Wednesday, November 10, 2004

More on Diebold 

Here is more on the John Hopkins' study; Dr. Avi Rubin was a part of this study:

The researchers said they uncovered vulnerabilities in the system that could be exploited by an individual or group intent on tampering with election results. In particular, they pointed to the use of a "smart card," containing a tiny computer chip, that each eligible voter receives. The card, inserted into the electronic voting machine, is designed to ensure that each person casts only one ballot. But the researchers believe a voter could hide a specially programmed counterfeit card in a pocket, withdraw it inside the booth and use it to cast multiple votes for a single candidate. "A 15-year-old computer enthusiast could make these counterfeit cards in a garage and sell them," said Avi Rubin, technical director of the Information Security Institute at Johns Hopkins and one of the researchers involved in the study. "Then, even an ordinary voter, without knowing anything about computer code, could cast more than one vote for a candidate at a polling place that uses this electronic voting system."

Dr. Avi Rubin also wrote about his experience as a poll judge on election day:

The night before the election, there was an imbalance. Two judges from the same party had set up the machines alone, and that night, someone from the same party had access to the room where the machines were left unguarded. Why is that a problem? The Diebold Accuvote TS machines were shown to be highly vulnerable to tampering. With physical access to the machines, for example, one could change a few bytes in the ballot definition file and votes for the two major Presidential candidates would be swapped. In that case, none of the procedures we had in place could detect that votes were tallied for the wrong candidates. At the end of the election, we packed up the machines and left them in the same room with the door locked. Any malicious changes that had been made the night before could have been undone then. Each machine had a plastic seal on it, but the seal did not look like something that would be impossible to find. In fact, our supply packet contained a number of extras. This is just an example; there are many other ways someone with unfettered access to the machines could tamper with the election. Clearly it would be easy to make it so that the machines did not work at all, e.g. using a hammer. Such attacks exist regardless of the voting technology. The big difference with DREs is that tampering that is undetectable can change the vote count. Again, let me stress that I do not have any reason whatsoever to believe that my fellow judges did anything untoward. In fact, I believe strongly that they did not. My only point here is to observe that there are vulnerabilities in the system, vulnerabilities that someone could exploit someday and that ought to be eliminated