Diebold Brushes Off Yet Another Damning Security Report

from the accountability? dept

Just a day after Avi Rubin discussed many of the real world problems of some Diebold e-voting machines in action, Ed Felten has come out with his quite damning independent review of the machines — noting just how problematic the security is and how easy it was to upload malicious programs (including a virus that could spread dangerous software from machine to machine). This is hardly the first time we’ve seen such a report, but it seems like each report is progressively worse. By this point, you’d have to have lived in a hole to believe e-voting machines are secure. Diebold, in typical fashion, has responded not by admitting to any problems, but by attacking Felten’s report — claiming that his test (done on a machine acquired just a few months ago) was based on older software. Still, given the sheer number of reports of security problems with Diebold machines over the years, it’s quite difficult to believe that between a couple months ago and now, they’ve solved all the security issues. In fact, given Rubin’s report from yesterday — it sounds like their “security measures” are so weak as to be a joke. What’s most amazing of all is that Diebold continues to act defiantly about this, despite overwhelming proof that their machines have tremendous fundamental problems. Given the importance of secure and accurate elections, Diebold’s continued denial of problems and attitude that there’s no problem at all should concern just about everyone. Yet, it seems like they’re being used almost everywhere.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Diebold Brushes Off Yet Another Damning Security Report”

Subscribe: RSS Leave a comment
just one guy says:

Two months to fix the bugs...

it’s quite difficult to believe that between a couple months ago and now, they’ve solved all the security issues

Mike, I don’t think that yours is the real point here. You (as we) still have no clue of whether they in fact have solved or not the bugs of their software. I think the reason to dismiss Diebold’s response should be more based on reflections such as:

  • How many copies of the “old” bug-ridden software have been installed on machines used in past elections?
  • How therefore can we be sure that those elections were fair?
  • How did you dare at the time be so confident that no problems existed?
  • How many of those machines are still around and will be used in further elections?
  • Given the abysmal results of their internal quality control unit in the past, what have they done internally to make sure not only that their past bugs were solved, but that no more bugs have been introduced, and that their released software is now safe?

I think that the real issue here is that Diebold keeps on considering election software as just any desktop applications, and behave accordingly as if disclosure of trade secrets to competition were the only relevant issue.

Their change of attitude is more important than their bug fix: election software is a mission critical software that MUST be independently validated before it is allowed to run and control the most fundamental aspect of modern democracies, such as the vote.

Bubba Nicholson (profile) says:

Re: Re: GOP moniker

Grand Old Party (GOP) derives from Grand Army of the Patomic (River–runs through the capital district between Virginia & Maryland). It reminds or reminded everyone that it was once perfectly legal to shoot republicans in more than half the country (1861-1872). Shooting republicans was even encouraged and facilitated by state and local governments back then.

Chuck Norris' Enemy (deceased) says:

Re: Re: Re: GOP moniker

Back then weren’t the Nationalists more like the current Republicans and the Republicans more like the current Democrats.
Regardless, Democrats and Republicans are essentially the same. Right in the middle with little skewing to the left or right. Overall they all approve of what is being voted in as law. They are all owned by Big Business and agree that laws passed should benefit corporations who in turn fund these clowns’ election campaigns.

Charles says:

Re: Re: Re:2 GOP moniker

Sorry, was referring to:

Grand Old Party (GOP) derives from Grand Army of the Patomic (River–runs through the capital district between Virginia & Maryland). It reminds or reminded everyone that it was once perfectly legal to shoot republicans in more than half the country (1861-1872). Shooting republicans was even encouraged and facilitated by state and local governments back then.

Craig J. says:

Re: Re: Re: Re:

The people did not elect Bush in either 2000 or 2004. The Republicans have got election stealing down to a science, literally. Also, the corporate-run media (run by the same corporations which run our govt) will not bring the diebold issue into the mainstream public consciousness because – guess what? The same people who own our government own the media!!! The majority of the american people are not stupid enough to elect someone like Bush. But they’re stupid enough to think the american mainstream news (CNN or Fox) is trustworthy.

Anonymous Coward says:

Re: Re:

Yeah, it just must amaze you that so many people voted for Bush. If you are going to buy an election shouldn’t you win it by a large margin?

Instead of proving to me that somenone could screw with the machines, prove to me someone did. On top of that, I don’t even care if the machines are faulty as long as the party of my choice wins. You dumb ass socialist should go to Europe and live there.

yadda yadda says:

This story really needs some serious mainstream media attention and a public buzz before this next round of elections if there’s anything to be done about this.

Voting is one of the most important exercises in a democracy.. but unfortunately, the people behind the Diebold corporation, as well as most politicians, don’t seem to care if the elections could be rigged by these dud e-voting machines.

