The Inquirer-Home

Diebold voting machines are insecure

And yet this same company builds ATMs
Sat Aug 04 2007, 17:28
THE CALIFORNIA Secretary of State's office has released a report (pdf) that found several categories of major security vulnerabilities in Diebold's electronic touch-screen voting machines.

Entitled "Source Code Review of the Diebold Voting System", the study was prepared by academics from Princeton University and the University of California, Berkeley. It was part of a "top-to-bottom" review of electronic voting systems commissioned by California Secretary of State Debra Bowen.

The reviewers didn't mince words. The Executive Summary begins:

"Our analysis shows that the technological controls in the Diebold software do not provide sufficient security to guarantee a trustworthy election. The software contains serious design flaws that have led directly to specific vulnerabilities that attackers could exploit to affect election outcomes."
The types of vulnerabilities found include:
  • Vulnerability to malicious software

  • Susceptibility to viruses

  • Failure to protect ballot secrecy

  • Vulnerability to malicious insiders.

An attacker could install malicious software on voting machines or the election management system, which could alter or miscount votes, possibly altering election results, and could also disable voting machines, potentially inconveniencing or disenfranchising voters.

The machines are susceptible to computer viruses that could spread from machine to machine and to the election management system. An attacker with access to just one voting machine or memory card could potentially propagate malicious software to most, if not all, of a county's voting machines, thus enabling large-scale election fraud.

The electronic and paper records kept by the voting machines could permit precinct workers to discover how individuals voted, a capability which even if never exploited could discourage voter confidence and participation.

The election management system lacks adequate controls to ensure that election workers with access to it do not exceed their authority. Anyone with access to the system could tamper with ballot choices or election results and could also infect the election management system or voting machines with malicious software.

Just before midnight Friday, based upon this report and reviews of other vendors' voting machines that have not yet been released, the California Secretary of State announced decertifications and recertifications with restrictions of all electronic touch-screen voting machines for use in the California 2008 primary election. The New York Times has all the details in the Associated Press story linked below. µ

PC World
New York Times


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015