The Open Voting Foundation has sent out a new release discussing the ease in which a voting machine can be hacked. This wil be big news all week I suspect. Below is the press release in its entirety.

SACRAMENTO, CALIFORNIA — “This may be the worst security flaw we have seen in touch screen voting machines,” says Open Voting Foundation president, Alan Dechert. Upon examining the inner workings of one of the most popular paperless touch screen voting machines used in public elections in the United States, it has been determined that with the flip of a single switch inside, the machine can behave in a completely different manner compared to the tested and certified version.

“Diebold has made the testing and certification process practically irrelevant,” according to Dechert. “If you have access to these machines and you want to rig an election, anything is possible with the Diebold TS — and it could be done without leaving a trace. All you need is a screwdriver.” This model does not produce a voter verified paper trail so there is no way to check if the voter’s choices are accurately reflected in the tabulation.

Open Voting Foundation is releasing 22 high-resolution close up pictures of the system. This picture, in particular, shows a “BOOT AREA CONFIGURATION” chart painted on the system board.

The most serious issue is the ability to choose between “EPROM” and “FLASH” boot configurations. Both of these memory sources are present. All of the switches in question (JP2, JP3, JP8, SW2 and SW4) are physically present on the board. It is clear that this system can ship with live boot profiles in two locations, and switching back and forth could change literally everything regarding how the machine works and counts votes. This could be done before or after the so-called “Logic And Accuracy Tests”.

A third possible profile could be field-added in minutes and selected in the “external flash” memory location, the interface for which is present on the motherboard.

This is not a minor variation from the previously documented attack point on the newer Diebold TSx. To its credit, the TSx can only contain one boot profile at a time. Diebold has ensured that it is extremely difficult to confirm what code is in a TSx (or TS) at any one time but it is at least theoretically possible to do so. But in the TS, a completely legal and certified set of files can be instantly overridden and illegal uncertified code be made dominant in the system, and then this situation can be reversed leaving the legal code dominant again in a matter of minutes.

“These findings underscore the need for open testing and certification. There is no way such a security vulnerability should be allowed. These systems should be recalled”



  1. John Paradox says:

    Great. Pima County has a meeting this Friday to OK these machines.

    (though intended only for handicapped, does anyone think there won’t be an expansion?)

    J/P=?

  2. Smartalix says:

    We need to stop this right now. Unverifiable elections are bad for both sides.

  3. @$tr0Gh0$t says:

    This is nothing, in Venezuela the computerised voting machines have modems which enable the government to modify the data contained within the machine to provide the results it wants.
    Another thing the machine does is record the order of how the votes were done. When you combine this data to the computerised finger print readers you could tell how each person voted eliminating the right to secrecy in your vote.
    This was a big issue during the last election which prompted most people not to vote despite the fact that the finger print readers were banned from the election.
    This is a wonderful situation for any goverment wishing to implement this system because it promotes apathy and guarantees the continuation of those in power.
    I’m quite sure that many governments see the situation in Venezuela with envious eyes. 🙁
    Here is a link to a video you might find interesting
    http://vcrisis.com/public/smartmatic_fiasco.asf
    Smartmatic is the company that makes the software for those machines and they have been used in the U.S.
    Another link you might like is
    http://answers.google.com/answers/threadview?id=589189

  4. Shane B says:

    Isn’t kind of a nothing story? We’ve always know once you have physical access to a machine you can pretty much do anything if you’re clever enough.

  5. chris says:

    At least you still talk about it john…

    The republicians will not talk about it since they did it.

    The dems cant or it sounds like whining.

  6. @$tr0Gh0$t says:

    Mr. Dvorak has stated several times that he is Republican, he just does not vote for Republicans.

  7. Allen McDonald, El Galloviejo® says:

    #3 (@$tr0Gh0$t) –

    ¡ U are full of @$tr0Gh0$t !

    Allen McDonald, El Galloviejo®

  8. Sounds the Alarm says:

    Guess who the majority owner of Diebold supports?

    Can you say Republican?

  9. moss says:

    What a bullshit whine about the machines used in Venezuela.

    The Olivetti machines used — from their distributor in Floriduh, btw — also printed out a paper receipt to verify the ballot. The bloody modems were used to get the raw data in to report to the public. But, every voter had proof of their vote on-the-spot.

    It doesn’t matter which side you’re on in politics — that doesn’t justify lying about the technology. Those Olivetti machines are used all over the world. Their built-in validation is the reason most electoral bodies choose them.

    And voter turnout in their last election was down a whole .8% — whoop-de-doo for the boycott.

  10. James Hill says:

    If anyone wants to join the Vast Right Wing Conspiracy, we’re having a membership drive.

  11. @$tr0Gh0$t says:

    Moss, the Oliveti machine is used as a lottery device, it was never intended for voting processes. The modem allows for the modification of the data the would be displayed in the final report, the ballot boxes were not opened to count the votes.
    Can you be more specific as to were in the world the machine is used for voting purposes?

