Vyan

Monday, July 24

The Diebold Bombshell

From OPedNews:


Recently, computer security expert Harri Hursti revealed serious security vulnerabilities in Diebold's software. According to Michael Shamos, a computer scientist and voting system examiner in Pennsylvania, "It's the most severe security flaw ever discovered in a voting system."


Even more shockingly, we learned recently that Diebold and the State of Maryland had been aware of these vulnerabilities for at least two years. They were documented in analysis, commissioned by Maryland and conducted by RABA Technologies, published in January 2004. For over two years, Diebold has chosen not to fix the security holes, and Maryland has chosen not to alert other states or national officials about these problems.


Basically, Diebold included a "back door" in its software, allowing anyone to change or modify the software. There are no technical safeguards in place to ensure that only authorized people can make changes.


Crossposted on Dailykos


Deibold machines have in fact been long ago kicked out of Maryland, and yet again we see why. As noted by the New York Times Editorial page:

Diebold, the electronic voting machine maker, suffered another sharp setback recently, when Maryland's House of Delegates voted 137-to-0 to drop its machines and switch to paper ballots. The vote came in the same week that Texas held elections marred by electronic voting troubles. Maryland's State Senate should join the House in voting to discontinue the use of the Diebold machines, and other states should follow Maryland's lead.


Maryland was one of the first states to embrace Diebold. But Maryland voters and elected officials have grown increasingly disenchanted as evidence has mounted that the machines cannot be trusted. In 2004, security experts from RABA Technologies told the state legislature that they had been able to hack into the machines in a way that would make it possible to steal an election. Senator Barbara Mikulski, a Democrat, informed the State Board of Elections in 2004 that voters had complained to her that machines had mysteriously omitted the Senate race.



The Op-ed peice goes on to echo what we've heard before from the Washington Post, the Oped report points out that it would only take the action of one person to change the outcome of an election - and that any such actions would be undetectable.


A malicious individual with access to a voting machine could rig the software without being detected. Worse yet, if the attacker rigged the machine used to compute the totals for some precinct, he or she could alter the results of that precinct. The only fix the RABA authors suggested was to warn people that manipulating an election is against the law.


This also displays how critical the issue of overnight storage which was raised following the Bilbray/Busby CA-50 election has become.


Op-ed continued:


Typically, modern voting machines are delivered several days before an election and stored in people's homes or in insecure polling stations. A wide variety of poll workers, shippers, technicians, and others who have access to these voting machines could rig the software. Such software alterations could be difficult to impossible to detect.


This past December during a test in Leon County Florida Diebold machines were successfully hacked and the "intrepeted code" problem brought to light by Election Supervisor Ion Sancho.


Ok, now to the worse part - Diebold officials admit that they've left these backdoors open.


Diebold spokesman David Bear admitted to the New York Times that the back door was inserted intentionally so that election officials would be able to update their systems easily. Bear justified Diebold's actions by saying, "For there to be a problem here, you're basically assuming a premise where you have some evil and nefarious election officials who would sneak in and introduce a piece of software... I don't believe these evil elections people exist."


All it takes is one David, all it takes is one...


On July 13, Robert F Kennedy Jr filed a "Qui Tam" suit against Diebold based on information provided by Whistle-blowers within the company - who I suspect might be a bit more forthcoming than Mr. Bear about the true reason for those "back-doors" and just where some of those "evil elections people" might be found.


Kennedy's suit is expected to be held under judicial seal for 60 days while the Department of Justice determines whether they will join the suit. This should be a no-brainer since the interpreted code used by Diebold and discovered by Ion Sancho is already in violation of HAVA (the Help America Vote Act) and according to Bradblog...


Section 1, paragraph 4.2.2 [WORD] of the FEC Voting System Standards of 2002 which specifically bans certification for machines which contain the type of "interpreted code" which Diebold has now been forced to admit is present in all of their electronic voting machines.


Whether the Alberto Gonzales Justice Dept will do their duty and join with the suit, or simply use the delay as a method to ensure that Diebold and other easily hackable voting systems remain in place until it's too late to implement replacements before the November 06 elections - remains to be seen.


Vyan

No comments: