ATMs Aren't So Secure Either

from the transparency dept

Back in March, I responded to the common argument that since automatic teller machines are widely used and seem to be secure, secure electronic voting must be doable as well. I pointed out a couple of problems with this argument, but I took as a given that ATM machines are in fact, secure. But Matt Blaze recently discovered that ATMs aren’t that secure either. When Blaze tried to withdraw cash from a Philadelphia cash machine, he encountered a bunch of problems. The information on the screen was screwed up, the machine gave him $10 more than he’d requested, and the machine failed to give him his receipt. Even more worrisome, when he went into the bank to suggest that they check out the machine and see what might have been wrong with it, the assistant manager actually argued with him, assuring him that the machine was working just fine and Blaze must be imagining things. Incredibly, when he tried to show her a screenshot he had taken with his cell phone, she cut him off by pointing out that photography isn’t allowed in the bank.

Obviously, part of the problem here is a bank employee who has a bad attitude. But it also illustrates a couple of additional problems with the “ATMs work so why can’t e-voting?” argument. First, people have a habit of trusting machines more than people. When elections are conducted with pencil and paper, everyone understands that some of the human beings might have hidden agendas and need to be watched closely. In contrast, people tend to assume that machines are completely objective and unbiased, and so they’re less likely to notice problems with machines even when (as in the case of this bank manager) the evidence is staring them in the face. Second, if it turns out that the ATM screwed up, Blaze will at some point get a statement from his bank telling him how much money the bank thinks he withdrew, and he can object if it differs from what he actually got. There isn’t (and due to voter privacy concerns, can’t be) a similar process for e-voting. If a paperless voting machine screws up, there’s no way to double-check the results after the fact.

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “ATMs Aren't So Secure Either”

Subscribe: RSS Leave a comment
miggins says:

Anyone notice the new BofA Diebold machines?

Bank of America just outfitted all of the branches that I know of here on the west coast with brand new ATM’s. The only distinct advantage I can see with these machines is that they now scan personal checks as you put it in the machine.

Other than that, these new machines are much slower than the older versions.

Anyways, I just thought it was ironic that you mention voting machine security and ATMs in this article now that diebold is neck deep in the ATM machine business.

mobiGeek says:

Re: Fact of the matter...

I strongly believe that e-voting can be secure. There are two main factors holding secure e-voting back: transparency and cost.

If we were to invest into “democracy” just a teeny-tiny fraction of the money put into things like “security”, then cost wouldn’t be an issue.

Now it is a matter of having a transparent process for development and implementation of the machines. This is one project that might, just might, be better taken on by the public sector for the “Greater Public Good”, if no private organization is willing to work in the open.

Sean says:

This is about security?

The main thing that reading Mr. Blaze’s post made me think is that people who use machines that are obviously at least a little broken shouldn’t be surprised when the machine breaks even more when they continue to use it.
It’s not security, “it’s are you smart enough to know when to walk away?”

DJ says:

ATMs secure?

What about an open source voting solution? Make both the hardware and software public and let a world full of hackers and conspiracy theorists try to break it. It might or might not pan out, but if it does the result would be far better than vendor proprietary solutions.

Now we just need a complementary business model…

Don't believe the ATM says:

re: I got ripped off by ATM/bank

I had receipts that showed odd amounts being withdrawn from my account via the ATM machine. The bank manager refused to do anything about it and said that I had obviously found a way to make odd amount withdrawals. I lost hundreds of dollars, got slapped with overdraft fees, and couldn’t get the bank to own up to a crooked employee (the story broke later). I had receipts it did nothing for me. The bank said I had to prove I hadn’t made those withdrawals. Go figure. Banks are just as crooked as the thief was!

ATM Mistake says:

ATMs don’t make mistakes people do. I worked on them for 7 years,
the cassettes that are put into them have ID tabs in the back. So if a 10.00 cassette gets charged with 20 dollar bills the machine does it job perfectly, it’s just the person the loaded the cassette that made the mistake. There is a electronically journal that will tell the bank who got the extra cash and the will ask for it back

Rose M. Welch says:

Re: Re:

ATMs do in fact make mistakes. Sometimes they don’t print out receipts, sometimes when you try to type in the amount you want, it says more or less than what you typed, et ceterah. You can’t say that because you worked on x number of machines for 7 years, that all ATMs everywhere work perfectly forever. That’s just silly.

Rekrul says:

If the ATM gives you more than you asked for, or it says you have more in your account than you do, tell the manager. If he insists that there’s no problem, have him sign a statement to that effect. When they discover the error and want the money back, take the statement to your lawyer and tell him that the manager assured you that there was no problem.

Mark says:

> There isn’t (and due to voter privacy concerns, can’t be) a similar process for e-voting.

Sure there is. The voting machine can print a receipt that doesn’t identify you, but identifies the vote (machine sn + transaction #). Publish the tallies for each machine after the election on a web site so voters can check against their receipt.

Crazy Coyote says:

RE: #24

I can hear the tones, just like dialing a phone number. I can hear distinct tones when the PIN is entered. If I somehow got the card of that person I would know the PIN. I suppose it could be intercepted. My scanner is an older model so it wasn’t subject to the government restrictions put on the newer models.

Michael says:

i think we should have govt issued devices that hook up to wireless networks that would make an ssh 256 bit encrypted connection to a govt ip to do voting. It could run some variant of unix with a little gui on top. And set up wireless networks around voting places. Yeah some one could and probably would try and figure out how to hack it, but thats the nature of the beast. It’s all part of the progress, besides wouldn’t you rather some hacker looking out for your best interests instead of some corrupt politician stuffing boxes? I mean if we had a system that said that only one SS# could vote once, wouldn’t we have the same system we have right now? It would only be digital, therefore easer to track and verify data. Unlike now where dead people constantly vote in major elections and it doesn’t get found out till years after. But i guess really my main complaint is with the system in its self, it doesn’t really matter what system of voting we use, our votes don’t count anyway. We should probably get rid of these delegates make them get “real” jobs then use that money to make my idea 😛

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...