Diebold Disks May Have Been For Testers

opencity writes "The Washington Post reports on the two Diebold source disks that were anonymously sent to a Maryland election official this past week. Further investigation has lead individuals involved to believe the disks came from a security check demanded by the Maryland legislature sometime in 2003." From the article: "Critics of electronic voting said the most recent incident in Maryland casts doubt on Lamone's claim that Maryland has the nation's most secure voting system. "There now may be numerous copies of the Diebold software floating around in unauthorized hands," said Linda Schade, co-founder of TrueVoteMD, which has pressed for a system that provides a verifiable paper record of each vote."

Can't do much with these disks

Can't play on ranked servers without a cd key and the gameplay itself is more boring than WoW. I'll stick with BF2.

Re:Can't do much with these disks

[TubeSteak]

Actually, on a more serious note... I haven't been able to find a torrent. This shit is pretty fucking fundamental to our democracy, and when it finally gets 'leaked,' it manages to stay buttoned up?

It got 'leaked' to Cheryl C. Kagan, a former Congresswoman & obviously someone with a little bit of common sense.

Kagan did the right thing, which was to contact the state elections officials, who in turn contacted the FBI, who went and talked to Kagan.

She was part of the Government and respects it enough to try and work within the system.

Anybody who doesn't try to get ahold of the source code running their local voting machines should be considered grossly negligent.

Good luck explaining that to a judge. The penalties for messing with anything relating to an election are no joke. Why do you think those discs were delivered anonymously?

Re:Can't do much with these disks

[electrosoccertux]

There are far more serious issues than our voting problems today when people consider wanting to learn about somthing akin to "messing with" it. As if my understanding of the source code behind how my vote is cast at all interferes with our country electing the next president. Unless, that is, there are flaws in the code that say all the votes will be converted to votes for [insert favorite politician here] if I press the upper right hand corner of the screen five times in under ten seconds; and my understanding of such a flaw [even though I wouldn't take advantage of it] stalls the election process. Nows whose fault would that be? Is it somehow my fault, for finding out that the Diebold did a bad job?

I've heard the likes of your attitude before. It can pretty much be summed up as "Don't ask why, that's just how it is." Imagine if you told your kids that.

Try appending that statement to the end of different statements:

-"We can't cure cancer. Don't ask why, that's just how it is." And so nobody bothers researching a cure.
-"Your computer's Windows installation is broken. Don't ask why, that's just how it is." And so you needlessly spend $$$ on a new computer when all you needed was a fresh installation and anti-vir."
-"2 + 2 = 5. Don't ask why, that's just how it is." And so the plane crashes.
-"You're wrong. Don't ask why, that's just how it is."

I hope you get the point.

If the attackers can use the source to attack it

[strider44]

If the attackers can use the source code to attack the machines then the machines aren't secure and probably wouldn't withstand an attack from someone who had access to the machine even without source code.

Having numerous copies floating around is a good thing if disclosure of security holes is encouraged, and the fact that Diabold are implying that the security of their systems rely on people not having access to the source code is a very bad thing.

Lets look at things logically. The only people who would rig the election using those machines would have to have physical access to the machines, and if they did they wouldn't need the source code to highlight security holes. If the source code was released then the people who would be advantaged would be the people who would responsibly disclose security holes.

What's the problem again?

[arth1]

Forgive if if I misunderstood, but shouldn't Linda Schade be happy that there's copies of the software available for public scrutiny instead of complaining about it? If she's really concerned with the security of electronic voting, surely she would be in favour of the software being verifiable?

If I didn't misunderstand, someone in D.C. should give this lady a call and explain to her the pitfalls of "security through obscurity" and why openness is a Good Thing.

These are the disks we returned to the state

I was one of the RABA testers. We discussed this today and we returned the disks to the testers. The leaks came from Linda Lamone's OWN OFFICE!

Security doesn't matter if the machines are rigged

Just before the 2002 election, a secret "patch" was distributed by order of the president of Diebold without the knowledge of election officials, according to several whistleblowers. You know, the guy who promised to "deliver [Ohio's] votes to the President".

Who gives a fuck if J0e Hax0r can compromise a voting machine when secret code can be installed on thousands, if not all, of the voting machines at the last minute with absolutely no oversight and nobody knowing about it? Voting, to borrow from one of the current "President's" minions, is a "quaint" and outdated practice.

Re:So why did we move to electronic voting again?

[fdiskne1]

and the voter gets a carbon copy of the paper

You had me up until that part. The voter should be able to SEE the paper copy and verify it is accurate without being able to touch it. It is then whisked away, dropped down, or whatever onto a roll, stack or whatever so poll workers have a way to verify the machine counts with paper counts. If they are given receipts, this would provide proof they voted a certain way. Voters should not be given a copy since this opens the door to people being paid or intimidated to vote a certain way. Other than that point, I agree with your post.

Re:New tag

[LordEd]

In other news, slashdot search queries for "wretchedhiveofscumandvillainy" increases dramatically.

be cautious of a Diebold paper trail - not right!

[arete]

You, the voter, need to physically move your verified ticket into a box under the watchful eye of the election judge. This MUST NOT be done by machine, unless the machine also does it in an easily visible fashion under the watchful eye of an election judge - which is simply not what's going on.

I early voted on a Diebold voter verified machine - and it's NOT good enough. I even had a nice conversation with the technical election judge, and since it did print a verified trail I did have to go home and think about this before I realized how it sucked.

They totally and complete circumvented the idea of a voter verified paper trail.

The way this machine works is you vote, it prints, you can see-but-not-touch the printout. You can vote AGAIN (up to 3 times) and it voids the previous printouts. Again, without you touching them. Which means the process expects that some percentage of its paper trail will be voided. The printouts get sent into some magic compartment.

So 1) there's no way except by noise for the election monitors to know if it printed a variety of extra votes. And they were pretty quiet.

2) There's absolutely zero way to know if it went back and voided your vote, because there's plenty of precedent for voiding votes.

3) It can absolutely tell via paper alone who voted in which order; it's on a spool. Which could be easily tracked by anyone who watched what order people voted at that machine. Your votes are even less anonymous.

*sigh*

(Ok, so I posted this on the previous Diebold story - sue me. It's important, so I reposted it, Karma be damned.)

Re:If the attackers can use the source to attack i

[clifyt]

"A voting machine that is as secure as an ATM is probably good enough."

Wasn't it just a few weeks ago people were finding the passwords for ATMs 'hidden' right there on the net with instructions on how to reprogram them from the front pannel so that it thought the 20s slot was actually dispensing $5s???

If this is the security we can expect...well, I just hope my side finds the password list before the other side. Those bastards are slimy cut and run warmongers who want to stay the course of flipflopping.

Re:So why did we move to electronic voting again?

[NuclearDog]

"Vote this way or you're fired, and I want to see the receipt."

Later:
"I lost the receipt."
"Our company no longer requires your services, we, uh, have decided to consolidate our action points to improve the synergy blah blah blah."

Re:If the attackers can use the source to attack i

[jx100]

I'd argue that the source code for voting machine should be made public in any circumstance. There is *no* reason to keep any part of the counting process secret. If there are exploitable holes in this process, that means the *process* is at fault, and should be redone until there are no holes.

Re:New tag

[pilkul]

Who cares? The actual way tags ended up being used is a lot more in the Slashdot spirit. I, for one, like having one-word snarky commentary right below every story.