diebold
Latest
Florida Diebold machines help you pick the right candidate
Apparently Diebold's problems aren't limited to Maryland, Georgia or Alaska -- what a shocker. Down in the Sunshine State, during a week of early voting before next week's nationwide midterm election, certain Diebold machines have been registering some votes for Democrats as selections for the Republican candidate. For instance, Gary Rudolf, a voter at a polling site near Ft. Lauderdale, tried to vote for gubernatorial candidate Jim Davis (D); however, when the Diebold machine gave him the final review screen, it showed his vote was about to be cast for Charlie Crist (R). The problem took three tries to get resolved with the help of a local poll worker. Mary Cooney, a Broward County Supervisor of Elections spokeswoman, informed The Miami Herald that it's "not uncommon for screens on heavily used machines to slip out of sync, making votes register incorrectly. Poll workers are trained to recalibrate them on the spot -- essentially, to realign the video screen with the electronics inside. The 15-step process is outlined in the poll-workers manual." Huh? How exactly does a computer -- one that is being used heavily for one day a year, and not a $100 PDA -- "slip out of sync" ? Further, no one in Broward County is even sure how large of a problem this is "because there's no process for poll workers to quickly report minor issues, and no central database of machine problems." Is it any wonder that major candidates are urging voters to vote the analog old-fashioned way?[Via digg]
Diebold secretly "fixed" glitches in 2005, yet problems persist
Diebold's had so many problems recently that we're not even entirely sure which problem this latest "solution" was supposed to fix -- nor if it actually ended up causing even more headaches. It came out earlier this week that Diebold acknowledged quietly "fixing" 4,700 voting machines across four Maryland counties in 2005: Allegany, Dorchester, Montgomery and Prince George's. The problem was that sometimes the voting machines lock up, or as The Washington Post puts it "The screen freezes do not cause votes to be lost, officials said, but they confuse voters and election judges who sometimes wonder whether votes cast on a frozen machine will be counted." The newspaper continues, saying: "Critics said it raises concerns about whether the state and company officials have kept the public adequately informed about problems with a system that cost taxpayers $106 million." Um, yeah. If you're say, a state government and you've just spent over $100 million to buy voting equipment that allegedly improves our previous archaic system of paper voting, you might want to make damn sure that it actually does the job, and that you know what's going on at every step of the way. Now, this new problem/solution apparently is unrelated to that other vexatious problem involving unpredictable reboots. So, despite Diebold's assurances that all problems have been taken care of, the Post adds: "Even so, the two leading candidates for governor -- Gov. Robert L. Ehrlich Jr. (R) and Baltimore Mayor Martin O'Malley (D) -- have called on voters to use absentee ballots in the election, citing uncertainties about the reliability of Maryland's system." That's just great.[Via The Associated Press]
Ex-delegate gets Diebold voting code in mail
With all the recent blunders and whistleblower interviews about the Diebold electronic voting fiasco, it would have been easy to believe that it couldn't get any worse for Diebold Systems. That's probably what Cheryl C. Kagan, an ex-Democratic delegate and an outspoken critic of Maryland's election chief, thought before she received a parcel containing the code that ran Maryland's electronic voting machines in the 2004 election, along with a note calling for her to "alert the media." Although Diebold Election Systems claims that the code is old and does not infringe the security of the current up-to-date system, the fact that it was sent at all exposes a fundamental security flaw in Diebold System's supposed "glitch-free" setup. The only viable solution to all this -- which would make voters happy and give Diebold Systems *some* credibility -- is if the code is released in an open source form. Even though we'd like to believe that the current version of Diebold's voting code (4.6) is more secure that the leaked code (4.3.15c), the litany of security failures on Diebold's part gives us little reason to trust them.
Dutch government orders reforms in response to hacked voting machines
Even though the issue of electronic voting security has yet to be taken seriously in the United States (we're looking at you, Diebold), the Dutch government appears to be very concerned about the shenanigans that hackers recently pulled with one of Nedap/Groenendaal's old-school machines, and has taken several steps to ensure that the equipment is as hack-proof as possible prior to the November 22nd national elections. According to a translated article on the site Nu.nl, officials have ordered Nedap to double-check every single terminal, replace all of the weak software, and install unflashable firmware so that the simple "Diebold memory hack" can't be replicated in the Netherlands. Furthermore, all of the machines will be retrofitted with an iron seal that will presumably prevent unnoticeable access to their innards, and two additional independent checks will be performed to add another layer of redundancy: a certification institute will make sure that Nedap has performed all of the necessary upgrades, and the machines will be spot-checked for accuracy once again on election day. Finally, the Dutch intelligence service AIVD will reportedly look into the RF emissions that enable snoopers to wirelessly establish a vote tally, although it doesn't sound like the inquiry will have any immediate effect on this gaping security hole. Despite these changes and increased oversight, though, it seems that the voting group responsible for the original hacks is still not confident that all of the problems have been solved; we certainly see their point, however, we'd suggest that a government that at least acknowledges and makes moves to alleviate these serious concerns is already far more progressive than one that seems to be waiting around for an e-voting "Enron" before taking the initiative to sort out this significant threat to the democratic process.[Via Slashdot]
Dutch voting machines hacked to play chess
With as much fuss as we raise over the myriad of Diebold security and stability failures, it looks like we've got it pretty good in the States when compared to the e-voting methods of the Dutch. Their ES3B voting system is based on circa-1980's computing hardware, which seems to be rather lacking in the areas of physical and software security. A few hackers got a hold of a unit and essentially had their way with the machine. Their first order of business was installing a chess program, since Jan Groenendaal of the Nedap/Groenendaal company -- which manufactures the machines -- had responded to the hackers' claims of it being possible with a smarmy "I'd like to see that demonstrated." After they got bored playing chess against a weak sauce 68000 processor with 16KB of RAM, they installed their own "PowerFraud" app to demonstrate methods for generating phony election results, and then went on to do some RF reading that helped them discover ways to wirelessly detect which votes were being registered on the machines by spotting "spurious emissions" from the computer display whenever it gets refreshed. The hackers responsible were kind enough to recommend fixes for most of their hacks, but we would think a bit of a technology refresh could help these Nedap/Groenendaal guys immensely. Or maybe Diebold can give them a ring once they're done botching our elections and they can all work together to further their respective nefarious and democracy-ending aims.[Via Hack-A-Day]
Diebold sez "glitch-free," just don't touch those touchscreens
We're still struggling to see how Diebold can't manage to build a simple bit of voting software that works on their own hardware in this day and age of Doom-running iPods, but it seems they've managed to screw things up again. Apparently Diebold has gotten the machines to work relatively well together, but only when using a mouse. If the touchscreen is tapped, the machine loses contact with its peers. Diebold is touting this mouse thing as a fix, and is offering to provide 5,500 mice for their e-poll books if state officials in Maryland give the go-ahead. Unfortunately, during a recent mock election, a poll-worker tapped the touchscreen despite repeated warnings to the contrary, and screwed up the system, requiring a reboot which took 30 seconds. Critics say this fault could allow some voters to vote twice, because if the machine loses contact with its fellows when the voter checks in, their voting status might not be registered. The use of the machines is still up in the air, with state elections chief Linda H. Lamone stating confusingly yesterday: "I want to wait and rather not say today what we're going to do." Diebold is still trying to fix the touchscreen problem, but we're really not holding our breath.[Via Techdirt]
Diebold makes its e-poll book software "glitch-free"
Ah, Diebold, our favorite democracy-threatening, gadget-making punching bag. Earlier this week, Diebold showed off a software fix to Maryland election officials of the company's new "e-poll books," a device to keep track of voter records and registration. The e-poll books previously had been marred by a glitch that caused machines in every precinct to freeze and reboot during the recent Maryland primaries, reports The Washington Post. However, there still remain two big problems that Diebold is mystified at: "why some units failed to communicate properly with one another, and why some access cards -- which voters receive after checking in and must insert into a voting machine -- 'did not encode.'" Yeah, that would be a problem, considering that these machines are crucial in, we dunno, the very foundation of our democracy. Also, for the record, Diebold says that its other voting machines "worked well," which in Diebold-speak means glitch-free but with the usual shoddy security.
Rolling Stone interviews a Diebold whistleblower
In what is perhaps the most astonishing turn of events in the ongoing Diebold fiasco, a new article in the latest issue of Rolling Stone -- with extensive information direct from a named former company consultant -- makes one of the most damning cases against the embattled company. The article weaves an elaborate tale of how Diebold had at the very least some extremely skeezy deals signed in 2002 with the state of Georgia, which allowed Diebold to replace all existing voting equipment, and to speed things up by the fall election: "The company was authorized to put together ballots, program machines and train poll workers across the state - all without any official supervision." As if that weren't enough, days before the primaries, the president of Diebold's election unit, Bob Urosevich, personally distributed a patch to the elections software. The article goes on: "Georgia law mandates that any change made in voting machines be certified by the state. But thanks to Cox's [Georgia's Secretary of State] agreement with Diebold, the company was essentially allowed to certify itself." Before the election, the two Democratic candidates in the two major races (for one Senate seat and the state governorship) had been ahead in the polls, and on Election Day, Republicans won the two races by a slim margin -- and given that no paper trail exists there is no way to prove or disprove that the election wasn't tampered with in some way. And you wonder why we continue to insist on paper ballots for the time being?
