Slashdot Mirror
Hotel Minibar Key Opens Diebold Voting Machines
Billosaur writes, "As if Diebold doesn't have enough to worry about! On the Freedom To Tinker blog, Ed Felten, one of the co-authors of the recent report 'Security Analysis of the Diebold AccuVote-TS Voting Machine', reveals an even more bizarre finding related to the initial report. It turns out that you can gain access to an AccuVote-TS machine using a hotel minibar key. In fact, the key in question is a utilitarian type used to open office furniture, electronic equipment, jukeboxes, and the like. They might as well hand them out like candy."
I know I'm preaching to the Slashdot choir, and it's been said a thousand times before, but as long as we have closed voting processes, we're going to have people screwing up by doing things like having voting machines accessible with hotel minibar keys. We hate Microsoft for their closed-source software, yet we continue to accept this kind of idiocy.
Quick question: If we have viable alteratives, such as those presented by the Open Voting Consortium, why do we continue to bother with these stupid Diebold machines? I know, dumb answer, because Diebold pays the people who decide lots and lots of money.
I would say write to your Congresscritters and let them know that you want these screwed up pieces of junk out of our polling locations, but like I said, I know I'm preaching to the Slashdot choir, and you won't do it. >:-( But realistically, just know that until you do, we can look forward to many, many more articles about this kind of thing. Ooh, at least until we see the one that says, "Electronic voting machines hacked! Election results tainted!." Or even better, when we see nothing at all and Richard M. Stallman is mysteriously elected President in a write-in landslide.
sigh Oh well, it was worth a shot. Just give me my damn +5 and go back to reading about lasers on Intel's chips now.
I'd like to have access to the minibar.
Dedicated Cthulhu Cultist since 4523 BC.
Electronic systems - including electronic voting machines - will always be able to be tampered with, no matter who makes them, no matter what their CEOs stupidly say, no matter what ongoing audit mechanisms are implemented, whether they're open or proprietary, and no matter what legislation or other initiatives mandate or recommend them.
Finding out that computer systems can be tampered with and that some large-scale enterprise-class systems can have shoddy security, physical and otherwise, should come as no surprise to us, particularly in this community. On this particular issue, a generic security key is used because of key management issues and the fact that casual access is what's being prevented. Neither of which excuses this or any of the numerous other glaring shortcomings and flaws in this equipment. No one - citizen, politician, or party - benefits from universally shoddy security on electronic voting systems. No one.
Remember, too, that voting legislation, in large part in response to issues in the 2000 election, designed to ensure fair, uniform, and universal access to voting for all citizens by mandating electronic voting equipment, such as HAVA (2002), were Democratic and bipartisan efforts.
The real issue is that Congress screwed up: they inherently, and erroneously, believed that since we trust so many critically important things to machines, certainly reliable electronic voting is possible, and indeed, we use automation, computers, and machines in almost every aspect of our lives to increase efficiency and reliability - why should voting be any different?
Except for one problem: when you're trying to administer a one-vote-per-person system that also maintains anonymity, and also disallows any external entity from discovering who voted for which candidates, when there is no permanent, voter-verified paper trail, the system as a whole cannot be trusted, since any level of security will always be able to be overridden. This has nothing to do with open source versus proprietary, or how shoddy physical security on e-voting systems is. A permanent, voter-verified paper trail solves all of these problems.
The only problem is that no legislation mandating electronic voting systems includes or speaks to any provisions requiring permanent paper receipt printing capability. All of the major e-voting vendors - Diebold, ES&S, and Sequoia - have this capability, but it's an add-on that requires retrofitting existing equipment, or in some cases, purchasing new equipment. And that takes money many counties and municipalities - particularly in the most hotly contested areas - don't have. (Hint: it's not just poor areas that have long lines)
Our focus now should be on passing legislation that requires permanent voter-verified paper trail capability on all newly deployed e-voting systems, and allocates funds and creates a timeline for deployment on existing systems. Please, continue to raise this issue with both your county election officials and your elected representatives.
This issue is too important and too critical to the integrity of our election process to let rest.
---
Temporary disclaimer, since this seems to have been an issue for people reading my posts lately: I am not a Republican, did not vote for Bush in the last election, and have always voted for more non-Republican (usually Democratic) candidates since I have been voting.
They might as well hand them out like candy.
And that's exactly what the politicians are looking for.
the key in question is a utilitarian type
That's the problem right there. You should never religion and state, it always makes one cross.
Have you read my journal today?
