Slashdot Mirror


Vote Tabulator Security Hole Exposed

Doc Ruby writes "Black Box Voting has exposed a security hole in Diebold machines that tabulate votes collected from electronic voting machines. A code entered into the tabulator's user interface duplicates the "secure" counts into an insecure count which can be changed, and counted instead. The "double books" vulnerability and exploit were reported to the manufacturer over a year ago, and confirmed, while major customers (California and Washington states) were notified shortly thereafter. In spite of some revisions, the latest version of the software remains insecure. Diebold voting machines running GEMS version 1.18.x are vulnerable, running in about three dozen states. Although the software is widely deployed, and scheduled for use in shortly upcoming elections, risk mitigations are available, mostly protocols restricting physical or network access to the machines. Other auditing/accountability measures for ensuring only trusted access to the system are recommended."

23 of 530 comments (clear)

  1. Captain Obvious Strikes Again… by Izago909 · · Score: 5, Interesting

    For all the banter that goes on here, we all know how this is going to turn out. Everybody bitches and moans about it, and the mainstream press runs toned down stories. In the mean time, people who know what's going on continue to look like crazy conspiracy theorists. End result: The public won't know or won't care until a massive mistake is uncovered after the person enters office and everyone realizes that they've been living under the authority of a false representative. Of course, that's provided said person doesn't pass a law to protect people in his situation once they're discovered.

    1. Re:Captain Obvious Strikes Again… by Anonymous Coward · · Score: 5, Interesting

      The number of security flaws with these machines has been tremendous, not to mention odd little programming tricks like dividing and multiplying the number of votes by 1 (anyone doing a little binary patching should know why this is significant).

      The CEO of Diebold is a friend of Bush and, during a charity dinner, has stated that Diebold will do everything it can to deliver as many votes to the Republicans as possible.

      A few gubernatorial elections using Diebold machines have had upset elections going to the Republicans when exit polls suggested a Democrat victory with 60+% of the vote.

      It could be a coincidence but the secrecy and suspicious number and types of bugs does not bode well.

    2. Re:Captain Obvious Strikes Again… by John+Miles · · Score: 5, Interesting

      The level of complacency after the 2000 fiasco, which no doubt some very sharp minds took note of, underscored that people just really as a whole don't give that much of a damn about democracy in the US anymore.

      One way to interpret hairsplitting fiascos like the Y2K election is that perhaps it doesn't really matter who wins.

      That could explain the lack of revolutionary outrage after the (s)election of Bush. The reason the 2000 election was so close was that the outcome, in the collective hive-mind that is the American electorate, just wasn't that important.

      Landslides tend to happen when things suck, the candidates offer genuinely-different positions, and the need for change is acute (e.g., Carter's loss to Reagan in 1980). We're heading into another epsilon-fest in 2004, it seems, because the public is being given a choice between two rich white guys from Skull & Bones whose policies appear all but indistinguishable.

      --
      Dahlmann tightly grips the knife, which he may have no idea how to use, and steps out into the plain.
    3. Re:Captain Obvious Strikes Again… by demachina · · Score: 3, Interesting

      Well I agree with you completely too except I'm missing George III. Thought George W. was George the II. His dad being George the first. His grand dad was Prescott and I think before that it was Samuel though I'm a little hazy that far back. Bert Walker, George H.W. Bush's maternal grandfather was a key Machiavellian figure who helped propell the family to power and wealth along with the Harriman's, Bunny Harriman being a Yale class mate of Prescott Bush, fellow Skull and Bones man. Prescott did the day to day dirty work managing Harriman investments including working at Union Bank which was seized at the start of World War II since it was the American investment front of the Thyssen family, one of Germany's richest industrial families who helped throw support of German industry behind Hitler at a crucial point and helped insure his rise to power. It was quite the embarrassment to the Bush family at the time and appeared in one of the New York papers at the time. They managed to hush it up though. The documents on the seizure of Union Banking listing Prescott's name were declassified a few years ago and are available in the National Archives.

      The Presidents middle names Herbert and Walker are tributes to Bert Walker who was a globetrotting manipulators of empires.

      Another vein of this conspiracy theory is there is actually still a Tory party in the U.S. and its power base sits squarely in Connecticut and at Yale, the power base of the Bush family. They lived in Connecticut before they moved to Texas and there is now at least four generations of Yale alum in their family.

