Posted: 10/22/2006 11:22:20 PM EDT
|
link "Originally published October 20, 2006 Diebold Election Systems Inc. expressed alarm and state election officials contacted the FBI yesterday after a former legislator received an anonymous package containing what appears to be the computer code that ran Maryland's polls in 2004. Cheryl C. Kagan, a longtime critic of Maryland's elections chief, says the fact that the computer disks were sent to her - along with an unsigned note criticizing the management of the state elections board - demonstrates that Maryland's voting system faces grave security threats. Advertisement A spokesman for Diebold, which manufactures the state's touch-screen voting machines, said the company is treating the software Kagan received as "stolen" and not as "picked up" at the State Board of Elections, as the anonymous note claimed. Lawyers for the company are seeking its return. The disclosure comes amid heightened concerns nationwide about the security of the November elections and the ability of the state to keep tight controls on the thousands of machines that will be used next month. Maryland's September primary - which used voting machines and electronic check-in equipment made by Diebold - suffered a series of mistakes, and the outcomes of some contests were not known for weeks. In the wake of the problems, Gov. Robert L. Ehrlich Jr. and other politicians renewed their call to jettison the equipment. The governor has urged state voters to request absentee ballots, although use of the paper alternative raises different concerns about fraud. A spokesman for the governor said the apparent distribution of the voting-machine software was troubling. "This raises yet another unanswered question with regard to Diebold technology," said Henry Fawell, an Ehrlich spokesman. The availability of the code - the written instructions that tell the machines what to do - is important because some computer scientists worry that the machines are vulnerable to malicious and virtually undetectable vote-switching software. An examination of the instructions would enable technology experts to identify flaws, but Diebold says the code is proprietary and does not allow public scrutiny of it. Diebold has not confirmed that the code received by Kagan is authentic, said Mike Morrill, a spokesman for the company in Maryland. But Johns Hopkins University computer scientist Aviel Rubin reviewed one of the disks and said he believed it was genuine. If it wasn't, he said, "someone went to great lengths to make it look like it was." "My feeling is that it may have come out of the testing labs, which means that if that's true, their procedures for protecting their clients' valuable proprietary information have failed," said Rubin, who in 2003 published a report on Diebold security flaws after discovering a copy of the code on the Internet. "If it came out of Diebold, it's like Coca-Cola having their recipe exposed and then not learning their lesson," he said. "If it came out of the testing labs, then it's hard to blame the manufacturer." Kagan, a former state Democratic delegate from Montgomery County who is now executive director of the Carl M. Freeman Foundation, said the disks were delivered to her office Wednesday. An accompanying letter refers to the State Board of Elections and calls Kagan "the proud recipient of an 'abandoned baby Diebold source code' right from SBE accidentally picked up in this envelope, right in plain view at SBE. ... You have the software because you are a credible person who can save the state from itself. You must alert the media and save democracy." Kagan called the attorney general's office, and word of the disks began to spread. Learning of the development, Linda H. Lamone, the state's elections chief, reported Kagan's possession of the code to the FBI yesterday. Kagan said she had been contacted by an FBI investigator but had not met with him. "I intend to cooperate" with the inquiry, Kagan said, adding that she believed evidence of a serious security breach had to be revealed. An FBI spokeswoman could not confirm yesterday the nature of the bureau's interest. Morrill, the Diebold spokesman, said it was unlikely that the code was obtained in the manner outlined in the letter. The codes, which were delivered to Kagan in three versions on separate disks, are proprietary - meaning there are restrictions on their use and duplication. Violators of those restrictions could be charged with crimes. Based on their labels, the disks appear to be created by two companies that test the software - Wyle Laboratories and Ciber Inc., whose teams are based in Huntsville, Ala. Maryland law requires such independent testing before the equipment's use. The disks have the testing authorities' names on them, as well as other identifying features. Anyone who had permission to handle these disks would have received passwords from Diebold, enabling investigators to trace those authorized to use them. Morrill said two of three disks were never used and that the third was version 4.3.15c, which was used in Maryland during the 2004 primary. Advertisement Ross Goldstein, the state's deputy elections administrator, said Maryland now uses version 4.6 and that the public should be confident that their votes are secure. The disks contain "nothing that's being used in this