[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: UConn Report on Diebold AV-OS

To: attendees <attendees@xxxxxxx>, cvv-discuss@xxxxxxxxxxxxxxxxx
Subject: Re: UConn Report on Diebold AV-OS
From: Neal McBurnett <neal@xxxxxxxxxxxxxxxxx>
Date: Mon, 6 Nov 2006 09:22:54 -0700
Delivered-to: mailing list cvv-discuss@coloradovoter.net
In-reply-to: <bfc40aa0611011353r5fd6456fm82b05ac26dff1f58@mail.gmail.com>
List-help: <mailto:cvv-discuss-help@coloradovoter.net>
List-post: <mailto:cvv-discuss@coloradovoter.net>
List-subscribe: <mailto:cvv-discuss-subscribe@coloradovoter.net>
List-unsubscribe: <mailto:cvv-discuss-unsubscribe@coloradovoter.net>
Mailing-list: contact cvv-discuss-help@coloradovoter.net; run by ezmlm
References: <bfc40aa0611011353r5fd6456fm82b05ac26dff1f58@mail.gmail.com>
User-agent: Mutt/1.5.6+20040907i

I hope folks noticed that these are attacks on an OPTICAL SCANNER
MACHINE!  Read on.

On Wed, Nov 01, 2006 at 02:53:03PM -0700, Margit Johansson wrote:
> Avi Rubin's Blog
> UConn VoTeR center report: Diebold AV-OS is vulnerable to serious attacks
> 
> A powerful new report was released yesterday about the Diebold AccuVote Optical
> Scan voting terminal (AV-OS). 
> The authors show that "even if the memory card is sealed and pre-election
> testing is performed, one can carry out a devastating array of attacks against
> an election using only off-the-shelf equipment and without having ever to
> access the card physically or opening the AV-OS system box."

> ... Besides manipulation of the
> voting machine totals and reports, the authors explain how any voter can vote
> an arbitrary number of times using (get this), Post-it notes, if the voter is
> left unattended.

That post-it note attack is classic!.  Stick post-it notes to the
trailing edge of the ballot, then

 - Feed it into the scanner all the way, but hold on to the post-it note
 - Then pull it back thru
 - Repeat

See the pictures at  http://voter.engr.uconn.edu/voter/Reports.html

As I wrote in my comment on Avi's blog, this just underscores again
the importance of doing random manual audits. Real audits. Audits that
start from detailed election reports of how each machine tally came
out, and track back from those results to identify the paper records
they are based on, and see whether a hand count of those paper records
comes up with the same result.

But this sort of audit is hardly ever done, even when required by
state law (as it is in Colorado). The voting systems don't usually
even produce auditable results. They produce precinct reports, but
since absentee and early results are mixed in, you can't track down
the actual pieces of paper needed to validate the results. So we do
partial recounts instead and call them audits. And as this study
demonstrates, as have so many others, the results can be different
during the recount, so they are nearly worthless.

Check out my page at
http://www.coloradovoter.net/moin.cgi/ManualCountAudit and read the
Brennan Report (linked from there) and call for auditable reports and
real audits from your own county and vendor. It isn't just a DRE
problem - it is an optical scanner problem and especially a tally
system problem. There are many single points of failure, and good
audits are one of the few really helpful tools we have.

Even if we do a hand count, we will want to audit the sub-totals and
check the arithmetic.....

Neal McBurnett http://mcburnett.org/neal/

Follow-Ups:
- Hart eSlate machines: why an unsealed I/O port?
  - From: Neal McBurnett

References:
- UConn Report on Diebold AV-OS
  - From: Margit Johansson

Prev by Date: RE: Inconsistent info?
Next by Date: RE: Inconsistent info?
Previous by thread: UConn Report on Diebold AV-OS
Next by thread: Hart eSlate machines: why an unsealed I/O port?
Index(es):
- Date
- Thread