Diebold Brushes Off Yet Another Damning Security Report

from the accountability? dept

Just a day after Avi Rubin discussed many of the real world problems of some Diebold e-voting machines in action, Ed Felten has come out with his quite damning independent review of the machines -- noting just how problematic the security is and how easy it was to upload malicious programs (including a virus that could spread dangerous software from machine to machine). This is hardly the first time we've seen such a report, but it seems like each report is progressively worse. By this point, you'd have to have lived in a hole to believe e-voting machines are secure. Diebold, in typical fashion, has responded not by admitting to any problems, but by attacking Felten's report -- claiming that his test (done on a machine acquired just a few months ago) was based on older software. Still, given the sheer number of reports of security problems with Diebold machines over the years, it's quite difficult to believe that between a couple months ago and now, they've solved all the security issues. In fact, given Rubin's report from yesterday -- it sounds like their "security measures" are so weak as to be a joke. What's most amazing of all is that Diebold continues to act defiantly about this, despite overwhelming proof that their machines have tremendous fundamental problems. Given the importance of secure and accurate elections, Diebold's continued denial of problems and attitude that there's no problem at all should concern just about everyone. Yet, it seems like they're being used almost everywhere.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    just one guy, Sep 14th, 2006 @ 12:31am

    Two months to fix the bugs...

    it's quite difficult to believe that between a couple months ago and now, they've solved all the security issues

    Mike, I don't think that yours is the real point here. You (as we) still have no clue of whether they in fact have solved or not the bugs of their software. I think the reason to dismiss Diebold's response should be more based on reflections such as:


    • How many copies of the "old" bug-ridden software have been installed on machines used in past elections?
    • How therefore can we be sure that those elections were fair?
    • How did you dare at the time be so confident that no problems existed?
    • How many of those machines are still around and will be used in further elections?
    • Given the abysmal results of their internal quality control unit in the past, what have they done internally to make sure not only that their past bugs were solved, but that no more bugs have been introduced, and that their released software is now safe?


    I think that the real issue here is that Diebold keeps on considering election software as just any desktop applications, and behave accordingly as if disclosure of trade secrets to competition were the only relevant issue.

    Their change of attitude is more important than their bug fix: election software is a mission critical software that MUST be independently validated before it is allowed to run and control the most fundamental aspect of modern democracies, such as the vote.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Sep 14th, 2006 @ 12:52am

    This is the only way the Republicans will win in November. Diebold - bought and paid for by the GOP.

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    yangyang (profile), Sep 14th, 2006 @ 2:40am

    Re:

    I am British and only recently discovered what GOP means. I am surprised anyone still uses this term. I cannot see anything GRAND about the Republicans.

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    yangyang (profile), Sep 14th, 2006 @ 2:47am

    Re:

    As an afterthought, maybe there IS something grand about them. They have found countless grand ways of screwing up the USA.
    This, of course, from the perspective of someone desperately trying not to hate this nation.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    yadda yadda, Sep 14th, 2006 @ 2:57am

    This story really needs some serious mainstream media attention and a public buzz before this next round of elections if there's anything to be done about this.

    Voting is one of the most important exercises in a democracy.. but unfortunately, the people behind the Diebold corporation, as well as most politicians, don't seem to care if the elections could be rigged by these dud e-voting machines.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Mike S., Sep 14th, 2006 @ 3:30am

    Re: Re:

    This, of course, from the perspective of someone desperately trying not to hate this nation.


    Don't hate the nation, hate the people. We are run by idiots because idiots elect them (I'm counting Dems here too -- not to discriminate). The nation itself is fantastic.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    William, Sep 14th, 2006 @ 4:30am

    A little perspective

    I used to prepare the old lever type voting machines for our local elections and talk about insecure! All I had to do while I was in the back of the machine is turn the counting wheel to start say at 1000 instead of 0 and this took no technical training or electronic hacking. At least the new electronic machines take technological savvy to pull off a fraud. The old machines could be rigged by a monkey. I just think a lot of this is fear of technology which always happens with anything new. I am in no way letting Diebold off the hook here. They should tighten up the security on these boxes but it always has been easy to pull off an election fraud.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Ed, Sep 14th, 2006 @ 5:11am

    Look who is the "oversight"

    In almost every jurisdiction using these Diebold machines, the people who selected them and defend them are overwhelmingly Republican. There is a concerted effort to KEEP the Diebold machines just as they are, and I think there is a nefarious reason for that. Sure, call me paranoid, but I've seen far too much "monkey business" over the last several years to think such a scenario is now far fetched. It is not in the GOP's interest to allow much of an investigation into these machines.

