Slashdot Mirror


Maryland Electronic Voting Systems Found Vulnerable

snoitpo writes "My fine state (Maryland) has hired some people I can respect to hack into Diebold voting machines. The Washington Post (read it free for 2 weeks) has the details. From this story and the one on NPR, the state hired a company and set up a test voting precinct and had the group try whatever they could to break into the machines. Most of the attacks would probably be noticed by an even-half-awake poll staff, but some vulnerabilities were exposed. The net seems to be that you could really mess up individual machines, but the grail would be to get to the central collection servers and send a megavote to your favorite candidate. The last paragraph mentions problems that voting machines had in the last election in Virginia; it's interesting to note that those use wireless networking--my jaw has dropped onto my keyboard and I can't comment any further." Other readers sent in two stories in the Baltimore Sun (1, 2), and one in the NY Times.

13 of 417 comments (clear)

  1. Re:Need paper receipts by jmv · · Score: 3, Interesting

    Voters should at least be able to what got printed. Otherwise a paper receipt is useless, since the voter says X and the machine prints Y.

  2. August 2003 in Virginia by Bimo_Dude · · Score: 3, Interesting
    There was a very similar post about this in August on Slashdot
    It seems now that Maryland is finally catching on, too.
    • It seems to me that there are a few things that could be done to ensure proper and accurate elections
    • Allow exit polling by the press again
    • Have the voting machines print paper receipts
    • Do not let convicted felons be on the board or otherwise associated with the companies that sell / manage these machines. After all, they are not even allowed to vote themselves, so why should they be allowed to control the systems that count our votes?
    --
    "Teleporting Rodents with D-Cell Battery Displacement" theory -- IgnoramusMaximus (692000)
  3. Diebold knows security like I speak Klingon by akad0nric0 · · Score: 5, Interesting

    I worked for a nameless financial institution. We had a certain number of Diebold Windows XP ATM's. 100% got infected with a virus that exploited a well-known vulnerability. We demanded Diebold agree to forfeit admin control of the systems or patch them within a short window of patch release.

    Their response: "We'll put firewall software on the machines."

    Since the contract was already signed we had no leverage and that ended up being the solution. Nice, eh?

    --
    akad0nric0

    This sentence no verb.
  4. Re:It's not a panacea by richg74 · · Score: 4, Interesting
    Electronic voting doesn't introduce any functional capability as compared to paper ballots, except for (possibly) faster counting of the results. (Of course, if the result doesn't have to be accurate, I can write a program that will deliver the result even faster. ;-)

    The other, related issue is whether or not the security model of the voting system is comprehensible to the people who are charged with running the election. I think that, in the case of paper ballots, the model can be understood by any normally-intelligent person. (You only get one ballot paper, it has to be put in the box, no one can mess with the box, etc.)

    On the other hand, I would guess that there are fewer than 5 in 100 election officials (including those that select the systems) that actually grok the security model of electronic systems.

    The frequently-heard claim by election officials (e.g, here in Fairfax County VA) that the election was held and "it all worked out" is scary evidence of this.

  5. What bothers me by morleron · · Score: 5, Interesting

    I heard the NPR story on yesterday's ATC and was struck by the reporter's failure to ask some hard questions. For instance, there was a statement by a Diebold spokesdrone to the effect that "we fix any security issues that we think could be a problem." There was no followup regarding earlier reports of a Diebold built-in backdoor to the systems "for maintainence purposes.' A back-door which, IIRC, required no password or user id to gain access to the server's databases.

    Also, there was no discussion of the debate between those of us that believe that the e-voting systems should be required to use Open Source software vs. folks at Diebold and other vendors, who foist off the "trust us, we know what we're doing" line on the public. There was no real discussion of the effect that questionable e-voting results could have on the American political system. There was also no mention of the fact that Diebold's president is involved with raising money for the G.W. Bush re-election campaign and has pledged, IIRC, "to do everything I can to deliver the vote to George Bush." All in all I'm afraid that NPR really dropped the ball on this particular issue.

    Just my $.02,
    Ron

    --
    Impeach Barack Obama for violating the Constitutional requirement to be a "natural born" citizen to hold the office of P
  6. Re:Need paper receipts by ChrisKnight · · Score: 4, Interesting

    Exactly.

    What the machines need is a paper roll printer, with a glass window above the print mechanism that allows the viewing of only that last line printed.

    When the user casts their vote, they are instructed to verify in the window that the vote they cast is the one that was printed. If not, get an attendant.

    Nobody can cach in their vote chit, and with batches of votes on individal rolls of paper it would be a lot easier to tabulate than counting paper ballots.

    -Chris

    --
    -- This sig is only a test. If this were a real sig it would say something witty. --
  7. Re:What is wrong with paper? by Ralph+Wiggam · · Score: 3, Interesting

    When people think of paper ballots, they think of hand counting. Electronically counted paper ballots are the best, most secure system I have heard of. If someone disputes the results, take the paper ballots and rescan them.

    A year and a half ago here in Georgia, Gov. Purdue and Sen. Chambliss both overcame 10 point poll deficits to win. There's no paper trail and no recount is possible.

    -B

  8. I haven't been concerned about outsiders... by praedor · · Score: 5, Interesting

    hacking into the voting computers. It's the insiders with an agenda that I am concerned about. The ONLY way to get around this is with a voter-verifiable paper trail AND taking the vote counting away from corporations that create the machines and putting the counting where it belongs: citizen groups.


