[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Worst security flaw ever - 3 states invoke Diebold emergency procedures

To: cvv-discuss@xxxxxxxxxxxxxxxxx
Subject: Worst security flaw ever - 3 states invoke Diebold emergency procedures
From: Neal McBurnett <neal@xxxxxxxxxxxxx>
Date: Wed, 17 May 2006 17:16:46 -0600
Delivered-to: mailing list cvv-discuss@coloradovoter.net
List-help: <mailto:cvv-discuss-help@coloradovoter.net>
List-post: <mailto:cvv-discuss@coloradovoter.net>
List-subscribe: <mailto:cvv-discuss-subscribe@coloradovoter.net>
List-unsubscribe: <mailto:cvv-discuss-unsubscribe@coloradovoter.net>
Mailing-list: contact cvv-discuss-help@coloradovoter.net; run by ezmlm
User-agent: Mutt/1.5.6+20040907i
Below are more details of the recent "Hursti II" findings, in two
messages from Susan Evoy and from Verified Voting.

Independent report from the NY Times:
 http://www.nytimes.com/2006/05/12/us/12vote.html

 "This is the barn door being wide open, while people were arguing
 over the lock on the front door," said Douglas W. Jones,

In short, Diebold's DRE platforms make it trivial to insert a PCMCIA
card (after simply opening the casing, in a way that doesn't break any
seals or anything) and replace selected parts of the the voting
software, or the entire operating system (normally Windows CE), or the
bootloader itself.  Networking cards allowing for remote control can
also be inserted in ways that would not be visible to normal users.

 David Bear, a spokesman for Diebold Election Systems, said the
 potential risk existed because the company's technicians had
 intentionally built the machines in such a way that election
 officials would be able to update their systems in years ahead.

 "For there to be a problem here, you're basically assuming a premise
 where you have some evil and nefarious election officials who would
 sneak in and introduce a piece of software," he said. "I don't
 believe these evil elections people exist."

Did our contract with Hart allow us to do security testing, or
allow Mr Hursti or other experts to do independent testing?


Details at
 http://www.bbvforums.org/cgi-bin/forums/board-auth.cgi?file=/1954/27675.html
 http://www.blackboxvoting.org/BBVtsxstudy.pdf

The fact that designs which are this bad, with consequences of this
magnitude, still get thru the current testing and certification
regimes, again reinforces our case that not only are DREs suspect, but
that all computerized voting systems are suspect.  As we've been
saying for years....

Neal McBurnett                 http://mcburnett.org/neal/
Signed and/or sealed mail encouraged.  GPG/PGP Keyid: 2C9EBA60

----- Forwarded message from Susan Evoy <sevoy@xxxxxxxx> -----

To: vote-wg@xxxxxxxxxxxxxx
From: Susan Evoy <sevoy@xxxxxxxx>
Subject: [vote-wg] Worst security flaw ever - 3 states invoke Diebold emergency
 procedures (fwd)

---------- Forwarded Message ----------
Date: Thursday, May 11, 2006 4:42 PM -0700
From: "update@xxxxxxxxxxxxxxxxxx" <update@xxxxxxxxxxxxxxxxxx>
To: evoy@xxxxxxxx
Subject: Worst security flaw ever - 3 states invoke Diebold emergency 
procedures

Permission to reprint or excerpt granted, with link to
http://www.blackboxvoting.org

- The Oakland Tribune scooped other newspapers yesterday on the story.
- Pennsylvania's Michael Shamos sequestered all Diebold touch-screens.
- California is invoking emergency procedures.
- The state of Iowa  is trying to figure out a way to scrub Diebold clean.

Harri Hursti has just come out with Hursti Report II, a Black Box Voting
project.

Here it is:
http://www.blackboxvoting.org/BBVtsxstudy.pdf

A second study with 12 more defects will be released Monday May 15.

WHAT'S DIFFERENT ABOUT THIS?

Back doors were found in three separate levels. They can be used one
at a time or combined for a deep attack that can permanently compromise the
Diebold touch-screens.

Almost nothing will work to ensure that machines that have already been
delivered have not been contaminated -- the very forensic procedures that
MIGHT identify tampering also wipe clean any evidence.

