Diabold source code!!

News Update from Citizens for Legitimate Government
November 10, 2004
http://www.legitgov.org/
http://www.legitgov.org/index.html#breaking_news

Diebold Source Code!!! --by ouranos (dailykos.com) "Dr. Avi Rubin is currently Professor of Computer Science at John Hopkins University. He 'accidentally' got his hands on a copy of the Diebold software program--Diebold's source code--which runs their e-voting machines. Dr. Rubin's students pored over 48,609 lines of code that make up this software. One line in particular stood out over all the rest: #defineDESKEY((des_KEY8F2654hd4" All commercial programs have provisions to be encrypted so as to protect them from having their contents read or changed by anyone not having the key... The line that staggered the Hopkins team was that the method used to encrypt the Diebold machines was a method called Digital Encryption Standard (DES), a code that was broken in 1997 and is NO LONGER USED by anyone to secure programs. F2654hd4 was the key to the encryption. Moreover, because the KEY was IN the source code, all Diebold machines would respond to the same key. Unlock one, you have then ALL unlocked. I can't believe there is a person alive who wouldn't understand the reason this was allowed to happen. This wasn't a mistake by any stretch of the imagination."
***********************************************************

I just got this from my local DFA member, I was not quite sure if it belong to here so if you need to move , please move. But I think this is one of break through news.

Hertopos

Theres a huge thread dedicated to this

Give all votes to Kerry, and zero to Bush. That would at least prove something. I have no skills or I would try.

I think this should come to the top of DU!!

Though I believe the election was stolen, the bigger issue is to save our future election. This may just do that!!

hertopos

what goes in the computer comes out of the computer.

(1) internal malicious code that shows the voter choosing one thing on the screen but records something else; and

(2) the GEMS software at county and state levels which could be accessed by company insiders to change vote totals in realtime.

Btw, here's a good article on the DRE problem, which I was just about to post to my compilation thread:

SUPERB article outlining the problems with DREs (esp. Diebold) featuring Avi Rubin of Johns Hopkins who did the "Hopkins study" on Diebold's source code. It's excellent with one exception (which is also true of all the other articles I've ever seen as well as Rubin's study itself) -- it doesn't make clear that Rubin's team looked at ONLY the code for the individual Windows CE-based DRE software, NOT the GEMS central tabulator software. However, it's still an excellent explanation and overview:
Jewish Times link 10/29/04: http://www.jewishtimes.com/scripts/edition.pl?now=10/29/2004&stay=1&SubSectionID=48&ID=2435

Posted here:
http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=203x39116
and here: http://www.democraticunderground.com/discuss/duboard.php?az=show_mesg&forum=203&topic_id=37660&mesg_id=37686&page=

to examine and comment on this. It appears extremely significant, but it needs some solid academic types to back it up. Also, if this is true, how can it be proved that this "key" was used. Just because someone has a gun, doesn't mean they used it.

The issue of the hardcoded DESKEY is addressed in these papers:

http://www.cs.rice.edu/~dwallach/talks/e-voting-risks.pdf
http://www.eff.org/Activism/E-voting/20030724_evote_research_report.pdf

(HTML version)
http://www.mindfully.org/Reform/2003/Electronic-Voting-System-Analysis23jul03.htm

OK, it seems pretty well established that the systems aren't secure, etc...but any way to prove that actual votes were erased, added, manipulated? Again, we have the weapon, but need the ballistics and paraffin testing to prove it was fired.

...unless we actually do an audit and recount.

There's no way to prove anything with nothing but google to help.

:shrug:

becuase DES is no longer secure, and they cannot claim it is.

edit to say:
and boy am I a dumbass....

I'll read the posts a little more carefully in the future

but why do you people keep putting out months old information as if it's new? This information has been reported many times before and was featured in the documentary that votergate.tv put out. Dr. Rubin's analysis was done in February of this year. The problems with hard-coded DES keys was in section 4.4 of his report.

http://avirubin.com/vote.pdf

Look, I'm as intent as anybody that the obvious vulnerabilities of these machines be exposed and that the almost statistical certainty of vote tampering in the election be proven, but this constant screaming of months old information as "breaking news" doesn't do anyone any good.

Again, don't get me wrong, I'm really glad this information is starting to get public attention. The use of hard-coded keys is an aggregious flaw in the system and this same key has been used since at least December of 1998, perhaps much earlier. However, we don't have the source code to the current versions of the software so we don't *know* if this practice was continued. Knowing Diebold it was.

It's just that this continued hyping of months old information gives the impression of hysterics.

{this post was previously posted in the other thread on this topic here: http://www.democraticunderground.com/discuss/duboard.php?az=show_topic&forum=201&topic_id=2549 }