Diebold Brushes Off Yet Another Damning Security Report
from the accountability? dept
Just a day after Avi Rubin discussed many of the real world problems of some Diebold e-voting machines in action, Ed Felten has come out with his quite damning independent review of the machines — noting just how problematic the security is and how easy it was to upload malicious programs (including a virus that could spread dangerous software from machine to machine). This is hardly the first time we’ve seen such a report, but it seems like each report is progressively worse. By this point, you’d have to have lived in a hole to believe e-voting machines are secure. Diebold, in typical fashion, has responded not by admitting to any problems, but by attacking Felten’s report — claiming that his test (done on a machine acquired just a few months ago) was based on older software. Still, given the sheer number of reports of security problems with Diebold machines over the years, it’s quite difficult to believe that between a couple months ago and now, they’ve solved all the security issues. In fact, given Rubin’s report from yesterday — it sounds like their “security measures” are so weak as to be a joke. What’s most amazing of all is that Diebold continues to act defiantly about this, despite overwhelming proof that their machines have tremendous fundamental problems. Given the importance of secure and accurate elections, Diebold’s continued denial of problems and attitude that there’s no problem at all should concern just about everyone. Yet, it seems like they’re being used almost everywhere.
Comments on “Diebold Brushes Off Yet Another Damning Security Report”
Two months to fix the bugs...
it’s quite difficult to believe that between a couple months ago and now, they’ve solved all the security issues
Mike, I don’t think that yours is the real point here. You (as we) still have no clue of whether they in fact have solved or not the bugs of their software. I think the reason to dismiss Diebold’s response should be more based on reflections such as:
I think that the real issue here is that Diebold keeps on considering election software as just any desktop applications, and behave accordingly as if disclosure of trade secrets to competition were the only relevant issue.
Their change of attitude is more important than their bug fix: election software is a mission critical software that MUST be independently validated before it is allowed to run and control the most fundamental aspect of modern democracies, such as the vote.
This is the only way the Republicans will win in November. Diebold – bought and paid for by the GOP.
Re: Re:
I am British and only recently discovered what GOP means. I am surprised anyone still uses this term. I cannot see anything GRAND about the Republicans.
Re: Re: GOP moniker
Grand Old Party (GOP) derives from Grand Army of the Patomic (River–runs through the capital district between Virginia & Maryland). It reminds or reminded everyone that it was once perfectly legal to shoot republicans in more than half the country (1861-1872). Shooting republicans was even encouraged and facilitated by state and local governments back then.
Re: Re: Re: GOP moniker
Back then weren’t the Nationalists more like the current Republicans and the Republicans more like the current Democrats.
Regardless, Democrats and Republicans are essentially the same. Right in the middle with little skewing to the left or right. Overall they all approve of what is being voted in as law. They are all owned by Big Business and agree that laws passed should benefit corporations who in turn fund these clowns’ election campaigns.
Re: Re: Re: GOP moniker
What? I’ve never heard about this. Does anyone have any idea whether or not this is true? If so, anyone know where I can read more about this?
Re: Re: Re:2 GOP moniker
Sorry, was referring to:
Grand Old Party (GOP) derives from Grand Army of the Patomic (River–runs through the capital district between Virginia & Maryland). It reminds or reminded everyone that it was once perfectly legal to shoot republicans in more than half the country (1861-1872). Shooting republicans was even encouraged and facilitated by state and local governments back then.
Re: Re: Re: GOP moniker
POTOMAC not “Patomic”.. They don’t even sound remotely alike if you “sound it out”
Re: Re: Re:
Dude, get your teeth fixed and shut up.
Re: Re:
As an afterthought, maybe there IS something grand about them. They have found countless grand ways of screwing up the USA.
This, of course, from the perspective of someone desperately trying not to hate this nation.
Re: Re: Re:
Don’t hate the nation, hate the people. We are run by idiots because idiots elect them (I’m counting Dems here too — not to discriminate). The nation itself is fantastic.
