Democratic Underground Latest Greatest Lobby Journals Search Options Help Login

Designed for "Failure"? Discovery of Diebold's Bugs & Cryptographic Key

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread
This topic is archived.
Home » Discuss » Topic Forums » Election Reform Donate to DU
nicknameless Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Feb-24-06 06:06 AM
Original message
Designed for "Failure"? Discovery of Diebold's Bugs & Cryptographic Key,1,985280.column?ctrack=1&cset=true

Integrity of E-Balloting System Still in Doubt

Michael Hiltzik
Golden State

February 23, 2006

.... But the experts were plainly troubled by flaws in Diebold's systems. The panel, which included David Jefferson of Lawrence Livermore National Laboratory and David Wagner of Berkeley, observed that the removable memory cards used by Diebold were vulnerable to undetectable acts of tampering.

The panel found 16 software bugs that could cede "complete control" of the system to hackers who might then "change vote totals, modify reports, change the names of candidates, change the races being voted on," and even crash the machines, bringing an election to a halt. Hackers wouldn't need to know passwords or cryptographic keys, or have access to any other part of the system, to do their dirty work. Voters, candidates and election monitors wouldn't necessarily know they'd been rooked.


The bugs pale next to another discovery by the panel. This is the presence of a cryptographic key written into the source code, or basic software, of every Diebold touch-screen machine in the country. The researchers called this blunder tantamount to "a bank using the same PIN code for every ATM card they issued; if this PIN code ever became known, the exposure could be tremendous."

Here's the punch line: The Diebold key became known in 2003, when it was published by researchers at Johns Hopkins and Rice universities. It can be found today via a Google search. What's worse, the key was first identified in 1997 by a University of Iowa researcher, who promptly warned the manufacturer of the flaw, apparently to no avail.


The Berkeley panel says there may be other undetected flaws lurking in the Diebold software, which indicates that electronic voting isn't yet ready for Election Day. "We know we're going to have a loser in the next election, and that loser may not be convinced he or she has lost," says Avi Rubin, a Johns Hopkins professor who co-authored the 2003 paper. "We don't need to give people another reason to doubt an election."

Well no wonder McPherson recertified this crap. :eyes:
Printer Friendly | Permalink |  | Top
nicknameless Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Feb-24-06 09:16 AM
Response to Original message
1. Two notable sections from the panel's report:
Harri Hursti's attack does work: Mr. Hursti's attack on the AV-OS is definitely real. He was indeed able to change the election results by doing nothing more than modifying the contents of a memory card. He needed no passwords, no cryptographic keys, and no access to any other part of the voting system, including the GEMS election management server.

Interpreted code is contrary to standards: Interpreted code in general is prohibited by the 2002 FEC Voluntary Voting System Standards, and also by the successor standard, the EAC's Voluntary Voting System Guidelines due to take effect in two years. In order for the Diebold software architecture to be in compliance, it would appear that either the AccuBasic language and interpreter have to be removed, or the standard will have to be changed.

In other words, McPherson's re-certification of Diebold machines was illegal.
Printer Friendly | Permalink |  | Top
neoblues Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Feb-24-06 09:29 AM
Response to Original message
2. An Idea by which to toss a monkey wrench into the works...
"The works" being some group's carefully laid plans to pull of another election cycle with no firm means to veryify votes anyway...

Voter Receipt Program
Printer Friendly | Permalink |  | Top
ItsTheMediaStupid Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Feb-24-06 10:43 AM
Response to Original message
3. The system is designed to be easy to hack and leave no audit trail
Otherwise, it would have an audit trail, like any decent accounting software.

It is transparently obvious that these systems are deliberately flawed. The software for these machines and the procedures used to transmit and tabulate the data make a real recount impossible.

I've been in data processing 20 years. The only reason there is no audit trail is so that you cannot do an audit. Otherwise, it would be there.

In many cases, the machines don't even print the totals for the precinct, they just send them to a country vote tabulator. Bev Harris (like her or not) demonstrated how easy it is to hack the country tabulators. If there is no precinct total printed or recorded at the precinct itself, changing the precinct totals on the tabulator is the easiest way to manipulate election results. You can't check against precinct totals, because they aren't kept anywhere else.

Every precinct needs to have a machine total printed at the precinct before the data is transmitted to the county tabulator. The voting machine needs to generate a paper ballot receipt, checked by the voter before they leave the booth. These paper receipts need to be hand counted and cross checked against the machine totals for the precict before any election is certified.

Who cares if it takes two or three days? I'd much rather be right than fast.
Printer Friendly | Permalink |  | Top
Wilms Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Feb-24-06 09:29 PM
Response to Original message
4. K&R n/t
Printer Friendly | Permalink |  | Top
stickdog Donating Member (1000+ posts) Send PM | Profile | Ignore Sat Feb-25-06 12:41 AM
Response to Original message
5. K&R (nt)
Printer Friendly | Permalink |  | Top
DU AdBot (1000+ posts) Click to send private message to this author Click to view 
this author's profile Click to add 
this author to your buddy list Click to add 
this author to your Ignore list Sat Apr 20th 2024, 08:53 PM
Response to Original message
Advertisements [?]

Home » Discuss » Topic Forums » Election Reform Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC