Slashdot Mirror
Diebold Voting Systems Grossly Insecure
Several well-known security researchers have examined the code for Diebold's voting machines (which we last mentioned two weeks ago) and produced an extensive report (pdf). The NYT has a story on the report, which cuts to the bone: 'Our analysis shows that this voting system is far below even the most minimal security standards applicable in other contexts. We highlight several issues including unauthorized privilege escalation, incorrect use of cryptography, vulnerabilities to network threats, and poor software development processes. For example, common voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal.'
voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal.
Were they testing these in Florida a few years ago?
Trolling is a art,
till I ascend to the Governorship of Louisiana. Start reaching into your pockets, now folks -- Big Daddy's open for Bidness!
Roving Web-Teleoperated Robot
You would think, with all the qualified unemployed software engineers out there, they could at least hire a few...
"The natural progress of things is for liberty to yield and government to gain ground." - Thomas Jefferson
Here the bit from the article that I find most interesting. To have security flaws is one thing. To not fix them even after you know about them is another.
'But Douglas W. Jones, an associate professor of computer science at the University of Iowa, said he was shocked to discover flaws cited in Mr. Rubin's paper that he had mentioned to the system's developers about five years ago as a state elections official.
'"To find that such flaws have not been corrected in half a decade is awful," Professor Jones said.'
"I don't know half of you half as well as I should like, and I like less than half of you half as well as you deserve."
story
I'm much funnier now that I'm a subscriber.
You can't expect a secure voting machine! I mean, how else can [insert current party in power] rig the next election unless the machines are grossly insecure?
What, you were expecting fairness?
Subscribe for free to my show!
Read the story at the Atlanta Journal Constitiution or the NY Times.
That explains why the L337 P4rt'/ swept the last elections....
It's Christmas everyday with BitTorrent.
Anyone who's even briefly perused comp.risks, even before the post-US-Election-2000 debacle, wouldn't be the least bit surprised by these conclusions.
Scottie's Law strikes again (from Star Trek III): "The more they back up the plumbing, the easier it is to stop up the drains." The simpler the voting system (the less mechanical, electronic, electro-mechanical etc. etc.) is the less open it is to fraud (both officially and unofficially perpetrated) or error (both innocent and culpable).
One more reason I'm glad to live in Canada...
Still hoping for Gentle Treatment...
Cowboyneal for office!
Reporter: "Mr. Neal, under what platform are you running?"
CBN: "Redhat Linux 9"
Reporter: "..."
"Ask me about Loom"
Any time there is a system, someone will be able to break or hack it. Especially a closed system that isn't open to scrutiny.
At least with the current voting system, while you're there you see everyone being handed 1 ballot, and turning in just 1 ballot. You see the ballot go in the sealed box. There's no secret about what your vote is doing, and no confusion about whether the vote was cast or not, or if anyone is turning in multiple ballots.
Time to start a viable open-source voting-machine project. These guys started something promising, but it looks like development has ceased. Anybody know of a decent, active open-source electronic voting system?
-j
It says in the article that this company makes ATMs. I think I'm going to go get some free money.
using namespace slashdot;
troll::post();
that I ran across a few weeks ago: http://www.cronus.com/electionfraud
It IS interesting to note how many dollars have flowed between Diebold and the Republican party...
For example, common voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal
The vending machines here around campus (using a diebold system) were used by almost 600 students to get "free" food... In an audit they detected it... Full text here
Some people, in comments widely circulated on the Internet, contend that the company's software has been designed to allow voter fraud. Mr. Rubin called such assertions "ludicrous" and said the software's flaws showed the hallmarks of poor design, not subterfuge.
"And this is my boy, Sherman. Speak, Sherman." "Hello." "Good boy."
"This is an iceberg that needs to be hacked at a good bit," Mr. Neumann said, "so this is a step forward."
Isn't that a rather poor choice of words when talking about program code? And is hacking an iceberg permissible under the DMCA?
-- Language is a virus from outer space.
Just from the above quote, this doesn't sound like the kind of security that any bank would tolerate. Is this a case of lawmakers awarding contracts under duress after being wowed by cool "tecknoligee" in order to avoid being the next "Florida 2000," or is Diebold simply a victim of its own success for having potentially higher standards for commerce than voting?
[sarcasm]
It almost seems like the authentication process to make this work would need something as stringent as, say, a National ID card...
Ooh, and we could use a Poll tax to pay for the equipment!
[/sarcasm]
Almost exactly 20 years ago Chase Manhattan Bank tasked my buddy Charles (?) and I to hack thier Diebold branch alarm system.
