Slashdot Mirror
More Diebold E-Voting Vulnerabilities
presmike writes "ok, it looks like Diebold has more to worry about now that it is possible to change votes with a 5 line VB script. 'The vulnerabilities involve the Global Election Management System, or GEMS, software that runs on a county's server and tallies votes after they come in from Diebold touch-screen and optical-scan machines in polling places.'"
You'd think a company who's been making ATMs since their inception, would have a good understanding of cryptographic security and the "gotchas" inherent in such systems. Yet it seems that this multi-billion dollar company is utilizing nothing more than junior level Microsoft programmers. I mean, who in their right mind would write a national voting system in Microsoft Access?!?
;-) Then they could get Congress to sanction Google instead! *rolls eyes*
Maybe they should claim that all their security experts were hired by Google after they took the GLAT.
(BTW, I love the "Politics" section color scheme. Can we do something similar for IT?)
Javascript + Nintendo DSi = DSiCade
Another excellent example of why electronic voting software should be open source. Having many programmers looking over code doesn't automatically increase security, but it certainly increases the probability of finding and correcting asinine problems like the one discussed in the article.
We all know this. Now to convince the U.S. state governments, or the Feds (who should probably fund and sign off on it). Any representatives reading this?
This isn't new at all, just an extreme example of what we have already seen. We already know that they are stored in an insecure access database - changing votes using 'just' a VBS script is nothing new or exceptional.
If someone compromises their network and server enough to install and run a script, they've got considerably more at their fingertips.
When you have the CEO of Diebold saying "I am committed to helping Ohio deliver its electoral votes to the President next year." why do you think the evilness has to come from outside Diebold?
Trolling is a art,
This country wont elect a single representative for themselves until we go back to normal counting of paper ballots! I dont see why we wouldn't do this, it can only help. It is much more reliable and fool-proof and it does nothing but help our economy by having to hire people to count the ballots. In today's world the tech that made the machine is the one who oversees the counting process, not a trustworthy judge that cannot be bribed like it was back in the day.
If carrots got you drunk, rabbits would be fucked up. - Comedian Mitch Hedberg R.I.P. 03/30/68-2/24/05
it looks like Diebold has more to worry about
You mean, it looks like the American people (and the rest of the world) have more to worry about. Diebold has been incredibly resistant to being damaged, no matter how many problems arise with their software.
"Reality is merely an illusion, albeit a very persistent one " -Albert Einstein
GEMS runs on the Windows operating system.
Truly a Gem!
But speaking generally on the vulnerabilities Harris mentions, Diebold spokesman David Bear said by phone that no one would risk manipulating votes in an election because it's against the law and carries a heavy penalty.
I am shocked. Shocked.
He also said that election "policies and procedures dictate that no (single) person has access or is in control of a (voting) system," so it would be impossible for anyone to change votes on a machine without others noticing it. And even if someone managed to change the votes, auditing procedures would detect it.
And this just is a killer. What is this guy smoking? Auditing is not done by default anyway. I am pretty certain Cthulhu is going to be elected.
Free XBox, PS2
IOW, you don't know shit about them and you still think they are safe.
We are fscking doomed!
Diebold obviously has nothing to worry about - they're getting away with their demolition of democracy, despite the incontrovertible evidence pouring in for the past several years. It is we who have a lot to worry about. Not only are they destroying the vote, but getting away with it means that those running the system are benefitting, or they'd stop it. The stolen election nightmare in America is getting worse, even when it was already unacceptably bad.
--
make install -not war
Comment removed based on user account deletion
They appear quite capable of screwing up a wet dream.
...we just put an "X" in a "box" on something called a piece of paper. On this piece of paper, which we call a "ballot", there is a list of perhaps 4 or 5 names depending on the number of candidates running. You mark an "X" beside the name of the person you wish to vote for... then you take this "ballot" and place it in a cardboard-box.
It may be a little high-tech but this method could catch on in developing democracies like the U.S.
