Voting machine security flaws uncovered
Black Box Voting issued a report on the security of Diebold voting machines The investigation revealed security holes at the bootloader, OS, and application levels. The recommendations of the report were (quoting the report):
- Because there is no way of having chain of custody or audit trail for machines, the machines need to be reflashed with a known good version (assessing the risks potentially inherited). Ideally this should be done by the proper governmental authorities rather than being outsourced.
- After that, extensive chain of custody management has to be established to make sure that machines do not potentially get recontaminated. Less than five minutes is required for contamination.
- The bootloader needs to be re-engineered.
- The cases need to be properly and permanently sealed.
This study was done with information gathered when Emery Count (Utah) County Clerk Bruce Funk allowed security experts to examine his county's machines. Needless to say Diebold and Utah Elections officials weren't too happy he did this. His actions however, have resulted in the first real security data about these machines.
The New York Times is reporting that The discoveries have caused officials in Pennsylvania and California to issue directives regarding the security of these machines.
Diebold issued a letter that downplayed the risk. The NYTimes quoted a spokesman from Diebold:
David Bear, a spokesman for Diebold Election Systems, said the potential risk existed because the company's technicians had intentionally built the machines in such a way that election officials would be able to update their systems in years ahead.
"For there to be a problem here, you're basically assuming a premise where you have some evil and nefarious election officials who would sneak in and introduce a piece of software," he said. "I don't believe these evil elections people exist."
This is an incredibly naive thing to say. Of course people can be bribed. What an elections official will tell you is that people have always been able to affect elections and they have procedures in place to counter those. I think there's two problems with that argument:
- First, these machines are new and the procedures that can catch problems are largely based on the old way of doing things. We just don't have much experience running elections with these kinds of machines. That will get better over time, but I'm always concerned about how elections officials are countering the new threats.
- More importantly, in the past a single election work had control over a relatively small portion of the overall election and getting control over large parts of the election required a larger conspiracy. Law enforcement loves large conspiracies because they always break down somewhere. By introducing computers, we've potentially increased the reach of a single person to a larger part of the election system.
Should we panic? No. But we ought not to dismiss this security concern out of hand either as Diebold seems to hope we will. More states should subject more voting machines to independent tests by real computer security experts. If there's nothing to hide, then this should be a relatively painless thing to do. The fact that Diebold and other manufacturers are so unwilling to be forthcoming about the security of their machines leads me to wonder what they're worried about.