Diebold Voting machine vulnerabilities

Freedom to tinker brings us this BIG problem. I guess what concerns me most about this, is the way I see it, voter fraud has pretty much gone on since there have been elections. Let’s face it, there is always someone, acting officially or not that will jockey for the best advantage for their candidate. If that means “helping” someone cast a ballot, or contesting a hanging chad… it cuts both ways, no party has clean hands in this. (Even if it’s something that is done by someone acting on their own, I would say it reflects back on the party.) Anyway… up until know I’ve seen voter fraud as something that is hard to really successfully accomplish on a VERY large scale, AND with assurance of results. With electronic voting machines, I’m afraid there may be a revolution in MASS voter fraud.

The article above tells of a discovery of a problem with Diebold voting machines that essentially means, anyone with common hardware and a few minutes with a voting machine could tamper wiht the software in such a way that it might not appear to have been tampered with, software updates may appear to be installed with no problems, yet it would perhaps miscount votes. The report is from blackboxvoting.org and some details have been redacted they’re considered so severe.

There are more worrisome possibilities than just the installation of malicious software on the voting machines. It appears as though affected machines would be hard to sniff out as well.

Since I first did an early voting day and saw the network cables running from the “new” machines out and to the library’s network hub I wondered how easy it would be for someone to wreck havoc with the system. Anyway, here is freedom to tinker’s take on where this puts us…

Election officials are in a very tough spot with this latest vulnerability. Since exploiting the weakness requires physical access to a machine (although access to one machine could result in successful attacks against many machines), physical security is of the utmost importance. All Diebold Accuvote machines should be sequestered and kept under vigilant watch. This measure is not perfect because it is possible that the machines are already compromised, and if it was done by a clever attacker, there may be no way to determine whether or not this is the case. Worse yet, the usual method of patching software problems cannot be trusted in this case.

Where possible, precincts planning on using these machines should consider making paper backup systems available to prepare for the possibility of widespread failures on election day. The nature of this technology is that there is really no remedy from a denial of service attack, except to have a backup system in place. While voter verified paper trails and proper audit can be used to protect against incorrect results from corrupt machines, they cannot prevent an attack that renders the machines non-functional on election day.

Using general purpose computers as voting machines has long been criticized by computer scientists. This latest vulnerability highlights the reasoning behind this position. This attack is possible due to the very nature of the hardware on which the systems are running. Several high profile studies failed to uncover this. With the current technology, there is no way to account for all the ways that a system might be vulnerable, and the discovery of a problem of this magnitude in the midst of primary season is the kind of scenario we have feared all along.

Afraid there’s not much good news in this one….. I personally liked the idea of printed paper ballots (think bubble test where you fill in the bubble for the correct answer…) with a machine that scans and gives immediate feedback, you have a receipt and hopefully verification that the optical scanner has read it correctly.

   Send article as PDF   

Similar Posts