    Diebold and ALL the other commercial vote machine vendors are heavy Republican donors and, particularly in the case of Diebold, run by individuals devoted to getting Republicans elected and Bush elected (I can't say "re-elected" as he didn't get elected in the first place). THESE criminals have the means and motive to taint the vote...in secret! They are in control of the machines and the vote tallies. They cannot be trusted, given how openly partisan they are.


    It is NOT the random outside hacker we need to worry about that much (sure, protect against it), it is the machine makers and vote counters themselves that have to be protected against. Ask yourself this: Why is it that EVERY vendor of voting machines are so adamantly opposed to any paper trail possibility? Why are they so strenous in their arguments against it? Because it would queer their ability to tamper with the vote tallies.


    Voter-verifiable paper trail. It's the only way to be sure.

    --
    In Bushworld, they struggle to keep church and state separate in Iraq as they increasingly merge the two in America.
  9. might do good. by supernova87a · · Score: 4, Interesting

    who knows? It might just take a result of "George Bush: 99.9%, xyz 33.5%, 105% of precincts reporting, 803 million registered voteres" for people to wake up and realize that there is a problem here.

  10. Re:Need paper receipts by bilbobuggins · · Score: 3, Interesting
    But let's make this clear: The printout goes in the ballot box and gets left at the polling place... voters should not have the option of taking a receipt home. Voters should not have any way of obtaining proof they voted a certain way, because that'll lead to kickback schemes and bosses requiring their employees proving they voted a certain way.

    oh, the irony

    budget: $5 million
    time: 2+ years
    result: joe voter drops a paper slip in a box

  11. democracy inaction by frankie · · Score: 3, Interesting
    As a Maryland resident, I've tried to do my part. I contacted my elected officials and warned them about Diebold. I sent another round of faxes and emails after we learned that Diebold planned to gouge us "out the yin-yang" if we wanted verified voting. Final results: a couple form letter replies amounting to diddly squat.

    The most frustrating part is that my county already had perfectly good voting machines: paper-based scantron-type forms where you mark the appropriate rectangle and a simple scanner tabulates the results. Effective, verifiable, well-understood, and relatively inexpensive. In other words, the complete opposite of what the state just bought for us.

    --
    Approve Approval Voting Now!
  12. Re:Need paper receipts by canajin56 · · Score: 4, Interesting

    A basic requirement for a fair vote is that the voter does NOT receive a copy of their vote. Otherwise somebody threatening you / bribing you to vote a certain way has a way to confirm that you did like you were told.

    What is so hard and confusing about THIS method:
    People vote by checking off a box on a sheet of paper. People fold this paper over and hand it to a poll worker, and watch while this worker places the folded piece of paper in a locked strongbox. Poll worker has a clicker to count the number of votes placed in the box. When the polls are closed, a public counting occurs, where a third-party counts all of the votes up. If the number doesn't add up to the clicker number, they count again. Once their count has been confirmed, representatives of the various candidates are allowed to count it themselves, if they want, again under observation. If their number doesn't agree with the third-party number, they can dispute the count. Otherwise, the people present sign off that they witnessed the counting.

    Now, nobody can hack the system. Can a worker stuff the box? No, the box is plainly visible to public observers. This is VERY important. The press, and public watchdog groups need people at EACH voting station to make SURE the workers arn't on the take. Additionaly, bribing a vote counter or a poll worker, or any other sort of fraud, should be considered treason, and punished by life in prision. Again, there is no good way for the counters to disrupt the vote, because they are being watched. (Behind closed doors, democracy dies) Disputed boxes will be recounted elsewhere by somebody else, but still under public observation. To prevent rampant disputing, the campaign officials and watchdogs will face stiff fines if they dispute a vote, and the recount is not in their favour. Similarily, if the recount differs signifigantly from the original count, the official counters will face punishment. The end result is, it makes it quite hard to foul up a vote without being caught. And the punishments are dire enough to (hopefully) prevent most people from trying. There should also be more stations, so that no group is counting thousands and thousands of votes.

    This whole process is time consuming, and expensive (Small poll stations = lots of workers). But if bringing Democracy to other coutnries is worth hundreds of billions, isn't bringing it to yourself worth even 1? Also, I've never understood the need to have results NOW NOW NOW. Can't you wait a day? Is is so necessary to have the vote results within an hour? No doubt it would be nice, but is saving day of suspense worth potentially wrong results?

    --
    ASCII stupid question, get a stupid ANSI
  13. Re:Need paper receipts by Jerf · · Score: 5, Interesting

    In order to compute an MD5 hash, you must include every last bit of data used to create the hash.

    In order for the voter to verify their vote, you must give them every last bit used to compute the hash.

    If we assume that we are not printing out the voter's vote, then we must give them everything else, plus we must give them exactly how the vote was encoded.

    Otherwise, neither they nor anybody else can every verify the has by re-computing it.

    Once somebody has all the data, plus precisely how the vote was encoded, it is trivial to take the hash of (all voter data + all possible votes) and determine which matches the hash. Thus, we are still giving the voter a piece of paper that confirms exactly how they voted, making them susceptible to all vote-selling and other such nasty scams.

    There is no way to give the voter the ability to verify their vote without also giving someone else the ability to reverse-engineer the vote in trivial time with an MD5 hash. If even one bit is kept from the voter, they can not verify. If all bits are given to the voter, then anyone can verify. There is no in-between.

    (Even if you ask the voter to provide some secret, it can be beaten out of them, and it can be trivially positively determined whether a given secret is the one in the hash; this is one of those cases where more security is bad; see how making cars harder to steal has increased carjackings, a far more dangerous crime.)

    There is no way out. You must not allow the voter to take any proof of their voting out of the booth; they must leave all evidence in the booth or the system breaks. That's why a paper receipt is desirable, but the system must keep it.