Re: Re: Re: Re:
The people did not elect Bush in either 2000 or 2004. The Republicans have got election stealing down to a science, literally. Also, the corporate-run media (run by the same corporations which run our govt) will not bring the diebold issue into the mainstream public consciousness because – guess what? The same people who own our government own the media!!! The majority of the american people are not stupid enough to elect someone like Bush. But they’re stupid enough to think the american mainstream news (CNN or Fox) is trustworthy.
Re: Re:
Yeah, it just must amaze you that so many people voted for Bush. If you are going to buy an election shouldn’t you win it by a large margin?
Instead of proving to me that somenone could screw with the machines, prove to me someone did. On top of that, I don’t even care if the machines are faulty as long as the party of my choice wins. You dumb ass socialist should go to Europe and live there.
Re: Re: Re:
Oh, you don’t care if the machines are faulty as long as the party of your choice wins? Wake up, some day it WON’T be the party of your choice that wins, it will be the other guys, once they figure out how to hack the system better. It’s partisans like you who are ruining this country.
This story really needs some serious mainstream media attention and a public buzz before this next round of elections if there’s anything to be done about this.
Voting is one of the most important exercises in a democracy.. but unfortunately, the people behind the Diebold corporation, as well as most politicians, don’t seem to care if the elections could be rigged by these dud e-voting machines.
A little perspective
I used to prepare the old lever type voting machines for our local elections and talk about insecure! All I had to do while I was in the back of the machine is turn the counting wheel to start say at 1000 instead of 0 and this took no technical training or electronic hacking. At least the new electronic machines take technological savvy to pull off a fraud. The old machines could be rigged by a monkey. I just think a lot of this is fear of technology which always happens with anything new. I am in no way letting Diebold off the hook here. They should tighten up the security on these boxes but it always has been easy to pull off an election fraud.
Re: A little perspective
I’m sorry–I can’t buy fear of technology. Many of the people who are most critical of the software are people like Ed Felton who are deeply involved in and invested in responsible software and computer development. They don’t fear technology–on the contrary, they are on the cutting edge.
Re: A little perspective
The difference between your machines and these is that we didn’t have to fight the manufacturer of those machines tooth and nail to provide a verifiable paper record of votes. Fraud becomes pretty obvious then. Also, what you’re describing would simply create a miscount in the number of votes, yes? The fear here is that the machines can be programmed to misrecord votes.
Re: Re: A little perspective
I used an electronic machine the past two elections, didn’t pay attention to the brand. Both times the machine printed a hardcopy of how I voted. The “goodbye” screen instructed me to review the hardcopy and report any discrepancies to the attendants.
Look who is the "oversight"
In almost every jurisdiction using these Diebold machines, the people who selected them and defend them are overwhelmingly Republican. There is a concerted effort to KEEP the Diebold machines just as they are, and I think there is a nefarious reason for that. Sure, call me paranoid, but I’ve seen far too much “monkey business” over the last several years to think such a scenario is now far fetched. It is not in the GOP’s interest to allow much of an investigation into these machines.
Re: Look who is the "oversight"
And the reason the Dems don’t want them is because, as William put it, a monkey can rig the current machines. No, the electronic machines are not perfect, but it is harder to commit voter fraud with them than any of the old manual systems.
Re: Re: Look who is the "oversight"
“No, the electronic machines are not perfect, but it is harder to commit voter fraud with them than any of the old manual systems.”
Really? With the old machines you would need a person at each and every location to rig the machine. With the new ones, you just need to put out a software update, or get access through the network.
You are way off the mark.
The problem isn't with Repub or Dem...
It is with the incumbents.
People who’ve been in Congress for so long they aren’t even connected to people any longer.
Let’s vote them all out and start with a fresh new batch in November. Term limits would be a good idea too.
Re: The problem isn't with Repub or Dem...
I concur. FLIP THAT CONGRESS!!
Re: The problem isn't with Repub or Dem...
It is with the incumbents.
People who’ve been in Congress for so long they aren’t even connected to people any longer.
Let’s vote them all out and start with a fresh new batch in November. Term limits would be a good idea too.
That’s the whole point. It doesn’t matter how many people “vote them out”. Those in control of the voting machines have a vested interest in making sure the results come out a certain way. The will of the people will never see the light of day. Does anyone really think Bush won in 2004? I mean seriously speaking?