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    Bubba Nicholson (profile), Sep 14th, 2006 @ 5:53am

    GOP moniker

    Grand Old Party (GOP) derives from Grand Army of the Patomic (River--runs through the capital district between Virginia & Maryland). It reminds or reminded everyone that it was once perfectly legal to shoot republicans in more than half the country (1861-1872). Shooting republicans was even encouraged and facilitated by state and local governments back then.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    The Original Just Me, Sep 14th, 2006 @ 6:05am

    The problem isn't with Repub or Dem...

    It is with the incumbents.

    People who've been in Congress for so long they aren't even connected to people any longer.

    Let's vote them all out and start with a fresh new batch in November. Term limits would be a good idea too.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Overcast, Sep 14th, 2006 @ 6:20am

    Some of you people are so blindly polarized it's not even funny. Try using your brain sometime instead of the same old, tired worn out republican bashing. You really think the Democrats are so wonderful? You're narrow minded indeed...

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    ebrke, Sep 14th, 2006 @ 6:24am

    Re: A little perspective

    I'm sorry--I can't buy fear of technology. Many of the people who are most critical of the software are people like Ed Felton who are deeply involved in and invested in responsible software and computer development. They don't fear technology--on the contrary, they are on the cutting edge.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Brad Eleven, Sep 14th, 2006 @ 6:33am

    Re: The problem isn't with Repub or Dem...

    I concur. FLIP THAT CONGRESS!!

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Nilt, Sep 14th, 2006 @ 6:37am

    Expected this response

    Having read the actual report in full, I expected Diebold to come up with exactly this remark. On page 2 of the report it states:
    The machine we obtained came loaded with version 4.3.15 of the Diebold BallotStation software that runs the machine during an election.1 This version was deployed in 2002 and certified by the National Association of State Election Directors (NASED) [11]. While some of the problems we identify in this report may have been remedied in subsequent software releases (current versions are in the 4.6 series), others are architectural in nature and cannot easily be repaired by software changes. In any case, subsequent versions of the software should be assumed insecure until fully independent examination proves otherwise.

    The real issue at hand, which Diebold refuses to accept responsibility for, is that their previous claim of the software being secure has now been shown to be absolutely false. Why should we now, absent any proof whatsoever, accept that the new version is any different? Hopefully this study will get some attention and we'll see some change.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Luna, Sep 14th, 2006 @ 6:40am

    Alternatives to Diebold...

    How about in counties where the Diebolds have taken up residence, concerned voters opt to vote via absentee ballot? That would ensure that there is at least some kind of paper trail... I know that is what I would do if those dratted machines came to my town!

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Sep 14th, 2006 @ 6:43am

    I think people should take the new malicous software that was demonstrated today and distribute it to as many tech savy groups and individuals in the US as possible. Then come November when people who were not on the ballot have 100% of the votes someone will wake up and do something. Or the media will just spin it as a "terrorist attack" or the Republicans will blame the dems and vice versa.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Sanguine Dream, Sep 14th, 2006 @ 7:03am

    All it's gonna take...

    is some major politician to lose a major election (governor or something). I bet something will be dont then.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, Sep 14th, 2006 @ 7:23am

    Re: The problem isn't with Repub or Dem...

    It is with the incumbents.

    People who've been in Congress for so long they aren't even connected to people any longer.

    Let's vote them all out and start with a fresh new batch in November. Term limits would be a good idea too.


    That's the whole point. It doesn't matter how many people "vote them out". Those in control of the voting machines have a vested interest in making sure the results come out a certain way. The will of the people will never see the light of day. Does anyone really think Bush won in 2004? I mean seriously speaking?

    He's already proved that he doesn't bel;ive laws apply to him, so it it too much of a stretch to consider the voting might have been rigged. Actually, there is a lot of much stronger evidence out there to suggest it was. Of course, kinda difficult to prove now that there's no paper trail. Again, this is not by accident.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Anonymous Coward, Sep 14th, 2006 @ 7:26am

    Re:

    Some of you people are so blindly polarized it's not even funny. Try using your brain sometime instead of the same old, tired worn out republican bashing. You really think the Democrats are so wonderful? You're narrow minded indeed...

