Diebold in the news on the eve of a November Election
Welcome to the Korporatist Republik der Amerika. Where votes represent the vote of the only people that count.
Diebold in the news on the eve of a November Election
So why do Democrats and Greens still believe that the "electorial process" somehow represents the "voice of the people"?
current Diebold stuff in the news:
WASH POST: DIEBOLD TOUCHSCREEN SOURCE CODE DISCOVERED STOLEN IN MARYLAND!
ALSO: State Report Finds Sensitive Voter Registration Database Vulnerable to 'Across-the-Board Access'
Diebold, State Election Director Lamone Continue State of Denial...
Guest Blogged by John Gideon (with additional snark provided by Brad Friedman)
The Washington Post is reporting in Friday editions that the FBI is investigating the "possible theft" of Diebold electronic touch-screen voting system source code in Maryland.
While the Maryland State Board of Elections admits that the disks contained "the software... used in Maryland in the 2004 elections," Diebold denies everything. Of course. They gave their catch-all apologia — the software is for "versions... that are no longer in use in Maryland" — although they were forced to acknowledge "the version of one program apparently stored on the disks is still in use in 'a limited number of jurisdictions.'"
The disks feature logos from Ciber Inc. and Wyle Labratories, Inc., two labs that test voting machines and software (sort of) for Diebold. Both firms deny the disks are theirs.
According to the article...
The disks delivered to [ex-Delegate Cheryl C.] Kagan's office bear labels indicating that they hold "source code" — the instructions that constitute the core of a software program — for Diebold's Ballot Station and Global Election Management System (GEMS) programs. The former guides the operation of the company's touch-screen voting machines; the latter is in part a tabulation program used to tally votes after an election.
Three years ago, Diebold was embarrassed when an activist obtained some of its confidential software by searching the Internet. The company vowed to improve its security procedures to prevent another lapse.
The release of such software poses a risk, computer scientists say, because it could allow someone to discover security vulnerabilities or to write a virus that could be used to manipulate election results."
WaPo goes on to report...
The Washington Post obtained copies of the disks Wednesday and allowed Avi Rubin, a computer scientist at Johns Hopkins University, along with a colleague and a graduate student, to review the software on the condition that they make no copies of it.
"I would be stunned if it's not real," Rubin said.
Rubin, who has said that electronic voting systems that do not produce a paper record of each vote cannot be secured, led a team that produced an analysis that pointed out security vulnerabilities in the Diebold software found on the Internet in 2003.
Sam Small, the graduate student, said the version of Ballot Station "was consistent with what we've seen previously." Small could not gain access to the GEMS software because the material on two of the disks was protected by a password."
The Diebold statement said "it would take years for a knowledgeable scientist" to break the encryption used on the software apparently contained on the disks delivered to Kagan. But Rubin said "the data and files were not encrypted" on the Ballot Station disk he reviewed.
So will Diebold just continue to deny that anything has happened or can happen? Will MD State Election Director Linda Lamone just pass on Diebold disinformation as she always does (despite knowing better... since she's seen the unredacted scientific reports on these systems from security organizations like SAIC and RABA?) Or will someone finally understand that this is a massive problem that needs immediate attention?
Maryland, along with Georgia, was one of Diebold's original "showcase states," implementing Diebold's hackable paperless touch-screen voting across virtually the entire state since 2002. With failure after failure, we might add.
If it's all not bad enough, in what is reported by WaPo as "an unrelated development" in the same article, a new report from Maryland state auditors revealed that the state's new voter registration database does not have proper security controls in place for access to the data...
Maryland state auditors said in a report yesterday that the State Board of Elections is not properly controlling access to a new statewide database of registered voters or verifying what changes are made to it. The report comes at a time of heightened concern over the security and effectiveness of electronic voting systems.
Legislative auditor Bruce Myers said it was unusual to allow "across-the-board access" by local election officials to a sensitive database, but Lamone defended the board's practices. In a letter released with the Office of Legislative Audits report, she wrote that the board "is unaware of any allegations of the falsification of additions or deletions to the system."
Phew! Lamone is "unaware of any allegations" of changes to the voter registration database. We feel better. If she's "unaware" of them, they couldn't possibly exist... even though the state found they could possibly exist and she's unaware of them.
Not bad enough for you yet? Read on...
The Office of Legislative Audits report also said the Maryland elections board has paid bills submitted by contractors without proper documentation and has not taken appropriate steps to safeguard its computer network and Web site.
Lamone said, "It seems inappropriate to base findings on a partially implemented system," referring to the new MDVOTERS database, which Maryland has established to comply with federal law.
She said it is appropriate for local election workers to have access to the database and said procedures are in place to verify changes. Lamone concurred with the auditors' criticism of her staff's accounting practices and said they had "obtained nearly all necessary documentation" for contractors' bills.
Providing the sort of local oversight envisioned by the auditors, she said, "simply cannot be conducted with existing resources."
Apparently Lamone — who incredibly still has a job — feels wide and uncontrolled access to the state's database of registered voters is just fine because it's only "partially implemented."
As usual Lamone, a Democrat by the way, uses 'smoke and mirrors' to cover for her own egregious failings as the state's elections administrator.
Have we mentioned how incredible it is that she still has a job?
found at http://www.bradblog.com/?p=3644
Another Diebold Source Code Leak
By Avi Rubin, Johns Hopkins University
October 22, 2006
This article was posted on Avi Rubin's Blog. It is reposted here with permission of the author.