He’s already proved that he doesn’t bel;ive laws apply to him, so it it too much of a stretch to consider the voting might have been rigged. Actually, there is a lot of much stronger evidence out there to suggest it was. Of course, kinda difficult to prove now that there’s no paper trail. Again, this is not by accident.
Re: The problem isn't with Repub or Dem...
Amen! I’m voting for anyone ‘new’ in this election, from local elections all the way up.
Once they’ve been in too long, they get just as corrupted as the old guys.
We definitely need the Big Guys to have term limits. No one can stay objective who has made a living perfecting his career as a politician.
Some of you people are so blindly polarized it’s not even funny. Try using your brain sometime instead of the same old, tired worn out republican bashing. You really think the Democrats are so wonderful? You’re narrow minded indeed…
Re: Re:
Some of you people are so blindly polarized it’s not even funny. Try using your brain sometime instead of the same old, tired worn out republican bashing. You really think the Democrats are so wonderful? You’re narrow minded indeed…
To the contrary, dear Overcast. Those of us who are most polarized are the only ones paying attention. But you are right – it is not funny. It’s fucking sick. Believe me, you think republican bashing is tired and worn out? Believe me, it hasn’t even started yet.
Re: Re: Re:
To the contrary, dear Overcast. Those of us who are most polarized are the only ones paying attention. But you are right – it is not funny. It’s fucking sick. Believe me, you think republican bashing is tired and worn out? Believe me, it hasn’t even started yet.
Yeah, the bashing’s worn out – I don’t even listen to it anymore, it’s just brainless drivel.
And no, I pay quite a lot of attention that’s why I’m not a mindless polarized partizan drone who can’t think for hisself.
But go on, Bash bush like the rest of the ‘enlightened’ ones. I’ll just laugh and continue to agree with Einstien when he said there’s no limit to human stupidity..
But go one now… go join your fellow Bush bashers for a latte. Maybe you can stroke your own ego a bit more. Bush bashing’s so cool!!
Re: Re: Re: Re:
Instead of just discussing opinions like mature people everyone is too busy caught in “cleverly” insulting anyone that doesn’t agree with them. Too damn busy trying to accuse the other side of bandwgoning. More concerned with getting the last and best word than just trying to help the other side understand where you are coming from and vice versa. Flamebaiting then running to the moral highground to make yourself feel better when they attack back.
Expected this response
Having read the actual report in full, I expected Diebold to come up with exactly this remark. On page 2 of the report it states:
The machine we obtained came loaded with version 4.3.15 of the Diebold BallotStation software that
runs the machine during an election.1 This version was deployed in 2002 and certified by the National
Association of State Election Directors (NASED) [11]. While some of the problems we identify in this
report may have been remedied in subsequent software releases (current versions are in the 4.6 series),
others are architectural in nature and cannot easily be repaired by software changes. In any case, subsequent
versions of the software should be assumed insecure until fully independent examination proves otherwise.
The real issue at hand, which Diebold refuses to accept responsibility for, is that their previous claim of the software being secure has now been shown to be absolutely false. Why should we now, absent any proof whatsoever, accept that the new version is any different? Hopefully this study will get some attention and we’ll see some change.
Re: Expected this response
Have any flaws ever been found at or before an election? If someone finds a bug 4 years after the fact, then I would trust the results of that previous election. The only time I will worry is if someone finds a way to hack the system before the election.
Re: Expected this response
As a chickasaw citizen, I ran for legislator and lost by 46 votes. I knew going into the election that the machines can be programed with a memory card and with a virus. My votes are to be locked for 3 years. It would take a court order to unseal the ballots. To get the order through our government would be close to impossible.
A hand count of the votes may prove the machines were right or wrong.
Another legislator that lost by 18 votes asked for a hand recount and was denied.
In my opinion our elections are no better than 3rd world countries.
Alternatives to Diebold...
How about in counties where the Diebolds have taken up residence, concerned voters opt to vote via absentee ballot? That would ensure that there is at least some kind of paper trail… I know that is what I would do if those dratted machines came to my town!
