because they kept laying off staff, then employing new people. Seems that once a project was "done" (meaning, shipped first version, wrote up your research findings, etc.) they had the nasty habit of laying off the entire team. They would literally hire a team to do a job, then fire them for each project. There was no continuity between versions of software (if there were any), and things tended to languish, while they tried to make a quick buck.

And based on what I was told, this wouldn't be the first time that one of their products was wholly insecure from the get go. Don't get me started on their ATMs piss-poor security features from that time. Things just didn't get fixed until someone got screwed.

PS. I turned down their generous offer of employment.

Do something about it!

[thinmac]

I just checked out the EFF's [eff.org] website, and they have a page where you can read a letter they've prepared about the security of electronic voting systems and the need for open source in that area, sign a copy electronically, and have it sent to your representative. Personally, I'm going to send paper copies, but I can damn well gauruntee that all my representatives in both the House and Senate will be getting copies.

The page is right here [eff.org]. Let the people who can make changes in this area know that this is important!

Re:Ah-ha!

[neves]

But the software code (of a brazilian company) is closed source. Just some technicals of the political parties had access to it. In the middle of the counting the most voted candidate had his result changed from millions to a few thousand votes (looks like an integer overflow). You can't trust a closed system.

Re:Flaws still unfixed after ***5 Years***

[pmz]

'"To find that such flaws have not been corrected in half a decade is awful," Professor Jones said.'

I'm not suprised by this at all. Problems, even very big glaring problems, get stuck in software early on due to naive design decisions, but they persist due to management's unwillingness to either admit the problem is there or put forth the resources to start again from scratch. The result is software that doesn't deliver, cost five times more than if they had started over, and everyone involved feels dirty for having been a part of it.

Re:Don't you realize that ...

[cheezedawg]

Oh brother- not this again.

First, take a look at Mr Palast's [gregpalast.com] website. That is not the place to go to find unbiased information about the election- Palast appears to have staked his career on attacking Bush and conservatives in general. He also has a significant financial interest in promoting his version of the story to sell his book.

Now lets talk about what really happened. Mr Palast wants people to believe that there was a vast conspiracy by Jeb Bush and Katherine Harris to keep minority and democratic voters from voting, but the facts just don't support that.

After discovering widespread fraud where several convicted felons and even dead people voted in a 1997 Mayoral election, the Florida legislature (not the Governor or Secretary of State) passed a law that called for a statewide list of convicted felons to be generated

In 1998, Elections supervisor Ethel Baxter (a Democrat) contracted with Database Technologies to compile the list (Database Technologies later merged with Choicepoint). The list had about 57,000 names on it.

According to the Florida Statute, the intent of the list was to generate as many possible matches as they could. This list was then forwarded to each county where the County Election Supervisors were required to verify the names before they took any action against the voters.

Many counties decided to ignore the list completely. However, if somebody actually was incorrectly kept from voting, by law the county election supervisor (once again, not Jeb Bush or Katherine Harris) is to blame.

If the County Elections Supervisor did validate a name as being a convicted felon, the voter was given notice well in advance of the election that their name had been removed from the voter registration, and they were given a procedure to dispute the decision.

Aside from some anecdotal evidence of minorities being turned away at the polls, there are no actual documented cases of people be incorrectly kept from voting. When the Federal Election Commission held hearings about the election, NOBODY stepped forward to claim that they were denied the right to vote.

The NAACP, who was called in to Florida to represent the minority voters, states very plainly in this settlement [naacp.org] that the "Plaintiffs have not alleged that Defendants acted in a purposefully discriminatory manner toward any group". The NAACP also concedes that most of the changes that they requested were already implemented before they filed suit.

Katherine Harris had very little to do with any of this, and Jeb Bush had absolutely nothing to do with it. The law was passed by the legislature, the firm was hired by a democrat, and the final decision on each name on the list was made by the individual counties!

So Palast's shocking story boils down to this:
-Out of the 57,000 people on the list, an unknown number of them were not felons
-Out of that unknown number of innocent people, an unknown number actually lived in counties that decided to use the list
-Out of that unknown number, an unknown number were incorrectly verified by the County Election supervisor and removed from the voter registration
-Out of that unknown number, an unknown number didn't follow the procedure to dispute their removal from the voter registration
-And out of that unknown number, probably about 50% of them would have actually voted anyway (voter turnout)

Palast wonders why nobody else is talking about this- its because this isn't a story at all!

