Slashdot Mirror
Hotel Minibar Key Opens Diebold Voting Machines
Billosaur writes, "As if Diebold doesn't have enough to worry about! On the Freedom To Tinker blog, Ed Felten, one of the co-authors of the recent report 'Security Analysis of the Diebold AccuVote-TS Voting Machine', reveals an even more bizarre finding related to the initial report. It turns out that you can gain access to an AccuVote-TS machine using a hotel minibar key. In fact, the key in question is a utilitarian type used to open office furniture, electronic equipment, jukeboxes, and the like. They might as well hand them out like candy."
I know I'm preaching to the Slashdot choir, and it's been said a thousand times before, but as long as we have closed voting processes, we're going to have people screwing up by doing things like having voting machines accessible with hotel minibar keys. We hate Microsoft for their closed-source software, yet we continue to accept this kind of idiocy.
Quick question: If we have viable alteratives, such as those presented by the Open Voting Consortium, why do we continue to bother with these stupid Diebold machines? I know, dumb answer, because Diebold pays the people who decide lots and lots of money.
I would say write to your Congresscritters and let them know that you want these screwed up pieces of junk out of our polling locations, but like I said, I know I'm preaching to the Slashdot choir, and you won't do it. >:-( But realistically, just know that until you do, we can look forward to many, many more articles about this kind of thing. Ooh, at least until we see the one that says, "Electronic voting machines hacked! Election results tainted!." Or even better, when we see nothing at all and Richard M. Stallman is mysteriously elected President in a write-in landslide.
sigh Oh well, it was worth a shot. Just give me my damn +5 and go back to reading about lasers on Intel's chips now.
I'd like to have access to the minibar.
Dedicated Cthulhu Cultist since 4523 BC.
Electronic systems - including electronic voting machines - will always be able to be tampered with, no matter who makes them, no matter what their CEOs stupidly say, no matter what ongoing audit mechanisms are implemented, whether they're open or proprietary, and no matter what legislation or other initiatives mandate or recommend them.
Finding out that computer systems can be tampered with and that some large-scale enterprise-class systems can have shoddy security, physical and otherwise, should come as no surprise to us, particularly in this community. On this particular issue, a generic security key is used because of key management issues and the fact that casual access is what's being prevented. Neither of which excuses this or any of the numerous other glaring shortcomings and flaws in this equipment. No one - citizen, politician, or party - benefits from universally shoddy security on electronic voting systems. No one.
Remember, too, that voting legislation, in large part in response to issues in the 2000 election, designed to ensure fair, uniform, and universal access to voting for all citizens by mandating electronic voting equipment, such as HAVA (2002), were Democratic and bipartisan efforts.
The real issue is that Congress screwed up: they inherently, and erroneously, believed that since we trust so many critically important things to machines, certainly reliable electronic voting is possible, and indeed, we use automation, computers, and machines in almost every aspect of our lives to increase efficiency and reliability - why should voting be any different?
Except for one problem: when you're trying to administer a one-vote-per-person system that also maintains anonymity, and also disallows any external entity from discovering who voted for which candidates, when there is no permanent, voter-verified paper trail, the system as a whole cannot be trusted, since any level of security will always be able to be overridden. This has nothing to do with open source versus proprietary, or how shoddy physical security on e-voting systems is. A permanent, voter-verified paper trail solves all of these problems.
The only problem is that no legislation mandating electronic voting systems includes or speaks to any provisions requiring permanent paper receipt printing capability. All of the major e-voting vendors - Diebold, ES&S, and Sequoia - have this capability, but it's an add-on that requires retrofitting existing equipment, or in some cases, purchasing new equipment. And that takes money many counties and municipalities - particularly in the most hotly contested areas - don't have. (Hint: it's not just poor areas that have long lines)
Our focus now should be on passing legislation that requires permanent voter-verified paper trail capability on all newly deployed e-voting systems, and allocates funds and creates a timeline for deployment on existing systems. Please, continue to raise this issue with both your county election officials and your elected representatives.
This issue is too important and too critical to the integrity of our election process to let rest.
---
Temporary disclaimer, since this seems to have been an issue for people reading my posts lately: I am not a Republican, did not vote for Bush in the last election, and have always voted for more non-Republican (usually Democratic) candidates since I have been voting.
They might as well hand them out like candy.
And that's exactly what the politicians are looking for.
the key in question is a utilitarian type
That's the problem right there. You should never religion and state, it always makes one cross.
Have you read my journal today?
Let me see, this key opens voting machines, mini-bars, jukeboxes, etc? Sounds pretty shiny, where do I get one! I need to add it to my lil' bastard music-copying, alcohol-drinking, electrion-throwing kit.
stuff |
After all, these machines were never seriously designed with security in mind...they were designed to be easily compromised.