  12. Awake says:

    You have to outright question the real motives of anyone, from any party, that wants to limit verifiability.
    There must be a readily readable and permanent record of each vote, even if it’s just for trust of the system. It would be a very simple thing to have the paper tapes read independently as a cross check of the system’s functionality, even if fraud is not suspected.

    Why would anyone not want verifiability? Because they don’t actually believe in Democracy.

  13. moss says:

    Why are self-convinced neo-cons too lazy to Google anything beyond Fox Snooze?

    It’s been a year or so since I read any details about the Olivetti voting machines — including the outright lies about only being lottery machines. I’ve been involved with Olivetti products back to before they built PC’s.

    So — just now — I Googled “olivetti voting machines venezuela” and this was the first hit:

    http://www.venezuelanalysis.com/articles.php?artno=1197

    Now, you can go back to whining that the source can’t be trusted because they don’t agree with your politics.

  14. moss says:

    Meanwhile, I have to get back to dealing my own local incompetent election officials who aren’t even up to the Diebold machine.

  15. @$tr0Gh0$t says:

    I didn’t like the fact of standing in line for 11 hour to vote for the recall. After that if you went to vote you were giving your support for a flawed voting system and if you didn’t vote you gave support to the current regime by not representing yourself. Screwed either way.
    By the way, the source of information for the Olivetti machine is 2 years old and provided by the goverment, I saw that program on TV too when it was broadcast. It means nothing.

  16. moss says:

    Reality means nothing to True Believers.

    Sorry, guys, only one GOOGLE lesson per day. 🙂

  17. Rob says:

    You know, I have always wondered why we couple the ts voting machine with the reporting engine. Seems to me it would be much more secure to vote on a ts voting machine, and have a print out, that you would take to an electronic counter. Before you would be allowed to put it in the counter the voting administrator would ask you to look at your sheet and verify your choices on the sheet are the ones you made. After that you would be allowed to put it in the counter. That way you have the ease of electronic voting with the security of a paper trail.

  18. ab cd says:

    Thats how some places do it Rob. The entire Diebold is just people thinking technology will solve everything. They also want internet voting. Paper ballot would work just fine. How many votes even get cast in a particular precinct? You could probably count by hand.

  19. ab cd says:

    Strange how Democrats/liberals/progressives wanted to open up elections, so they made it easier to get on the ballot, which led to 10 candidates in Florida, which led to a butterfly ballot, which led to the recount mess. Then after that, Democrats/liberals/progressives whined about the voting procedures, and you ended up with computer voting. Yet for some reason, Democrats everywhere start objecting when you demand an ID to vote.

  20. joshua says:

    I’ll cover all the bases here.

    I firmly believe in positive ID to vote. Say who you are and prove it. They should be nothing more than a picture with address to match against the voter rolls. Stop the phoney arguement that this discriminates against the poor, the blind or whatever. If they are free, there is no reason any voter can’t have one.

    Next, use paper verification of the touch screen. This county only uses them now and it works great. Even Diebolt makes them, but the free ones from the Feds are the cheaper non-paper verification models. So if you opt for the paper trail, you have to pay. This county did.(Santa Clara, Ca.)

    No internet voting. Get off your asses and go vote. My God, if the Veterns Administration and half the data collecting companies in the world can be hacked, what makes you think some 15 y/o undersexed geek with pimples in Bloody Harp Seal, Nove Scotia decides he’s bored so he wants to decide who becomes President and hacks the databases for the voting, won’t do just that. This is a Geek site…..think about that one.

    Good old fashioned paper ballots, marked by indelible ink is the best. Slow….you bet, but accurate.

  21. Mr. H. Fusion says:

    Moss, there are these things called urban legends. Most of us are familiar with them. A newer, subset phenomena, is the Rovian Legend. originally invented by Hiendrich Himmler, it was perfected by Karl Rove. The basic premise is, tell a lie enough times and it becomes true. So true in fact, that it becomes impossible to prove any contrary proof. They never have any facts, other then what they get from Rovian Legend propoganda sources. Leading Rovian Legend disseminators include such uninformed people like Rush Limbaugh, Ann Coulture, and Bill O’Rielly.

  22. Peter_M says:

    Have they ever heard of Open Source software on a commom, off thshelf hardware so the hardware can be “Open Source” as well as the software. Would be very easy to audit and improve instead of… well, instead of this mess!

  23. Mr. H. Fusion says:

    #26, Mr. Fusion: I can show you some graves that can vouch for you urban legend. Whenever you feel like looking at them, let me know.

    So are these graves evidence that Diebold machines are hackable? Geeze, those bastards !!!

    By your measure, those claimings that the holocaust never existed are true since it, was just another urban legend.
    Comment by pedro — 8/2/2006 @ 7:19 pm

    I was unaware that the holocaust was an urban legend. If you claim it is then that only serves to illustrate the Rovian Legend phenomena. You say it enough times and you believe it.


0

Bad Behavior has blocked 5023 access attempts in the last 7 days.