      The wealthy elite that sits there has for sometime been operating on the same basis British nobility did, that most people are rabble and you can't trust them to govern themselves, so you need a cultured, schooled, moneyed elite to run things and that is pretty much what the Bush family and the Republican party is doing today. Of course Skull and Bones, the Yale secret society sits at the heart of this tory party. Wouldn't be suprised if they arranged the Democratic nomination for Kerry, also Yale grad, also Skull and Bones, with it predetermined that he will fall on his sword in by November as another avenue to insure George W. can't lost in November.

      There is probably some truth to the idea that most American's are to dumb to govern themselves but unfortunately the moneyed elite that are doing it in their stead tend to govern in ways that are most likely to increase, enhance and extend their wealth and power, often at the expense of the rest of us.

      --
      @de_machina
    4. Re:Captain Obvious Strikes Again… by demachina · · Score: 4, Interesting

      No facts....no facts.

      Listen to any Bush stump speech like the one that he just gave to a Veterans group. It was non stop pounding that America is in danger, and he and the Republican's are the only ones that can make you safe. The line was something like "We will never sit down at a peace table" with the implication this war will never end but "we are winning and will win". A few key facts:

      - He's bestowed upon himself the power to summarily arrest anyone he chooses, including U.S. citizens, hold them indefinitely without access to their family or a lawyer and is denying them all due process.
      - He has shipped people to foreign governments so they can be subjected to extreme torture and has either endorsed, condoned or tolerated forms of torture in the U.S., Gitmo, Iraq, Afghanistan and potentially a number of other secret prisons around the world
      - American's trying to exercise basic free speech rights are being arrested, or ordered in to pens where no one can see them
      - Add in numerous quotes from Bush that he is being guided by God's will and in particular that he it was God's will he invade Iraq and bring Democracy to them. The man is either insane or a master manipulator of his extremist Christian followers.

      You can just look at a brief history of the Republican party to discern a pattern of contempt for the Republic.

      The last time they had control of Congress in the early '50's what did we have, McCarthyism, where people, often innocent, had their lives destroyed for nothing more than having different political views from the people in power. People were being coerced to rat on their friends and neighbors in an extraordinary and long running witch hunt in which people, often innocent, had their civil liberties thrown aside.

      Read Goldwater's acceptance speech here tto remember how off the deep end he was. He was so extreme America turned on the Republican's and they had to pull in their extremist horns until Reagan unsheathed them again and Bush started goring people again.

      Richard Nixon used people out of the CIA to engage in a massive and massively illegal secret campaign to destroy his political opposition.

      Ronald Reagan and George H.W. Bush negotiated a secret deal with Iran to prevent the release of the hostages before the election for fear it might save Carter's reelection. You know it was no coincidence they were released as Reagan was being innaugerated making him look like some kind of hero. Another key part of this manipulation, arms were sold to Iran, with Israel's help, and the money was used to fund an illegal war against Nicaragua that was in explicit defiance of a bill passed by our elected representatives in Congress who had forbad such a war. It was a blatant contravention of the Constitution, an impeachable offense, and they got off with a slap on the wrist. By contrast Clinton was pilloried for all eight years he was in office, by the same Republicans, was impeached and it was over lieing about sex between consenting adults.

      I'm sorry but there is a long running set of facts and justifications that the Republicans are an eliteist party that have contempt for the Constitution, the will of the people and will if they can turn back the clock to the 50's where America was being run by rich, white, Protestant men, blacks will be disenfranchised as Florida again attempted to do this year(see below), gays will be shoved back in the closet, the American military will be taking down one adversary after another, and everyone will be subjected to the moral code, by law, of fundamentalist Christians.

      Footnote on Florida from a documentary on the Discover channel. As you probably know Jeb Bush in 2000 misused Florida law to strip voting rights from Blacks in Florida in 2000. For example they tried to deny a black minister access to his right to vote because he name was similar to a convicted felon. Enough blacks were wrongly d

      --
      @de_machina
  2. In times like these one has to wonder... by GillBates0 · · Score: 4, Interesting

    ...just how many of these "holes" or rather bugs were intended to be features.

