Surprise! Diebold finds flaws!

Actually picked up this story from a Macintosh news website — after Googling it on Google News, it’s getting some inside-section play on some of the US newspapers, but nothing in the big sources (NYT, WaPo, networks); wonder if it will.

From MacWorld.co.uk:

Backdoor found in Diebold voting machines
By Robert McMillan

Diebold Election Systems plans to make changes to its electronic voting machines, following the disclosure of a number of serious security flaws in the systems.

On Thursday, the voting watchdog organisation Black Box Voting published a report (PDF) detailing how Diebold’s TS6 and TSx touch-pad voting machines could be compromised by taking advantage of “backdoor” features designed to allow new software to be installed on the systems.

Finnish security researcher Harri Hursti, discovered backdoors in the boot loader software, in the OS, and in the Ballot Station software that it runs to tabulate votes.

Rear-access technology

“These are built-in features, all three of them,” said Black Box Voting Founder Bev Harris. If a malicious person had access to a Diebold machine, the back doors could be exploited to falsify election results on the system, she said.

A Diebold spokesman did not dispute Hursti’s findings, but said that Black Box Voting was making too much of the matter because the systems are intended to remain in the hands of trusted election officials.

“What they’re proposing as a vulnerability is actually a functionality of the system,” said spokesman David Bear. “Instead of recognising the advantages of the technology, we keep ringing up ‘what if’ scenarios that serve no purpose other than to confuse and in some instances frighten voters.”

Now, why did this show up on Mac news sites? Well, according to the article, Diebold’s programming uses a variant of Microsoft’s Windows CE operating system…and no Mac site worth its processors passes up a chance to trash Microsoft’s operating systems. I’m not super familiar with Windows CE (other than awareness — most Windows CE products are, AFAIK, incompatible with Macs so I’ve never thought about purchasing one), so I’m not sure if that affects the overall security of the machines, but the presence of these “back doors” is troubling. If they were only for testing, why were they not closed off or removed after the testing process, when the machines went live?

Diebold claims to be addressing this situation by installing cryptographic “keys” to ensure only “authorized software” is installed. But that doesn’t stop the CEO of Diebold, who promised to do everything he could to re-elect Bush, from installing something, or having someone “authorized” go in. Personally, I don’t trust Diebold as far as I could throw it.

Fortunately, there are companies that have demonstrated their new machines, which reportedly produce a paper receipt for each vote. The receipts go into a sealed box, so no one touches it, but there is a paper trail in case a recount is necessary. These machines will be available for the California primary on June 6, apparently; I’ll find out when I go to vote here in Santa Clara County.

Democracy isn’t worth much when the system’s rigged…how can we claim to be bringing democracy to the world when we don’t have it here?

Let’s keep an eye on this —