election," Goldstein said. Diebold marketing director Mark Radke said the company is investigating the chain of custody of the disks and is asking its testing companies to pull their logs. "These disks contain codes used for testing purposes," Radke said. "They were shipped from the testing authority. Diebold was never in the chain of custody." Older versions of Diebold's computer code have long been in public circulation, including the copy discovered by Rubin. This year, a team of Princeton University computer scientists obtained a slightly older version of the code than that sent to Kagan and found that a programmer with access to the voting machines and their passwords could install malicious software or viruses. Some of the flaws could be remedied with quick fixes, the researchers said, but others were "architectural in nature" and could not be easily corrected without redesigning the machines. "In any case, subsequent versions of the software should be assumed insecure until fully independent examination proves otherwise," the researchers wrote. Diebold has consistently resisted pressures from computer and political scientists to make their software available to experts for critiques, a process called open-source software development. Not doing that is "a mistake" on Diebold's part, said Donald F. Norris, a professor at the University of Maryland, Baltimore County and director of the university's National Center for the Study of Elections. " |
|
The funny part of this is that the democrats made a huge push to switch over to electronic voting machines after the butterfly-ballots & hanging chads of the 2000 election. This despite many warnings that electronic machines could be hacked. Now the democrats are viewing Diebold as a BushCo conspiracy and they want the machines pulled. Paper ballots have always worked fine and they should be used in the future too. |
|
They have a type of machine that uses both paper and electronic ballots. That way you get a quick preliminary count, backed by a final official paper count. Any discrepancies can be investigated and quickly resolved. Most states are too cheap to use them though. Besides, it’s a pretty well established fact that voter fraud influences elections WAY more than any “count discrepancies.” |
|
And.... no matter what type of vote count is used, the democrats will claim that it was rigged if they lose an election. Paper, electronic or a combination - it doesn't matter. They'll find something to squawk about. The hanging chads are a good example. There was nothing inherently inaccurate about them. The dems just wanted to keep recounting them until they got a result they liked. |
The only problem is that the electronic machines CAN'T be hacked, without it being obvious (uh, sir why are you plugging a keyboard into the voting machine?)... As long as the machine isn't set up by an idiot (eg an idiot who attaches a keyboard and mouse), or connected to the internet, they are hack-proof. It doesn't matter if you have the code or not - you can't run your hack without access to the OS and a means to give the computer commands beyond the touch screen... Manipulation of paper ballots, and multiple-voting is far more of a threat than any electronic fun-and-games... Elimination of such paper ballots (and thus the ability to 'find' a few thousand more votes (/cough/ box-stuffing /cough/)), and proper electronic ID verification are the best thing that can be done for voting security.... |
|
Whoever sent that out deserves a handshake and lifetime protective custody. I enjoy high-tech gadgets, but voting isn't an area that I like high-tech, the low tech approach works provided the election judges have some sense, and the voters do it correctly. Electronic voting machines are dangerous....somebody sabotaging grid power in urban areas could have a big impact if it were done on election day. Now if they could only get foreign nationals to stop voting in US elections we'd be all set. And yes, about two hours from here is the place in 2000 where the judge kept the polls open later than they were supposed to be, so all the welfare types that sleep all day could get a vote in,  even though the people that have to work use the absentee ballot. Next the ballots will be in Espanol, or pictogram ballots for the folks who can't read English.
|
It was shown that the code could be manipulated such that it would subtract 5% from Candidate A's votes and add those same 5% to Candidate B's tally. Kharn |
| I think the issue is overblown. Folks used to believe that TV's could watch you as you watched them for awhile. Technology is only scary to folks who do not understand it. Diebold management has some moral issues, but overall, electronic voting is the way to go. |
Electronic with a paper output. Trust, but verify. |
Now that last statement is correct. |
Some vendors DO provide the capability to provide paper output, IIRC. |
|
I keep hearing about the need for a "paper trail" but no details about it. If anything the paper trail needs to be kept at the polling place, safeguarded like ballots, voting machines are, not an individual receipt to everyone who cast a vote like as if it was an ATM transaction. Too easy to forge receipts and if there is a need to audit the "paper trail", what you going to do? Have all the voters came back and show their reciepts? |