    --
    An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
    1. Re:In times like these one has to wonder... by jd · · Score: 5, Interesting
      Oh, that seems certain. The "enter a code and we'll count the wrong column" 'bug' is almost certainly a left-over from code testing. That sort of "bug" doesn't occur because of a typo in a program, it's a deliberate test for a condition followed by a deliberate change of column selection.


      Once "QA" (or what passed for it) was complete, either they forgot to remove the code, or they thought it might be a useful monitoring/debugging tool in the field.


      Normal coders would wrap any such test-only code in #ifdefs, so that it wasn't active for normal use. But these aren't normal coders, so we can't assume that.


      However, it is entirely on-par with people like Cisco shipping routers with a trivial password for the technicians.

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  3. So impatient! by Anonymous Coward · · Score: 5, Interesting

    Technology is a wonderful thing.

    But come on. Are we so ADHD in this country we can't vote on paper and wait for real people to count them? Yes, there will be mistakes... but at least if a recount is needed, there's a paper trail.

    If you don't have time to do it right, when will you have time (or in this case, an opportunity) to do it over?

    Can it be? A free PC!?

  4. If you can sue McDonalds for coffee... by major.morgan · · Score: 3, Interesting

    I'm starting to get confused; If you can sue McDonalds for coffee, or just about anyone for not protecting me from myself - why hasn't someone taken Diebold on in court?

  5. Wow... by autopr0n · · Score: 5, Interesting

    Is anyone else suprised by how bad diebold's coders are? I mean seriously. I know microsoft can't make their products secure, but they have millions of lines of legacy code and compatability issues. This isn't an excuse, but building a secure system from the ground up should be pretty straight forward, honestly.

    Security should have been the top priority the whole way through, but apperantly it wasn't. Pretty amazing, IMO.

    And wtf, they can't fix a bug in a year? They're not going to have it fixed by Nov? Jesus, what is it with these people.

    Also, this is kind of boring. Anyone involved in the RNC convention or the protests around here?

    --
    autopr0n is like, down and stuff.
  6. Wow. What a perfect "mistake" -- it functions! by CFD339 · · Score: 5, Interesting

    So let me understand. Entirely by accident, if you enter a specific code at the machine, a transparent and highly successful process takes the existing collected data and makes a duplicate of that data which can be altered and fed into the combining and counting process.

    Someone must have REALLY misspelled an important constant, no? I mean, what are the odds? When I screw up, the code usually just fails to compile or takes out the vm. Someone needs to find the guy who "accidentally" did that and get him to buy lottery tickets for all of us.

    wow.

    --
    The problem with quotes on the internet, is that nobody bothers to check their veracity. -- Abraham Lincoln
  7. Black Box Voting will show you how to cheat. B-) by Ungrounded+Lightning · · Score: 4, Interesting

    Public officials: If you are in a county that uses GEMS 1.18.18, GEMS 1.18.19, or GEMS 1.18.23, your secretary or state may not have told you about this. You're the one who'll be blamed if your election is tampered with. Find out for yourself if you have this problem: Black Box Voting will be happy to walk you through a diagnostic procedure over the phone. [Contact information here.]

    Public officials: If you have these versions of the software, the votes can be tampered with by this simple procedure. Black box voting will be happy to give you a short course in how to rig your election.

    Reminds me of the official corruption in Daily's Chicago - which was the "City that Works" largely because ANYBODY could bribe the officials equally.

    By exposing this flaw and showing every election clerk who asks how to cheat, Black Box Voting is insuring that the vulnerable software WILL be used to cheat, and that elections WILL be rigged until the audit trails are installed and used.

    I can think of nothing that will create a bigger push for audit trails on electronic voting than showing every election official in the US how to stuff the ballot boxes at this wholesale, vote-tabulation level. B-)

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  8. A big deal, but not really. by ayeco · · Score: 4, Interesting

    Sure, it's horrifying to see that someone could cheat, and most likely someone will try, but the polls have both parties monitoring, counting, and watching the process. Announcing the fact that the machines aren't fool proof or perfect is a wonderful thing for the process - aka more eyes will be watching and helping protect our election process.

