Slashdot Mirror


More Diebold E-Voting Vulnerabilities

presmike writes "ok, it looks like Diebold has more to worry about now that it is possible to change votes with a 5 line VB script. 'The vulnerabilities involve the Global Election Management System, or GEMS, software that runs on a county's server and tallies votes after they come in from Diebold touch-screen and optical-scan machines in polling places.'"

28 of 535 comments (clear)

  1. Amazing by AKAImBatman · · Score: 5, Insightful

    You'd think a company who's been making ATMs since their inception, would have a good understanding of cryptographic security and the "gotchas" inherent in such systems. Yet it seems that this multi-billion dollar company is utilizing nothing more than junior level Microsoft programmers. I mean, who in their right mind would write a national voting system in Microsoft Access?!?

    Maybe they should claim that all their security experts were hired by Google after they took the GLAT. ;-) Then they could get Congress to sanction Google instead! *rolls eyes*

    (BTW, I love the "Politics" section color scheme. Can we do something similar for IT?)

    1. Re:Amazing by kiolbasa · · Score: 4, Insightful

      A multi-billion dollar company rushed a voting maching product to market to take advantage of the buzz following the 2000 election. Marketing trumped proper design.

      --

      Beer wants to be free
    2. Re:Amazing by natoochtoniket · · Score: 3, Insightful
      You'd think a company who's been making ATMs since their inception, would have a good understanding of cryptographic security and the "gotchas" inherent in such systems

      I'm sure Diebold poeple do understand security, very well. Clearly, the complete absense of security in the voting systems is not a result of accident, oversight, or incompetence. I am sure the absense of security is absolutely intentional.

      These machines are designed, from the start, to rig elections.

    3. Re:Amazing by HiThere · · Score: 3, Insightful

      The people who run them, install them, and sell them have the inside track on making the fix.

      Do you think this is all by accident?

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
  2. Another good example by Lord+Grey · · Score: 3, Insightful
    Ha!
    [David Jefferson, a computer scientist at Lawrence Livermore National Laboratory said] that he doesn't believe that the vulnerabilities show deliberate malice on Diebold's part to aid fraud, as [voting activist Bev Harris] has sometimes contended in public statements. But the vulnerabilities do show incompetence and indicate that Diebold programmers simply don't know how to design a secure system.
    Emphasis mine.

    Another excellent example of why electronic voting software should be open source. Having many programmers looking over code doesn't automatically increase security, but it certainly increases the probability of finding and correcting asinine problems like the one discussed in the article.

    We all know this. Now to convince the U.S. state governments, or the Feds (who should probably fund and sign off on it). Any representatives reading this?

    --
    // Beyond Here Lie Dragons
    1. Re:Another good example by MillionthMonkey · · Score: 4, Insightful

      You want an OSS voting system, write one. Then lobby the government to use it. You've got it all backwards. The government does not fund software projects to reinvent the wheel (at least it shouldn't, not with my money).

      "Reinventing the wheel" is a bad analogy in this case. The priority here isn't to save money, it's to correctly count votes. Saving money is a secondary consideration. (This is why we don't fire judges and outsource our courts to India, even though that would save money too.) On a national scale, the amounts of money involved with Diebold are relatively miniscule- they probably wouldn't fund the Iraq War for more than a few hours. (And it isn't even clear that buying Diebold saves money over an in-house solution.) But there is simply no way to know that the votes are being counted if you can't SEE how they are being counted.

      DieBold already had a system when the government went looking, the OSS community didn't. Their choices were DieBold, a couple other vendors, or "fantasy vapor product that doesn't exist and even if they funded it's development there's no guarantee the thing will exist by election time".

      You are making an assumption without realizing it here- that the Diebold system will be automatically superior to the card-based system that was in place in Florida's 2000 election. Which actually performed remarkably well under the extreme condition of a tie. There is no reason why these new systems have to be in place by 2004 when they may actually compromise the election compared to the system we had before.

      I don't want my tax dollars bankrolling OSS dev efforts.

