Fwd: VotingMachines:Diebold:Securitynone

From: Jerry Lobdill <lobdillj_at_charter_dot_net>
Date: Tue Jul 25 2006 - 17:03:28 CDT

>July 23, 2006 at 12:58:03
>Diebold Bombshell
>by David Dill, Doug Jones and Barbara Simons
>Most computer scientists have long viewed Diebold as the poster child
>for all that is wrong with touch screen voting machines. But we never
>imagined that Diebold would be as irresponsible and incompetent as they
>have turned out to be.
>Recently, computer security expert Harri Hursti revealed serious
>security vulnerabilities in Diebold's software. According to Michael
>Shamos, a computer scientist and voting system examiner in
>Pennsylvania, "It's the most severe security flaw ever discovered in a
>voting system."
>Even more shockingly, we learned recently that Diebold and the State of
>Maryland had been aware of these vulnerabilities for at least two
>years. They were documented in analysis, commissioned by Maryland and
>conducted by RABA Technologies, published in January 2004. For over
>two years, Diebold has chosen not to fix the security holes, and
>Maryland has chosen not to alert other states or national officials
>about these problems.
>Basically, Diebold included a "back door" in its software, allowing
>anyone to change or modify the software. There are no technical
>safeguards in place to ensure that only authorized people can make
>A malicious individual with access to a voting machine could rig the
>software without being detected. Worse yet, if the attacker rigged the
>machine used to compute the totals for some precinct, he or she could
>alter the results of that precinct. The only fix the RABA authors
>suggested was to warn people that manipulating an election is against
>the law.
>Typically, modern voting machines are delivered several days before an
>election and stored in people's homes or in insecure polling stations.
>A wide variety of poll workers, shippers, technicians, and others who
>have access to these voting machines could rig the software. Such
>software alterations could be difficult to impossible to detect.
>Diebold spokesman David Bear admitted to the New York Times that the
>back door was inserted intentionally so that election officials would
>be able to update their systems easily. Bear justified Diebold's
>actions by saying, "For there to be a problem here, you're basically
>assuming a premise where you have some evil and nefarious election
>officials who would sneak in and introduce a piece of software... I
>don't believe these evil elections people exist."
>While Diebold's confidence in election officials is heartwarming,
>Diebold has placed election officials in an awkward position, with no
>defense against disgruntled candidates or voters questioning the
>results of an election. The situation is even worse for those states
>and localities using Diebold touch-screen machines that have no
>voter-verified paper records to recount.
>Diebold voting machines have been certified to be in compliance with
>2002 Voting System Standards, as required by the Help America Vote Act.
>These standards prohibit software features that raise any doubt "that
>the software tested during the qualification process remains unchanged
>and retains its integrity." We must ask, how did software containing
>such an outrageous violation come to be certified, and what other
>flaws, yet to be uncovered, lurk in other certified systems?
>There have been many significant problems - some resulting in lost
>votes - involving paperless voting machines produced by other vendors.
>Recognizing the intrinsic risks of paperless voting machines, the
>Association for Computing Machinery issued a statement saying that each
>voter should be able "to inspect a physical (e.g., paper) record to
>verify that his or her vote has been accurately cast and to serve as an
>independent check on the result." Without voter-verified paper records
>of all the votes, and without routine spot audits of these records, no
>currently available voting system can be trusted. With such records,
>even when machines do not function correctly, each voter can make sure
>that his or her vote has been correctly recorded on paper.
>Our democracy depends on our having secure, reliable, and accurate
>David L. Dill is a Professor of Computer Science at Stanford University
>and the founder of VerifiedVoting.org.
>Doug Jones is an Associate Professor of Computer Science at the
>University of Iowa.
>Barbara Simons is retired from IBM Research and a former ACM President.
>Jones and Simons are writing a book on voting machines to be published
>by PoliPoint Press.

(In accordance with Title 17 U.S.C. Section 107, this material is
distributed without profit to those who have expressed a prior
interest in receiving the included information for research and
educational purposes. ProgressiveNews2Use has no affiliation
whatsoever with the originator of this article nor is
ProgressiveNews2Use endorsed or sponsored by the originator.)

"Go to Original" links are provided as a convenience to our readers
and allow for verification of authenticity. However, as originating
pages are often updated by their originating host sites, the versions
posted on ProgressiveNews2Use may not match the versions our readers
view when clicking the "Go to Original" links.

OVC-discuss mailing list

= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Mon Jul 31 23:17:08 2006

This archive was generated by hypermail 2.1.8 : Mon Jul 31 2006 - 23:17:09 CDT