Re:Voting Machines = easy vote fraud.

[drooling-dog]

I remember hearing shortly after the Florida fiasco that a truckload of ballots got "lost" overnight en route to a counting station only a few blocks away. Then, later on in the storm that ensued, no one talked about it anymore. Thereafter people (especially Republicans) talked about "hanging chads" as if the voters who cast "spoiled" ballots were stupid and thus not worthy of being counted. But this is just the kind of "spoiling" that can be accomplished long after the ballot is actually cast. I've always wondered what the statistics were on the ballots that didn't complete their quarter-mile journey until the next day...

Hilariously bad.

[Bowie J. Poag]

Makes you wonder why they don't use ATMs as a blueprint for voting systems.

Does a voting system *really* need Windows 2000 as a base? Or any version of Windows, for that matter?

Hell, *DOS* is an overkill for this sort of application.

Online Petition re: Computers/2004 Elections

[weetjerm]

ActForChange Petition: Stop the Florida-tion of the 2004 Election [workingforchange.com]

Sponsored by Martin Luther King III and Greg Palast [gregpalast.com] (author of "The Best Democracy Money Can Buy") this petition calls for a halt to computerizing the elctions until the process is shown to be resistant to manipulation, fraud, and racial bias.

Read some of Palast's book (pertinent chapters available on his website) for the hardest-hitting investigation into the 2000 Florida elections. Quite the eye opener as to how corrupt the system, irregardless of who won, actually is. The most shocking part, however, is that the main stream press, still to this day, has never picked up on any of his findings.

Us voters, Republican, Democrat or otherwise, have a responsibilty to see that our democratic process is never again misused so horribly.

Ballot Boxes in the San Francisco Bay, 2002

[decapentaplegic]

DEMAND paper ballots! Demand that votes be counted and posted AT THE POLL

I wish I could disagree with this. But elections here in San Francisco are so "irregular" that it doesn't even phase us when pieces of ballot boxes start washing ashore.

http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2 002/01/07/MN185094.DTL [sfgate.com]

A little worse

[Pac]

But the software code (of a brazilian company) is closed source

Actually, you should say "the software code (of many companies)...". Each bid winner has used a different system and a different codebase. The Court is slowly replacing older machines, but in 2002, for instance, machines from 1996 running a flavour of DOS were still used. And not all winners were Brazilian companies. The 2002 machines and software were made by Unisys.

Re:here we go again

[edverb]

A good place to start researching said privacy concern/ballot tampering is Black Box Voting [blackboxvoting.com]

Diebold accidentally left the AccuVote source on an open FTP site (whoops), which is available here [actrix.co.nz], and Black Box Voting is asking for programmers to review and evaluate the code.

PKI would help

[Thuktun]

Whats the way to handle this properly in a world of PKI and the web?

Given public-key encryption, a user would submit their vote signed with their private key. Their vote could be easily verified against their public key and forging of their vote would require breaking or stealing their private key. To prevent replay attacks, include in the vote a nonce generated for that specific election.

Of course, this doesn't deal with the major issues of verifying the voter submitting the vote is unique and is authorized to vote in that election.

Re:Scrutineers

[lucifuge31337]

I don't know if it's just the county I'm in, the state, or the whole US, but we have the same thing. They're called "poll watchers".

Re:Don't you realize that ...

[grondu]

The conservatives who created the constitution might beg to differ. And they (gasp) believed in GOD! So to your way of thinking our freedom, and the constitution you pretend to love, is the result of a toddling fascist theocracy? That damned fascist George Washington!

As the Government of the United States of America is not, in any sense, founded on the Christian religion; as it has in itself no character of enmity against the laws, religion, or tranquillity, of Mussulmen [Muslims]; and, as the said States never entered into any war, or act of hostility against any Mahometan nation, it is declared by the parties, that no pretext arising from religious opinions, shall ever produce an interruption of the harmony existing between the two countries.

(Article 11, Treaty of Peace and Friendship between The United States and the Bey and Subjects of Tripoli of Barbary," 1796-1797. Authored by American diplomat Joel Barlow in 1796, the treaty was sent to the floor of the Senate, June 7, 1797, where it was read aloud in its entirety and unanimously approved. John Adams, haven seen the treaty, signed it and proudly proclaimed it to the Nation.)