Diebold voting machines shown to…

Diebold voting machines shown to be easy to subvert

Some hardcore cryptography and computer security folks at John Hopkins have analyzed the source code for Diebold voting machines.

They found gaping security holes, impossibly stupid procedures, and voting machines that were trivial to break into.

Am I exaggerating? No, unfortunately, I’m no. Some of the following is quite technical, however I’ll attempt to explain it in non-geek terms for you earth people out there.

Crucial to the security of the Diebold systems are the passwords used to access the system and encrypt data files. Diebold hardcodes the passwords in the source code, and uses the same password for all voting machines. (Do I see computer programmers gaping slackjawed at the computer after reading that?)

Whoops, I probably lost some non-geeks when I said “hardcodes the passwords”. Let me use an example. You, no doubt, have passwords for many websites. The more important passwords you (hopefully) keep well hidden, and not on a Post-It on your computer monitor.  Well, by hardcoding the passwords Diebold, in effect, has put the passwords on a great big monitor where lots of people can find them, trust me on this.

Plus they use same password everywhere so by cracking the password on one system you get the keys to all the cookie jars. Keep in mind that the cookies here are votes – and one password gives you access to all the voting machines.

Ah you say, but how could anyone actually access the system? According the authors, it wouldn’t be hard at all. Diebold uses little security in transferring data, and anyone with a little expertise could pop in an unauthorized SmartCard, grab the passwords, then be able to access any voting machine.

Also, voting multiple times appears quite do-able, and Diebold systems have no way of determining which votes are valid and which aren’t.

Keep in mind those reporting this are serious computer professionals, experts in crypto and computer security. Bev Harris, who originally broke the story, is not a computer pro. Some claimed she misinterpreted what she saw. Well, these computer experts agree with her, saying Diebold voting machines are not secure, are not even close to to be secure, and that we should be scared.

They conclude, in understated language, saying:

“At the end of our response, we provide a list of questions people should ask, not only of Diebold, but of any direct recording electronic (DRE) voting system. If these systems are going to be used for our elections, they deserve the scrutiny that we, and others, can bring to them. Voting systems are one of the pillars of democracy. If they fail, democracy itself will fail with them.”

Details from their report

“In the Diebold code we analyzed, both the keys for the smartcard and the keys used to encrypt the votes were static entries in the source code. This means that the same keys are used on every voting device. Thus, an attacker who was able to compromise a single voting device would have access to the keys for all other voting devices running the same software.

Instead they <Diebold> claim that an “attacker would need access to both the source code and the physical storage.” This is not correct. The attacker only needs access to the physical storage as the key is also stored in the executable code.

Of course, since the Diebold code included a static key, no cracking is required to compromise the security of the system if any one voting terminal can be stolen ahead of the election and disassembled to learn its key.”

“Diebold uses an insecure protocol that makes them vulnerable to counterfeit smartcards. Modern smartcards can perform cryptographic operations, allowing for more sophisticated protocols. If Diebold used such protocols, their system would be robust against our attacks.”

Voting multiple times
“Diebold claims that if the existence of counterfeit votes were to be detected, an investigation would be launched. But what does that mean? It would seem impossible to call all the legitimate voters back to re-vote, especially if counterfeit votes were detected in a large number of precincts, and it is not clear that this is even legal.”

This is horrendous. Our votes are not secure, not safe, and are too easy to tamper with. Never attribute to malice that which can be adequately explained by stupidity is always sage advice. Yet, one wonders how anyone could be this numbingly stupid.