[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Vulnerable Diebold machines get state approval in California

To: cvv-discuss@xxxxxxxxxxxxxxxxx, attendees <attendees@xxxxxxx>
Subject: Vulnerable Diebold machines get state approval in California
From: Neal McBurnett <neal@xxxxxxxxxxxxxxxxx>
Date: Mon, 20 Feb 2006 19:11:01 -0700
Delivered-to: mailing list cvv-discuss@coloradovoter.net
List-help: <mailto:cvv-discuss-help@coloradovoter.net>
List-post: <mailto:cvv-discuss@coloradovoter.net>
List-subscribe: <mailto:cvv-discuss-subscribe@coloradovoter.net>
List-unsubscribe: <mailto:cvv-discuss-unsubscribe@coloradovoter.net>
Mailing-list: contact cvv-discuss-help@coloradovoter.net; run by ezmlm
User-agent: Mutt/1.5.6+20040907i

Here is yet another indictment of the lack of effectiveness of the
current testing methodology for voting machines.  And another
indictment of astonishing lapses at Diebold.  And despite that,
a decision to allow these Diebold machines to be used in California,
with extra manual security precautions.

Note also that audits are indispensible:

 "The only way to detect and correct the problem would be by recount
 of the original paper ballots, e.g. during the 1 percent manual
 recount."

See the summary, and the full report, at

http://www.votetrustusa.org/index.php?option=com_content&task=view&id=944&Itemid=51

Below is a newspaper article on the same topic, obtained via the
vote-wg mailing list of the Computer Professionals for Social
Responsibility (CPSR), thanks to paulcz.

Neal McBurnett                 http://bcn.boulder.co.us/~neal/
Signed and/or sealed mail encouraged.  GPG/PGP Keyid: 2C9EBA60

----- Forwarded message from paulcz@xxxxxxxxxxxxx -----

To: vote-wg <vote-wg@xxxxxxxxxxxxxx>
Subject: [vote-wg] Diebold machines get state approval in California

  http://www.insidebayarea.com/argus/localnews/ci_3522960

Article Last Updated: 2/18/2006 09:18 AM
Diebold machines get state approval
By Ian Hoffman, STAFF WRITER
Inside Bay Area

After almost three years, Diebold Election Systems won approval Friday to sell its latest voting machines in California, despite findings by computer scientists that the software inside is probably illegal and has security holes found in earlier Diebold products.

The scientists advised Secretary of State Bruce McPherson this week that those risks were ``manageable'' and could be ``mitigated'' by tightening security around Diebold's voting machines.

McPherson gave conditional approval to Diebold's latest touchscreen voting machines and optical scanners Friday, while his staff ordered the McKinney, Texas-based company to get rid of the security holes as quickly as possible.

In a statement, McPherson said, ``after rigorous scrutiny, I have determined that these Diebold systems can be used for the 2006 elections.''

The decision is likely to set off a buying spree for as many as 21 counties, more than a third of the state, as local elections officials rush to acquire one of only two voting systems approved for use in the 2006 elections. Registrars and clerks prefer having voting systems for at least six months before conducting a statewide primary like the one in June, partly because it is California's most complicated and error-prone type of election.

``It's really late in the game and you have to have your star play in place, and if Diebold is your star play, this is good news,'' said Contra Costa County elections chief Steve Weir, vice president of the California Association of Clerks and Elections Officers.

At least three other voting-machine manufacturers still are being evaluated by state officials. For word of approval on their products, Weir said, ``you're going to wait until mid-March and for a lot of entities, it's too late.''

McPherson's approval comes just in time for San Diego County, which bought the new machines in 2003, used them once in 2004, then saw the state's approval withdrawn. The county has been warehousing 10,000 Diebold AccuVote TSx touchscreens for more than two years and withholding its $35 million payment to Diebold until approval. Now, with an election set for early April to replace Rep. Duke Cunningham, San Diego can use those machines. In June, so could San Joaquin County, which also bought and has been storing the new touchscreens trusting on approval.

Lining up as possible new buyers are Alameda, Marin, Humboldt, Alpine, Butte, Eldorado and nearly a dozen other counties. Sen. Debra Bowen, who chairs the Senate elections committee and is running for the Democratic nomination to challenge McPherson as secretary of state, criticized the approval as contrary to state and federal law.

