Security holes found by Princeton in Diebold vote machine tests …

The BRAD BLOG : Diebold’s Response to Princeton Report ‘Dodges’ Issues, Says Computer Scientist Doug Jones

The Brad Blog has been running a lot on this story recently … check them out for more up to date info on whats happening, but I wrote generally on these issues last month after a article (for the record, Brad Friedman has also published a salon piece on this) and I wanted to follow up with things here after I read this.

Clearly, this sort of test shows us that there are security issues with these machines.  Diebold’s protestations that all necessary safeguards are in place are simply not acceptable here … Its been clearly demonstrated that a virus can be inserted very easily.

One of the points I tried to make in my previous post on this is that technical solutions are very difficult to achieve here, and the easiest way to solve these problems is through transparency.  If Diebold source code were open-source, then it would be easy to verify the security measures they do have, and while hackers would have access to the inner security workings, so would everyone else.  But even more important than open-source, in this case, is the notion of a paper trail.

The point of the Princeton virus was to show how easy it is to get into the system, and flip votes, as well as to get itself copied onto other machines to do the same thing.  The reason that’s such a HUGE issue right now is that there is now way to tell when such a thing has happened, short of finding the malicious code.  But if the system had a default paper trail, that was checked even 10% of the time, such viruses would be, while still technically feasible, totally useless in the real world, as the vote-flipping result would be EASY to see from a comparison of paper trails to vote records in the system.

You don’t always need a technical solution to a technical problem.  The reason, at least in part, that this successful virus is so alarming is that there isn’t really anyway to detect a machine that has the viral code inserted, without some true record of the voter’s original choice.  Without the voter-verified paper trail, its VERY easy to change digits in a database with little or no tracks … it is by verifying the voter’s intention independently that we ensure integrity in the data.  If someone who wants to throw an election knows there is no way to verify the results against the voter’s true intention, then there is nothing to stop them from inserting the code.  But as soon as the evidence of that crime is generated on every vote, the potential thief will think much linger and harder.  Right now, a voting machine tamperer has to be caught in the act, essentially, in order to be caught, and that’s why this virus issue is so important … with a paper trail in place, the results of a virus like this one would be obvious to anyone who checked, and anyone inserting the virus would KNOW they could be checked.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: