The voting machine story is now getting out to the techie mainstream.

Wired News: More Calls to Vet Voting Machines

Within a half-hour of examining the code, Rubin's team found its first red flag. The password was embedded in the source code. "You learn (not to do) that in security 101," said Tadayoshi Kohno, one of the report's co-authors. "The designers didn't follow standard engineering processes."

Other "stunning flaws" Rubin said the team found in Diebold's source code included voter smart cards that could be manipulated to cast more than one vote, software that could be reconfigured by malicious company workers or election officials to alter voters' ballot choices without their knowledge and machines that could be electronically broken into through remote access.

"The people who wrote this code didn't have very good security training," Rubin said. "They didn't use encryption."

and

Wired News: Voting Suit Gains Momentum

Diebold responds to Rubin's report on their website in a pdf titled: Diebold Election Systems exposes flaws found in recent voting system report

It's a pretty flimsy little 2-page piece. I hope it is just a press release and not their full response, as it is very weak.

By the authors' own admission in Section 1.3 of the report, they did not independently verify the current or past use of the code. Subsequently, Diebold Election Systems has determined that the section of the code that Rubin and his colleagues allegedly reviewed represents a very small percentage of the entire code needed to conduct an election. It is unfortunate that no one in the industry nor the election community was involved in their analysis. If all had been included, several points would have been brought to the authors’ attention and Mr. Rubin would not have:

• Limited his research to a very small percentage of the overall computer code required to conduct an election.

Okay, I'm going to interrupt here. Diebold says their system is proprietary, it would not have let him analyze more source code. The only reason Rubin could analyze any was because Diebold was stupid enough to put source code on an unprotected ftp site. Very stupid.

And if you notice that even in a small piece of code that the developers embedded passwords right in the code, looking at more would just increase the horror stories.

Unless of course all the rest of the code was security fixes that somehow took precedence over the code analyzed in the report. Oh, yes, I'm sure that is what is going on. Seriously if a portion of code has egregious security errors, the whole of the code is not, somehow, secure. More of Diebold’s response and my comments:

• Incorrectly run this software on a device on which it was not designed to work, using an operating system under which the software was not designed to run.

Well, next time I’m sure John Hopkins will steal a machine.

• Erroneously attributed weaknesses to the operating system used to test the software as it is not the same operating system used by Diebold Election Systems.

So it was tested on a slightly different version of security prone Windows?

• Failed to realize that election officials at the federal and state levels subjected the entire system to extensive and rigorous tests. This is contrasted with Mr. Rubin, and his team, who spent less than a month analyzing a very small percentage of the overall computer code required to conduct an election.

Hmm…. Election officials at state and federal level who have trouble programming their VCRs ran extensive and rigorous tests, while Mr. Rubin spent a month and found a lot of bugs (on even just a portion of their code at that). Please. Maryland did have a security “expert” group review multiple voting machines and their recommendation was to buy none. Maryland went ahead and threw money away anyway.

• Wrongly asserted that a voter could take a corrupted smart card to a voting booth and cast multiple votes. Mr. Rubin failed to recognize how the voting process actually works. In reality, voting booths are quite open and in clear view of qualified election officials who constantly monitor the voting process. In addition, a count of actual votes cast is compared to the number of people who voted at any one location.

Okay, has Diebold ever seen a polling place in action? A seventy year old volunteer is not “constantly monitoring the voting process.” And if a “qualified election official" (another name for 70 year old volunteer) has a clear view of how you are voting, then they are breaking the law. No one sees what you are doing. That’s the point of secret balloting. True, you probably would be noticed if you opened up the machine and started drilling, but if you put in another card from your pocket? No one would notice that.

Second point. Say if a polling place suddenly realized they had more votes then people who voted at that polling location. What then? Are all votes thrown out? (no paper trail remember) That would be the only way to fix the situation, which would be a great way of limiting the votes of a polling district that leans towards a certain party.

• Failed to recognize that both federal and state election training procedures are designed to ensure the integrity of elections, regardless of the voting technology employed.

That would be the training like in Florida: Most of the problems in Miami-Dade and Broward during the Sept. 10 primary were blamed on lack of county poll worker training, a failure to practice using new voting systems, and poor organization.

"It is not any kind of failure in the technology," Smith said. "It has been a gross failure in training and practice." Of course having a majority of machines not properly boot up in some polling sites might have been considered a failure in the technology. For that piece of 2002 Florida flashback go to: Florida Sends SOS On Elections, and for more detail about the fiasco go to Florida Primary 2002: Back to the Future.

