More Diebold E-Voting Vulnerabilities
presmike writes "ok, it looks like Diebold has more to worry about now that it is possible to change votes with a 5 line VB script. 'The vulnerabilities involve the Global Election Management System, or GEMS, software that runs on a county's server and tallies votes after they come in from Diebold touch-screen and optical-scan machines in polling places.'"
You'd think a company who's been making ATMs since their inception, would have a good understanding of cryptographic security and the "gotchas" inherent in such systems. Yet it seems that this multi-billion dollar company is utilizing nothing more than junior level Microsoft programmers. I mean, who in their right mind would write a national voting system in Microsoft Access?!?
;-) Then they could get Congress to sanction Google instead! *rolls eyes*
Maybe they should claim that all their security experts were hired by Google after they took the GLAT.
(BTW, I love the "Politics" section color scheme. Can we do something similar for IT?)
Javascript + Nintendo DSi = DSiCade
This isn't new at all, just an extreme example of what we have already seen. We already know that they are stored in an insecure access database - changing votes using 'just' a VBS script is nothing new or exceptional.
If someone compromises their network and server enough to install and run a script, they've got considerably more at their fingertips.
When you have the CEO of Diebold saying "I am committed to helping Ohio deliver its electoral votes to the President next year." why do you think the evilness has to come from outside Diebold?
Trolling is a art,
it looks like Diebold has more to worry about
You mean, it looks like the American people (and the rest of the world) have more to worry about. Diebold has been incredibly resistant to being damaged, no matter how many problems arise with their software.
"Reality is merely an illusion, albeit a very persistent one " -Albert Einstein
GEMS runs on the Windows operating system.
Truly a Gem!
But speaking generally on the vulnerabilities Harris mentions, Diebold spokesman David Bear said by phone that no one would risk manipulating votes in an election because it's against the law and carries a heavy penalty.
I am shocked. Shocked.
He also said that election "policies and procedures dictate that no (single) person has access or is in control of a (voting) system," so it would be impossible for anyone to change votes on a machine without others noticing it. And even if someone managed to change the votes, auditing procedures would detect it.
And this just is a killer. What is this guy smoking? Auditing is not done by default anyway. I am pretty certain Cthulhu is going to be elected.
Free XBox, PS2
IOW, you don't know shit about them and you still think they are safe.
We are fscking doomed!
Diebold obviously has nothing to worry about - they're getting away with their demolition of democracy, despite the incontrovertible evidence pouring in for the past several years. It is we who have a lot to worry about. Not only are they destroying the vote, but getting away with it means that those running the system are benefitting, or they'd stop it. The stolen election nightmare in America is getting worse, even when it was already unacceptably bad.
--
make install -not war
...we just put an "X" in a "box" on something called a piece of paper. On this piece of paper, which we call a "ballot", there is a list of perhaps 4 or 5 names depending on the number of candidates running. You mark an "X" beside the name of the person you wish to vote for... then you take this "ballot" and place it in a cardboard-box.
It may be a little high-tech but this method could catch on in developing democracies like the U.S.
Windows security is hard enough to get right when you try. But it sounds like the Diebold flaws would be present regardless of their platform choice.
Even running the GEMS software on OpenBSD would do nothing to make up for their lousy secuity design.
"Power corrupts, and absolute power corrupts absolutely." -- Lord Acton
I don't want my tax dollars bankrolling OSS dev efforts. If you wan't such a system, go ahead and create it. Put a paypal link on your sourceforge page, maybe someone will send you a buck.
Do you want to pay for buggy, easily exploitable software then? I can understand your desire not to waste money on "fantasy vapor product that doesn't exist..", but you are paying for Diebold's mess. And you are paying for paper voting, recounts, and all the supporting infrastructure. Personally, since money is being spent regardless, I'd like to see it go towards a rock solid solution that will last awhile. It seems that OSS would be an excellent candidate.
HA! I just wasted some of your bandwidth with a frivolous sig!
indeed. if you live in a state with e-voting machines, vote absentee. tell your friends and family.
You want an OSS voting system, write one. Then lobby the government to use it. You've got it all backwards. The government does not fund software projects to reinvent the wheel (at least it shouldn't, not with my money).
