Misplaced Concern Over Diebold Hack Tests
from the you're-concerned-about-what-now? dept
On Friday we noted our general horror at the fact that Diebold representatives responded with inappropriate jokes about the fact that the company's voting machines were easily hacked to provide incorrect results. Given the company's history, however, it probably wasn't that surprising. What's even more horrifying, though, is the reaction of certain politicians to this news. While Florida Governor Jeb Bush has now said that the state needs to review how it certifies voting machines, this bit of very positive news comes with the odd response by Florida's acting Secretary of State. Instead of noting concern about the easily hacked machines, David Mann claimed his main concern was with the election official who let the hack test proceed. His "concern" seems to be that this test may have exposed information that shouldn't have gotten out. Apparently, he believes that security through obscurity is the best way to protect the integrity of our elections, rather than actually making sure our voting equipment is safe and accurate.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Security
[ link to this | view in chronology ]
Re: Security
[ link to this | view in chronology ]
Re: Security
[ link to this | view in chronology ]
Re: Security
[ link to this | view in chronology ]
Re: Security
And the location of a political rant that nobody here cares one way or the other about.
[ link to this | view in chronology ]
Re: Security
[ link to this | view in chronology ]
Re: Security
Once you understand that, it is clear that exposing ANY opening through which these machines can be tampered with as widely as possible is of paramount importance. So long as we allow riggable machines (unlike the tried and true lever systems - errors, yes, wholesale rigging, no) to be used in our elections we are forsaking the democractic process.
[ link to this | view in chronology ]
Re: Security
In the gaming machines I worked on all data was stored to triply redundant, battery backed up SRAM. They operate 24x7. Power failures, intetional resets, resets due to static shock or brownounts have no effect on them. During acceptance testing some states cycle power at random intervals while the game is in an "auto-play" mode. The test runs for several days. If the accounting is off by so much as a penny during that testing, it fails.
When Diebold and other companies say that it can't be done they are either surprisingly ignorant or else they are lying through their teeth. It can be done, it has been done for well over a decade.
Americans consider their money at least as important as their elections. Who would play the slots in Vegas if they thought they might be getting cheated electronically? Yet they're almost all computer driven now.
[ link to this | view in chronology ]
Casino Security
[ link to this | view in chronology ]
Re: Casino Security
[ link to this | view in chronology ]
Re: Casino Security
[ link to this | view in chronology ]
Re: Casino Security
Putting source code in escrow and submitting copies of it to independent labs for review and testing is sufficient.
Unless of course some open source worshippers start an "OpenVoting" software and hardware project. Then you can see it on the internet and find and fix bugs in it just like you can do with gcc. (that would be sarcasm at it's finest you're reading there)
[ link to this | view in chronology ]
Re: Security
What I find scary is that most of the people who comment on these rarel ask themselves WHY Diebold (or anyone else) is fighting/lying so hard against all this when we KNOW its possible.
I cannot find ANY good and reasonable reason...but plenty of nefarious ones.
Its easy to throw an election and be subtle about it when you control the counts.
[ link to this | view in chronology ]
Re: Security
[ link to this | view in chronology ]
Re: Security
An inside job cannot cover up a manual recount if the user has a paper copy (on watermarked security paper of course) of their vote.
that's also sort of comparing apples to oranges - rigging the outcome of one individual's "game" (vote) is not the same as rigging the outcome of everyone's game/vote - which is the danger in a voting machine.
[ link to this | view in chronology ]
Re: Security
[ link to this | view in chronology ]
Re: Security
I think everyone must accept that fraud will occur. That is the assumption that casinos and lotteries make. So the effort should be on detecting it before it costs anything. I don't think it's a good idea to throw out the whole goal of fraud-proof voting because fraud will be attempted.