I think I'll take a hotel minibar key down to my local ATM to see if I can score some free money. If Diebold is honestly this incompetent, it'll be a snap. If, however, the voting machines are specifically designed to be compromised, I'll probably have a harder time of it.
Any bets on the outcome of my little experiment? Didn't think so.
____
~ |rip/\/\aster /\/\onkey
I just spit chipotle on my desk when I read the headline. Man, that's comedy.
Unfortunatly...
Call a locksmith with an IQ greater than that of a grape, and he can come up with a solution. I have NO faith in Diebold. It's just another one of those large contractors that always get the bid because they were around first. Newer companies (read, non-stagnant) could create a working product for a tenth of the cost.
And why does Diebold design these machines in such a way that they *CAN* be hacked? I think that involving an Operating System and software in the design of such a machine is a critical error. As a computer engineer, I realize that overcomplicating things can lead to errors. DSP's can make hardware extremely cheap, but there are places where analog circuits are cheaper and more realiable! Why hasn't Diebold designed a hardwired electronic circuit or a mechanical system with failsafes such that the machine can't be hacked, and the wrong candidate will not be selected if the machine fails? There are so many places where their current design can and will go wrong. I believe that it's time for these loonies (or preferrably someone else who has more sense) to come up with a more rudimentary and failsafe design!
Princeton's Center for Information Technology Policy has an excellent demonstration video showing how to hack a Diebold AccuVote-TS voting machine.
you'll need the right memory card, knowledge of the software (which you could learn at your leisure), a lock pick set or a screwdriver, and a few minutes alone with the machine
for example, common car keys can easily open most McDonald's registers. I guess if you just go sticking enough keys into something, one is bound to work...
Monstar L
I believe, in a true and open democratic system, people should be able to open ballot boxes and change the votes freely without fear of prejudice or reprisal.
For the Kennedy jokes...
nothing better than booze and vote fixing to bring out the best in us!
Wasn't the point of electronic voting to save time tallying the votes? Without a paper trail, of course, there can be no recount, so that certainly speeds things up. But if there WERE a paper trail, everyone would be clamoring for a manual recount anyway.
I suppose, like upgrading to Microsoft Office 2003, and thus requiring better computing hardware, we did it for the economy.
We will be adding a "change everyone elses votes to" toggle for each voting option!
34486853790
Connection too slow for X forwarding? Try "ssh -CX user@host"
Aha! It's the Democrats, not Republicans, planning a coup. While on the surface we all know Republicans frequent mini-bars, well, frequently, there is someone much more suspicious: Ted Kennedy! Ted, as you all know, has hundreds of mini-bar keys collected, well, just in the last year alone. By distributing them, while having his nephew divert attention to Republican plots, Ted plans to become president as was his God given right!
We use diebold extensivley at our University for several of our automated transactional systems for students and such. I wonder if we ought to petition to look for another vendor. This incompetence is frightening.
____________________________________
-Five friends got theirs, I want mine, get yours too...Free iPods
This is why there needs to be greater accountabiility and control over chain-of-custody procedures when it comes to e-voting. There is no way the U.S. is going to revert back to paper at this point, and there is also no way to make any of these machines fully tamper-proof. To keep integrity in the voting process, we have to start holding peoples' feet to the fire. And we need poll volunteers who know a thing or two about how to operate these machines correctly.
Are there drinks inside? I can't think of any other reason to open it with a mini-bar key.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Better keep Ted Kennedy away from those machines, or there will be vote tampering for sure!
Execute? [Y/N] _
If you watch the video of the university guys explaining the hack, you'll see a good closeup of the lock. The lock looks like a real cheapy one; something you'd find on one of those floppy disk / CD storage boxes, or the kind they put on suitcases. I betya the keys for those boxes/suitcase will open this lock as well, with a little jiggling. Hell, these locks can be opened with 2 paper clips.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
The only problem is that no legislation mandating electronic voting systems includes or speaks to any provisions requiring permanent paper receipt printing capability.
Do not use the word "receipt" in this context. A receipt is something that you take with you, as a personal record of a transaction. A receipt is worse than useless here... you don't WANT people to be able to show the party bosses that they voted the "right way".
What is needed is a "permanent paper ballot capability", where the ballots are retained at the voting place and serve as the primary official paper (ahem) trail.
That's not a bug, it's a feature. It's also directly tied to the fact that you'd have to be drinking to approve the use of these in your district.
"Look, I'm not so sure about these..."
"Hey, no problem. Take this unit back to your hotel with you, play around with it. And hey - drinks are on us."
and raise my mini-bar key to them in salute at their wise choice of voting via an optically-scanned verifiable paper ballot as is common with all absentee ballots, including the all-mail-in elections common to most Western states.
/A/l/ /G/o/r/e Neil Bush.