    To the contrary, dear Overcast. Those of us who are most polarized are the only ones paying attention. But you are right - it is not funny. It's fucking sick. Believe me, you think republican bashing is tired and worn out? Believe me, it hasn't even started yet.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    i4c, Sep 14th, 2006 @ 7:33am

    they are all going to hell anyway

    these are the corrupt scumbags who messed with the voting machines to put monkey boy bush in office in the first place

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Anonymous Coward, Sep 14th, 2006 @ 7:44am

    Every report I have heard of a security flaw is based on the tester having their own machine to work on at will. If an attacker has physical access to a network, the network is not secure either.

    Show me just one case where there has been a real world exploit of any of an electronic voting machine.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Chuck Norris' Enemy (deceased), Sep 14th, 2006 @ 7:47am

    Re: GOP moniker

    Back then weren't the Nationalists more like the current Republicans and the Republicans more like the current Democrats.
    Regardless, Democrats and Republicans are essentially the same. Right in the middle with little skewing to the left or right. Overall they all approve of what is being voted in as law. They are all owned by Big Business and agree that laws passed should benefit corporations who in turn fund these clowns' election campaigns.

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Anonymous Coward, Sep 14th, 2006 @ 7:49am

    Re: Look who is the "oversight"

    And the reason the Dems don't want them is because, as William put it, a monkey can rig the current machines. No, the electronic machines are not perfect, but it is harder to commit voter fraud with them than any of the old manual systems.

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    jsnbase, Sep 14th, 2006 @ 7:53am

    Re: A little perspective

    The difference between your machines and these is that we didn't have to fight the manufacturer of those machines tooth and nail to provide a verifiable paper record of votes. Fraud becomes pretty obvious then. Also, what you're describing would simply create a miscount in the number of votes, yes? The fear here is that the machines can be programmed to misrecord votes.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Anonymous Coward, Sep 14th, 2006 @ 7:54am

    Re: Expected this response

    Have any flaws ever been found at or before an election? If someone finds a bug 4 years after the fact, then I would trust the results of that previous election. The only time I will worry is if someone finds a way to hack the system before the election.

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Anonymous Coward, Sep 14th, 2006 @ 7:59am

    I'd like to point out that the e-voting thing has really been pushed forward by democrats.....convinced that the '04 elections were "stolen" from them by hanging chads and what-not. That whole thing was pretty ridiculous excercise overall, but that's what led us to this point.

    Why is it when republicans lose by a slim margin and there's some voting irregularity (and there's always SOMETHING) they're mostly willing to let it go, but the reverse is not true? Really it was prefferable before, cuz if something weird happened, you could point to it, hold it in your hand. Now, you might never even realize, and the effects could be much more pronounced.

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Overcast, Sep 14th, 2006 @ 8:00am

    Re: Re:

    To the contrary, dear Overcast. Those of us who are most polarized are the only ones paying attention. But you are right - it is not funny. It's fucking sick. Believe me, you think republican bashing is tired and worn out? Believe me, it hasn't even started yet.

    Yeah, the bashing's worn out - I don't even listen to it anymore, it's just brainless drivel.

    And no, I pay quite a lot of attention that's why I'm not a mindless polarized partizan drone who can't think for hisself.

    But go on, Bash bush like the rest of the 'enlightened' ones. I'll just laugh and continue to agree with Einstien when he said there's no limit to human stupidity..

    But go one now... go join your fellow Bush bashers for a latte. Maybe you can stroke your own ego a bit more. Bush bashing's so cool!!

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Anonymous Coward, Sep 14th, 2006 @ 8:02am

    Re: Re: A little perspective

    I used an electronic machine the past two elections, didn't pay attention to the brand. Both times the machine printed a hardcopy of how I voted. The "goodbye" screen instructed me to review the hardcopy and report any discrepancies to the attendants.

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    photon11111, Sep 14th, 2006 @ 8:18am

    I sounds as if most are missing the meat of what has been said. Putting down on political parties has nothing to do with the problem.