Now back to Diebold:

• Wrongly alleged that anyone can breach the integrity of the ballot despite the fact that unlike a personal computer on which the analysis was based, the voting terminal does not have a standard keyboard or disk drive. This eliminates much of the easy access required to accomplish some of the security breaches alleged in the paper.

• Incorrectly cited Microsoft® Windows® communications weaknesses which have been widely publicized over the past several years. These weaknesses only apply if the voting terminals are connected to the Internet or some other public network. This is never the case. As the terminals are not connected to such a network, there are no opportunities to exploit these weaknesses even if they exist.

Okay, so you won't have easy access, is that a security procedure, "make it inconvenient to circumvent an election?: And “even if they exist” is an amazing statement, are they arguing that MS Windows’ security problems are an urban myth? I think even Bill Gates would be surprised about that. The fact is the system uses a modem. If you get the number they access and the protocol they use, you going to be able to have some fun. I doubt they are using a VPN or even 128 bit encyption. Heck if they did those things and WERE on the internet, they'd probably be more secure then they are now.

- rob 1:45 PM - [PermaLink] -

----

Subscribe to the TCS Feed

Having trouble with some of the poor English on this site?
Imagine what it looks like when translated by a machine:

Search TCS

Previous Posts

- Archives - 3/2/03 - 3/9/03 3/9/03 - 3/16/03 3/16/03 - 3/23/03 3/23/03 - 3/30/03 3/30/03 - 4/6/03 4/6/03 - 4/13/03 4/13/03 - 4/20/03 4/20/03 - 4/27/03 4/27/03 - 5/4/03 5/4/03 - 5/11/03 5/11/03 - 5/18/03 5/18/03 - 5/25/03 5/25/03 - 6/1/03 6/1/03 - 6/8/03 6/8/03 - 6/15/03 6/15/03 - 6/22/03 6/22/03 - 6/29/03 6/29/03 - 7/6/03 7/6/03 - 7/13/03 7/13/03 - 7/20/03 7/20/03 - 7/27/03 7/27/03 - 8/3/03 8/3/03 - 8/10/03 8/10/03 - 8/17/03 8/24/03 - 8/31/03 8/31/03 - 9/7/03 9/7/03 - 9/14/03 9/14/03 - 9/21/03 9/21/03 - 9/28/03 9/28/03 - 10/5/03 10/5/03 - 10/12/03 10/12/03 - 10/19/03 10/19/03 - 10/26/03 10/26/03 - 11/2/03 11/2/03 - 11/9/03 11/9/03 - 11/16/03 11/16/03 - 11/23/03 11/23/03 - 11/30/03 11/30/03 - 12/7/03 12/7/03 - 12/14/03 12/14/03 - 12/21/03 12/21/03 - 12/28/03 12/28/03 - 1/4/04 1/4/04 - 1/11/04 1/11/04 - 1/18/04 1/18/04 - 1/25/04 1/25/04 - 2/1/04 2/1/04 - 2/8/04 2/8/04 - 2/15/04 2/15/04 - 2/22/04 2/22/04 - 2/29/04 2/29/04 - 3/7/04 3/7/04 - 3/14/04 3/14/04 - 3/21/04 3/21/04 - 3/28/04 3/28/04 - 4/4/04 4/4/04 - 4/11/04 4/11/04 - 4/18/04 4/18/04 - 4/25/04 4/25/04 - 5/2/04 5/2/04 - 5/9/04 5/9/04 - 5/16/04 5/16/04 - 5/23/04 5/23/04 - 5/30/04 5/30/04 - 6/6/04 6/6/04 - 6/13/04 6/13/04 - 6/20/04 6/20/04 - 6/27/04 6/27/04 - 7/4/04 7/4/04 - 7/11/04 7/11/04 - 7/18/04 7/18/04 - 7/25/04 7/25/04 - 8/1/04 8/1/04 - 8/8/04 8/8/04 - 8/15/04 8/15/04 - 8/22/04 8/22/04 - 8/29/04 8/29/04 - 9/5/04 9/5/04 - 9/12/04 9/12/04 - 9/19/04 9/19/04 - 9/26/04 9/26/04 - 10/3/04 10/3/04 - 