    These problems will be fixed, but there will always be voter fraud (ie dual voting - The paper found that 68 percent of the dual registrations are Democrats, 12 percent are Republicans, and 16 did not claim a party).

  9. Florida and their e-voting problem by BadluckShleprock · · Score: 5, Interesting

    Back in 2002, Miami-Dade had an election using touch-screen voting. In some circumstances there were more votes than registered voters, and in at least one instance an entire day's votes in one machine were "accidentally" erased. No paper backup means the votes were lost in the ether.

    Since each state is responsible for operating the voting process, you'd think that Jeb Bush (the Governor) and former Orlando Mayor and now Secretary of State Glenda Hood would have been outraged. Jeb's reply was "why can't Democrats learn how to vote?". Glenda Hood's response was "that doesn't mean that we need to have a paper trail." She has this big bug up her ass that printed receipts would cause a repeat of the 2000 debacle when in reality the 2000 debacle was 100% caused by the old punch cards being difficult to scan. A paper printout would simply be a way to recount votes that aren't up to speculation by the person doing the recount (i.e. they know exactly which votes are cast.)

    P.S. Diebold Sucks!

    --


    ------
    There's a fine line between cuddling and holding someone down so they can't get away.
  10. Why this is scary by tedit · · Score: 5, Interesting

    While a lot of people will say that screaming about insecure voting machines is a bunch of FUD, I think there is a legitimate reason to be far more scared of insecurities in digital voting than in the traditional kind. The nice thing about paper/punchcards/crayon is that the scale of fraud is limited by the physical nature of the medium. It's tough to dispose of a lot of votes without anyone noticing a precinct is missing, and it's difficult to make much of a differece forging individual ballots. The problem with electronic voting is that like every other industry that's gone digital (accounting to spreadsheets for example), the scale and efficiency of mundane tasks is amplified by many orders of magnitude. It's tough to make much of a dent in an election by registering under ten names and voting ten times. It's easy (if you have an exploit) to to click once to change 10,000 votes in a manner that looks utterly plausible. So for all the talk of just giving red meat to the media to have another thing to panic about, I'd say why the heck can't we force Florida to print paper reciepts?

  11. Why reprogrammable computers? by gorehog · · Score: 5, Interesting

    I asked this before and am going to ask again.

    Why do we insist on using voting computers which are reprogrammable. These are all Von Neumann architecture machines. As computer scientists we should be able to find a more appropriate architecture for voting. Something where the code is not alterable, something where the counts are not chanegable.

    Think about it. And if you dont understand the question then learn about computing architecture. There are computers other than the multi purpose kind. They tend to be single purpose and far more efficient at their designed jobs.

  12. Re:Florida, anyone? by DAldredge · · Score: 4, Interesting

    "# Financing smear groups to attack John Kerry: $ 1.75 million."

    Do you get this worked up over 527's like moveon.org?

  13. Dieblod Rep Conversation by jxs2151 · · Score: 5, Interesting
    I had a nice little conversation with a Diebold guy at the Maryland State Fair Saturday. The State of Maryland had a booth set up there allowing people to "vote", showing how "easy" it was to use the machines. I turned around and asked the guy for my paper receipt or some proof of who I voted for. He got real defensive when I suggested the that machines had been compromised. He tried to move me away from the crowd that was there, even though I wasn't being loud. I stated that unless the source code was open to inspection that the public had no way of trusting the voting process. He replied that the code would be held in escrow by a trusted authority- the State of Maryland. I laughed, and laughed some more at the thought of those who had the largest vested interest in the outcome of the vote being "trusted" to ensure the accuracy of that vote.

    Diebold has a huge investment in this and sees dollar signs well into the future if their machines become the standard. Just think about how long the mechanical machines have been around. Diebold wants that kind of longevity for their product.

    I am not against a company making money, far from it. However, making your money off the most important process in America cannnot be ethically supported. I left telling the Diebold guy that I enjoyed toying with him. He was left with a chagrinned look on his face, knowing that the road ahead is gonna be tough.

    I was not willing to return and pay another entrance fee to bring materials back to prove this guy wrong so do me a favor- if you are planning on going to the MD State Fair, take along some materials to back up your arugment and take some potshots at the Diebold guys.