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    Sanguine Dream, Sep 14th, 2006 @ 8:31am

    Re: Re: Re:

    Instead of just discussing opinions like mature people everyone is too busy caught in "cleverly" insulting anyone that doesn't agree with them. Too damn busy trying to accuse the other side of bandwgoning. More concerned with getting the last and best word than just trying to help the other side understand where you are coming from and vice versa. Flamebaiting then running to the moral highground to make yourself feel better when they attack back.

     

    reply to this | link to this | view in thread ]

  31.  
    identicon
    cycle003, Sep 14th, 2006 @ 9:06am

    Real world exploits?--How would we know?

    Show me just one case where there has been a real world exploit of any of an electronic voting machine.

    One of the major problems with the lack of security and accountability of electronic voting machines is that we may never know if tampering occurred. People such as this Anonymous Coward (#21) allow companies like Diebold to continue pushing the "security through obscurity" scam. For the most part, advocates for secure voting machines are not doing so out of some political agenda, but statements made by Diebold executives guaranteeing certain election results certainly provoke partisan mudslinging. We only ask that the system has accountability, which a thorough paper backup system should offer. Elections will always be subject to tampering, but every reasonable effort should me made to secure fair elections.

    Finally, Republican-bashing does nothing to help the cause of securing voting equipment. In fact, the name-calling-blame-game only weakens the credibility of those who truly want to see fair elections.

     

    reply to this | link to this | view in thread ]

  32.  
    identicon
    Anonymous Coward, Sep 14th, 2006 @ 9:24am

    I'm not worried in Sanford, FL

    When I went to vote in the primary election here a week or two ago, I'd thought some local retirement community or AARP group had been contracted to operate the polling locations. Unless the hack was done by people voting and not the people operating the place, I somehow seriously doubt they'd manage to pull off anything at all. :)

    Not to mention, for whatever reason, there were 4 men sitting at a desk off to the side who did nothing but watch the 2 - 3 people voting like hawks. Out of sheer boredom or what, I don't know.

    My main concern: Low turnout. Wtf does it matter if voting is 98% fair or 99% of the time fair if turnout is as abysmal, and getting worse, like it is? At 20, I was the youngest person there, except for some grandkids a couple grandparents brought with them. Again, the people voting were like the AARP members who didnt pull the short stick and have to work the polls themselves.

     

    reply to this | link to this | view in thread ]

  33.  
    identicon
    Anonymous Coward, Sep 14th, 2006 @ 9:58am

    Re:

    Yeah, it just must amaze you that so many people voted for Bush. If you are going to buy an election shouldn't you win it by a large margin?

    Instead of proving to me that somenone could screw with the machines, prove to me someone did. On top of that, I don't even care if the machines are faulty as long as the party of my choice wins. You dumb ass socialist should go to Europe and live there.

     

    reply to this | link to this | view in thread ]

  34.  
    identicon
    Anonymous Coward, Sep 14th, 2006 @ 9:58am

    Re: Re:

    Dude, get your teeth fixed and shut up.

     

    reply to this | link to this | view in thread ]

  35.  
    identicon
    Greg, Sep 14th, 2006 @ 10:01am

    Re: Re: Look who is the "oversight"

    "No, the electronic machines are not perfect, but it is harder to commit voter fraud with them than any of the old manual systems."

    Really? With the old machines you would need a person at each and every location to rig the machine. With the new ones, you just need to put out a software update, or get access through the network.

    You are way off the mark.

     

    reply to this | link to this | view in thread ]

  36.  
    identicon
    Anonymous Coward, Sep 14th, 2006 @ 10:10am

    Re: I'm not worried in Sanford, FL

    I am ok with only 3 people voting as long as one of them votes the way I do. I don't see why more people voting is better. As long as the proper decisions are made the number of people making that decision is unimportant.

     

    reply to this | link to this | view in thread ]

  37.  
    identicon
    Lay Person, Sep 14th, 2006 @ 11:04am

    Silly Rubin...

    Silly Rubin, security is for kids!

    Do you really think anyone wants security?

    If the voting machines are slippery regarding security then that's just the way they ordered them.

    See, George and his henchmen can slip another one of themselves into office with a customizable voting machine. Without it, they don't have a hell of a chance.