William says:

A little perspective

I used to prepare the old lever type voting machines for our local elections and talk about insecure! All I had to do while I was in the back of the machine is turn the counting wheel to start say at 1000 instead of 0 and this took no technical training or electronic hacking. At least the new electronic machines take technological savvy to pull off a fraud. The old machines could be rigged by a monkey. I just think a lot of this is fear of technology which always happens with anything new. I am in no way letting Diebold off the hook here. They should tighten up the security on these boxes but it always has been easy to pull off an election fraud.

jsnbase (user link) says:

Re: A little perspective

The difference between your machines and these is that we didn’t have to fight the manufacturer of those machines tooth and nail to provide a verifiable paper record of votes. Fraud becomes pretty obvious then. Also, what you’re describing would simply create a miscount in the number of votes, yes? The fear here is that the machines can be programmed to misrecord votes.

Ed says:

Look who is the "oversight"

In almost every jurisdiction using these Diebold machines, the people who selected them and defend them are overwhelmingly Republican. There is a concerted effort to KEEP the Diebold machines just as they are, and I think there is a nefarious reason for that. Sure, call me paranoid, but I’ve seen far too much “monkey business” over the last several years to think such a scenario is now far fetched. It is not in the GOP’s interest to allow much of an investigation into these machines.

Greg says:

Re: Re: Look who is the "oversight"

“No, the electronic machines are not perfect, but it is harder to commit voter fraud with them than any of the old manual systems.”

Really? With the old machines you would need a person at each and every location to rig the machine. With the new ones, you just need to put out a software update, or get access through the network.

You are way off the mark.

Anonymous Coward says:

Re: The problem isn't with Repub or Dem...

It is with the incumbents.

People who’ve been in Congress for so long they aren’t even connected to people any longer.

Let’s vote them all out and start with a fresh new batch in November. Term limits would be a good idea too.

That’s the whole point. It doesn’t matter how many people “vote them out”. Those in control of the voting machines have a vested interest in making sure the results come out a certain way. The will of the people will never see the light of day. Does anyone really think Bush won in 2004? I mean seriously speaking?

He’s already proved that he doesn’t bel;ive laws apply to him, so it it too much of a stretch to consider the voting might have been rigged. Actually, there is a lot of much stronger evidence out there to suggest it was. Of course, kinda difficult to prove now that there’s no paper trail. Again, this is not by accident.

Granny says:

Re: The problem isn't with Repub or Dem...

Amen! I’m voting for anyone ‘new’ in this election, from local elections all the way up.
Once they’ve been in too long, they get just as corrupted as the old guys.
We definitely need the Big Guys to have term limits. No one can stay objective who has made a living perfecting his career as a politician.

Anonymous Coward says:

Re: Re:

Some of you people are so blindly polarized it’s not even funny. Try using your brain sometime instead of the same old, tired worn out republican bashing. You really think the Democrats are so wonderful? You’re narrow minded indeed…

To the contrary, dear Overcast. Those of us who are most polarized are the only ones paying attention. But you are right – it is not funny. It’s fucking sick. Believe me, you think republican bashing is tired and worn out? Believe me, it hasn’t even started yet.

Overcast says:

Re: Re: Re:

To the contrary, dear Overcast. Those of us who are most polarized are the only ones paying attention. But you are right – it is not funny. It’s fucking sick. Believe me, you think republican bashing is tired and worn out? Believe me, it hasn’t even started yet.

Yeah, the bashing’s worn out – I don’t even listen to it anymore, it’s just brainless drivel.

And no, I pay quite a lot of attention that’s why I’m not a mindless polarized partizan drone who can’t think for hisself.

But go on, Bash bush like the rest of the ‘enlightened’ ones. I’ll just laugh and continue to agree with Einstien when he said there’s no limit to human stupidity..

But go one now… go join your fellow Bush bashers for a latte. Maybe you can stroke your own ego a bit more. Bush bashing’s so cool!!

Sanguine Dream says:

Re: Re: Re: Re:

Instead of just discussing opinions like mature people everyone is too busy caught in “cleverly” insulting anyone that doesn’t agree with them. Too damn busy trying to accuse the other side of bandwgoning. More concerned with getting the last and best word than just trying to help the other side understand where you are coming from and vice versa. Flamebaiting then running to the moral highground to make yourself feel better when they attack back.