Why haven't we heard more about Venezeula, where apparently many machines recorded exactly the same number of pro-recall votes in opposition to Mr. Chavez? Sounds like tampering to me...
Windows security is hard enough to get right when you try. But it sounds like the Diebold flaws would be present regardless of their platform choice.
Even running the GEMS software on OpenBSD would do nothing to make up for their lousy secuity design.
"Power corrupts, and absolute power corrupts absolutely." -- Lord Acton
But speaking generally on the vulnerabilities Harris mentions, Diebold spokesman David Bear said by phone that no one would risk manipulating votes in an election because it's against the law and carries a heavy penalty.
Yeah, and no one robs banks, or counterfeits, or traffics drugs either.
This space for rent
I don't want my tax dollars bankrolling OSS dev efforts. If you wan't such a system, go ahead and create it. Put a paypal link on your sourceforge page, maybe someone will send you a buck.
Do you want to pay for buggy, easily exploitable software then? I can understand your desire not to waste money on "fantasy vapor product that doesn't exist..", but you are paying for Diebold's mess. And you are paying for paper voting, recounts, and all the supporting infrastructure. Personally, since money is being spent regardless, I'd like to see it go towards a rock solid solution that will last awhile. It seems that OSS would be an excellent candidate.
HA! I just wasted some of your bandwidth with a frivolous sig!
I think that's the ultimate flaw in this process - why spend money on quality when price is the only thing that matters?
-If an encrypted database were used, along with a strong password phrase and algorithm, there would be very little for anyone to hook into to reverse engineer the format.
-Getting root access on the Linux box is also not a trivial task, especially if you don't have physical access to the machine.
-If you don't have root access and you write the database access procedure so that root-level or some special group permission is required, then you're not even going to get to the database in the first place.
As Jefferson said in TFA... the coders/designers for that system look like amateurs. Even within a Windows framework there would have been a LOT better ways to implement the database to decrease its vulnerability to casual access by other applications.
Less is more.
... for Diebold's absolutely retarded system design and configuration. Come on people, if you are building a 'secure application', you do not place the interface and the voting data at the same user protection level. Hell, you probably don't want to place the voting data in the same physical location as the interface.
:)
But really, this is somehow Microsoft's fault. I know it!!
indeed. if you live in a state with e-voting machines, vote absentee. tell your friends and family.
Isn't this exactly the kind of project that is perfect for Open Source. Its something a lot people (states/countries/etc.) could/would use and its something that would benefit from lots of people working on it to amke sure it is secure and works well? It doesn't seem like once it is made that there needs to be a ton of extra upgrades or features added to it.
Seems this kind of tool/program is exactly the kind of thing that should be done Open Source and stands a lot better chance of being a better program and more secure due to peer review and public scrutiny. Not to mention the amount of public tax dollars it would save since it would free and costs could be shared by all states for any support or maintance that was needed.
Well, there's the problem. The data can either go directly from each machine to the county elections board, or it can be collected and counted at the precinct level, then sent to the elections board.
There are a couple of reasons why you would keep the preliminary counting to the precinct level: Cost is one.
The cost of centralizing the count would mean that every machine has to be given a secure, direct connection to the central computer. Personally, I wouldn't trust a phone line. Cost? Pretty high, since many counties around the US have thousands of polling places, each with multiple machines.
So, you are almost forced to use collect the data locally. If that is the case, then, that means you need a local election judge handling the data. That local election judge may be very honest, but probably doesn't know anything about computers. And, even though I don't like Windows, I don't think you have much of a choice. You are almost forced to use it. The cost of training all of the election workers on how to use Linux would probably be too high. You might look at Mac, but then you'd end up spending more money on a Mac programmer than you do on a MS programmer.
Don't get me wrong. Diebold obviously never thought about security. If they did, they would have found ways to control for VB scripts updating the data. But, I do understand why they chose Windows and Access. I don't agree with their choice, but I understand why they chose it. Cost.
Essential: Build the machine and software from the ground up starting with the proposition that you will have to recount the votes. All other considerations are secondary.