The procedures being used in Pennsylvania, California, and Iowa will not
necessarily work if the system has already been contaminated. Worse, the
very procedure needed to cleanse the system can just as easily
re-contaminate it.

Next week, Black Box Voting will release recommended solutions in
conjunction with a  recommendation to pull all Diebold touch-screen
machines off the shelf.

For more information, visit the following links:

http://www.bbvforums.org/forums/messages/1954/27675.html

and to see what the Diebold lawyers are trying to do to Bruce Funk, click
here:

http://www.bbvforums.org/forums/messages/1954/27671.html
(Scroll past the Georgia cluelessness to a transcript of the retaliatory
meeting held to try to force Funk out of office.)

Diebold lawyers are also retaliating against Stephen Heller, trying to put
him in jail for leaking documents that have been compared in importance to
the actions of famed Pentagon Papers leaker Daniel Ellsburg. Click here
for the latest on Heller:

http://www.bbvforums.org/forums/messages/1954/27423.html

and click here to donate to his defense fund:

http://www.hellerlegaldefensefund.com

(Diebold lawyer's vindictiveness has cost Heller his job and very nearly
his home. His courage in fighting for YOUR right to vote needs your support.

* * * * *

Black Box Voting is a nonprofit nonpartisan 501c(3) organization dedicated
to fighting for your right to accurate and fair elections. We are supported
entirely by citizen donations.

---------- End Forwarded Message ----------

____________________________________________________________
You received this message as a subscriber on the list:
    vote-wg@xxxxxxxxxxxxxx
To be removed from the list, send any message to:
    vote-wg-unsubscribe@xxxxxxxxxxxxxx

For all list information and functions, see:
    http://lists.cpsr.org/lists/info/vote-wg

----- End forwarded message -----


----- Forwarded message from Verified Voting Foundation <news@xxxxxxxxxxxxxxxxxx> -----

From: Verified Voting Foundation <news@xxxxxxxxxxxxxxxxxx>
Subject: Verified Voting Special Edition

VERIFIED VOTING SPECIAL NEWSLETTER

May 16, 2006

Latest Security Vulnerability in Paperless Electronic Voting
Underscores Urgent Need for Paper Trail; Auditing

A critical security vulnerability has been brought to light in Diebold
touch screen voting machines, just as several primaries are about to
occur.

In a May 12th [1]New York Times article
(http://www.nytimes.com/2006/05/12/us/12vote.html), Avi Rubin, a Professor
at Johns Hopkins and Verified Voting advisory board member, said *I almost
had a heart attack* when he understood the nature of the problem.  Michael
Shamos, a computer scientist and voting system examiner in Pennsylvania,
was quoted in the same article, "It's the most severe security flaw ever
discovered in a voting system."  Indeed, several experts have urged that
the technical details of the problem not be discussed because it is so
easy to exploit.  Such recommendations are extraordinary, coming from a
community that values openness and transparency on computer security
issues.

According to the report (available in redacted version at
[2]www.blackboxvoting.org) by computer expert Harri Hursti, the machines
have insufficient protection to prevent malicious firmware from being
installed.  If bad firmware were installed, it would be difficult to
detect, and it might be difficult to install new *clean* firmware.  A wide
variety of poll workers, shippers, technicians and so on, have physical
access to voting machines at various times; any of these people might be
able to use that access to install bad firmware.

Shockingly, news of the security flaw was topped off on Monday with news
that both Diebold and the State of Maryland have been aware of the
security vulnerability for at least two years.

Further adding to the scandal is the fact that the backdoor (or doors)
were designed into the machines intentionally, against accepted design
practice and, indeed, simple common sense, as Diebold spokesman David Bear
admits in the same New York Times article.  He goes on to say, *For there
to be a problem here, you're basically assuming a premise where you have
some evil and nefarious election officials who would sneak in and
introduce a piece of software,* he said. *I don't believe these evil
elections people exist.*

Diebold's confidence in election officials is heartwarming. But what
really matters is the confidence of the voting public. What are these same
election officials to do when disgruntled candidates question the results
of their elections? They can*t point to federal and state safeguards,
which completely overlooked this glaring problem. In most places using
Diebold touch screen machines, there will be no voter-verified paper
records to recount. In those jurisdictions in particular, Diebold has left
election officials with no method to defend themselves or their elections
when questions arise.