But I don't hold out much hope for the rest of you who voted for
-- Tigger warning: This post may contain tiggers! --
With the Diebold UberFascer 6000, you can Fix elections AND enjoy a hard-earned single malt scotch!
the mods may say you posted flamebait, but to me it's a flame that warms my heart. rock on, brother! --chebucto
If I can file my taxes online, why can't I vote online?
I'd rather see companies or governments or whoever spend more time on an online voting system than some fancy computer. I still have to drive to use the computer, so what do I care if it's a paper ballot or e-ballot.
If we gave each voter their income tax refund $100 (ok, borrowed from SS reserves, whatever) in cash at the ballot box, you'd quickly see ballot machine security become very very important.
Throw some money into the equation and change the end result.
-- Tigger warning: This post may contain tiggers! --
Your current administration will have no problem fixing this, it's simply a case of outlawing office equipment/minibar keys.
You shouldn't be locking stuff in your desk anyway, what are you a terrorist?
As for minibar keys--it is the view of our administration that you shouldn't be drinking on business in the first place, it's not good for America! Do you really want to help the terrorists win???
We will ensure all minibars are re-keyed with special locks, the keys to which will be restricted to government employees only (Our administration has proven itself to be Above all Laws but God's, and God never said not to drink, so we therefore deserves access)
When minibar keys are outlawed, only outlaws will have minibar keys--then we know who to detain, harass or shoot (our call).
I opened 5 of them up with a peanut shell and made a beowulf cluster out of them!
Imagine that!
I honestly thing we have no good solutions left, except to organize, and on mid-term election day, if faced with an electronic voting machine (with no paper verification of course), we must have the courage and patriotic discipline we have expected of ourselves all our lives, and destroy the machine beyond repair immediately, on the spot. If on election day, I find myself in front of a Diebold machine, I really don't know what aill happen. But if I have confidence that I won't be alone in doing the only thing morally defensible, I certainly DO know what will happen.
So. Anyone interested?
Um, perhaps because no one is interested in paying your taxes for you? No need to authenticate who pays your taxes. No one cares unless they don't get paid.
I don't understand this.
Diebold's primary business is to make ATM machines. They obviously understand security and correctness of results. Why can't they build voting machines properly?
Imagine you hear that an ATM machine was secured by a hotel minibar key. Or that the ATM makes a mistake but the bank won't give you your money back since there is no record of a transaction? Voting machines should be built to the same level of security and accountability.
As if the American People didn't have enough to worry about. There, fixed that for ya.
How long are we going to tolerate this?
What if the Hokey Pokey really is what it's all about?
So basically their voting boxes are much more open than everyone originally thought? The best part of all is it sounds like basically anyone can look at/download their code and heck even patch it on local machines. Long live the open voting machine!
I Am My Own Worst Enemy
...as an accomplished drunk I can speak from experience that bartenders are good and trustworthy people!
"Finding out that computer systems can be tampered with and that some large-scale enterprise-class systems can have shoddy security, physical and otherwise, should come as no surprise to us, particularly in this community. On this particular issue, a generic security key is used because of key management issues and the fact that casual access is what's being prevented. Neither of which excuses this or any of the numerous other glaring shortcomings and flaws in this equipment. No one - citizen, politician, or party - benefits from universally shoddy security on electronic voting systems. No one."
Sorry, but I disagree with one part what is otherwise an insightful post. Some people do benefit from shoddy vote counting equipment. Who? The party machinery of the two major parties who already have people in the polling places.
There are three qualifications for a person(s) who benefits:
1) they have to have a reasonable excuse for being in physical proximity to the machine.
2) They have to have a reasonable excuse for having a key. According to TFA, this is easy.
3) They have to be part of a group for whom a small margin of change change results in a benefit. ( if a Dem or Rep gets 51% instead of his predicted 48%, nobody really suspects. When some third party candidate gets 51% instead of his predicted 3.5%, that is too obvious. )
There are people who benefit. Unfortunately, these are the same bunch of people who give their stamp of approval on voting machines. The wolves are in charge of the henhouse here.
Maybe I'm being paranoid here but this seems like the sort of thing that could easily be exploited in a really nasty way. A group of well funded [fill in your favorite conspiracy theory related group of individuals here]* could theoretically get people into key places around the country where these machines are in use then infect them with a virus that siphons the vast majority of votes to a candidate that has no choice at all of winning (Ralph Nader or something like that). Imagine the exit polls on CNN, etc. showing a close race between the Democratic & Republican candidates and then the Green Party actually winning by a landslide. Something like this would cause such an increase of mistrust of the government that election results for an entire generation would be questioned. It wouldn't be terrorism in the classical sense, but it would generate a huge groundwell of mistrust that could damage the federal government for a long time to come.