Parallel testing. On the day of election, randomly select a machine, pull it out, and run a simulated voting process on it. Compare the results with what they should be. Video the entire process. If the results are wrong, go back and investigate the video tape. It should be done for each polling place. This is expensive. The machines cost $3,000-$5,000.
Test before, during, and after elections.
California requires mandatory recounting for a random 1% sample of all ballots. This was introduced after optical scan ballots. This should be a national law.
New Hamphire allows any candidate to demand a recount for up to a 3% margin. Experts know how to count.
Florida did not know how to count votes correctly like many other states.
Issues like blind access are important to the blind, but remember our priorities! Recounts are the essential priority!
Ways to Cheat
Don't activate the cheating until after the election starts.
Only cheat with a few machines. Only a margin is required to swing a close election.
No verifiable audit trial. Design a paperless machine that counts votes and is not voter verifiable.
Get access to the machine before or after the election. The machines are almost always kept in insecure storage and shipped via insecure delivery.
Randomly change a number of votes each way each time you check the results. Change some votes for Kerry and some votes for Bush. Just weigh the cheating for your candidate. This way, you can't tell whether the cheating is a bug or malicious code.
I call bullshit!
I'm sure the Diebold people do understand security, very well. Security is their main business. Clearly, the absense of security in the voting systems is not a result of accident, oversight, or incompetence. I am sure the absense of security is absolutely intentional.
These machines are designed, from the start, to rig elections.
Here is the only way I see this comming to full public attention. Some haxor changes the votes, not for Dem or Rep (that would be argued as America opinion), so that the green party or the american communist party or something like that won in a landslide then you'd open peoples eyes real quick.
/. life I will be posting Anonymously, soon I'll be buying my tinfoil hat...)
It's kinda ironic that all of us nerds who love technology are the ones saying that this is a really bad idea. If we're saying this technology is bad you'd think they would listen to us....
NOTE to FBI, election officials and readers: This is not a suggestion on things to do. I am not saying that someone needs to hack the voting system, I'm just saying that if the worste case scenerio occurs people would notice. I don't want someone doing this and me ending up in Gitmo.
(For the first time in my
You think it has a paper trail, but you're confident it has no vulnerabilities?
Oh. Well, that's okay then.
After you push the button for Jones, how do you know that the system recorded a vote for Jones? What if the screen says Jones, but (inadvertently or deliberately) incremented the count for Smith, instead?
A real paper trail is one that you can see when you cast your vote. It just has to print 'one vote for Jones' on it, then spit it out. You put that printed record into a sealed ballot box before you leave the polling place. (Otherwise, other people could verify your vote and eliminate the benefits of a secret ballot). Then you've got a real paper trail. If you don't trust the machine count, you count the paper ballots.
A 'paper trail' where the printer spits out whatever number the computer tells it at the end of the day has no verification value whatsoever.
~Idarubicin
And, even though I don't like Windows, I don't think you have much of a choice. You are almost forced to use it. The cost of training all of the election workers on how to use Linux would probably be too high. You might look at Mac, but then you'd end up spending more money on a Mac programmer than you do on a MS programmer.
You don't have to train local election officials to do anything other than click some buttons. Why do they need to know how the underlying system works? Let the guys that write the program worry about that, then have some other guys that know code come in and audit it. It's that simple.
Still- how do you know your vote counted for whom you wanted it to count for? Do you have a paper trail, and do you check the paper trail? If not, your system is only slightly better, if at all. If you do- why not just skip the easily monkeyed with electronic systems and stick with the millenia old paper system instead? Despite all the FUD, the old chad system worked and only a fraction of a percent were miscounted. Most of them were because the voter was too stupid to check if the chad got punched cleanly. Penciling in boxes is good too, it just takes more time. Putting a computer in the system is just an unnecessary weakness.
I still have more fans than freaks. WTF is wrong with you people?
Someone isn't doing their job.
Mind you, maybe their Signals Intelligence Directorate will intercept this on the way to your servers in the US (I'm in the UK) and they'll take the piss out of the other Directorate until they can't stand the shame and get their fingers out their asses.