      Maybe not GPL software (I'd agree with you that far) but if we're going to use a voting system we should all be allowed to see the code, even if we can't modify or distribute it. Otherwise only Diebold knows who really won, and in fact Diebold is put in a position where they can choose the next president. The key concept is transparency.
      Counting votes isn't even a hard problem. Diebold (and the rest of the software industry) has succeeded in convincing the government that

      numVotes++

      is some ingenious discovery like penicillin. So you aren't allowed to see the code, which might really look like

      if (vote equals BUSH || (vote equals KERRY && rnd() < 0.9))
      numVotes++


      Diebold's right to its "intellectual property" has superceded your right to know your vote was counted. Ironic, considering these mounting revelations that Diebold's intellectual property isn't very "intellectual" to begin with.

  3. Nothing new.. by Manip · · Score: 4, Insightful

    This isn't new at all, just an extreme example of what we have already seen. We already know that they are stored in an insecure access database - changing votes using 'just' a VBS script is nothing new or exceptional.

  4. Re:Blimey by grub · · Score: 5, Insightful


    If someone compromises their network and server enough to install and run a script, they've got considerably more at their fingertips.

    When you have the CEO of Diebold saying "I am committed to helping Ohio deliver its electoral votes to the President next year." why do you think the evilness has to come from outside Diebold?

    --
    Trolling is a art,
  5. Get rid of E-Voting now! by NIN1385 · · Score: 3, Insightful

    This country wont elect a single representative for themselves until we go back to normal counting of paper ballots! I dont see why we wouldn't do this, it can only help. It is much more reliable and fool-proof and it does nothing but help our economy by having to hire people to count the ballots. In today's world the tech that made the machine is the one who oversees the counting process, not a trustworthy judge that cannot be bribed like it was back in the day.

    --

    If carrots got you drunk, rabbits would be fucked up. - Comedian Mitch Hedberg R.I.P. 03/30/68-2/24/05
  6. Worry by MacGod · · Score: 5, Insightful

    it looks like Diebold has more to worry about

    You mean, it looks like the American people (and the rest of the world) have more to worry about. Diebold has been incredibly resistant to being damaged, no matter how many problems arise with their software.

    --
    "Reality is merely an illusion, albeit a very persistent one " -Albert Einstein
  7. GEMS by savagedome · · Score: 4, Insightful

    GEMS runs on the Windows operating system.

    Truly a Gem!

    But speaking generally on the vulnerabilities Harris mentions, Diebold spokesman David Bear said by phone that no one would risk manipulating votes in an election because it's against the law and carries a heavy penalty.

    I am shocked. Shocked.

    He also said that election "policies and procedures dictate that no (single) person has access or is in control of a (voting) system," so it would be impossible for anyone to change votes on a machine without others noticing it. And even if someone managed to change the votes, auditing procedures would detect it.

    And this just is a killer. What is this guy smoking? Auditing is not done by default anyway. I am pretty certain Cthulhu is going to be elected.

  8. Re:change to our type by DAldredge · · Score: 5, Insightful

    IOW, you don't know shit about them and you still think they are safe.

    We are fscking doomed!

  9. Die, democracy, Die by Doc+Ruby · · Score: 4, Insightful

    Diebold obviously has nothing to worry about - they're getting away with their demolition of democracy, despite the incontrovertible evidence pouring in for the past several years. It is we who have a lot to worry about. Not only are they destroying the vote, but getting away with it means that those running the system are benefitting, or they'd stop it. The stolen election nightmare in America is getting worse, even when it was already unacceptably bad.

    --

    --
    make install -not war

    1. Re:Die, democracy, Die by Ba3r · · Score: 3, Insightful

      my grandparent comment was 'in jest'.. but to set the record straight, the number of disenfranchised voters in Florida far exceeded 537 people. Not to mention that no scientist worth their salt would ever rely on a measurement where the determining factor was so far below the margin of error (given, oh, 250 million qualified voters or so, you are saying a valid result can be determined by a margin of 0.0002%) And I think the selection of the leader of the most powerful country in the world should have a little more confidence than two ten-thousandths of a percent.

  10. Access by YrWrstNtmr · · Score: 3, Insightful
    While MSAccess is assuredley not the tool to use on a system like this, probably no tool would be good in the hands of these clueless cube monkeys (I hesitate to use the word programmer).

    They appear quite capable of screwing up a wet dream.

  11. In Canada by Sophrosyne · · Score: 4, Insightful

    ...we just put an "X" in a "box" on something called a piece of paper. On this piece of paper, which we call a "ballot", there is a list of perhaps 4 or 5 names depending on the number of candidates running. You mark an "X" beside the name of the person you wish to vote for... then you take this "ballot" and place it in a cardboard-box.
    It may be a little high-tech but this method could catch on in developing democracies like the U.S.