Let me see, this key opens voting machines, mini-bars, jukeboxes, etc? Sounds pretty shiny, where do I get one! I need to add it to my lil' bastard music-copying, alcohol-drinking, electrion-throwing kit.
stuff |
After all, these machines were never seriously designed with security in mind...they were designed to be easily compromised.
I think I'll take a hotel minibar key down to my local ATM to see if I can score some free money. If Diebold is honestly this incompetent, it'll be a snap. If, however, the voting machines are specifically designed to be compromised, I'll probably have a harder time of it.
Any bets on the outcome of my little experiment? Didn't think so.
____
~ |rip/\/\aster /\/\onkey
I just spit chipotle on my desk when I read the headline. Man, that's comedy.
Unfortunatly...
Call a locksmith with an IQ greater than that of a grape, and he can come up with a solution. I have NO faith in Diebold. It's just another one of those large contractors that always get the bid because they were around first. Newer companies (read, non-stagnant) could create a working product for a tenth of the cost.
And why does Diebold design these machines in such a way that they *CAN* be hacked? I think that involving an Operating System and software in the design of such a machine is a critical error. As a computer engineer, I realize that overcomplicating things can lead to errors. DSP's can make hardware extremely cheap, but there are places where analog circuits are cheaper and more realiable! Why hasn't Diebold designed a hardwired electronic circuit or a mechanical system with failsafes such that the machine can't be hacked, and the wrong candidate will not be selected if the machine fails? There are so many places where their current design can and will go wrong. I believe that it's time for these loonies (or preferrably someone else who has more sense) to come up with a more rudimentary and failsafe design!
for example, common car keys can easily open most McDonald's registers. I guess if you just go sticking enough keys into something, one is bound to work...
Monstar L
We will be adding a "change everyone elses votes to" toggle for each voting option!
34486853790
Connection too slow for X forwarding? Try "ssh -CX user@host"
This is why there needs to be greater accountabiility and control over chain-of-custody procedures when it comes to e-voting. There is no way the U.S. is going to revert back to paper at this point, and there is also no way to make any of these machines fully tamper-proof. To keep integrity in the voting process, we have to start holding peoples' feet to the fire. And we need poll volunteers who know a thing or two about how to operate these machines correctly.
Better keep Ted Kennedy away from those machines, or there will be vote tampering for sure!
Execute? [Y/N] _
If you watch the video of the university guys explaining the hack, you'll see a good closeup of the lock. The lock looks like a real cheapy one; something you'd find on one of those floppy disk / CD storage boxes, or the kind they put on suitcases. I betya the keys for those boxes/suitcase will open this lock as well, with a little jiggling. Hell, these locks can be opened with 2 paper clips.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
The only problem is that no legislation mandating electronic voting systems includes or speaks to any provisions requiring permanent paper receipt printing capability.
Do not use the word "receipt" in this context. A receipt is something that you take with you, as a personal record of a transaction. A receipt is worse than useless here... you don't WANT people to be able to show the party bosses that they voted the "right way".
What is needed is a "permanent paper ballot capability", where the ballots are retained at the voting place and serve as the primary official paper (ahem) trail.
With the Diebold UberFascer 6000, you can Fix elections AND enjoy a hard-earned single malt scotch!
the mods may say you posted flamebait, but to me it's a flame that warms my heart. rock on, brother! --chebucto
Your current administration will have no problem fixing this, it's simply a case of outlawing office equipment/minibar keys.
You shouldn't be locking stuff in your desk anyway, what are you a terrorist?
As for minibar keys--it is the view of our administration that you shouldn't be drinking on business in the first place, it's not good for America! Do you really want to help the terrorists win???
We will ensure all minibars are re-keyed with special locks, the keys to which will be restricted to government employees only (Our administration has proven itself to be Above all Laws but God's, and God never said not to drink, so we therefore deserves access)
When minibar keys are outlawed, only outlaws will have minibar keys--then we know who to detain, harass or shoot (our call).
As if the American People didn't have enough to worry about. There, fixed that for ya.
How long are we going to tolerate this?
What if the Hokey Pokey really is what it's all about?
"Finding out that computer systems can be tampered with and that some large-scale enterprise-class systems can have shoddy security, physical and otherwise, should come as no surprise to us, particularly in this community. On this particular issue, a generic security key is used because of key management issues and the fact that casual access is what's being prevented. Neither of which excuses this or any of the numerous other glaring shortcomings and flaws in this equipment. No one - citizen, politician, or party - benefits from universally shoddy security on electronic voting systems. No one."