* <tinfoil_hat=on>Of course the unnamed group could even be a major political party</tinfoil_hat>
When the virus installed by the Republican Party to steal votes for their candidate interferes with the virus installed by the Democratic party to steal votes for their party and the viruses installed by all the other parties to steal votes for their respective candidates? The election ends up being determined by the party that has the best virus writers on their staff? Or does W simply void the results and stay in office after all the Diebold machines start belching smoke?
this means you can use Diebold keys to open hotel minibars.
If they're using one of those rotary keys that you see on vending machines and some bike locks, it's actually quite easy to pick them, with the right tool. More importantly, it's quite unobtrusive... it looks just like you're using a proper key.
Quick question: If we have viable alteratives, such as those presented by the Open Voting Consortium [openvotingconsortium.org], why do we continue to bother with these stupid Diebold machines? I know, dumb answer, because Diebold pays the people who decide lots and lots of money.
Things like Diebold are needed tools for fixing elections.
Republicans may not like it, but their candidates for the last 2 elections had the elections fixed.
Nomatter what you do, unless entire entourage of republican party officiers in counties related to suspicious activity are fired off, republican party will always carry a stain of dishonor.
Read radical news here
here
-aHow about the following voter verifiable scheme:
The machines print you an official receipt indicating your vote and tag it with a random number. At the end of the election, all the data (a large random number and vote table) could be posted (website and otherwise) so anyone who wanted could verify the tally and their vote.
To avoid the injection of a bunch of bogus votes, it would also be necessary to allow anyone who wanted to (specifically a representative from each party) to come out on voting night and count the turnout.
The system can also be easily extended to avoid voter coercion and untrustworthy machines.
The coercing problem comes from the fact that third parties can now insist the voter shows them their receipt to verify they voted as instructed. This can be avoided by providing every voter with two receipts. One would be their actual vote, and one the other would be, at their option, a random one or a specifically chosen alternative.
The system would then make the bogus vote verifiable, so the coercer won't be able to tell it is bogus, by searching its database for an already cast vote that matches and using the associated random number on the receipt. The individual would then be able to claims to the person doing the coercing that the fake vote is their actual vote and their actual vote is the fake vote.
The machine problem comes comes from the fact that it could rig the random numbers. For example, it could choose the numbers such that all of one candidates votes get counted under one vote, and then correct the balance (so this is undetectable) by generating counter bogus votes. This is easily fixed by requiring the random number be a combination of machine and user.
That is, the machine first selects a random number and displays it to the user. The user then enters another to multiply it by. That way, neither the machine nor the user (unless the former can do long division of very large numbers in their head) are able to determine the final random number.
This stops both the machine from being able to rig the final number and the user from being forced to (by someone attempting to coerce them). Both numbers would be printed on the receipt so anyone could verify the machine didn't cheat on the multiplication.
Note this does not interfear with the coercing avoidance scheme, as a fake vote can still easily be produced. The machine would have no problem doing the required long division to make sure the vote was verifiable (the machine cannot do this for the actual vote as it has to show its number to the user before it gets to know what the user's number is).
I wonder if my Diebold Voting Machine key will open my hotel minibar! Just imagine... the most powerful key in the world...
-Arthur
Cave ne ante ullas catapultas ambules
I think the distinction that needs to be made here is that voting needs to be an open process -- not just use open source software, but apply some of the same principles. (Mainly that ANYONE can verify the voting process is valid.) So things like paper trails, open source software, and voting officials who can actually verify what is going on (because with diebold, all they can do is lug the boxes around).
Does this mean my voting machine key will open the mini-bar? SWEET!!!
Dirty Pirate Hooker
I agree with most of your points, but HAVA was written just like all other bills get written these days, by the majority party in cooperation with the big business interests they represent. It was a snow job.
Oh yeah, and the primary lead legislator of HAVA is now on his way to jail.
Someone had to do it.
Apparently, they wanted to make it easy for the Kennedys to get into them. Any one of them should already have a large collection of mini-bar keys on hand.
Honestly, people make mistakes. You come off as a much classier person when you just acknowledge them.
Just because you're a conservative doesn't mean you have to act like an ass.
Brought to you by the marketing staff at Sequoia Voting Machines who want to thank bloggers for making Sequoia Voting Machines the number one manufacturer of voting machines in America.
OK, I'm missing the ??? and Profit!! steps, but this seems like a pretty easy way to DOS the machine. Of course, the election officials would catch on, eventually. And does the machine make a beep when it's being tampered with?
Maybe this is what we need to get the voters out: Free shot and a beer with every vote.
Dedicated Cthulhu Cultist since 4523 BC.
These Voting machines actually do what they say they do. They vote for us. Thanks to the advances in voting machine technology, humans will be relieved the burden of actually voting altogether! Voting machines are clearly a terrific labor saving device.
I, for one, welcome our new......oh. Too late.
The problem with quotes on the internet, is that nobody bothers to check their veracity. -- Abraham Lincoln
My response to one of the other many Diebold security screwups reported on slashdot seems even more apporpriate.
