Diebold Source Code Leaked Again -- Is That Such A Bad Thing?

from the should-be-secure-either-way,-right? dept

The e-voting mess continues to get messier, as the FBI is looking into the possible theft (and leak) of Diebold's e-voting source code. Various articles on this are pointing out how problematic this is, as the source code could help someone discover a vulnerability and cause problems in next month's elections. Of course, to be totally honest, it doesn't seem like it takes all that much work to find security vulnerabilities in Diebold e-voting machines these days with or without the source code. At the same time, it also sounds like this particular source code is a bit old. More importantly, though, if Diebold is really so confident that their e-voting machines are safe (as silly as that may sound), shouldn't they be comfortable with the machines' security even if the source code is public?


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Mike F.M, Oct 23rd, 2006 @ 2:51am

    Well...

    ...to be honest their security can't get much worse so this leak shouldn't threaten them too much.

    It's more how the person got the source code that I would be worried with. If they managed to get that, what else can they get hold of?

    (First)

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    Daniel (profile), Oct 23rd, 2006 @ 4:25am

    Possibly the best theing to happen to them.

    Leaking Diebold's source code could possibly be the best thing to happen to them. With the code out in the open, its problems can get hashed out and its leaks can get plugged. This is obviously MUCH better than leaving them there and hoping no one will catch on. Security through obscurity is just another way of saying "we've got easter eggs - come and find 'em!"

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    John B, Oct 23rd, 2006 @ 4:28am

    diebold security

    If Robin Williams wins the write-in vote for president, (although considering probable republican/democratic candidates, this may not be a bad thing) we will know how the source code from diebold was used, and how easy it is for an election to be stolen with these so-called "secure" voting machines.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    CuppaJo, Oct 23rd, 2006 @ 4:32am

    Collusion

    The relationship between that company and the GOP suggests that your vote will be pwned by the very people who keep the sources locked.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Sanguine Dream, Oct 23rd, 2006 @ 5:35am

    The sad thing is...

    If something goes wrong Diebold will just spin it to make it look like the thief that stole the code is the sole reason for any and all future security issues. I think the theif wanted to prove just how vulnerable their e-voting is but all he/she did was become a scapegoat.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    thecaptain, Oct 23rd, 2006 @ 5:35am

    Frankly,

    From what I'm hearing they NEED a little help with vulnerabilities.

    The ONLY way I could trust voting machines is if the source code is available. It doesn't have to be open source or free or whatever (ie: available to EVERYONE). But I'd like it available to a LARGE number of people...in other words, too many for a cover up...AND I'd like some sort of process wherein people could verify and certify that the code being shown is the code being run.

    If we can't look at it...then there's a chance (and the way Diebold has been acting I'm almost CONVINCED its happening) that the company can "sell" elections to the highest bidder.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Jamie, Oct 23rd, 2006 @ 6:24am

    Re: Collusion

    Haven’t seen a whole lot of collusion here. In this case we are talking about Maryland, a stanch Democrat state. The election officials in MD, who keep spouting the company propaganda that the machines are safe, are Democrats. So to be fair, Diebold seems to have convinced people in both parties.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Celes, Oct 23rd, 2006 @ 6:39am

    Re: Re: Collusion

    And Governor Ehrlich (Republican) is encouraging people to vote via absentee ballot because of the problems we've been experiencing here.

    Of course, in Maryland, the vast majority of our politicians usually form opinions just to fight against the other party, not because of what they're fighting for. We're seeing some *weird* races this year...

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    PCs, Oct 23rd, 2006 @ 9:10am

    Security

    I wonder if anybody noticed this:

    Small could not gain access to the GEMS software because the material on two of the disks was protected by a password.

    Radke, the Diebold spokesman, said the versions of Ballot Station released since the version identified on the disks have many new security features. The Diebold statement said "it would take years for a knowledgeable scientist" to break the encryption used on the software apparently contained on the disks delivered to Kagan. But Rubin said "the data and files were not encrypted" on the Ballot Station disk he reviewed.

    Interesting.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Oct 23rd, 2006 @ 9:16am

    Re: diebold security

    Robin Williams? I'd push for a massive write-in campaign for Chuck Norris.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Orny, Oct 23rd, 2006 @ 11:50am

    Good scam

    Hmmm, they could take money from both sides trying to buy the win, and just let the elections play out (or pick a side). One side would be happy, the other side would be ticked, but what could they do? Go public and say they got cheated trying to buy the election?