To our surprise it used a simple lookup table. The mainframe would poll a branch asking about a specific alarm. The server located at the branch would respond with a code for "OK".
THE SAME CODE EVERY TIME!
We cut the telco lines and alligator clipped our TRS-100 (way cool early laptop) and using a BASIC program did a look-up (which my partner wrote a coolie algorithm for), responded "Everything's OK Here!", and went to lunch.
After screwing off for several hours we told our managers that we had spoofed thier branch alarm system.
They traveled to Diebold who swore up and down how great thier encryption was. The Chase guys slid our report across the table and watched the Engineers turn white as ghosts as they read it.
HAHAHAHAHA What a bunch of dumbasses!
The Moral of the Story: Don't trust your security vendors.
Cheers! (:-{)}
Bill
bamph
...but in practice, it could simply be used as an argument FOR centralized, online voting. Please note that the current e-voting system currently in testing is Windows-specific... this could end up being a very bad thing. ("To vote, you must run one of the following operating systems: Windows 2000, Windows XP, Windows ME, Windows 98. Other systems are not supported on www.evote.gov at this time. We apologize for any inconvenience this might cause...")
I KNOW I'm paranoid, but still...I like to think long-term.
Honey, I shrunk the Cygwin
I think all of the electronic voting systems have taken it all too far. What they should be doing is creating a nice glossy touchscreen interface that is clear and easy to read, to allow people to create a PAPER BALLOT that is properly marked. The ideal printout would both be human readable and machine readable for easy counting and recounting. Let physical, rather than technical security processes make sure that people put only one ballot into the box that counts, and voters can have unlimited attempts at trying to get the paper ballot to say what they wanted to say.
This is a computer programmed by invisible software. The only record of a vote is a little counter in the guts of the computer program. There is absolutely no way to make it secure. Any system that records votes directly electronically is wide open.
The only difference is who can commit vote fraud. Now anyone who walks up to the machine can commit vote fraud. Even if all of these bugs fixed, large classes of vote fraud remain. The only difference would be that any random person on the street couldn't cheat. However, any custodian would still be able to re-image the drive. Any programmer at Diebold would be able to embed a trapdoor. In short, anyone with exclusive access to open the machine can cause it to cheat. And this 'best case' is only if they fix all of the bugs.
Thats not a lot better. Even the writers of the paper couldn't make a cheat-proof DRE voting program. If an adversary controls the hardware, they control the software. Fundamentally, any non-trivial computer system is not trustworthy; any system whose security depends on a computer should be transformed where the security no longer depends on the correctness of the computer.
For instance, the only nominally trustworthy computer voting scheme is to have the computer be nothing other than a super-intelligent pencil. The voter uses the computer which prints out a paper ballot. The user observes and confirms the paper ballot is correct, then the ballot is dropped into a box. The computer may record results, but as the computer is untrustworthy, those results are untrustworthy. Now, the security and trustworthyness of the computer doesn't matter.
Every security researcher, including the authors of the paper advocates this scheme, but they are ignored by election officials. This includes the two professors who authored the paper, Peter Neumann, and Douglas Jones from the NY Times article, Rivest---the R in RSA--- and hundreds of others.
See: http://www.verifiedvoting.org/index.asp
This is a secure voting system. Brazil has it (and at a tenth the price). Any system without a printer requires 'trusted hardware' in an adversarial environment. Control the hardware, control the election.
Your joke made me laugh. But the sad thing is that it is the whole point of voting machines.
A paper ballot and a pen is the only form of ballot I trust. And if they don't count the ballots AT THE POLLING PLACE in plain view of the public BEFORE they ship them off to the court house you can't trust the result.
Paper ballot boxes get tampered with all the time. A machine that most people couldn't understand is NOT going to make voting less prone to fraud. If I can't take apart the machanical voting machine to see if it works correctly and I can't look at the code of a computer program and see if it works correctly then why SHOULD I trust it?
We allready had a major election full of obvious vote fraud(On both sides. Bush was just better at it THIS TIME. Gore was just as crooked just not as effective.) Voting machines are just one more way to cloud the issue. A voting shell game run by slick con men.
DEMAND paper ballots! Demand that votes be counted and posted AT THE POLL. Any thing else is a sham!
Slashdot, home of supporters of free software, free music, and free speech.Except for Moderators that disagree with you.
On the other hand, criminals, terrorists, and anyone else who wants to corrupt the voting process can easily break the password and discover how to mess up the voting.
Now that's the DMCA in action, protecting your freedom! Oh yes, the DMCA is going to be just excellent for technology research and innovation.