"Reinventing the wheel" is a bad analogy in this case. The priority here isn't to save money, it's to correctly count votes. Saving money is a secondary consideration. (This is why we don't fire judges and outsource our courts to India, even though that would save money too.) On a national scale, the amounts of money involved with Diebold are relatively miniscule- they probably wouldn't fund the Iraq War for more than a few hours. (And it isn't even clear that buying Diebold saves money over an in-house solution.) But there is simply no way to know that the votes are being counted if you can't SEE how they are being counted.
DieBold already had a system when the government went looking, the OSS community didn't. Their choices were DieBold, a couple other vendors, or "fantasy vapor product that doesn't exist and even if they funded it's development there's no guarantee the thing will exist by election time".
You are making an assumption without realizing it here- that the Diebold system will be automatically superior to the card-based system that was in place in Florida's 2000 election. Which actually performed remarkably well under the extreme condition of a tie. There is no reason why these new systems have to be in place by 2004 when they may actually compromise the election compared to the system we had before.
I don't want my tax dollars bankrolling OSS dev efforts.
Maybe not GPL software (I'd agree with you that far) but if we're going to use a voting system we should all be allowed to see the code, even if we can't modify or distribute it. Otherwise only Diebold knows who really won, and in fact Diebold is put in a position where they can choose the next president. The key concept is transparency.
Counting votes isn't even a hard problem. Diebold (and the rest of the software industry) has succeeded in convincing the government that
numVotes++
is some ingenious discovery like penicillin. So you aren't allowed to see the code, which might really look like
if (vote equals BUSH || (vote equals KERRY && rnd() < 0.9))
numVotes++
Diebold's right to its "intellectual property" has superceded your right to know your vote was counted. Ironic, considering these mounting revelations that Diebold's intellectual property isn't very "intellectual" to begin with.
Essential: Build the machine and software from the ground up starting with the proposition that you will have to recount the votes. All other considerations are secondary.
Parallel testing. On the day of election, randomly select a machine, pull it out, and run a simulated voting process on it. Compare the results with what they should be. Video the entire process. If the results are wrong, go back and investigate the video tape. It should be done for each polling place. This is expensive. The machines cost $3,000-$5,000.
Test before, during, and after elections.
California requires mandatory recounting for a random 1% sample of all ballots. This was introduced after optical scan ballots. This should be a national law.
New Hamphire allows any candidate to demand a recount for up to a 3% margin. Experts know how to count.
Florida did not know how to count votes correctly like many other states.
Issues like blind access are important to the blind, but remember our priorities! Recounts are the essential priority!
Ways to Cheat
Don't activate the cheating until after the election starts.
Only cheat with a few machines. Only a margin is required to swing a close election.
No verifiable audit trial. Design a paperless machine that counts votes and is not voter verifiable.
Get access to the machine before or after the election. The machines are almost always kept in insecure storage and shipped via insecure delivery.
Randomly change a number of votes each way each time you check the results. Change some votes for Kerry and some votes for Bush. Just weigh the cheating for your candidate. This way, you can't tell whether the cheating is a bug or malicious code.
I call bullshit!
I'm sure the Diebold people do understand security, very well. Security is their main business. Clearly, the absense of security in the voting systems is not a result of accident, oversight, or incompetence. I am sure the absense of security is absolutely intentional.
These machines are designed, from the start, to rig elections.
Here is the only way I see this comming to full public attention. Some haxor changes the votes, not for Dem or Rep (that would be argued as America opinion), so that the green party or the american communist party or something like that won in a landslide then you'd open peoples eyes real quick.
/. life I will be posting Anonymously, soon I'll be buying my tinfoil hat...)
It's kinda ironic that all of us nerds who love technology are the ones saying that this is a really bad idea. If we're saying this technology is bad you'd think they would listen to us....
NOTE to FBI, election officials and readers: This is not a suggestion on things to do. I am not saying that someone needs to hack the voting system, I'm just saying that if the worste case scenerio occurs people would notice. I don't want someone doing this and me ending up in Gitmo.
(For the first time in my