    1. Re:In Canada by Beardo+the+Bearded · · Score: 3, Insightful

      You mark an X or your vote doesn't count. It's a built-in safety mechanism.

      We believe that if you're too intoxicated, stupid, or incompetent to mark a clear X in a circle, then you shouldn't be voting.

      --

      ---
      ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
    2. Re:In Canada by Paulrothrock · · Score: 4, Insightful

      If you can't tell who they voted for, yes. They should have been more careful. Voting is a right; voting correctly is a responsibility.

      --
      I'm in the hole of the broadband donut.
  12. Re:Blimey by nightcrawler77 · · Score: 5, Insightful

    Windows security is hard enough to get right when you try. But it sounds like the Diebold flaws would be present regardless of their platform choice.

    Even running the GEMS software on OpenBSD would do nothing to make up for their lousy secuity design.

    --

    "Power corrupts, and absolute power corrupts absolutely." -- Lord Acton

  13. What do you want your money going to then? by TiggertheMad · · Score: 5, Insightful

    I don't want my tax dollars bankrolling OSS dev efforts. If you wan't such a system, go ahead and create it. Put a paypal link on your sourceforge page, maybe someone will send you a buck.

    Do you want to pay for buggy, easily exploitable software then? I can understand your desire not to waste money on "fantasy vapor product that doesn't exist..", but you are paying for Diebold's mess. And you are paying for paper voting, recounts, and all the supporting infrastructure. Personally, since money is being spent regardless, I'd like to see it go towards a rock solid solution that will last awhile. It seems that OSS would be an excellent candidate.

    --

    HA! I just wasted some of your bandwidth with a frivolous sig!
  14. Re:Blimey by TheLittleJetson · · Score: 4, Insightful

    indeed. if you live in a state with e-voting machines, vote absentee. tell your friends and family.

  15. Paperless Machines CAN be good. Here's How: by EaglesNest · · Score: 4, Insightful
    Requirements for paperless machines

    Essential: Build the machine and software from the ground up starting with the proposition that you will have to recount the votes. All other considerations are secondary.

    Parallel testing. On the day of election, randomly select a machine, pull it out, and run a simulated voting process on it. Compare the results with what they should be. Video the entire process. If the results are wrong, go back and investigate the video tape. It should be done for each polling place. This is expensive. The machines cost $3,000-$5,000.

    Test before, during, and after elections.

    California requires mandatory recounting for a random 1% sample of all ballots. This was introduced after optical scan ballots. This should be a national law.

    New Hamphire allows any candidate to demand a recount for up to a 3% margin. Experts know how to count.

    Florida did not know how to count votes correctly like many other states.

    Issues like blind access are important to the blind, but remember our priorities! Recounts are the essential priority!

    Ways to Cheat

    Don't activate the cheating until after the election starts.

    Only cheat with a few machines. Only a margin is required to swing a close election.

    No verifiable audit trial. Design a paperless machine that counts votes and is not voter verifiable.

    Get access to the machine before or after the election. The machines are almost always kept in insecure storage and shipped via insecure delivery.

    Randomly change a number of votes each way each time you check the results. Change some votes for Kerry and some votes for Bush. Just weigh the cheating for your candidate. This way, you can't tell whether the cheating is a bug or malicious code.

  16. Bullshit! by natoochtoniket · · Score: 5, Insightful
    Jefferson added that he doesn't believe that the vulnerabilities show deliberate malice... But the vulnerabilities do show incompetence and indicate that Diebold programmers simply don't know how to design a secure system.

    I call bullshit!

    I'm sure the Diebold people do understand security, very well. Security is their main business. Clearly, the absense of security in the voting systems is not a result of accident, oversight, or incompetence. I am sure the absense of security is absolutely intentional.

    These machines are designed, from the start, to rig elections.

  17. Re:Blimey by Anonymous Coward · · Score: 5, Insightful

    Here is the only way I see this comming to full public attention. Some haxor changes the votes, not for Dem or Rep (that would be argued as America opinion), so that the green party or the american communist party or something like that won in a landslide then you'd open peoples eyes real quick.

    It's kinda ironic that all of us nerds who love technology are the ones saying that this is a really bad idea. If we're saying this technology is bad you'd think they would listen to us....

