Posted by Frank James at 5:45 pm CDT
A team of Princeton Universtity computer researchers say they’ve found serious vulnerabilities in an electronic-voting machine made by Diebold Co. which, according to the scientists, leaves the machine open to sabotage that could result in significant voting irregularities.
What’s frightening is that most people wouldn’t even know there were irregularities. A piece of malicious software code inserted into a Diebold AccuVote-TS machine by someone with “criminal” intent, could cause votes for one candidate to be wrongly attributed to another and do it in such a way that election officials would never detect it, the computer experts said.Furthermore, after all was said and done, there wouldn’t even be a trace of the spurious code. It would essentially erase itself.
The researchers Edward Felten, professor of computer science and public affairs, and two Ph.D candidates, Ariel J. Feldman and J. Alex Halderman — somehow got their hands on a Diebold machine in order to do their research.
I don’t know if the machine they used is identical to those Diebold sold to election officials around the nation. The researchers say that the machines are poised to be used in 357 counties that represent nearly 10 percent of the nation’s registered voters.
I also don’t know if Diebold has fixed the problem or is aware of the Princeton group’s study. I placed a call to a Diebold spokesperson but haven’t heard back yet.
There have been repeated questions about the security of electronic voting machines and this latest study is sure to add to the alarms that have been raised about them.
Here’s a key passage from the report:
Main Findings The main findings of our study are:
1. Malicious software running on a single voting machine can steal votes with little if any risk of detection.
The malicious software can modify all of the records, audit logs, and counters kept by the voting
machine, so that even careful forensic examination of these records will find nothing amiss. We have
constructed demonstration software that carries out this vote-stealing attack.
2. Anyone who has physical access to a voting machine, or to a memory card that will later be inserted
into a machine, can install said malicious software using a simple method that takes as little as one
minute. In practice, poll workers and others often have unsupervised access to the machines.
3. AccuVote-TS machines are susceptible to voting-machine viruses—computer viruses that can spread
malicious software automatically and invisibly from machine to machine during normal pre- and postelection activity. We have constructed a demonstration virus that spreads in this way, installing our
demonstration vote-stealing program on every machine it infects.
4. While some of these problems can be eliminated by improving Diebold’s software, others cannot be
remedied without replacing the machines’ hardware. Changes to election procedures would also be
required to ensure security.
The details of our analysis appear below, in the main body of this paper.
Given our findings, we believe urgent action is needed to address these problems. We discuss potential
mitigation strategies in more detail below in Section 5.
The machine we obtained came loaded with version 4.3.15 of the Diebold BallotStation software that
runs the machine during an election.1 This version was deployed in 2002 and certified by the National
Association of State Election Directors (NASED) [11]. While some of the problems we identify in this
report may have been remedied in subsequent software releases (current versions are in the 4.6 series),
others are architectural in nature and cannot easily be repaired by software changes. In any case, subsequent versions of the software should be assumed insecure until fully independent examination proves otherwise.
Though we studied a specific voting technology, we expect that a similar study of another DRE system,
whether from Diebold or another vendor, would raise similar concerns about malicious code injection attacks and other problems.
The researchers also provide a video presentation that explains the problems they found. And they do it with a sense of humor; in the video demonstration two candidates–George Washington and Benedict Arnold, the famous traitor–are pitted against other in a fantasy election.
Because of the electronic chicanery, Arnold wins.