There have been many gaffs put into gaming machines over the years, and many hardware bugs. I know of cases where hardware could be affected by using a cell phone or radio in close proximity to the machine. That was detected and fixed in very short order. In the old mechanical slot days there were people out there so dedicated to ripping off a single machine that they'd sit for hours playing a machine - with a drill bit held in their fingers, slowly making a hole in the side of the machine through which they could insert a wire to try and stop or manipulate the reels to a winning combination. There are even cleaning people who worked at casinos (they traded those jobs for full-time license plate stamping jobs) who discovered they could insert a thin vaccum cleaner extension into a ventilation slot and suck quarters out of the coin buckets. In the first case - who cares if they used some trick to "rig" their own vote? In the other cases the fraud was detected by the accounting system. The paper trail said x coins went in, the actual counts of coins said y coins went in.
[ link to this | view in chronology ]
Re: Security
Except that the voter should never be allowed to leave the premises with a copy of his receipt. This is to guard against "rubberhose" vote fixing - if I have nothing that shows which way I voted after leaving, I can tell my extortionist that I voted however he wanted. If it's even an option for me to keep my record, Guido from the Election Subcommitte can assume that no record is the same as voting wrong.
[ link to this | view in chronology ]
Re: Security
Just like a lottery ticket, the paper bears a watermark that proves which roll of paper it came from. In lottery terminals each roll of paper has a unique id embedded in it. When someone claims a high tier win, the lottery confirms that the tranaction id printed on the ticket matches the one that was sent by the host computer. They then confirm that the identification embedded in the ticket paper itself matches the one that was installed in that machine.
Even if someone had the technology to fake the watermark, it would require at least a three pronged attack in order to rig an election. They'd have to gain physical access to the device, they'd have to figure out how to fake out the communication protocol so that the host and they'd have to fake the ticket - as well as fudge the records of which roll of paper was installed.
If they're that good that they could round up all thoe specialists required, keep them quiet and get away with it without anyone discovering it - then they deserve to win the election just based on organizational skills.
[ link to this | view in chronology ]
Re: Security
That is - what each machine generated a number of fake votes that could be traced back to the machine that generated them.
The central system then filters out the fake votes as they come in.
If someone hacks the voting machines - they'll be as likely to alter the fake votes as the real ones - and that would be detected.
[ link to this | view in chronology ]
Re: Security
See the bit about Claude Shannon's information theory at http://en.wikipedia.org/wiki/Information_theory
[ link to this | view in chronology ]
Re: Security
[ link to this | view in chronology ]
Misplaced Attention
Finally, the concern here expressed is also misplaced in that in any major election thousands of these machines are used. So one would have to modify perhaps dozens of machines to make any real difference or the vote counts in a precinct would outnumber the voters who live in the area.
If you want a real case study in vote fraud come to Chicago. We offer PhD's on the subject.
[ link to this | view in chronology ]
No Subject Given
[ link to this | view in chronology ]
Voting Fraud
[ link to this | view in chronology ]
Security
The Diebold machines have some serious problems! One of which is that the makers do not want to allow others(the trusted parties refered to above) to look at the source code of the machines. But that doesn't mean that they should publish that info on the net. The info/source code needs to remain protected and confidential.
Someone above mentioned the casino machines as examples of hackproof machines. Well, that isn't really true. They have been hacked/broken in the past. A large part of the security of the casino machines is that the info on how they work is not published. It is kept secret and only looked at by trusted parties. In the case of the casino machines, though the info isn't published, the state officials and experts are allowed to review the code and machinery. That should be the model to follow in the case of the Diebold machines.
[ link to this | view in chronology ]
Re: Security
Same thing with communication protocols. Those protocols are well documented because no casino wants to be held hostage to a single game supplier. Any machines they buy must be able to talk to their accounting system, regardless of manufacturer. Each manufacturer gets a protocol manual from whoever supplies the central control system and their implementation has to conform to that.
So at least those two aspects are well known - the documentation may only be released under NDA but there are hundreds if not thousands of engineers who have access to that documentation.
Actually - I that might be a better approach. Instead of a single vendor making the machines and control system, why not have third parties manufacture the machines - that way they have a financial/business incentive to make sure they're hack-proof. If you can buy the machines from five companies but one of them is known to have been hacked, they'll find them harder to sell.
[ link to this | view in chronology ]
Re: Security
Additionally, the point of the exploit is that it could be pre-programmed before the voting site is ever set by company insiders, and be undetectable.
[ link to this | view in chronology ]