    NOTE to FBI, election officials and readers: This is not a suggestion on things to do. I am not saying that someone needs to hack the voting system, I'm just saying that if the worste case scenerio occurs people would notice. I don't want someone doing this and me ending up in Gitmo.

    (For the first time in my /. life I will be posting Anonymously, soon I'll be buying my tinfoil hat...)

  18. Re:change to our type by Idarubicin · · Score: 3, Insightful
    think it does have a paper trail and I've never heard of any vulnerabilities for it, and we have no hanging chads. Completely electronic.

    You think it has a paper trail, but you're confident it has no vulnerabilities?

    Oh. Well, that's okay then.

    After you push the button for Jones, how do you know that the system recorded a vote for Jones? What if the screen says Jones, but (inadvertently or deliberately) incremented the count for Smith, instead?

    A real paper trail is one that you can see when you cast your vote. It just has to print 'one vote for Jones' on it, then spit it out. You put that printed record into a sealed ballot box before you leave the polling place. (Otherwise, other people could verify your vote and eliminate the benefits of a secret ballot). Then you've got a real paper trail. If you don't trust the machine count, you count the paper ballots.

    A 'paper trail' where the printer spits out whatever number the computer tells it at the end of the day has no verification value whatsoever.

    --
    ~Idarubicin
  19. Where's the NSA when you really need them? by garyok · · Score: 3, Insightful
    Given that one of the 2 main directorates of the NSA is the Information Assurance Directorate, with the mission statement
    IAD's mission involves detecting, reporting, and responding to cyber threats; making encryption codes to securely pass information between systems; and embedding IA measures directly into the emerging Global Information Grid. It includes building secure audio and video communications equipment, making tamper protection products, and providing trusted microelectronics solutions. It entails testing the security of customers' systems, providing OPSEC assistance, and evaluating commercial software and hardware against nationally set standards.
    the question is "How come the NSA haven't gone all Enemy of the State on Diebold's collective ass?" I mean we are talking about the most important set of communications in the world's most wealthy democracy: who the people want to run their country.

    Someone isn't doing their job.

    Mind you, maybe their Signals Intelligence Directorate will intercept this on the way to your servers in the US (I'm in the UK) and they'll take the piss out of the other Directorate until they can't stand the shame and get their fingers out their asses.

    --
    One of the penalties for refusing to participate in politics is that you end up being governed by your inferiors - Plato
  20. Re:Blimey by Wybaar · · Score: 3, Insightful

    Are you thinking what I'm thinking, Pinky?

    Yeah Brain, but where would we find enough Diebold programmers who have that much knowledge?

    From the first part of the article:
    But the vulnerabilities do show incompetence and indicate that Diebold programmers simply don't know how to design a secure system.

    Another comment I found particularly interesting occurs on the third page of the article:
    But speaking generally on the vulnerabilities Harris mentions, Diebold spokesman David Bear said by phone that no one would risk manipulating votes in an election because it's against the law and carries a heavy penalty.

    Suuuuuuuure ... and no one would risk committing securities fraud because it's against the law and carries a heavy penalty *cough*Enron*cough* or would risk driving above the speed limit because it's against the law and carries a penalty (whether it's a heavy penalty depends on just how fast you were driving.)

    --
    Y|
  21. Patriotism by Dovregubbens+Hall · · Score: 3, Insightful

    NOTE to FBI, election officials and readers: This is not a suggestion on things to do. I am not saying that someone needs to hack the voting system, I'm just saying that if the worste case scenerio occurs people would notice. I don't want someone doing this and me ending up in Gitmo.

    Excuse me for yet again being so anti-american, but I thought that the american concept of patriotism was that you would proudly hack the voting machines if it was needed to demonstrate that the election was easy to steal?

    That any patriot would take the risk of being shipped off to Gitmo when it was needed to preserve democracy and freedom?

    So WTF happened to patriotism?

    The fact is that the voting machines needs to be hacked, at this point the only way to ensure that democracy survives in the US is that CowboyNeal is elected for President.

    It means that some patriotic hacker has to do it, and I see nothing wrong with advocating it.

    If you want to improve your chances of not going to Gitmo, you may want to hack the machines and hop on a plane to somewhere more free and stage a press conference there just as election officers discover the hack.