Tweet
July 23, 2006 at 12:58:03
The Diebold Bombshell
by David Dill, Doug Jones and Barbara Simons
Most computer scientists have long viewed Diebold as the poster child
for all that is wrong with touch screen voting machines. But we never
imagined that Diebold would be as irresponsible and incompetent as they
have turned out to be.
Recently, computer security expert Harri Hursti revealed serious
security vulnerabilities in Diebold's software. According to Michael
Shamos, a computer scientist and voting system examiner in
Pennsylvania, "It's the most severe security flaw ever discovered in a
voting system."
Even more shockingly, we learned recently that Diebold and the State of
Maryland had been aware of these vulnerabilities for at least two
years. They were documented in analysis, commissioned by Maryland and
conducted by RABA Technologies, published in January 2004. For over
two years, Diebold has chosen not to fix the security holes, and
Maryland has chosen not to alert other states or national officials
about these problems.
Basically, Diebold included a "back door" in its software, allowing
anyone to change or modify the software. There are no technical
safeguards in place to ensure that only authorized people can make
changes.
A malicious individual with access to a voting machine could rig the
software without being detected. Worse yet, if the attacker rigged the
machine used to compute the totals for some precinct, he or she could
alter the results of that precinct. The only fix the RABA authors
suggested was to warn people that manipulating an election is against
the law.
Typically, modern voting machines are delivered several days before an
election and stored in people's homes or in insecure polling stations.
A wide variety of poll workers, shippers, technicians, and others who
have access to these voting machines could rig the software. Such
software alterations could be difficult to impossible to detect.
Diebold spokesman David Bear admitted to the New York Times that the
back door was inserted intentionally so that election officials would
be able to update their systems easily. Bear justified Diebold's
actions by saying, "For there to be a problem here, you're basically
assuming a premise where you have some evil and nefarious election
officials who would sneak in and introduce a piece of software... I
don't believe these evil elections people exist."
While Diebold's confidence in election officials is heartwarming,
Diebold has placed election officials in an awkward position, with no
defense against disgruntled candidates or voters questioning the
results of an election. The situation is even worse for those states
and localities using Diebold touch-screen machines that have no
voter-verified paper records to recount.
Diebold voting machines have been certified to be in compliance with
2002 Voting System Standards, as required by the Help America Vote Act.
These standards prohibit software features that raise any doubt "that
the software tested during the qualification process remains unchanged
and retains its integrity." We must ask, how did software containing
such an outrageous violation come to be certified, and what other
flaws, yet to be uncovered, lurk in other certified systems?
There have been many significant problems - some resulting in lost
votes - involving paperless voting machines produced by other vendors.
Recognizing the intrinsic risks of paperless voting machines, the
Association for Computing Machinery issued a statement saying that each
voter should be able "to inspect a physical (e.g., paper) record to
verify that his or her vote has been accurately cast and to serve as an
independent check on the result." Without voter-verified paper records
of all the votes, and without routine spot audits of these records, no
currently available voting system can be trusted. With such records,
even when machines do not function correctly, each voter can make sure
that his or her vote has been correctly recorded on paper.
Our democracy depends on our having secure, reliable, and accurate
elections.
David L. Dill is a Professor of Computer Science at Stanford University
and the founder of VerifiedVoting.org.
Doug Jones is an Associate Professor of Computer Science at the
University of Iowa.
Barbara Simons is retired from IBM Research and a former ACM President.
Jones and Simons are writing a book on voting machines to be published
by PoliPoint Press.
The Diebold Bombshell
by David Dill, Doug Jones and Barbara Simons
Most computer scientists have long viewed Diebold as the poster child
for all that is wrong with touch screen voting machines. But we never
imagined that Diebold would be as irresponsible and incompetent as they
have turned out to be.
Recently, computer security expert Harri Hursti revealed serious
security vulnerabilities in Diebold's software. According to Michael
Shamos, a computer scientist and voting system examiner in
Pennsylvania, "It's the most severe security flaw ever discovered in a
voting system."
Even more shockingly, we learned recently that Diebold and the State of
Maryland had been aware of these vulnerabilities for at least two
years. They were documented in analysis, commissioned by Maryland and
conducted by RABA Technologies, published in January 2004. For over
two years, Diebold has chosen not to fix the security holes, and
Maryland has chosen not to alert other states or national officials
about these problems.
Basically, Diebold included a "back door" in its software, allowing
anyone to change or modify the software. There are no technical
safeguards in place to ensure that only authorized people can make
changes.
A malicious individual with access to a voting machine could rig the
software without being detected. Worse yet, if the attacker rigged the
machine used to compute the totals for some precinct, he or she could
alter the results of that precinct. The only fix the RABA authors
suggested was to warn people that manipulating an election is against
the law.
Typically, modern voting machines are delivered several days before an
election and stored in people's homes or in insecure polling stations.
A wide variety of poll workers, shippers, technicians, and others who
have access to these voting machines could rig the software. Such
software alterations could be difficult to impossible to detect.
Diebold spokesman David Bear admitted to the New York Times that the
back door was inserted intentionally so that election officials would
be able to update their systems easily. Bear justified Diebold's
actions by saying, "For there to be a problem here, you're basically
assuming a premise where you have some evil and nefarious election
officials who would sneak in and introduce a piece of software... I
don't believe these evil elections people exist."
While Diebold's confidence in election officials is heartwarming,
Diebold has placed election officials in an awkward position, with no
defense against disgruntled candidates or voters questioning the
results of an election. The situation is even worse for those states
and localities using Diebold touch-screen machines that have no
voter-verified paper records to recount.
Diebold voting machines have been certified to be in compliance with
2002 Voting System Standards, as required by the Help America Vote Act.
These standards prohibit software features that raise any doubt "that
the software tested during the qualification process remains unchanged
and retains its integrity." We must ask, how did software containing
such an outrageous violation come to be certified, and what other
flaws, yet to be uncovered, lurk in other certified systems?
There have been many significant problems - some resulting in lost
votes - involving paperless voting machines produced by other vendors.
Recognizing the intrinsic risks of paperless voting machines, the
Association for Computing Machinery issued a statement saying that each
voter should be able "to inspect a physical (e.g., paper) record to
verify that his or her vote has been accurately cast and to serve as an
independent check on the result." Without voter-verified paper records
of all the votes, and without routine spot audits of these records, no
currently available voting system can be trusted. With such records,
even when machines do not function correctly, each voter can make sure
that his or her vote has been correctly recorded on paper.
Our democracy depends on our having secure, reliable, and accurate
elections.
David L. Dill is a Professor of Computer Science at Stanford University
and the founder of VerifiedVoting.org.
Doug Jones is an Associate Professor of Computer Science at the
University of Iowa.
Barbara Simons is retired from IBM Research and a former ACM President.
Jones and Simons are writing a book on voting machines to be published
by PoliPoint Press.
Comment