10/10/04 10/10/04 - 10/17/04 10/17/04 - 10/24/04 10/24/04 - 10/31/04 10/31/04 - 11/7/04 11/7/04 - 11/14/04 11/14/04 - 11/21/04 11/21/04 - 11/28/04 11/28/04 - 12/5/04 12/5/04 - 12/12/04 12/12/04 - 12/19/04 12/19/04 - 12/26/04 12/26/04 - 1/2/05 1/2/05 - 1/9/05 1/9/05 - 1/16/05 1/16/05 - 1/23/05 1/23/05 - 1/30/05 1/30/05 - 2/6/05 2/6/05 - 2/13/05 2/13/05 - 2/20/05 2/20/05 - 2/27/05 2/27/05 - 3/6/05 3/6/05 - 3/13/05 3/13/05 - 3/20/05 3/20/05 - 3/27/05 3/27/05 - 4/3/05 4/3/05 - 4/10/05 4/10/05 - 4/17/05 4/17/05 - 4/24/05 4/24/05 - 5/1/05 5/1/05 - 5/8/05 5/8/05 - 5/15/05 5/15/05 - 5/22/05 5/22/05 - 5/29/05 5/29/05 - 6/5/05 6/5/05 - 6/12/05 6/12/05 - 6/19/05 6/19/05 - 6/26/05 6/26/05 - 7/3/05 7/3/05 - 7/10/05 7/10/05 - 7/17/05 7/17/05 - 7/24/05 7/24/05 - 7/31/05 8/7/05 - 8/14/05 8/14/05 - 8/21/05 8/21/05 - 8/28/05 8/28/05 - 9/4/05 9/4/05 - 9/11/05 9/11/05 - 9/18/05 9/18/05 - 9/25/05 9/25/05 - 10/2/05 10/2/05 - 10/9/05 10/9/05 - 10/16/05 10/16/05 - 10/23/05 10/23/05 - 10/30/05 10/30/05 - 11/6/05 11/6/05 - 11/13/05 11/13/05 - 11/20/05 11/20/05 - 11/27/05 11/27/05 - 12/4/05 12/4/05 - 12/11/05 12/11/05 - 12/18/05 12/18/05 - 12/25/05 12/25/05 - 1/1/06 1/1/06 - 1/8/06 1/8/06 - 1/15/06 1/15/06 - 1/22/06 1/22/06 - 1/29/06 1/29/06 - 2/5/06 2/5/06 - 2/12/06 2/12/06 - 2/19/06 2/19/06 - 2/26/06 2/26/06 - 3/5/06 3/5/06 - 3/12/06 3/12/06 - 3/19/06 3/19/06 - 3/26/06 3/26/06 - 4/2/06 4/2/06 - 4/9/06 4/9/06 - 4/16/06 4/16/06 - 4/23/06 4/23/06 - 4/30/06 4/30/06 - 5/7/06 5/7/06 - 5/14/06 5/14/06 - 5/21/06 5/21/06 - 5/28/06 5/28/06 - 6/4/06 6/4/06 - 6/11/06 6/11/06 - 6/18/06 6/18/06 - 6/25/06 6/25/06 - 7/2/06 7/2/06 - 7/9/06 7/9/06 - 7/16/06 7/16/06 - 7/23/06 7/23/06 - 7/30/06 8/6/06 - 8/13/06 8/13/06 - 8/20/06 8/20/06 - 8/27/06 8/27/06 - 9/3/06 9/3/06 - 9/10/06 9/10/06 - 9/17/06 9/17/06 - 9/24/06 9/24/06 - 10/1/06 10/1/06 - 10/8/06 10/8/06 - 10/15/06 10/15/06 - 10/22/06 10/22/06 - 10/29/06 10/29/06 - 11/5/06 11/5/06 - 11/12/06 11/12/06 - 11/19/06 11/19/06 - 11/26/06 11/26/06 - 12/3/06 12/3/06 - 12/10/06 12/10/06 - 12/17/06 12/17/06 - 12/24/06 12/24/06 - 12/31/06 12/31/06 - 1/7/07 1/7/07 - 1/14/07 1/14/07 - 1/21/07 1/21/07 - 1/28/07 1/28/07 - 2/4/07 2/4/07 - 2/11/07 2/11/07 - 2/18/07 2/18/07 - 2/25/07 2/25/07 - 3/4/07 3/4/07 - 3/11/07 3/11/07 - 3/18/07 3/18/07 - 3/25/07 4/1/07 - 4/8/07 4/8/07 - 4/15/07 4/15/07 - 4/22/07 4/22/07 - 4/29/07 4/29/07 - 5/6/07 5/6/07 - 5/13/07 5/13/07 - 5/20/07 5/20/07 - 5/27/07 5/27/07 - 6/3/07 6/10/07 - 6/17/07 7/8/07 - 7/15/07 7/15/07 - 7/22/07 7/22/07 - 7/29/07 7/29/07 - 8/5/07 8/12/07 - 8/19/07 8/19/07 - 8/26/07 8/26/07 - 9/2/07 9/9/07 - 9/16/07 9/16/07 - 9/23/07 9/23/07 - 9/30/07 9/30/07 - 10/7/07 10/7/07 - 10/14/07 10/14/07 - 10/21/07 10/21/07 - 10/28/07 10/28/07 - 11/4/07 11/4/07 - 11/11/07 11/11/07 - 11/18/07 11/25/07 - 12/2/07 1/27/08 - 2/3/08 2/24/08 - 3/2/08 3/16/08 - 3/23/08 3/30/08 - 4/6/08 4/6/08 - 4/13/08 4/13/08 - 4/20/08 4/27/08 - 5/4/08 5/4/08 - 5/11/08 5/11/08 - 5/18/08 5/18/08 - 5/25/08 5/25/08 - 6/1/08 6/1/08 - 6/8/08 6/8/08 - 6/15/08 6/15/08 - 6/22/08