Cut and pasted for your viewing pleasure:
Bush must have shares in Diebold or something.
Diebold have been the butt-end of so many serious security failures its not funny any more. Its obvious they don't have a clue about security and aren't likely to get a clue anytime soon judging from their ongoing record.
Why are we still using this company's products? How many more times are the government going to allow Diebold to screw up?? Is there no-one else that makes a better system?
Pretty please...with sugar on top.
Either make voting machines as secure as slot machines, or let mini bar keys open up slot machines.
Either or. I'm not picky.
This is all GW's fault. Isn't that obvious? And we were robbed of that last election!
-------
How could GW let all those kittens die?
If the hotel minibar lock is such a good security device for the Diebold voting machines, shouldn't they also lock their ATMs with them?
They say the mind is the first thing to
I for one welcome our new Minbari overlords.
I'm sorry, but this is hillarious
That their minibars are as unsafe as Diebold voting machine.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
... 2 Diebold machines will be hacked. And 50,000 mini-bars.
I've found that my posts don't format quite right w/o a sig.
You guys are totally missing the point...
How fucking awesome is it that my hacked Diebold voting machine key can now open the hotel minibar!
I'm against picketing, but I don't know how to show it.
When minibar keys give access to voting machines, then only drunkards would have access.
Might explain why Ted Kennedy is still in powar
That's good! I hadn't thought of that attack vector. Thank you very much.
I had been debating about whether it would be a good idea to require exiting voters to drop one of their receipts in a shredding machine/fire on their way out (if real receipts are being discarded, it is vital that nobody is able to tell what they where, as that would open those votes to modification without fear of detection).
I was think this might be necessary to avoid statistical attacks. Such as, say, a situations where a husband notices his wife's supposedly fake random vote is for the the same party every year. Your scenario though makes this a definite necessity.
The disadvantage, of course, is that those who are afraid of/are being coerced, and thus discard their actual receipt, have lost the ability to prove their vote was a tampered later. This is likely not much of a problem though (as long as nobody knows which receipts have been destroyed), as, due to the coercion, these individual could not come forward anyway.
It ALL comes down to your registrar of voters, are the cool and forward thinking, or just plain old stupid sheep?
In the county I live in, we have one of these democracy killer voting machines at every pole.
But only one, and everything else is via ballots with a paper trail.
So federal law is observed, but we still have a choice on how we want to cast our vote in my county.
So, you don't like the voting situation in your county?
Then quit whining and VOTE OUT your registrar of voters, and get someone in there who cares about fair, equal, and accountable voting.
There's a market for votes (they pay quite a bit for campaigning, after all), and Rebecca Mercuri quantified it as about $20 per vote. That's quite the incentive to mess with a ballot box, no?
I hate call waitin`~+~~~
NO CARRIER
He was decorated in the minibar war: http://b5.cs.uwyo.edu/bab5/snds/minibar.wav
I would if I could. An interesting question.
The punishment is probably pretty far from trivial for tinkering in any way with a national election though, even if you don't really do anything
If you get nervous, just remember that there are a few billion other people who don't really give a damn.
Diebold voting machines stampede out of polling places, throw themselves at the feet of passersby, and beg to be tampered with.
I'm awake! The answer is BONK!
It's not that the Diebold machines were designed to be opened with a minibar key. No, no. Other way around. The Diebold machines were designed to use a key that could be counted on to open the minibar at any hotel.
Ce n'est pas un vrai mouvement de robot!
Edison invented a voting machine that worked fine. The government didn't use it at the time because it was electronic (not digital), but they have gotten over that now, so use it.
The government can't save you.
I think I'd rather open the mini-bar!
There is no "I disagree" mod for a reason. Flamebait, Troll, and Overrated are not substitutes.
This topic will have it's evidence burried within hundreds of Off Topic rants.
Just like this one (2004 election stolen - 1191 comments) did.
There is a main stream (corporate) media blackout on this topic.
Corporate media is ABC, CBS, NBC, PBS and FOX
We will have a PNAC cyberwar on slashdot every time this topic comes up.
The truth is on Bradblog.Com and BlackBoxVoting.Org
But the globalists, liars, war profiteers, and Bush administration does not want you to know the truth. They just want to change the laws so that when someone reports the truth like (Greg Palast for taking photos of FEMA Trailers) they can disappear them into a camp, torture them, then find them guilty on secret evidence, and put them to death.
This is what has become of America under Bush.
Folks are too busy working to pay attention to their government. Too busy to search for real news. Too busy to protest in the streets. They don't have the time or resources. They are working their ass off to make ends meet.
There is no electronic voting machine that can be validated. NONE.
All software can be cracked, all hardware can be specially crafted.
You can not see electricity, because it is physically invisible.
What is going on with Electronic Voting Machines has a name, it's called DOMESTIC TERRORISM.