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Randy, Oct 23rd, 2006 @ 12:38pm

    Coincidence??? What Movie?

    Fact? Fiction? It is just a movie after all... If this happens again, with all that we have been shown over the last two presidential elections (did our votes count then?), then it is but our own fault. What can we do about it? JUST VOTE! and if they try to steal another elction, we can just go to thier offices and carry them out and do it again and again till we get back the democracy that was conceptualized many years ago. We have allowed too much media to control our efforts and our reason. Success is the best revenge from those who want to take your freedom. enJOY you life and let the rest go... BUT DO VOTE! it is your right!!! namaste

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    David, Oct 23rd, 2006 @ 12:53pm

    I concur...

    I'd vote for Robin Williams for president...

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Cheesy One, Oct 23rd, 2006 @ 1:26pm

    Yeah...I'd rather not know

    I prefer not to know how my vote is counted. I'm much more comfortable just knowing that a black box is counting it the right way than worrying if enough geeks have reviewed it to make sure it's error free and honest. I mean what good has this whole open-source thing done anyway? Look at all the problems the *nix systems have.

    Just tell me it works and I'll be happy. DO NOT prove it to me!

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Santa, Oct 23rd, 2006 @ 2:43pm

    It's sad to see how slow the US has been to solve

    There are third world countries that have 100% electronic voting systems in place for years...without glitches...without any doubts cast on the results. It seems there are people interested in keeping the voting system in chaos in the US. And considering the outcome of the last two elections....it's clear why.....

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    DigitalBomb, Oct 23rd, 2006 @ 4:45pm

    I'm a Network Security Administrator. I would never use e-voting and I think any state that would allow it doesn't actually value the voter. Of course the value of our votes is greatly shown with incidents like the Florida count where these people were actually looking at ballots and going "well, it looks like this person poked this hole...but it's not all the way through, so I think he meant to poke this one." Also, take into account our flawed electoral college voting. What a great way to show that this country does not care one lick about what the people want - the Electoral College.

    Anyone who has taken ten minutes of an internet security course could tell you that information passing through a network is never 100% safe. Why should we allow a system that isn't 100% safe to be entrusted to the integrity of our votes? The answer is that we should not.

    That's what raises my eyebrow as a Security guru and a voter. Now, as a Programmer, anyone who isn't comfortable with their "secure" program's source code being public is someone who does not have a secure program and they know it. If this program's source code was leaked, let us be thankful. Hopefully, some teenage kid hyped up on Starbucks double-shot espressos and Twizzlers will stay up until three in the morning until he finally works out every single security issue. I'd be willing to bet more money than I have that he'd produce something more secure than Diebold's beta testers and top programmers ever will given their uncomfort about the source code being public. Public code shows that you have no flaws whatsoever, because if you did, someone would find it and send you a nice email about it. Most "hackers" will actually tell you how to fix things you missed.

    So why do systems like e-voting come around? Laziness. It's that simple. What is wrong with just getting off our butts and going to register and actually stand in line to cast a vote?

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Eugenian, Oct 23rd, 2006 @ 6:40pm

    a better system

    Oregon's voting system -- in which everyone votes by mail/absentee ballot, with nonpartisan human elections workers checking each ballot signature against the registrant's signature on file -- is the least-worst voting system I've ever seen. (I've lived in NY, Wisconsin, Michigan, Washington and Oregon, and I've covered many elections as a reporter, witnessing the vote counting, as as a law student/volunteer voting rights observer.) It still relies on optical scanners to count the votes, but the scanners are centrally located in each county's elections office, and there is a provision for hand re-counts. Other states would be wise to adopt this system (and I believe Washington, which has long made it easy but optional to vote by mail, will go all-mail in the near future). We need to take the electronic networking element out of elections and minimize the potential for people to tamper with voting machines at polling places. An added benefit: Vote-By-Mail produces a much higher "turnout" than vote-in-person. Oregon has the highest voter turnout in the nation.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Steve Savage, Oct 26th, 2006 @ 1:50pm

    Frankly....

    I have ZERO worries about hackers taking down our e-voting systems.

    My only real worry is poll workers who palm the memory card and substitute another one, or an insider conspiracy to steal an election. Thats very likely to happen.

    Hackers have more ethics and probably would just substitute "Saddam Hussein" for George Bush in the election results central computer just to prove their point.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This