     

    reply to this | link to this | view in thread ]

  38.  
    identicon
    Charles, Sep 14th, 2006 @ 11:57am

    Re: GOP moniker

    What? I've never heard about this. Does anyone have any idea whether or not this is true? If so, anyone know where I can read more about this?

     

    reply to this | link to this | view in thread ]

  39.  
    identicon
    Charles, Sep 14th, 2006 @ 11:57am

    Re: Re: GOP moniker

    Sorry, was referring to:

    Grand Old Party (GOP) derives from Grand Army of the Patomic (River--runs through the capital district between Virginia & Maryland). It reminds or reminded everyone that it was once perfectly legal to shoot republicans in more than half the country (1861-1872). Shooting republicans was even encouraged and facilitated by state and local governments back then.

     

    reply to this | link to this | view in thread ]

  40.  
    identicon
    leo, Sep 14th, 2006 @ 12:24pm

    rigging the old machines was easy

    It may have been easy to rig the old machines but there was at least a papper trail to inspect election results, with the new machines we lose even that.

    Personally i think we should just get it over with, elect an army of killer robots to reign over us carfully watching our every organic move through the cold steele eyes.

    alos, their eyes shoot lasers cuz lasers are neat!

     

    reply to this | link to this | view in thread ]

  41.  
    identicon
    Craig J., Sep 14th, 2006 @ 6:20pm

    Re: Re: Re:

    The people did not elect Bush in either 2000 or 2004. The Republicans have got election stealing down to a science, literally. Also, the corporate-run media (run by the same corporations which run our govt) will not bring the diebold issue into the mainstream public consciousness because - guess what? The same people who own our government own the media!!! The majority of the american people are not stupid enough to elect someone like Bush. But they're stupid enough to think the american mainstream news (CNN or Fox) is trustworthy.

     

    reply to this | link to this | view in thread ]

  42.  
    identicon
    Anonymous Coward, Sep 15th, 2006 @ 6:11am

    Re: GOP moniker

    POTOMAC not "Patomic".. They don't even sound remotely alike if you "sound it out"

     

    reply to this | link to this | view in thread ]

  43.  
    identicon
    Granny, Sep 15th, 2006 @ 7:43am

    Re: The problem isn't with Repub or Dem...

    Amen! I'm voting for anyone 'new' in this election, from local elections all the way up.
    Once they've been in too long, they get just as corrupted as the old guys.
    We definitely need the Big Guys to have term limits. No one can stay objective who has made a living perfecting his career as a politician.

     

    reply to this | link to this | view in thread ]

  44.  
    identicon
    ebrke, Sep 15th, 2006 @ 7:50am

    Re: Re:

    Oh, you don't care if the machines are faulty as long as the party of your choice wins? Wake up, some day it WON'T be the party of your choice that wins, it will be the other guys, once they figure out how to hack the system better. It's partisans like you who are ruining this country.

     

    reply to this | link to this | view in thread ]

  45.  
    identicon
    William, Sep 15th, 2006 @ 8:14am

    Re: rigging the old machines was easy

    Actually, there was no paper trail with the old lever type. The lever simply incremented the counting wheel by 1 and the poll workers read the wheel counts in the back of each machine at the end of the night.

     

    reply to this | link to this | view in thread ]

  46.  
    identicon
    Sue Simmons, Sep 28th, 2006 @ 8:16am

    Re: Expected this response

    As a chickasaw citizen, I ran for legislator and lost by 46 votes. I knew going into the election that the machines can be programed with a memory card and with a virus. My votes are to be locked for 3 years. It would take a court order to unseal the ballots. To get the order through our government would be close to impossible.
    A hand count of the votes may prove the machines were right or wrong.
    Another legislator that lost by 18 votes asked for a hand recount and was denied.
    In my opinion our elections are no better than 3rd world countries.

     

    reply to this | link to this | view in thread ]

  47.  
    identicon
    Barry K. Byers Sr, Nov 24th, 2006 @ 11:58am

    election misconduct

    It certainly appears that Our Great Nation will be tainted by corruption in and at the highest levels of Our Government...I wish to file formal complaint as a tribal member and would like a response as soon as possible from Our Governor concerning the new election proposal and the reconciliation of past vote assimilation by those same methods as well as a recount by hand to verify accurate counting measures have justified the elections of current leaders within the Chickasaw Nation.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This