The US Military has sworn an oath to protect our Constitution against this.
It's time to ask them to do their job.
Parts for these fucking machines are made in CHINA for god sake!
Bury this thread, bury this evidence, bury your children, and kiss the middle class goodbye, kiss your Constitution goodbye, kiss your Country goodbye.
The founder of the Help America Vote Act (HAVA) is in jail now! WAKE THE FUCK UP!
These fucking machines are killing people, and have left us with trillions of dollars of debt. It's time to go back to the much less costly paper, and manual counting!
Huh. News like that could cause a Diebold exec to drink.
How many times does Diebold have to prove they are incompetent BEFORE WE STOP BUYING THEIR GARBAGE VOTING MACHINES?? These clowns should have been out of business years ago.
that the reason we have Diebold voting machines in the first place is that certain voters were either mentally or physically unable to cast their vote properly in the 2000 election.
After all how can you be expected to punch number 3 on your ballot when you can't figure out where number 3 is?
That said, we have to fix the problem now that the genie is out of the bottle and I'll try to make my comments more constructive in the future.
Mama, I got 'dem ole cosmic blues again.
I'm not saying your last election was a fraud.
I'm also not saying that you guys suck at democracy.
I am saying that you suck at capitalism.
Let's assume that you want to get at the card or whatever is behind the panel.
Why isn't this panel made out of glass that you have to shatter with a little hammer or teflon paper that you have to cut? That way, there's obvious proof of access. The vendor can repair the windows for the next election - it's a revenue stream for them. If the replacement costs $500 or so to install (due to all the fancy features like holograms, RFID, and seals, etc.) then fakes would be prohibitively difficult to get. It would be better physical security than a "Bic" lock.
I think Diebold was lazy, not conspiring. The rest of you were lazy by allowing these lazily built machines to run your election.
---
ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
It's been discovered that the contents of a mini-bar can be used to open up a politician.
Film at 11
Well, you gotta at least give Diebold some credit for their attempt at the idea of a voting system designed to surpass human error. Instead, they have built a system with human error in its programming. There are just too many security and operational flaws to even consider the use of these machines for something that very well may result in the election of another horrible candidate as the "leader of the free world."
Who funds you? PNAC perhaps?
It does not matter what kind of software is being used. It can still be cracked.
It does not matter what kind of hardware is being used. It can still be specially crafted.
Elecronics, Digitized Data, and Networks are an abuse of technology.
This is domestic terrorism, the destruction of our Constitutional right to vote!
Reprogram ATM's to tabulate votes.
Problem solved.
Stories like this don't get my blood pressure up like they seem to for most other /.ers. I'm not really concerned about this. It's a cute and entertaining trick, but that's all it amounts to in my mind.
Until you can show me and the rest of the world verifiable proof that someone hacked a voting machine while actually voting, this is no more cause for concern than kids having fun with electronics kits at home.
There's another election coming up soon, and youtube is as popular as ever, so here's your chance. Get a hidden camera-- beter yet get a few-- one for your shoulder to see the screen, one for your belt to see the card. Film yourself demonstrating one of these many exploits. Be sure to not have any footage cut or you might as well entitle it "My hoax." Sure you risk jail, but isn't that worth it to show the country that you were right and that the evil are doing evil? If you actually have strong beliefs about this, I say have at it.
Or keep whining about it, either way.
Support the FairTax
For months now I have read articles on slahdot about Diebold machines and then it happened, I saw one in real life. Imagine reading about all the failures of a machine that will probably become the future of voting in America. The machine was at my school because my county needs young people to run the machines because the old eletion judges are to slow to train. I figured I would sign up to help out on November 7th and train on the Diebold machines. On the next slahdot article after november 7th I'll try to post my experiences.
i agree
Well it looks like the hotel minibar has nothing better to do than install Diebold machines. But I'm sure you have many better things to do. Like having a great time in Israel this winter... free. Taglit-birthright israel with Sachlav Educational Experience. Registration is right NOW, and will close in less than a week. If you're eligible (click the link to find out), you can have an amazing and uplifting experience in Israel this winter, instead of wasting time installing Diebold machines in hotel minibars. Hey, this post ain't offtopic: I used the words "Diebold" and "minibar" in this post, both of which are definitely technical subjects that belong in this thread. Heh heh heh...
Hmmmm... do the same hotel minibar keys work on Diebold ATMs?
I find it funny that the One Armed Bandits found in any casino are way more secured and auditable than these diebold machines. The slot machines have to go through a much greater rigour of testing. It seems the sactity of the voting machines is not as important as the reliability of a slot machine.
I'm from Canada, and I have to admit to being amazed at the complacency of American voters when it comes to their democracy. I'm amazed at the numbers of people who either don't vote, or vote for a party because their family has always voted for it, or have a complacency on how their votes are collected. I truly think the majority of Americans take their democracy for granted (Slashdotters excepted).
