Is Having A Hacker Break Into Diebold Machines A Bad Idea?
from the seems-like-it dept
We're seeing a ton of stories about how California has hired a hacker to try to break into a randomly selected (previously used in an election) Diebold e-voting machine. Diebold, of course, has a long and troubling history concerning their e-voting machines, that have no way to create a backup paper trail. However, while many of those who are against these types of e-voting machines are happy about this week's hack-a-thon, it actually sets a very bad precedent. By opening up the machine to a single hacker, it puts the burden of proof on the hacker, rather than the company. The company making the voting machines needs to prove that they're safe and that there's a way to get back from any problem. By handing it off to a single hacker, suddenly the assumption is that the e-voting machines are safe unless the hacker breaks into them. So, should he not find a particular security hole, the company will start promoting that as proof that the machines are secure, when all it really means is this one particular hacker was unable to find a vulnerability.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
or..
[ link to this | view in chronology ]
Re: or..
[ link to this | view in chronology ]
Those Hackers might save Democracy
The only way those machines will ever be made safe is if outside hackers prove them unsafe and then an independent body upgrades them.
Black box voting is a very bad idea and it essentially puts diebold and ESS (the other e-voting company) in control of democracy. No company or person should have that kind of power.
Here is a question for you: How much would it cost to alter an election? Would it be $1 million, $10 million, $50 million, probably not too much. How much would a corporation, special interest or foreign power pay to put their people in control of this country?
[ link to this | view in chronology ]
What's at stake?
The quoted story indicates that the hackers have the edge here. They already broke into one Diebold machine, and they are attacking another mahcine that has not been "hardened" against their anticipated attack.
- precision blogger http://precision-blogging.blogspot.com
[ link to this | view in chronology ]
No Subject Given
Im so tired of hearing about this. It really isnt all that hard to create a paper backup. The problem is that A, you would be having to monitor you paper consumption and be sure to replace in time, and B, corruption of the people guarding these machines who "forgot to replace the paper" and either really did, or just flat out stole the paper version. What you are looking at is a government sponsored (did i really say that?) politically unbiased 3rd party to be put in charge of these machines.
All in all this is really more trouble than it is really worth. The party that wins will be victorious, and the losing factions will cry foul. I have seen this too many times since I turned 18 whether it be local, county, state, regional, or national election.
I hope that swiss cheese has less holes than these machines.
[ link to this | view in chronology ]
Re: No Subject Given
[ link to this | view in chronology ]
No Subject Given
If they are going to open things up to malicious activites, they must be willing to think malicious themselves. This type of thing lends it self to the old addage, "If you want to catch a crook, you need to think/become the crook"
One would think that all prior events would teach us that what ever is built can also be destroyed. Nothing is impervious. Someone will always build a better mousetrap, and someone will always find a way to get the cheese without setting off the trap.
[ link to this | view in chronology ]
it's a good thing
But I think that the public in general does not have the default "unproven security = bad security", they instead assume "big corporation = legitimate corporation = good security". So, since the public in general already either doesn't care or assumes the Diebold security is "good enough" then there's really nothing to lose by having someone try to hack in. At least, not very much to lose.
But if the hack succeeds, than we're going to have front-page level news - and that's a lot to gain.
It would be better to have multiple hackers try, or even open it up to public efforts (which would also demonstrate how a lot of people could possibly bring down the system even when one hacker can't). Those efforts should be advocated. But having one hacker (I'm assuming with decent creds) try is better than nothing.
-stormin
[ link to this | view in chronology ]
Foolish
[ link to this | view in chronology ]
Take a step back...
The real question, and the ONLY one we should debate whenever the topic of these systems come up, is WHY ON EARTH would we allow a closed source system (famously code reviewed by a whopping 3 government coders) to be responsible for our elections.
There are several open source solutions on the net that could/should be used, and I guarantee that if the gov't ever decided to use one, the tech community would give that code the best review ever given to code. It would become the most robust, maintained, maintainable, and solid code we have ever seen. On a par with Windows, one might say!! (sorry. tension breaker -- had to be done)
Alas, we sit around and debate whether or not having one hacker try to overrun a buffer is a good thing.
-Mike S.
[ link to this | view in chronology ]
Re: Take a step back...
[ link to this | view in chronology ]
Re: Take a step back...
I agree that this hack attempt is bound for failure.
My problem is that by attacking their testing mechanism instead of the whole concept of proprietary, closed-source voting machines, this red-herring argument becomes effective.
Clearly, placing one hacker in front of a black box and saying 'GO' is just a publicity stunt. It's our responsibility as concerned citizens to recognize that and bring the argument back to the meat. Closed source voting is BAD.
The answer is not to address the hacker or any other means that Diebold will use for testing, but to concentrate on the real issue.
-Mike S.
[ link to this | view in chronology ]
Re: Take a step back...
I think we're saying the same thing. :) My point is that this hack attempt takes away from the real issue, and therefore it's bad. I think you're saying the same thing, but are calling me out for bringing it up in the first place.
[ link to this | view in chronology ]
lol
[ link to this | view in chronology ]
agreed
[ link to this | view in chronology ]
Fact of the Matter
Cisco did this to one of their own employees just a little while ago. Where they contracted a network analyst to break their security and when he did they fired him and had him charged under the DMA and the Patriot act for violating their 'rights'.
[ link to this | view in chronology ]
Re: Fact of the Matter
[ link to this | view in chronology ]
Re: Fact of the Matter
http://www.wired.com/news/technology/0,1282,68435,00.html?tw=wn_story_page_prev2
[ link to this | view in chronology ]
Ever Hear Of Open Source?
Let whoever wants to try to hack it for a small, but worth while reward (be it money or fame).
Upon successfully hacking it give step by step instructions as to how they hacked it to the open source team so they can patch the hole.
Repeat steps 2-3 until no more holes are presently found.
Then implement the new procedure as the standard.
As for the paper trail...
[ link to this | view in chronology ]