One of the penalties for refusing to participate in politics is that you end up being governed by your inferiors - Plato
Are you thinking what I'm thinking, Pinky?
... and no one would risk committing securities fraud because it's against the law and carries a heavy penalty *cough*Enron*cough* or would risk driving above the speed limit because it's against the law and carries a penalty (whether it's a heavy penalty depends on just how fast you were driving.)
Yeah Brain, but where would we find enough Diebold programmers who have that much knowledge?
From the first part of the article:
But the vulnerabilities do show incompetence and indicate that Diebold programmers simply don't know how to design a secure system.
Another comment I found particularly interesting occurs on the third page of the article:
But speaking generally on the vulnerabilities Harris mentions, Diebold spokesman David Bear said by phone that no one would risk manipulating votes in an election because it's against the law and carries a heavy penalty.
Suuuuuuuure
Y|
SERIOUSLY! Could he be anymore naive? I was going to quote that part of the article where Diebold's spokesman says no one would do it because it's against the law, but you beat me. Wow.
Here is my take on the whole electronic voting thing. Computer Scientists would generally like to promote the use of computers and technology to solve a problem, say like e-voting. Now if Computer Scientists are coming out in large numbers to say, WAIT! computers might not be the best way to tally votes, it's not secure, there's too much room for false votes, etc etc. Then you know there is something wrong with using electronic voting. It's crazy.
I know that this is enough to make me never again touch a Diebold ATM if I can help it
Relax. Their money machines are rock-solid. After all, they handle things of importance, namely, money, unlike their voting machines, which handle only illusions.
Mod down people who tell people how to mod in their sigs
You described the problem yourself. The system is simple, efficient and reasonably fool-/fraud-proof. What elected official is going to be in favor of that?
Someone you trust is one of us.
Any system can be cheated somehow, given enough motivation to cheat. The big point is how easy it is to cheat ! There's no reason to make a system weaker because the -supposed- future order of difference is one or two points. It smells of apathic depressed behavior, exactly how many politicians would like us to be, apathic and careless.
Maybe you remember the first times newspaper started talking about the "evil computer pirates" (then "hackers" , then "black hat" then god know what they invented) and how they exploited banks' computers.
Remember how people was -totally stunned- by the fact one person could steal millions without actually robbing a bank ? It was fuckinbelievable, yet it was 100% true, it could be done without a trace or a smoking gun. TODAY security is much tighter in many financial systems thanks to hackers exposing or exploiting the loopholes.
So why should we TODAY make the voting system even more cheatable ? We know that computers can be used to manipulate millions of votes in a split second, so for what goddammed reason are we throwing ourself in a predicatable and predicted disaster , with all our past experience with computer abuses ?
The "we must face it" attitude is that of losers.
Excuse me for yet again being so anti-american, but I thought that the american concept of patriotism was that you would proudly hack the voting machines if it was needed to demonstrate that the election was easy to steal?
That any patriot would take the risk of being shipped off to Gitmo when it was needed to preserve democracy and freedom?
So WTF happened to patriotism?
The fact is that the voting machines needs to be hacked, at this point the only way to ensure that democracy survives in the US is that CowboyNeal is elected for President.
It means that some patriotic hacker has to do it, and I see nothing wrong with advocating it.
If you want to improve your chances of not going to Gitmo, you may want to hack the machines and hop on a plane to somewhere more free and stage a press conference there just as election officers discover the hack.
The arguement against e-voting is irrelevant, Diebold should have lost the contract after the first two or three security flaws. Overcomplication of the machines by using embedded windows is stupid. If they took security seriously, they would never have tried to use it in the first place.
Linux isn't the answer either. Personally, I'd drop x86 for a cheaper embedded processor, I'd demand engineers with experience in creating hardened systems from scratch, and I'd spend the extra money to make DAMN sure I didn't drop the ball on this projects, which has the potential to be INCREDIBLY profitable for a company willing to do the job right.
It's been a long time.