What is this?

This is a "team" blog.  We are a bunch of Americans, whose rising distress in our leader's decisions brought us together to make this site.  As Bush said, he's a "uniter."  Many of us have never even met.
That's the internet for you.

This Century Sucks Store

Buy our cool stuff.
And tell everyone what you feel.  

We have a little Store you can visit.  

Our store's selection of items is constantly growing. Come see what we have.

 

We're also Amazon Associates, so if you want to buy something from Amazon, please search for it below, and we will get a few bucks from the sale.

Search Now:

Sites we often like:

Static Sky

Tin Foil Caps

The Free Speech Zone

The office of the independent blogger

Buzzflash

Tom The Dancing Bug

VerifiedVoting.org

Get Your War On

This Modern World

Eschaton / Atrios

Daily Kos

meowpurrmeow

Contribute to America's Future

It is now more important then ever.

Donate to the Democractic Congressional Campaign Committee

Donate to the Democratic Senatorial Campaign Committee

Some More Site Mottos

"To announce that there must be no criticism of the president, or that we are to stand by the president, right or wrong, is not only unpatriotic and servile, but is morally treasonable to the American people."
- Teddy Roosevelt



"Government has a final responsibility for the well-being of its citizenship. If private cooperative endeavor fails to provide work for willing hands and relief for the unfortunate, those suffering hardship from no fault of their own have a right to call upon the Government for aid; and a government worthy of its name must make fitting response."
 - Franklin Delano Roosevelt



"I am not an advocate for frequent changes in laws and Constitutions, but laws must and institutions must go hand in hand with the progress of the human mind. As that becomes more developed, more enlightened, as new discoveries are made, new truths discovered and manners and opinions change, with the change of circumstances, institutions must advance also to keep pace with the times. We might as well require a man to wear still the coat which fitted him when a boy as civilized society to remain ever under the regimen of their barbarous ancestors."
- Thomas Jefferson



"The means of defense against foreign danger historically have become the instruments of tyranny at home."

"All men having power ought to be distrusted to a certain degree."
- James Madison



"I believe in human dignity as the source of national purpose, in human liberty as the source of national action, in the human heart as the source of national compassion, and in the human mind as the source of our invention and our ideas. It is, I believe, the faith in our fellow citizens as individuals and as people that lies at the heart of the liberal faith. For liberalism is not so much a party creed or set of fixed platform promises as it is an attitude of mind and heart, a faith in man's ability through the experiences of his reason and judgment to increase for himself and his fellow men the amount of justice and freedom and brotherhood which all human life deserves."
- John F. Kennedy



"Should any political party attempt to abolish social security, unemployment insurance, and eliminate labor laws and farm programs, you would not hear of that party again in our political history. There is a tiny splinter group, of course, that believes you can do these things. Among them are [a] few other Texas oil millionaires, and an occasional politician or business man from other areas. Their number is negligible and they are stupid."
- Dwight D. Eisenhower

More Sites we often like:

more coming...

"There's nothing wrong with America that can't be fixed by what's right with America." - Bill Clinton.