I just checked out the EFF's website, and they have a page where you can read a letter they've prepared about the security of electronic voting systems and the need for open source in that area, sign a copy electronically, and have it sent to your representative. Personally, I'm going to send paper copies, but I can damn well gauruntee that all my representatives in both the House and Senate will be getting copies.
The page is right here. Let the people who can make changes in this area know that this is important!
Narrative
If the bank thought they could save money by upgrading ATMs, they would do so, and pocket the extra money. Obviously they don't think so.
That is all very true, but that doesn't make it any better. To the bank, an occasional $2000 fraud isn't a big deal--it's a little money added on to some fees, maybe they lose the customer that was defrauded, and putting a secure ATM infrastructure in place would indeed be much more expensive. But to the person losing $2000 and spending hours on the phone trying to get the money back and trying to restore their good name, the loss is much bigger than the financial loss to the bank. That is what makes the bank's attitude so callous. In fact, banks should face stiff penalties when fraud does occur so that their financial objectives are brought in line with the harm they cause; then, they would fix ATMs.
For voting machines, the situation is even worse: there is little or no auditing or verification possible, either for individuals or auditors, and nobody loses money from misregistered votes. So, if the ATM vendors reason the same way for on-line voting as they do for banking, the kind of reasoning you applied, then they really don't care at all about security. And that's just what we are seeing. And that is exactly the reason why ATM vendors are completely unsuitable to handle these things: they have already demonstrated that they will optimize for profit, not for security. For creating on-line voting systems, we need organizations that are dedicated to security, not profit maximization.
The author of this paper, Dr. Rubin, taught a class at Johns Hopkins University this past spring called Security and Privacy in Computing. I was lucky enough to be in this class. The semester-long project was to design and implement a prototype electronic voting system that solved the problem of "remote poll sites". Basically, the State of Washington had commissioned Dr. Rubin to deliver a system whereby a voter could cast his vote at ANY voting station in the state, and not have to go to his specific poll site. This sounded great: you wouldn't have to lose a day of work so you could vote at the local high school... you could vote at the little kiosk near your office.
9 144
1 851
Unfortunately the idea doesn't work. The reason is that you would need every kiosk (or polling station) to be connected to some sort of network in realtime in order to retrieve ballots, cast votes, and update voter status. The problem with this is that you have now created a network that is vulerable to DoS attacks. It wouldn't matter how you structured your network for performance... the minute someone snips a wire at any given kiosk, you have two choices:
1) make that kiosk unavailable for voting
2) still accept votes at that kiosk, but cast them provisionally.
#1 is dangerous because now I could cut the wires at EVERY kiosk I could find (or packet the network, or whatever) and bring the election to a halt.
#2 is dangerous because the more kiosks I bring down, the more ballots will be cast in which the voterID (which reveals his name, etc) is tied to the ballot. Loss of voter anonymity is unacceptable in American democracy.
So what happens if you just leave all the kiosks offline and give them all a copy of the master voter registration db? Now you've opened yourself up to voter fraud: you could go from kiosk to kiosk, casting multiple ballots as yourself. If you stuck with voter anonymity, and each of those ballots were cast anonymously, how would the final tallying system know that you cast duplicate ballots? How would it know which to throw out?
I'm told Dr. Rubin's grant from the State of Washington was eventually rescinded, I suspect because there's no good way to solve this problem, as well as a few others which I will not go into detail about here.
I have described this problem in the following other Slashdot posts:
http://slashdot.org/comments.pl?sid=61340&cid=576
http://slashdot.org/comments.pl?sid=61875&cid=580
Intercarve Networks, LLC
if(bush)
bush++;
else
bush++;
2 1337 4 u!
Q: But this is America - who would dare rig an election here?
A: The first person that thought they could get away with it.
Want to Know How to Cheat the GPL? Read On!
Another bunch of guys who cobbled together a report on Diebold's laughable voting machines is available here, complete with plenty of screen shots.
Schwab
Editor, A1-AAA AmeriCaptions
DEMAND paper ballots! Demand that votes be counted and posted AT THE POLL
2 002/01/07/MN185094.DTL
I wish I could disagree with this. But elections here in San Francisco are so "irregular" that it doesn't even phase us when pieces of ballot boxes start washing ashore.
http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/
In the end, I agree with you that mandatory voting is dumb - but it is one of our smallest problems
I don't think I would mind mandatory voting, if, and only if, we had a "no confidence" vote on the ballot. Such that, if you didn't like any of the choices presented to you, you could vote to have a whole new slate of candidates put up(e.g. if the "no confidence" choice won, all of the parties have to put up new people and we try again.) God knows I would have voted that way back in 2000.
Necessity is the mother of invention.
Laziness is the father.