Surprise! More Diebold Problems As They Expose Memory Cards To Viruses

from the didn't-see-that-coming dept

Thu, Nov 2nd 2006 11:36am — Mike Masnick

As if there haven't been enough problems with Diebold e-voting equipment (all of which they pretty much brush off or ignore). Ed Felten, who has been pointing out numerous security flaws with Diebold machines has found another one. It turns out that the memory cards that are used to store votes on some of the machines, the same memory cards that Felten showed was susceptible to viruses, are being placed into a variety of laptops that have not been checked to make sure they're free of spyware. Apparently, election workers are expected to put the memory cards into laptops in order to transfer the votes to CD-ROM (and, no I won't even start to get into why you should need to transfer votes to CD-ROM). The laptops in question, though, were either the election workers personal laptops or a bunch that were just "gathered from around the office." How many of those laptops (especially the personal ones) do you think are infected with spyware and viruses? Especially when you consider how many election workers are freaking out over the new machines because they're not at all technically savvy. What kind of e-voting company would think it's somehow "secure" to require people to transfer votes using their personal laptop? In the meantime, of course, we eagerly await Diebold's expected brushing off of this story, complete with insults directed at Felton (as per usual) and some sort of claim about how the whole thing isn't a problem at all due to some bogus "security" procedure they have in place.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

8 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Annoyed, 2 Nov 2006 @ 11:51am

Enough Already
Seriously, I am expecting someone to jump up at some conference and say "Ha ha! Surprise! it's all been a joke! You don't really think we would seriously put these machines on the market, do you?"

Still waiting....
[ link to this | view in thread ]
discojohnson, 2 Nov 2006 @ 12:33pm

why
why the hizzy would the SOP actually be to copy the votes onto a CD? why put one more step in an already problematic process? just mail the memory cards to wherever. additionally, doesn't this mean that now they've archived exactly what i voted? after all, there's no source code showing exactly just what is to be written on these CDs....
[ link to this | view in thread ]
Glurbie, 2 Nov 2006 @ 12:54pm

Whoops!
I hope these "not at all technically savvy" workers don't accidentally erase the memory cards.
[ link to this | view in thread ]
wolff000, 2 Nov 2006 @ 1:32pm

WTH?
I guess if I want to rig the next election I just have to bring my laptop and sign up to work the polls. When it somes time to transfer them to cd, I can be "kind' and transfer all of them to cd myself. Since the other poll workers probably won't know what I'm doing, they won't notice as I switch the real file with one I manufactured. How much more careless could Diebold get short of having a push button option for someone to say who wins the entire election. This has far passed the point of insanity. Diebold should be charged with circumventing the democratic process and all thier CEOs arrested.
[ link to this | view in thread ]
Anonymous Coward, 2 Nov 2006 @ 1:45pm

Anybody that feels like your vote counts and is safe should wake the heck up!!!
[ link to this | view in thread ]
Dosquatch, 2 Nov 2006 @ 3:35pm

This message is infected
How many of those laptops (especially the personal ones) do you think are infected with spyware and viruses?

Based on my experience, probably all of them. I just finished saving a personal machine for a coworker ("It just keeps freezing, can you take a look?") It took 6 hours of scanning, scrubbing, patching, and repeating to clear all of the trojans, keyloggers, backdoors, spambots and spyware that kept tripping over each other. I'm routinely surprised that some of these personal machines boot at all.
[ link to this | view in thread ]
Aaron, 2 Nov 2006 @ 6:22pm

Silly question...
A lot of articles are pointing out the flaws in the diebold voting machines - is anyone covering the people responsible for choosing and integrating the electronic voting machines? Not everyone that works the polls is going to be "tech savvy", but the people responsible for creating the procedures, procurement and operations damn well ought to be.
[ link to this | view in thread ]
eb, 3 Nov 2006 @ 9:25am

Re: Silly question...
Most of the elections people in any state are nearly as clueless as the poll workers. Witness one Maryland county where the smart cards necessary to allow a voter access to the voting machines weren't even distributed until hours after the polls opened. If you have any tech knowledge at all, this is the equivalent of forgetting to get the old-style manual voting machines out of the warehouse. Obvious conclusion is that the elections people really didn't have any idea about how the system functioned overall and are feeling that just distributing the "voting machine" is enough.
[ link to this | view in thread ]