To digress and rant a bit, I'm trying to remember a Roman quote that goes along the lines of "Keep the population adequately fed and entertained and they will lack the will to rise up in revolt."
From this Canadian's perspective this seems to apply to a lot of Americans. I'm surprised that there is not more uproar on issues such as telephone calls being tapped, weapons of mass destruction, accountability of your teflon president where he exceeds the authority granted in your constitution, secret cia torture camps, the FOX propoganda network, The digital millenium copyright act, etc...
I do like americans (the average americans), they are very much like us. Canadians are considered a complacement, easy going bunch, but even I find it amazing what the american population currently accepts from their government.
I'm the odd man out in an even number of participants
If the code can't be open source, at least the key to the machine is....
I like that idea!
3 lemons and you are the new president!
Never answer an anonymous letter. - Yogi Berra
I disagree. What we need to retain (and often times regain) is paper ballots.
Voter-verified paper audit trails are a placebo. What assurance do you have that what is printed is the same as what is recorded? None.
All attempts to date to actually audit a VVPAT, to the best of knowledge, have demonstrated just how infeasible the task is. Jill LaVine, Sacramento County's Registrar of Voters testified to the EAC that their audit took 1h 15m per ballot printed on the VVPAT.
Meanwhile, many people, like VerifiedVoting.org are proponents of Rush Holt's HR 550, which would require all electronic voting machines to have a VVPAT. Even though I utterly oppose all electronic voting, I do not oppose HR 550. Why? Because HR 550 requirements would demonstrate the folly of using electronic voting machines and the voter verified paper audit trail.
I will note here that New Mexico (VoterAction.org), Connecticut (TrueVoteCT.org), and others are successfully throwing out the DREs and bringing in voter-correctable precinct-based opticals scanners. That is today's best available solution.
I demand that my liquor be substantially more protected than this.
Imagine this:
A representive from each party or individual candidate watches an official count each paper ballot in each district one at a time. If a ballot is contested, it's put aside and discussed after the counting is finished. If all representives and the official can agree, it's counted. If not, it's spoiled.
Sure, it would take a long time but no one could claim the counting process was closed.
HAVA does not require electronic voting equipment. This is standard FUD. Please read the legislation. Even better, read the Myth Breakers analysis posted on VotersUnite.org (for the past few years).
HAVA requires accessibility for disabled voters. There are many non-electronic solutions available, such as the Vote-PAD and EqualiVote. There are even ballot marking solutions, such as ES&S's AutoMark.
Unfortunately, between unscrupulous behavior and the Federal and State voting equipment certification process, HAVA is being used to ram electronic voting down our throats.
The real answer is to use open source software that can be verified to be hack-proof.
A better lock on the Diebold machines would just lead to a false sense of security. The keys would be more difficult to get, but I have no doubt that people looking to rig elections would still be able to get them.
At least with these generic locks it is a known issue, and in theory we know not to rely on them to protect the contents of the machine. So the machines will be guarded better. In theory.
In practice... man are we screwed.
Broken, insecure, untrustworthy and easy-to-alter voting machines are neither here nor there! The issue at hand is the corrupt officials permitted to control the elections.
Even PERFECT voting machines do not automatically make for a fair and accurate election result.
If the country actually spent some time removing partisan control of any part of the electoral system, then the elections would just about take care of themselves.
How many escape pods are there? "NONE,SIR!" You counted them? "TWICE, SIR!"
Something I've never seen questioned in all these discussions - What's the point of going electronic? The old systems, while far from perfect, were not bankrupting the society, and through their clumsy diversity, were resistent to centralized attempts to manipulate the elections. My feeling - the true cost greatly outweighs any legitimate benefit. This is a case where we should all 'Just Say No'. I'm certainly a computer person, but I don't think everything needs to be done using a computer.
Anyone know the key code? I'd lay money that it was a National "C415A". That is by far the number-one most common "off the shelf" key code when it comes to cheap wafer locks. If you come across a C415A key, hold on to it. You'll find it fits a LOT of locks. Everything from paper towel dispensers and alarm panels, to (well) voting machines, apparently.
Really though, this is nothing new. People always pull stupid shit like this with physical security. The local Union Bank branch I do work for (as a locksmith) has double locks on every teller drawer. One lock takes a key only the teller has and is different for each drawer, the other takes a key the manager has and fits all the drawers. Well, the "manager" key is another absurdly common key, the National "915". If they're expecting the manager lock to keep anyone out, they're sorely mistaken. I've told them, but they don't seem to care...
If a job's not worth doing, it's not worth doing right.
If I recall, this is the sort of lock type that was famous a few years back for being susecpetible to a bic pen. None of the keys I saw at the hundreds of such machines looked terribly distinct. I suppose its possible they're minutely different but somehow, I doubt it.