Part of the software running in Diebold's touchscreens and optical scanners is what computer scientists call ``interpreted code'' that is loaded by memory cards or PC cards just before an election. That changes the software that private testing labs and states had tested and approved, and for that reason interpreted code is prohibited by federal 2002 voting system standards.

Last summer, a Finnish computer expert found a way to pre-load votes inside Diebold's optical scanning machines, then cover his tracks by hacking Diebold's interpreted code to print out reports showing no votes were in memory when in fact the election already was rigged.

McPherson found that private laboratories charged with testing Diebold's machines for compliance with the federal standards never examined the interpreted code and ordered Diebold back into lab testing. At the same time, he asked a team of scientific advisers from Lawrence Livermore lab, the University of California at Berkeley and UC-Davis to study the interpreted code and report back. The panel included computer scientists who have been skeptical, even critical of electronic voting systems, such as David Jefferson, Matt Bishop and David Wagner.

The team wrote two reports, one public and one ``confidential that lays out security flaws in the Diebold system, as well as ways to attack it.

The scientists found the interpreted code was very limited in function and not particularly vulnerable, but the software that translates that code into computer instructions for the voting machine had at least 16 bugs that could be used to hack or frustrate elections, according to the team's public report.

``There are serious vulnerabilities in the AV-OS (AccuVote Optical Scanner) and AV-TSx (AccuVote TSx touchscreen) interpreter that go beyond what was previously known. If a malicious individual gets unsupervised access to a memory card, he or she could potentially exploit these vulnerabilities to modify the electronic tallies at will, change the running code on these systems, and compromise the integrity of the election arbitrarily,'' the scientists wrote.

``The attack could manipulate the electronic tallies in any way desired. These manipulations could be performed at any point during the day. For instance, the attack code could wait until the end of the day, look at the electronic tallies accumulated so far, and choose to modify them only if they are not consistent with the attacker's desired outcome,'' the report went on. `` The attack could erase all traces of the attack to prevent anyone from detecting the attack after the fact. It is conceivable that the attack might be able to propagate from machine to machine, like a computer virus.''

Yet the scientists concluded that the security holes only were exposed when someone gained unauthorized access to the memory cards or PC cards and their contents. The software on the PC cards is somewhat better protected because it is encrypted, but the scientists discovered that Diebold still is using the same encryption key in all of its software nationwide that scientists at Johns Hopkins and Rice University reported publicly in 2003. Another scientist had noted the key's use as early as 1997 and advised Diebold to change it.

``For local elections (i.e., elections that do not span the entire state), we believe there are mitigation strategies that could be viable for the short term,'' the scientists wrote.

The scientists recommended having counties change the encryption keys on all Diebold touchscreens and maintain tighter controls over the memory cards and PC cards, for example by requiring two people be present whenever the cards are moved or their contents changed. Serial numbers for the cards and the tamper-proof seals to lock them into the voting machines will have to be logged by elections officials at each polling place.

McPherson adopted those recommendations in certifying the Diebold machines for the June and November statewide elections. His staff wrote Diebold Friday urging the company to fix the bugs in its software and eventually to get rid of the interpreted code entirely.

``The report was written by some pretty heavy critics of electronic voting systems,'' said Jennifer Kerns, a McPherson spokeswoman. ``We're confident that we've gone above and beyond the call of duty to test it, and above and beyond what other evaluations would have revealed and can maintain the integrity of the vote.''

Contact Ian Hoffman at ihoffman@xxxxxxxxxxxxxxxxxx

___________________________
Computer Professionals for Social Responsibility (CPSR) 
is the oldest non-profit, mass membership organization 
working on social impacts of computer technology.

To learn more, go to http://www.cpsr.org

To join or renew, use http://cpsr.org/membership__________________
vote-wg mailing list
vote-wg@xxxxxxxxxxxxxx
https://ssl.cpsr.org/mailman/listinfo/vote-wg

----- End forwarded message -----

Prev by Date: Fw: Washington Post stories about Diebold - in Maryland.
Next by Date: study on state databases of registered voters
Previous by thread: Fw: Washington Post stories about Diebold - in Maryland.
Next by thread: study on state databases of registered voters
Index(es):
- Date
- Thread