Slashdot Mirror

← Back to Stories (view on slashdot.org)

Diebold Voting Machines Audited by California

Posted by CowboyNeal on from the who-didn't-see-this-coming dept.

Panaqqa writes "Diebold must be wondering what else can go wrong. Considering their arrogance in the past, their comeuppance is truly well deserved. The State of California's source code review [PDF] of the Diebold voting system has been released. Additional reports will be made available as the Secretary of State determines that they do not inadvertently disclose security-sensitive information. One wonders what it will take to convince voting machine manufacturers not to do things like hard coding passwords as '12345678.'"

3 of 159 comments (clear)

  1. Eeeeeeek by GTarrant · · Score: 5, Insightful
    Imagine if Diebold, one of the major manufacturers of bank ATMs, hard-coded the passwords to every ATM as "12345678", or insisted to every bank that they couldn't get an ATM that gave people paper verification of their transactions, or that they couldn't guarantee to the bank that the internal records ATMs were reliable, and couldn't give any assurance that they were at all secure.

    They'd never sell a single one. No bank would accept an ATM that couldn't accurately track the thousand or so transactions that they see each day, or that anyone could gain control of by typing in a few keys followed by "12345678".

    And yet somehow (through much campaign cash, etc.) they managed to convince politicians that all that stuff would be too hard and unnecessary in voting machines, despite the technology already being available from the same company. That it's not hard to count accurately millions, even billions, of dollars in transactions each day, but that it's too hard to simply increase by one the count in the proper register to greater than a few percent accuracy. And despite numerous security incidents, they are still fighting tooth and nail these simple things.

    I'm not convinced electronic voting is necessary...but I'm wary of any politician that keeps trying to tell me there's no need to increase the security of such systems. Unless they say they're OK with their own banks using that kind of security, voting shouldn't use it either.

  2. "Plausible Deniability", Anyone? by NickFortune · · Score: 5, Insightful

    One wonders what it will take to convince voting machine manufacturers not to do things like hard coding passwords as '12345678.'"

    I can almost imagine that being a deliberate ploy. "

    I'm sorry your honour, but one of our programmers (no longer under our employ) hard coded a weak password in complete disregard of coding standards. Regretably, the weakness of the password has enabled certain parties to guess what it is, and thereby subvert the electoral process. But it's not our fault."

    Hanlon's Razor be dammned. In cases like this we should start assuming malice unless they can prove stupidity beyond any reasonable doubt.

    --
    Don't let THEM immanentize the Eschaton!
  3. Re:Just use paper counting by Anonymous Coward · · Score: 5, Insightful

    Working democracies are based on secret and unprovable votes and a transparent and voter verifiable voting process. The process is intentionally designed in a way which does not require anyone to trust anyone else. If you can come up with a computer voting system which does all that, let's hear it. Consensus among technology-minded people who have looked into the problem from a civil rights point of view seems to be that no computer voting system can work with secret and unprovable votes and at the same time be transparent and voter verifiable. (The basic idea is that, since computer systems are never verifiable as such, verifiability would have to come from being able to recount the votes in some independent way, but one would have to violate the secrecy or make votes provable to do that.)