I Browse at +4 Flamebait
Open Source Sysadmin
The many broken Diebold problems in so many ways make it clear that Diebold's execs have nothing but contempt for voting. Why do they hate America?
--
make install -not war
Free Camera! Sucker...
We will instead see 'hack-in' votes. So we'll someday see a socially-inept, spotty 14 year old elected as the leader of the once-free world.
Seriously, as long as the voting machines are computerised, there will be ways to hack them, and they will be hacked.
Who is this delectable creature with an insatiable love of the dead?
it is time we moved away from the old "lowest bidder" contract award system.
What?
Of course you CAN tamper with a voting machine. You can also open one with a generic key.
But the point is the machine is supposed to be protected via physical means, e.g. it's in the
sight of election volunteers all day, and once the counts for the day are obtained, the security
of the machine is unimportant.
Have you ever looked at the quality of the locks on a ballot box that will hold paper ballots? Most
would be pickable in 30 seconds or less by anyone with a modicum of skill.
Breaking into a voting machine is no more a risk than the ability to add/steal paper ballots to a paper
voting system are. If you want to worry about it, that's great, but don't assume paper ballots are
safe, either.
This isn't for the AC kook. This is for anyone else who is actually interested. I'm just a guy, who lives in a house that wanted to make a difference by spreading awareness. You don't get rich selling magnetic ribbons unless you're wallmart.
postmodernsideshow.com
Slot machines have an inherent advantage. The "eye in the sky" sees you messing with it. Several rather large fellows then "escort" you to the security "conference room". You hope that what happens next is getting arrested. At least the police are required to put you on trial and are forbidden to employ cruel and unusual punishment. The folks who run slot machines have a reputation for ignoring such details, even flaunting their bad guy image on network TV. Don't mess with "the gaming industry"!
Voting machines must be open source. Also, a paper trail must exist. How will anyone every find a bug if they cannot examine the software and test the results by comparing it to the paper trail that the machine printed? Why is it that people who run retail stores must keep a paper trail of purchases (to prove they are paying taxes) while voting doesn't have to be proved? Also how will we ever be able to find a bug unless we can audit the machine?
All voting machine software must be open source in order to prove that votes are counted correctly. Existing paper voting framework is auditable (e.g. we track the boxes of votes to verify they aren't altered) but electronic machines aren't. Also, how many bugs does the version of Windows used on the machines have?
One analogy would be why the Florida Supreme Court threw out the usage of electronic breath analyzers as evidence of DUI since the manufacturer would not disclose the source code for their analyzers.
I can picture it now it's a small gold two-sided key. I know it well from my old vending machine repairman days, it was mostly for (crappy) Rock-ola jukebox machines and also we use it as a jackpot key on the slot machines where I work.
g /StyliAndKeys%5Cp600.jpg
http://webshop.jukeboxservices.co.uk/store/catalo
..and they haven't even lost the election yet!
I'm not sure how long the Xbox360 people are along opening the box, last time I heard about them there
was a bug in the dvdrom firmware that allows people to run backup copies on their box. But seriously,
hacking the XBox360 seems to be no trivial issue with crypto keys buried in silicone and system components
authenticating and encrypting to each other.
Another class of device not readily tampered with are ATM machines, incidentally a lot of these made by Diebold.
There is no easy way to get at the cash except having either a valid ATM card, the key to the safe or
couple of sticks of dynamite. Exchanges with a backend host are cryptographically authenticated and encrypted
meaning you can't impersonate that 70s CICS application telling the machine to give you money unless you
have key material that is buried in a security module (looks like a mobile phone sim card nowadays).
Why is it one does _not_ wonder why the Diebold voting machines are such a bunch of crap?
It just goes to show, how seriously hotels' take their mini-bar security ;-)
Participatory Governance : The only feasible option for a real democracy, where everyone really does have a say.
NOT having the receipt proves you didn't vote for the supposed kneecap-breaking thugs in question.
Patrick Doyle
I mod down every jackass who puts his moderation policy in his sig. Oh, wait a sec....
I think that we should force voting machines to AT LEAST go through the level of certification that goes into Slot machines. Some of the trivial hacks that have been discussed would be impossible with a minimal level of REALLY independent verification.
90% of everything is crap. Also, crap is relative.
Has anybody tried the key on one of Diebold's ATM machines? :-P
If someone is passing you on the right, you are an asshole for driving in the wrong lane.
Yeah, open source voting, scanning, and paper trails are all a good idea.
But where's the meat with the "Open Voting Consortium"? There is no software or technical information on that site, and the people involved don't seem to have produced anything relevant. There is, however, a lot of PR and glitzy photos.
From an organization that is serious about making this sort of thing work, I expect that they focus on the technical aspects first and then use a working technical solution to convince people.
if vote buying was something people were interested in, it would already be happening.
Vote coercion is already happening.