Open your Diebold AccuVote-TS with a minibar key
Remember those guys from Princeton who recently dissected a Diebold voting machine and wrote a serious academic paper laying the smack downon our favorite shady e-voting company? The plot thickens with those Jersey brainiacs: after giving a presentation to some computer science colleagues last week, Prof. Ed Felten was approached by Chris Tengi, a member of the department's technical staff, who pointed out that the key that opens the AccuVote-TS voting machine is very similar to a key that he has at home. Tengi's key opened the voting machine, and upon further investigation, the Princeton posse discovered that both keys are actually a common office furniture type used for hotel minibars, electronic equipment and jukeboxes. Furthermore, said keys can easily be bought on eBay or from various online retailers. So, all you need to hack Diebold's crackerjack security is to spend a little cash on these keys, bring 'em to your next local election along with a cheap-o flash drive, and you can easily open the lock that houses that Diebold memory card while you're in the voting booth -- good times, hey? If your locality uses these machines, you may want to write your Congressional representative and your county authorities to alert them to this, erm, "feature" -- better yet, buy them one of these keys and send it along with your letter, inviting them to test it out for themselves![Via Boing Boing]
Researchers show Diebold voting machines unsecure, citizens shocked
We're all for hacking stuff, generally, but hacking democracy for malicious purposes is just plain uncool. While no one's definitively proven that such a scenario has ever actually happened in real elections, vote-hacking remains a distinct possibility, given the state of our electronic voting equipment. If you were unconvinced the last time we covered this, of just how shoddy these Diebold voting machines are, here's another arrow in our quiver: Princeton University researchers have taken apart a Diebold machine, examined it from every angle, written a new paper on its flaws and have come to the following conclusions: 1) Malicious code "can steal votes with little if any risk of detection." 2) Said code can be installed in one minute or less. 3) The Dieblod machines run Windows CE 3.0 -- so, they're susceptible to viruses. 4) Some problems would require the entire replacing of hardware, yet another security risk. Still though, we would love to see a debate between the two candidates in this fictitious election: George Washington and Benedict Arnold.[Via Boing Boing]
Diebold Voting Machine hacked in four minutes flat
It's an old adage in politics that you need truckloads of money to get elected. Apparently you can now buy an election for what you'd spend in a few days on cups of coffee. Black Box Voting found that given $12 in tools, four minutes, and a little determination, you can access a Diebold voting machine's memory card, remove and replace it without a trace. This new development really isn't all that surprising given that it's been shown that these machines can be hacked in more than one way, even by monkeys. Concerned citizens, just switch to absentee paper ballots from now on -- it may be low-tech, but it's a hell of a lot more secure going the "old-fashioned" way.[Via Slashdot]
Diebold machines fail in Alaska primary
When you hear the words "electronic voting machines" and "problems" in the same sentence, you don't have to be a rocket scientist to infer that our old friend Diebold is somehow involved. The latest chapter in the company's woeful history of security lapses and tampering accusations comes courtesy of Tuesday's primary election in the great state of Alaska, where several of Diebold's "high-tech" touchscreen units were unable to use their dial-up modems to upload voting results to the Division of Elections' central servers due to an inability to pick up dial-tones and "other problems." Apparently thirteen total precincts experienced the issues, forcing election workers to toil into the wee morning hours manually uploading their data and getting it to sync with the overall numbers. The Director of Elections, Whitney Brewster, attempted to reassure voters that the integrity of the process had not been compromised by pointing out that "just because they're not being uploaded doesn't mean they're not being recorded accurately." That's probably true, but with all the scrutiny and negative publicity surrounding the company, it's going to be hard to convince some folks that any election involving Diebolds's products is ever on the level.[Via Slashdot]
More security woes for Diebold
It's no secret that Diebold's electronic voting gear is, um, a little lax in the security department, and now a non-profit group known as the Open Voting Foundation has found "what may be the worst security flaw we have [ever] seen in touch screen voting machines" in the company's older TS model. Apparently these devices -- which produce no paper record of voters' choices -- contain a switch on the internal motherboard (pictured above, with handy onboard instructions) that would allow nefarious hackers to toggle between the two pre-installed boot profiles and "change literally everything regarding how the machine works and counts votes." Even worse, the board also sports a slot for external flash memory from which a third profile could be "field-added in minutes," allowing unsavory characters to overwrite certified files with their own data before switching the machine back to its unaltered state -- with no one the wiser. It looks like Diebold has two options for addressing this nagging problem: either they can open up their machines and source code to a thorough external audit and adopt the resulting suggestions (unlikely), or they can take the simpler route and just get their friends in Washington make it illegal for rabble-rousers like the Open Voting Foundation to play with their toys.[Via The Register]
