Entitled "Source Code Review of the Diebold Voting System", the study was prepared by academics from Princeton University and the University of California, Berkeley. It was part of a "top-to-bottom" review of electronic voting systems commissioned by California Secretary of State Debra Bowen.
The reviewers didn't mince words. The Executive Summary begins:
"Our analysis shows that the technological controls in the Diebold software do not provide sufficient security to guarantee a trustworthy election. The software contains serious design flaws that have led directly to specific vulnerabilities that attackers could exploit to affect election outcomes."The types of vulnerabilities found include:
- Vulnerability to malicious software
- Susceptibility to viruses
- Failure to protect ballot secrecy
- Vulnerability to malicious insiders.
An attacker could install malicious software on voting machines or the election management system, which could alter or miscount votes, possibly altering election results, and could also disable voting machines, potentially inconveniencing or disenfranchising voters.
The machines are susceptible to computer viruses that could spread from machine to machine and to the election management system. An attacker with access to just one voting machine or memory card could potentially propagate malicious software to most, if not all, of a county's voting machines, thus enabling large-scale election fraud.
The electronic and paper records kept by the voting machines could permit precinct workers to discover how individuals voted, a capability which even if never exploited could discourage voter confidence and participation.
The election management system lacks adequate controls to ensure that election workers with access to it do not exceed their authority. Anyone with access to the system could tamper with ballot choices or election results and could also infect the election management system or voting machines with malicious software.
Just before midnight Friday, based upon this report and reviews of other vendors' voting machines that have not yet been released, the California Secretary of State announced decertifications and recertifications with restrictions of all electronic touch-screen voting machines for use in the California 2008 primary election. The New York Times has all the details in the Associated Press story linked below. µL'INQs
New York Times
Plus the cost of ambition as moonshots eat into the coffers
Spoiler alert: it's probably VeriSign
Did we say cuts off? We meant traps them inside their own home