Sorry, but I disagree with one part what is otherwise an insightful post. Some people do benefit from shoddy vote counting equipment. Who? The party machinery of the two major parties who already have people in the polling places.
There are three qualifications for a person(s) who benefits:
1) they have to have a reasonable excuse for being in physical proximity to the machine.
2) They have to have a reasonable excuse for having a key. According to TFA, this is easy.
3) They have to be part of a group for whom a small margin of change change results in a benefit. ( if a Dem or Rep gets 51% instead of his predicted 48%, nobody really suspects. When some third party candidate gets 51% instead of his predicted 3.5%, that is too obvious. )
There are people who benefit. Unfortunately, these are the same bunch of people who give their stamp of approval on voting machines. The wolves are in charge of the henhouse here.
There is a simple solution to this.
Assuming a paper trail, everything goes as normal, the polls close, and the machine spits out results -- Candidate X - nnnn votes. Candidate Y - mmmm votes, etc. These are passed up the line, however they are supposed to be.
Next, the worker in charge of the operation of that poll rolls a die 3 times. If it comes up 6 all three times, the vote box is opened and a manual check of the paper records is done. This means there is a random check of about 0.5% of the machines, which verifies the integrity of the voting machines. If there has been any widespread tampering, it will show up here. If the totals are tampered with higher up, there is the opportunity to compare the numbers published at the polls with the final totals.
But again, without a paper record, there is no way of verifying anything .
grnbrg.
Slashdot Burying Stories About Slashdot Media Owned
Maybe I'm being paranoid here but this seems like the sort of thing that could easily be exploited in a really nasty way. A group of well funded [fill in your favorite conspiracy theory related group of individuals here]* could theoretically get people into key places around the country where these machines are in use then infect them with a virus that siphons the vast majority of votes to a candidate that has no choice at all of winning (Ralph Nader or something like that). Imagine the exit polls on CNN, etc. showing a close race between the Democratic & Republican candidates and then the Green Party actually winning by a landslide. Something like this would cause such an increase of mistrust of the government that election results for an entire generation would be questioned. It wouldn't be terrorism in the classical sense, but it would generate a huge groundwell of mistrust that could damage the federal government for a long time to come.
* <tinfoil_hat=on>Of course the unnamed group could even be a major political party</tinfoil_hat>
Quick question: If we have viable alteratives, such as those presented by the Open Voting Consortium [openvotingconsortium.org], why do we continue to bother with these stupid Diebold machines? I know, dumb answer, because Diebold pays the people who decide lots and lots of money.
Things like Diebold are needed tools for fixing elections.
Republicans may not like it, but their candidates for the last 2 elections had the elections fixed.
Nomatter what you do, unless entire entourage of republican party officiers in counties related to suspicious activity are fired off, republican party will always carry a stain of dishonor.
Read radical news here
How about the following voter verifiable scheme:
The machines print you an official receipt indicating your vote and tag it with a random number. At the end of the election, all the data (a large random number and vote table) could be posted (website and otherwise) so anyone who wanted could verify the tally and their vote.
To avoid the injection of a bunch of bogus votes, it would also be necessary to allow anyone who wanted to (specifically a representative from each party) to come out on voting night and count the turnout.
The system can also be easily extended to avoid voter coercion and untrustworthy machines.
The coercing problem comes from the fact that third parties can now insist the voter shows them their receipt to verify they voted as instructed. This can be avoided by providing every voter with two receipts. One would be their actual vote, and one the other would be, at their option, a random one or a specifically chosen alternative.
The system would then make the bogus vote verifiable, so the coercer won't be able to tell it is bogus, by searching its database for an already cast vote that matches and using the associated random number on the receipt. The individual would then be able to claims to the person doing the coercing that the fake vote is their actual vote and their actual vote is the fake vote.
The machine problem comes comes from the fact that it could rig the random numbers. For example, it could choose the numbers such that all of one candidates votes get counted under one vote, and then correct the balance (so this is undetectable) by generating counter bogus votes. This is easily fixed by requiring the random number be a combination of machine and user.
That is, the machine first selects a random number and displays it to the user. The user then enters another to multiply it by. That way, neither the machine nor the user (unless the former can do long division of very large numbers in their head) are able to determine the final random number.
This stops both the machine from being able to rig the final number and the user from being forced to (by someone attempting to coerce them). Both numbers would be printed on the receipt so anyone could verify the machine didn't cheat on the multiplication.
Note this does not interfear with the coercing avoidance scheme, as a fake vote can still easily be produced. The machine would have no problem doing the required long division to make sure the vote was verifiable (the machine cannot do this for the actual vote as it has to show its number to the user before it gets to know what the user's number is).
