Serious flaw exposed in e-voting machines

Diebold machines have insufficient protection to prevent malicious firmware from being installed, which would be difficult to detect or to install new "clean" firmware.
Written by ZDNet UK, Contributor

A report published on BlackBoxVoting last month reveals that Diebold e-voting machines are susceptible to firmware hacking. VerifiedVoting.org reports:

According to the report (available in redacted version at www.blackboxvoting.org) by computer expert Harri Hursti, the machines have insufficient protection to prevent malicious firmware from being installed. If bad firmware were installed, it would be difficult to detect, and it might be difficult to install new “clean” firmware. A wide variety of poll workers, shippers, technicians and so on, have physical access to voting machines at various times; any of these people might be able to use that access to install bad firmware.

Shockingly, news of the security flaw was topped off on Monday with news that both Diebold and the State of Maryland have been aware of the security vulnerability for at least two years.

Further adding to the scandal is the fact that the backdoor (or doors) were designed into the machines intentionally, against accepted design practice and, indeed, simple common sense, as Diebold spokesman David Bear admits in the same New York Times article. He goes on to say, “For there to be a problem here, you're basically assuming a premise where you have some evil and nefarious election officials who would sneak in and introduce a piece of software,” he said. “I don't believe these evil elections people exist.”

Interviewed on Democracy Now, VV.org founder David Dill had this exchange with host Amy Goodman:

AMY GOODMAN: What could the software do, for example?

PROF. DAVID DILL: Well, somebody could change votes in the software. They could change them during the election as the votes are being cast, after the election. They could change the way the user interface works, so it’s more confusing in subtle ways. They could cause the machine to crash at inconvenient times. Basically anything you could program a computer to do could be done.

AMY GOODMAN: And have we seen this anywhere?

PROF. DAVID DILL: Not that I know of. I think the most frightening thing about electronic voting, in general, is that you can't tell whether something like this has happened. People have said that there's no documented case of electronic voting machines being hacked. That's true, so far as I know. The frightening thing is that there’s no way to know if they have been hacked, so how do we know if the results of our elections are accurate?

Editorial standards