I think people should take the new malicous software that was demonstrated today and distribute it to as many tech savy groups and individuals in the US as possible. Then come November when people who were not on the ballot have 100% of the votes someone will wake up and do something. Or the media will just spin it as a “terrorist attack” or the Republicans will blame the dems and vice versa.
All it's gonna take...
is some major politician to lose a major election (governor or something). I bet something will be dont then.
they are all going to hell anyway
these are the corrupt scumbags who messed with the voting machines to put monkey boy bush in office in the first place
Every report I have heard of a security flaw is based on the tester having their own machine to work on at will. If an attacker has physical access to a network, the network is not secure either.
Show me just one case where there has been a real world exploit of any of an electronic voting machine.
I’d like to point out that the e-voting thing has really been pushed forward by democrats…..convinced that the ’04 elections were “stolen” from them by hanging chads and what-not. That whole thing was pretty ridiculous excercise overall, but that’s what led us to this point.
Why is it when republicans lose by a slim margin and there’s some voting irregularity (and there’s always SOMETHING) they’re mostly willing to let it go, but the reverse is not true? Really it was prefferable before, cuz if something weird happened, you could point to it, hold it in your hand. Now, you might never even realize, and the effects could be much more pronounced.
I sounds as if most are missing the meat of what has been said. Putting down on political parties has nothing to do with the problem.
Real world exploits?--How would we know?
Show me just one case where there has been a real world exploit of any of an electronic voting machine.
One of the major problems with the lack of security and accountability of electronic voting machines is that we may never know if tampering occurred. People such as this Anonymous Coward (#21) allow companies like Diebold to continue pushing the “security through obscurity” scam. For the most part, advocates for secure voting machines are not doing so out of some political agenda, but statements made by Diebold executives guaranteeing certain election results certainly provoke partisan mudslinging. We only ask that the system has accountability, which a thorough paper backup system should offer. Elections will always be subject to tampering, but every reasonable effort should me made to secure fair elections.
Finally, Republican-bashing does nothing to help the cause of securing voting equipment. In fact, the name-calling-blame-game only weakens the credibility of those who truly want to see fair elections.
I'm not worried in Sanford, FL
When I went to vote in the primary election here a week or two ago, I’d thought some local retirement community or AARP group had been contracted to operate the polling locations. Unless the hack was done by people voting and not the people operating the place, I somehow seriously doubt they’d manage to pull off anything at all. 🙂
Not to mention, for whatever reason, there were 4 men sitting at a desk off to the side who did nothing but watch the 2 – 3 people voting like hawks. Out of sheer boredom or what, I don’t know.
My main concern: Low turnout. Wtf does it matter if voting is 98% fair or 99% of the time fair if turnout is as abysmal, and getting worse, like it is? At 20, I was the youngest person there, except for some grandkids a couple grandparents brought with them. Again, the people voting were like the AARP members who didnt pull the short stick and have to work the polls themselves.
Re: I'm not worried in Sanford, FL
I am ok with only 3 people voting as long as one of them votes the way I do. I don’t see why more people voting is better. As long as the proper decisions are made the number of people making that decision is unimportant.
Silly Rubin...
Silly Rubin, security is for kids!
Do you really think anyone wants security?
If the voting machines are slippery regarding security then that’s just the way they ordered them.
See, George and his henchmen can slip another one of themselves into office with a customizable voting machine. Without it, they don’t have a hell of a chance.
rigging the old machines was easy
It may have been easy to rig the old machines but there was at least a papper trail to inspect election results, with the new machines we lose even that.
Personally i think we should just get it over with, elect an army of killer robots to reign over us carfully watching our every organic move through the cold steele eyes.
alos, their eyes shoot lasers cuz lasers are neat!
Re: rigging the old machines was easy
Actually, there was no paper trail with the old lever type. The lever simply incremented the counting wheel by 1 and the poll workers read the wheel counts in the back of each machine at the end of the night.
election misconduct
It certainly appears that Our Great Nation will be tainted by corruption in and at the highest levels of Our Government…I wish to file formal complaint as a tribal member and would like a response as soon as possible from Our Governor concerning the new election proposal and the reconciliation of past vote assimilation by those same methods as well as a recount by hand to verify accurate counting measures have justified the elections of current leaders within the Chickasaw Nation.