jeudi 14 septembre 2006

These are the machines YOU may be using to cast your vote this November

The country is full of Diebold ATMs that take your requests for cash withdrawals and spit out money. They accept your deposits, which are then dutifully deposited to your account. You don't even think about it, because these systems are almost 100% bulletproof.

And we're supposed to believe that they can't make a voting machine that's at least tamper-resistant?

Yet it seems they can't:

A Princeton University computer science professor added new fuel Wednesday to claims that electronic voting machines used across much of the country are vulnerable to hacking that could alter vote totals or disable machines.

In a paper posted on the university's Web site, Edward Felten and two graduate students described how they had tested a Diebold AccuVote-TS machine they obtained, found ways to quickly upload malicious programs and even developed a computer virus able to spread such programs between machines.

The marketing director for the machine's maker — Diebold Inc.'s Diebold Election Systems of Allen, Texas — blasted the report, saying Felten ignored newer software and security measures that prevent such hacking.

"I'm concerned by the fact we weren't contacted to educate these people on where our current technology stands," Mark Radke said.

Radke also question why Felten hadn't submitted his paper for peer review, as is commonly done before publishing scientific research.

Felten said he and his colleagues felt it necessary to publish the paper as quickly as possible because of the possible implications for the November midterm elections.

[snip]

Felten and graduate students Ariel Feldman and Alex Halderman found that malicious programs could be placed on the Diebold by accessing the memory card slot and power button, both behind a locked door on the side of the machine. One member of the group was able to pick the lock in 10 seconds, and software could be installed in less than a minute, according to the report.

The researchers say they designed software capable of modifying all records, audit logs and counters kept by the voting machine, ensuring that a careful forensic examination would find nothing wrong.

The programs were able to modify vote totals or cause machines to break down, something that could alter the course of an election if machines were located in crucial polling stations.

It was also possible to design a computer virus to spread malicious programs to multiple machines by piggybacking on a new software download or an election information file being transferred from machine to machine, Felten said.

"I think there are many people out there who have the type of technical ability to carry out the sort of attacks we describe here," he said.

Felten said hacking dangers could be mitigated with better software, more restrictions on access to machines and memory cards, and paper receipts verified by the voter.

Radke said Diebold already has implemented many of those things.


Except that a) there's no assurance that states have implemented any of the so-called fixes on their existing machines, b) as recently as August, the latest versions of Diebold Machines were revealed to be BUILT TO BE EASILY BOOTED FROM ANOTHER DEVICE; and c) Not a week goes by that we Windows users aren't alerted to a new patch. Do you honestly believe that Diebold has fixed ALL the problems?

This is what worries me about the November elections. Every day we see new poll numbers from important races on Daily Kos. But as far as I'm concerned, any race with a single-digit Democratic lead is going to end up Republican when we wake up the morning after Election Day. You heard it here first.

Aucun commentaire:

Enregistrer un commentaire