Hotel Minibar Key Opens Diebold Voting Machines

Billosaur writes, "As if Diebold doesn't have enough to worry about! On the Freedom To Tinker blog, Ed Felten, one of the co-authors of the recent report 'Security Analysis of the Diebold AccuVote-TS Voting Machine', reveals an even more bizarre finding related to the initial report. It turns out that you can gain access to an AccuVote-TS machine using a hotel minibar key. In fact, the key in question is a utilitarian type used to open office furniture, electronic equipment, jukeboxes, and the like. They might as well hand them out like candy."

Re:Why would we expect anything else?

[KingSkippus]

Open source systems are just as useless as the Diebold equipment without a permanent voter-verified paper trail.

Dude, RTF Site:

The OVC recommended procedure for tabulating elections relies on a paper ballot that is then fed through a scanner into a locked ballot box so that all originals are saved in case of the need for a recount or audit.

Just for pointing that out, I want another damn +5!

The lock is even less sophisticated than that.

[JaredOfEuropa]

If you watch the video of the university guys explaining the hack, you'll see a good closeup of the lock. The lock looks like a real cheapy one; something you'd find on one of those floppy disk / CD storage boxes, or the kind they put on suitcases. I betya the keys for those boxes/suitcase will open this lock as well, with a little jiggling. Hell, these locks can be opened with 2 paper clips.

Re:The point of electronic voting again?

[daveschroeder]

Yep, that's the problem.

The "point" was to actually fix some of the problem areas from the 2000 election, in addition to things like efficiency and automation. There were Democratic and bipartisan initiatives, like the Help America Vote Act (2002), that mandated electronic voting systems, but neglected to include a paper trail.

The problem, though, that you bring up is an interesting one: even if all of the systems were totally open source and all had permanent voter-verified paper trails, [insert losers here] would still be clamoring for a recount in every election. Ultimately, the only benefit from electronic voting, then, is on the backend and in uniform management and use of the systems.

In the end, it might just be better to go back to paper (and maybe have the paper read by scanners, as some jurisdictions to now), but then we'd end up right where we were back in 2000, with claims of lack of uniformity, confusing ballots, antiquated machines, lines, and so on.

So while it seems like a no-win situation, the best we can do is still demand a permanent, auditable, voter-verified receipt process.

Re:You would be amazed at what keys will open what

[John3]

Most of those smaller lock cylinders use the same key patterns. Those desk drawer keys and cabinet keys use a very common key blank (usually a Y11 based on a Yale brand cylinder) and from that point there are only a few combinations of cut. Cash drawer manufacturers and receipt printer companies use the same common key, so that explains why you can open McDonald's cash registers..you can likely open mine as well. For cash drawers the key is really just functioning as a latch...same wtih desk drawers and cabinets. A determined thief will get in anyway so it's just to keep the casual thief from pulling the drawer open without delay.

For a voting machine one would hope that they would have used more secure cylinders like the round 7-pin cylinders or maybe Medeco style. The voting machine locks should be at least as secure as unattended machines that hold money, like soda machines, slot machines, even pay phones. Those machines have secure locks with tough-to-duplicate keys. I guess protecting Pepsi is more important than our protecting electoral process.

John

Re:Better than Penny-Arcade

Chipotle? Had to look that one up. Turns out it's NOT slang for man-juice.
From wikipedia : Chipotles (pronounced chee-POHT-lays) are smoke-dried jalapeños used primarily in Mexican- and Mexican-inspired cuisine.

I wonder what kind of moderation this post will get ;-)

Re:You would be amazed at what keys will open what

[DanTheLewis]

If you watch the Princeton video, you'll see them unscrewing the case without disturbing the lock. So a nice lock would be no more than a gold ring in a pig's snout.

Security is only as good as the weakest defense.

Re:Can't say I'm surprised...

[Chris+Burke]

Your mistake is using the logic, "These machines have security issues; therefore, they must be designed that way." That's fallacious, not to mention not provable, as is the subsequent assertion that since they MUST be designing them as insecure, one side must be benefiting since there's no reason to do it unless one side benefits more.

That isn't the logic. The logic is: These machines have a hundred times more security issues than very similar devices made by the same company, security issues that the company has been repeatedly made aware of themselves but refused to fix, issues that have never even come up in their more secure devices but suddenly appeared in voting machines, therefore these multitudenous security issues cannot be merely due to incompetence and ignorance alone.

That's the logic. No, it can't be proven unless we find a document from a Diebold exec telling the engineers to add in failure modes, though we already know from documents that security and reliability have been deprioritized in a way that would never fly in their ATM division.

I just grabbed the first couple examples of ATM vulnerabilities I came across. Remember, since I'm not actually a spinmaster or political operative, I don't devote my life to proving that other things might be just as shoddily designed as e-voting systems. Also, ATMs are much more mature and have had much greater demands placed on them by their corporate banking users. E-voting systems have had no similar such requirements or scrutiny, allowing the ugly entropy of laziness and bureaucracy to create the crap we have today.

It's not like a voting machine is a completely different beast than an ATM, they're actually quite similar, which is why ATM makers started moving into that market. If anything the voting machine should have benefited from all the development and extensive demands placed by the banking industry on ATMs. Instead there's no sign of any of that learning, no matter how simple. Yet give me a week with a Diebold ATM and its source code, and I'd give you a voting machine better than the crap Diebold made itself.

Obviously the tolerance for such crappy machines is a contributing factor. If the requirements for a valid voting machine, oft enumerated here on /., were the actual government requirements, then it would matter little whether Diebold's shitty machines got that way on purpose or on accident -- the voter would either see their ballot correctly printed before they drop it in the box, or they wouldn't. However instead we are allowed to have a black box that we must believe has stored the correct number of votes (since there's no way to prove otherwise; again, an obvious lesson from ATMs goes unheeded).

And what has been Diebold's response every time the issue of having a printed paper ballot has been brought up by officials? Has it been "too expensive"? No. Has it been "too difficult/error prone"? No. It has been "not necessary".

So while they clearly must understand the benefit of printed records to verifying the result of an electronic device, they continue to deny that such a thing would be useful for veryfing the result of an electronic device... as long as that device is a voting machine.

That sounds pretty deliberate to me. For whatever reason, they do not want to have a verifiable paper trail following their machines around.

I do agree, though, that even if the machines themselves met some definition of "secure" that satisfied a particular person or group, there would still be people claiming fraud. And maybe in some places there would be. But all that aside, if some groups of people are NEVER willing to trust our electoral process, what will solve that problem?

Who cares what the lunatic fringe thinks when right now no rational person can call these machines secure? Yes, there will always be some group who finds our electoral process untrustworthy. That isn't the point. The point is that, right now, our electoral process is untrustworthy.

Re:Just admit you were wrong

[smorken]

The original post was alluding to "closed source" and "open source" software, Richard Stallman

Actually dave, The original post does not mention open source software, in its general form, as an alternative. It mentions the Open Voting Consortium as an alternative.

Re:Why would we expect anything else?

[Beryllium+Sphere(tm)]

>I know, dumb answer, because Diebold pays the people who decide lots and lots of money.

That's a documented fact, not random cynicism:

Voting machine vendors offer cruises, funding and jobs to election officials.

Re:Why would we expect anything else?

[Flwyd]

Your Congresscritters actually don't have a lot of say in the matter. Elections are implemented in large part by county government officials and they have a fair amount of leeway about things like voting technology. Within a state you can expect to see many different voting devices used.

I program software for county governments (though it's not election-related). Despite what Slashdot readers would like, solid design and strong security is far from the main concern of the people with whom the purchasing decision resides. For instance, the main reason cited when our software isn't chosen during a selection process is that we haven't installed in a county of comparable size. Diebold has a track record of being able to deliver on a large scale and that typically carries a lot more weight than rock solid security. Support infrastructure is another major factor. Most folks in my company are glad that we're not trying to compete in the elections arena because each one of your clients will have a bucket of support incidents on the same day. Diebold's a large company and can handle that volume. Even the best open source product needs a lot of warm bodies, educated on the system, available on the first Tuesday in November. Open source is a big plus in the eyes of Slashdot readers, but elected officials rarely know the benefits of open source.

We as Slashdot readers need to present our technical credentials, educate officials and the public, and voice concerns when the counties in which we reside are shopping for new voting technology. Since almost every county in the country got a new voting system in 2004, most will be reluctant to buy again soon, but if we point out enough flaws they could be convinced. Concerned geeks (and others) in Boulder County, Colorado were able to convince the county to select a system with a paper trail. (Optical scanning, I believe.) It took a long time for them to get their results, but the system is able to be verified by hand in case of controversy.