Nilt says:

Expected this response

Having read the actual report in full, I expected Diebold to come up with exactly this remark. On page 2 of the report it states:
The machine we obtained came loaded with version 4.3.15 of the Diebold BallotStation software that
runs the machine during an election.1 This version was deployed in 2002 and certified by the National
Association of State Election Directors (NASED) [11]. While some of the problems we identify in this
report may have been remedied in subsequent software releases (current versions are in the 4.6 series),
others are architectural in nature and cannot easily be repaired by software changes. In any case, subsequent
versions of the software should be assumed insecure until fully independent examination proves otherwise.

The real issue at hand, which Diebold refuses to accept responsibility for, is that their previous claim of the software being secure has now been shown to be absolutely false. Why should we now, absent any proof whatsoever, accept that the new version is any different? Hopefully this study will get some attention and we’ll see some change.

Sue Simmons says:

Re: Expected this response

As a chickasaw citizen, I ran for legislator and lost by 46 votes. I knew going into the election that the machines can be programed with a memory card and with a virus. My votes are to be locked for 3 years. It would take a court order to unseal the ballots. To get the order through our government would be close to impossible.
A hand count of the votes may prove the machines were right or wrong.
Another legislator that lost by 18 votes asked for a hand recount and was denied.
In my opinion our elections are no better than 3rd world countries.

Anonymous Coward says:

I think people should take the new malicous software that was demonstrated today and distribute it to as many tech savy groups and individuals in the US as possible. Then come November when people who were not on the ballot have 100% of the votes someone will wake up and do something. Or the media will just spin it as a “terrorist attack” or the Republicans will blame the dems and vice versa.

Anonymous Coward says:

I’d like to point out that the e-voting thing has really been pushed forward by democrats…..convinced that the ’04 elections were “stolen” from them by hanging chads and what-not. That whole thing was pretty ridiculous excercise overall, but that’s what led us to this point.

Why is it when republicans lose by a slim margin and there’s some voting irregularity (and there’s always SOMETHING) they’re mostly willing to let it go, but the reverse is not true? Really it was prefferable before, cuz if something weird happened, you could point to it, hold it in your hand. Now, you might never even realize, and the effects could be much more pronounced.

cycle003 says:

Real world exploits?--How would we know?

Show me just one case where there has been a real world exploit of any of an electronic voting machine.

One of the major problems with the lack of security and accountability of electronic voting machines is that we may never know if tampering occurred. People such as this Anonymous Coward (#21) allow companies like Diebold to continue pushing the “security through obscurity” scam. For the most part, advocates for secure voting machines are not doing so out of some political agenda, but statements made by Diebold executives guaranteeing certain election results certainly provoke partisan mudslinging. We only ask that the system has accountability, which a thorough paper backup system should offer. Elections will always be subject to tampering, but every reasonable effort should me made to secure fair elections.

Finally, Republican-bashing does nothing to help the cause of securing voting equipment. In fact, the name-calling-blame-game only weakens the credibility of those who truly want to see fair elections.

Anonymous Coward says:

I'm not worried in Sanford, FL

When I went to vote in the primary election here a week or two ago, I’d thought some local retirement community or AARP group had been contracted to operate the polling locations. Unless the hack was done by people voting and not the people operating the place, I somehow seriously doubt they’d manage to pull off anything at all. 🙂

Not to mention, for whatever reason, there were 4 men sitting at a desk off to the side who did nothing but watch the 2 – 3 people voting like hawks. Out of sheer boredom or what, I don’t know.

My main concern: Low turnout. Wtf does it matter if voting is 98% fair or 99% of the time fair if turnout is as abysmal, and getting worse, like it is? At 20, I was the youngest person there, except for some grandkids a couple grandparents brought with them. Again, the people voting were like the AARP members who didnt pull the short stick and have to work the polls themselves.

Lay Person says:

Silly Rubin...

Silly Rubin, security is for kids!

Do you really think anyone wants security?

If the voting machines are slippery regarding security then that’s just the way they ordered them.

See, George and his henchmen can slip another one of themselves into office with a customizable voting machine. Without it, they don’t have a hell of a chance.

leo says:

rigging the old machines was easy

It may have been easy to rig the old machines but there was at least a papper trail to inspect election results, with the new machines we lose even that.

Personally i think we should just get it over with, elect an army of killer robots to reign over us carfully watching our every organic move through the cold steele eyes.

alos, their eyes shoot lasers cuz lasers are neat!

Barry K. Byers Sr (user link) says:

election misconduct

It certainly appears that Our Great Nation will be tainted by corruption in and at the highest levels of Our Government…I wish to file formal complaint as a tribal member and would like a response as soon as possible from Our Governor concerning the new election proposal and the reconciliation of past vote assimilation by those same methods as well as a recount by hand to verify accurate counting measures have justified the elections of current leaders within the Chickasaw Nation.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...