This week, three disks containing Diebold source code, that appear to have come from Wyle Labs and Ciber Inc, the independent testing authorities that certify voting machines for federal qualificaiton, were delivered anonymously to a former Maryland state delegate. The story was covered this morning in the Washington Post and the Baltimore Sun. I was asked by a reporter to inspect the disks to verify their contents, and I enlisted Adam Stubblefield and my Ph.D. student Sam Small, and together we examined them.
The disks contained source code for the BallotStation software, which is the software on the voting machine, and what was labeled as GEMS, which is the back end tabulation system. The GEMS disks were password protected, and while I'm certain we could have cracked them, we chose not to. The BallotStation source code was not protected at all. It was the 2004 version, which is newer than the source code we analyzed in 2003, and appears to be slightly later than the version analyzed by the Princeton team. I would love the opportunity to perform a similar analysis on this code, but yesterday, we were only given the opportunity to inspect to the code to determine whether it was genuine. As a condition to inspecting the disks, we agreed not to make copies or to perform any other activity with the software. An analysis of this source code would answer many questions that I've been asked about whether Diebold fixed the problems we encountered in our previous analysis. Of course, I don't believe that all of the problems we found back then are even fixable, but some of them are.
I've been getting calls all day asking exactly what the significance is of the new software leak. I'm not really sure. If the software leaked out of Diebold, then they obviously have not learned any lessons about securing their proprietary information. If, as I suspect (due to the labels on the disks), the software leaked out of the testing labs, then that is a serious problem that has to be addressed. Don't get me wrong - I think that voting system software should be available to the public, but that is a different issue from whether or not testing labs are competent at protecting things that they are trusted with and that they believe they are supposed to protect.
found at link to www.votetrustusa.org
Ex-delegate gets Diebold voting code in mail
Posted Oct 22nd 2006 7:11PM by Conrad Quilty-Harper
Filed under: Misc. Gadgets
With all the recent blunders and whistleblower interviews about the Diebold electronic voting fiasco, it would have been easy to believe that it couldn't get any worse for Diebold Systems. That's probably what Cheryl C. Kagan, an ex-Democratic delegate and an outspoken critic of Maryland's election chief, thought before she received a parcel containing the code that ran Maryland's electronic voting machines in the 2004 election, along with a note calling for her to "alert the media." Although Diebold Election Systems claims that the code is old and does not infringe the security of the current up-to-date system, the fact that it was sent at all exposes a fundamental security flaw in Diebold System's supposed "glitch-free" setup. The only viable solution to all this -- which would make voters happy and give Diebold Systems *some* credibility -- is if the code is released in an open source form. Even though we'd like to believe that the current version of Diebold's voting code (4.6) is more secure that the leaked code (4.3.15c), the litany of security failures on Diebold's part gives us little reason to trust them.
found at link to www.engadget.com
Diebold Election Systems at the center of security breach maelstrom
Posted on : Mon, 23 Oct 2006 07:18:00 GMT | Author : Ravi Chopra
News Category : Technology
The FBI is investigating the alleged theft of the electronic voting software which was used in Maryland touch screen voting machines for the 2004 elections. A former state legislator reported that three disks containing the high security code were anonymously delivered to her office.
A known critic of the paperless system, Cheryl C. Kagan said that the accompanying note said that she was "the proud recipient of an 'abandoned baby Diebold source code," and also mentioned that the disks had been taken from office of the State Board of Elections. "You must save democracy" the letter added.
The revelation has sparked concerns about security of these paperless computerized voting systems, also called direct recording electronic systems, or DREs. For years security experts, academics and government officials have been protesting against the use of these paperless DRE machines citing security risks such as technical and security related glitches and the probable risk of a malicious code that could affect election results.
Diebold, a major vendor of DREs is not new to controversy. Three years ago, the company was embroiled in a similar mess when its software code was found on an open site on the internet. Studies at various universities have also exhibited how the supposedly secure code could be altered and used to manipulate election results.
The company was also in the news in 1997 when it was warned about its sloppy key management. It was alleged that only one key was used for its entire gamut of voting products which were hard-coded into their source code.
The company however has defended itself against this Maryland fiasco. A spokesman for Diebold Inc., Mark Radke allayed the security fears. The disks contained versions of the software that were not in use anymore he said. "The availability of this software poses no threat to the safety, security and accuracy of elections in any jurisdiction using Diebold Election Systems voting machines," David Byrd, the company's president said. The code that was being used now had various new security features that were not part of the earlier code, they added.
Critics however continue to remain skeptical. Gov. Robert L. Ehrlich Jr., said that the suspected leak was disturbing but not surprising news. He said the security breach "raises yet another unanswered question about the Diebold technology on which our election system depends" and urged voters to take to voter-verifiable audit trails or absentee ballots. Kagan too said it was high time to put an end to the numerous glitches within the Election Board.
"Why is it that Marylanders cannot go to vote in a couple of weeks with confidence that their voting machines will work and that their votes will be counted accurately?" she asked. One however wonders if the troubles are more linked with the dubious practices of the officials manning the machine than with the technology itself.
found at http://www.earthtimes.org/articles/show/9692.html
add a comment on this article
add a comment on this article