I think the distinction that needs to be made here is that voting needs to be an open process -- not just use open source software, but apply some of the same principles. (Mainly that ANYONE can verify the voting process is valid.) So things like paper trails, open source software, and voting officials who can actually verify what is going on (because with diebold, all they can do is lug the boxes around).
Voter votes and gets a printout of his votes from machine A. He verifies that the votes are correct (if not, the printout gets shredded) and puts the printout into machine B (which signals to machine A that it got the printout). Note that machine A and machine B could be made by seperate vendors, and B also contains a paper trail in case a recount is needed.
If machine A and B don't agree, you recount the paper ballots. Gee, sounds quite a bit harder to subvert eh? With added paper ballot goodness no less.
I Am My Own Worst Enemy
Damn you a_nonamiss (743253)... Damn you to hell...
Dirty Pirate Hooker
These Voting machines actually do what they say they do. They vote for us. Thanks to the advances in voting machine technology, humans will be relieved the burden of actually voting altogether! Voting machines are clearly a terrific labor saving device.
I, for one, welcome our new......oh. Too late.
The problem with quotes on the internet, is that nobody bothers to check their veracity. -- Abraham Lincoln
Pretty please...with sugar on top.
Either make voting machines as secure as slot machines, or let mini bar keys open up slot machines.
Either or. I'm not picky.
I'm not saying your last election was a fraud.
I'm also not saying that you guys suck at democracy.
I am saying that you suck at capitalism.
Let's assume that you want to get at the card or whatever is behind the panel.
Why isn't this panel made out of glass that you have to shatter with a little hammer or teflon paper that you have to cut? That way, there's obvious proof of access. The vendor can repair the windows for the next election - it's a revenue stream for them. If the replacement costs $500 or so to install (due to all the fancy features like holograms, RFID, and seals, etc.) then fakes would be prohibitively difficult to get. It would be better physical security than a "Bic" lock.
I think Diebold was lazy, not conspiring. The rest of you were lazy by allowing these lazily built machines to run your election.
---
ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
Hmmmm... do the same hotel minibar keys work on Diebold ATMs?
If the code can't be open source, at least the key to the machine is....
I disagree. What we need to retain (and often times regain) is paper ballots.
Voter-verified paper audit trails are a placebo. What assurance do you have that what is printed is the same as what is recorded? None.
All attempts to date to actually audit a VVPAT, to the best of knowledge, have demonstrated just how infeasible the task is. Jill LaVine, Sacramento County's Registrar of Voters testified to the EAC that their audit took 1h 15m per ballot printed on the VVPAT.
Meanwhile, many people, like VerifiedVoting.org are proponents of Rush Holt's HR 550, which would require all electronic voting machines to have a VVPAT. Even though I utterly oppose all electronic voting, I do not oppose HR 550. Why? Because HR 550 requirements would demonstrate the folly of using electronic voting machines and the voter verified paper audit trail.
I will note here that New Mexico (VoterAction.org), Connecticut (TrueVoteCT.org), and others are successfully throwing out the DREs and bringing in voter-correctable precinct-based opticals scanners. That is today's best available solution.
Something I've never seen questioned in all these discussions - What's the point of going electronic? The old systems, while far from perfect, were not bankrupting the society, and through their clumsy diversity, were resistent to centralized attempts to manipulate the elections. My feeling - the true cost greatly outweighs any legitimate benefit. This is a case where we should all 'Just Say No'. I'm certainly a computer person, but I don't think everything needs to be done using a computer.
Anyone know the key code? I'd lay money that it was a National "C415A". That is by far the number-one most common "off the shelf" key code when it comes to cheap wafer locks. If you come across a C415A key, hold on to it. You'll find it fits a LOT of locks. Everything from paper towel dispensers and alarm panels, to (well) voting machines, apparently.
Really though, this is nothing new. People always pull stupid shit like this with physical security. The local Union Bank branch I do work for (as a locksmith) has double locks on every teller drawer. One lock takes a key only the teller has and is different for each drawer, the other takes a key the manager has and fits all the drawers. Well, the "manager" key is another absurdly common key, the National "915". If they're expecting the manager lock to keep anyone out, they're sorely mistaken. I've told them, but they don't seem to care...
If a job's not worth doing, it's not worth doing right.
The many broken Diebold problems in so many ways make it clear that Diebold's execs have nothing but contempt for voting. Why do they hate America?
--
make install -not war