    1. Re:Dieblod Rep Conversation by Lost2Home · · Score: 3, Interesting
      I stated that unless the source code was open to inspection that the public had no way of trusting the voting process.

      Why do people always bring up the source code has to be open. Open source has absolutely nothing to do with this issue.

      This isn't a binary you are going to build and install on your home computer, you have no way of knowing that the source code in escrow was used to build the binaries on the voting machine. In fact, Diebold has been repeatedly caught installing uncertified software on voting machines used in elections.

      The real solution is providing the voter with a printed ballot showing who their vote will be counted for - then having the municipality store that ballot for use in any required recounts. Without ballots outside the voting machines, there is no protection from malfunctions or deliberate malfeasance.

  14. 10th grade coding project? by SnprBoB86 · · Score: 4, Interesting

    Ok so you present a login where the user enters a voter registration number. You show a list of canidates. You double click. Type "yes" to confirm. Increment a number in the database and set that voters "HasVoted" property to true.

    After a 10th grader finishes that project, have a real coder step in for 15 minutes, throw in a little encryption and all you've got to do is run this bad boy on a palm pilot locked in a box and chained to a desk. When the votings done, ship the locked up palm pilot off to some goverment facility where the data will be merged into a master database.

    Wheres the challenege? I feel like I could make THE BEST VOTING SYSTEM EVER in one weekend and make it rich off government contracts...

    --
    http://brandonbloom.name
  15. Shhhh by AoT · · Score: 5, Interesting

    Don't tell anyone we have endemic corruption in the US political system! They might start gettting ideas and, gasp, start voting for other parties, or worse, get off their ass and really try to make some changes.

    Shit, I'm an Anarchist, I'm for world revolution and all that, but at this point I'd be pretty fucking content with a government that doesn't put its citizens in what amount to concentration camps for smoking a fucking doobie. I mean come on!

    What I really don't get is why so much of the right wing supports all the roll backs in civil liberties. Do you remember the clinton years? Ruby Ridge and other incidents should worry the hell out of you because there will be another Democratic Administration sometime, even if it isn't '04.

  16. Not even the demo works! by Deep+Fried+Geekboy · · Score: 3, Interesting

    There's a javascript demo of the Diebold Election System on the Diebold site.

    Guess what? In Safari 1.3 at least, it doesn't work.

    (Try voting for one candidate on each ballot, then on the next page, you appear to have cast no votes, confirmed by 'review').

    Try it here: http://www.diebold.com/dieboldes/OnLine_Demo/scree n1.html

    --

    I'm not wrong. You haven't thought about it hard enough.

  17. Re:George III by demachina · · Score: 3, Interesting

    It probably really doesn't matter but the dismantling of the Republic and the creation of the Empire will probably move along more smoothly under Bush with a Republican dominated Congress, and if the current Neocons reamin in control of the Pentagon. Its lost on everyone but Kerry and Bush have nearly the same position on all the volatile issues of the day. Both are fans of the Patriot Act, both support the Iraq war, Kerry is just quibbling on implementation details because he has to to keep the Democratic base happy.

    I need to do some research on what happened in Iowa. I gather a dozen or so wealthy people funded attack ads that ran only in Iowa that associated Dean with Bin Laden and started his slide in Iowa. His slide in Iowa finished him before the media finished him off over the "I have a scream" speech. Chances are the Democratic nomination was decided by a dozen people with some money and well placed attacked ad, much like the November election may well be decided by a handful of Republican's funding attack ads like the Swift boat ads. As nearly as I can tell our government is chosen by a few wealthy people, with a few well placed attack ads, which precipitate a media stampede and the American people just follow the ring in their nose.

    Its even stranger that Dean is a Yale grad too though I don't think he is Skull and Bones. It kind of shows how the moneyed elite that sits in Connecticut and around Yale had locked up the Presidency before the American people were even consulted.

    And then Dick Cheney was also groomed for Yale but he barely survived two years there, his grade were apparently so bad he probably would have flunked out if he hadn't left voluntarily. Don't think he had the family connections George W. had to insure he got passing grades since he was as apparently as intellectually challenged as Cheney was at Yale. George W.'s grandfather Prescott was a former Senator from Connecticut, Yale's home state, insuring George W. would never be flunked no matter how bad his academics sucked there.

    --
    @de_machina