It is easy for people to learn the wrong lesson from this incident: that
we need more stringent computer security.  More stringent security is
desirable (depending on how much it costs), but won*t solve the real
problem. The cause of the real problem is the use of paperless electronic
voting, which is fatally flawed as a concept. Modern computer systems
cannot be made sufficiently secure to handle all-electronic voting with
secret ballots. Mistakes or tampering at any level, from the software to
the circuits in the chips can change electronic votes, undetectably.

This incident is just one of many, involving products from many different
manufacturers.  It won*t be the last. Indeed, such problems will never end
as long as paperless electronic voting is in place.

Suppose we had the best possible practices, such as thorough background
checks of the ownership, management, and employees of vendors, meticulous
and intrusive reviews of the design and manufacture of the equipment by
truly independent experts, and so on * the kinds of measures used for
regulation of gambling equipment. Even these measures would not eliminate
programming errors and security holes. Even in a best-case scenario, there
will always be people who can *hack* the machines (including the
programmers who write the code in the first place). Voters will never know
whether their votes were recorded and counted accurately.

Given the current state of technology, elections cannot be trustworthy
unless there are voter-verified paper records of the votes and a
significant portion of those paper records are manually counted to check
the machine counts. We can*t guarantee that machines will always function
correctly, but each voter can make sure that his or her vote has been
correctly recorded on paper (preferably by the voter*s own hand).

Fortunately, twenty-seven states with over fifty percent of the U.S.
population require voter-verified paper records. Some counties in those
states may use the Diebold touch screen machines with *paper trail*
printers. If they must use the machines, we would urge them in the
strongest terms to be especially diligent in protecting and auditing those
paper records * including manually counting more than the minimum number
required by law.

Every jurisdiction with voter-verified paper records (paper ballots or
paper audit trail printouts verified by the voter) should publicly carry
out a manual audit, after the initial vote count is reported, with random
selection of the areas to be counted.  Voters should encourage their
election officials to carry out such an audit * regardless of whether it
is required by law in their state * in order to check the voting system
for accuracy. Currently, more than twice as many jurisdictions offer
voter-verified paper records than there are jurisdictions that require
audits.

Whatever you do, don*t let these problems discourage you from voting.  If
you don*t vote, you can be sure that your vote won*t count.  Instead,
contact your elected officials and the candidates and make sure they
understand that paperless electronic voting must be replaced with systems
that provide a voter-verified paper record that is manually audited * our
democracy depends upon it.

###

Verified Voting Foundation
1550 Bryant St., Suite 855
San Francisco, CA  94103
415-487-2255 telephone
info@xxxxxxxxxxxxxxxxxx

[3]The Verified Voting Foundation is a 501(c)(3) nonprofit corporation;
your contributions to the Foundation are tax-deductible to the extent
provided by U.S. tax law. To donate online, visit
[4]http://verifiedvoting.org/donate --or if you prefer to mail a check,
please send to Verified Voting at the address shown above.

[5][IMG]<diaEmailID='124471482' thread=1649 />

References

Visible links
1. http://www.nytimes.com/2006/05/12/us/12vote.html
     http://www.democracyinaction.org/dia/track.jsp?key=124471482&url_num=1&url=http://www.nytimes.com/2006/05/12/us/12vote.html
2. http://www.blackboxvoting.org
     http://www.democracyinaction.org/dia/track.jsp?key=124471482&url_num=2&url=http://www.blackboxvoting.org
3. http://verifiedvotingfoundation.org
     http://www.democracyinaction.org/dia/track.jsp?key=124471482&url_num=3&url=http://verifiedvotingfoundation.org
4. http://verifiedvoting.org/donate
     http://www.democracyinaction.org/dia/track.jsp?key=124471482&url_num=4&url=http://verifiedvoting.org/donate

----- End forwarded message -----
Prev by Date: FYI: LTE / Longmont Times-Call
Next by Date: HAVA Complaint Hearing - Demand for the facts
Previous by thread: FYI: LTE / Longmont Times-Call
Next by thread: HAVA Complaint Hearing - Demand for the facts
Index(es):
- Date
- Thread