Misplaced Concern Over Diebold Hack Tests
from the you're-concerned-about-what-now? dept
On Friday we noted our general horror at the fact that Diebold representatives responded with inappropriate jokes about the fact that the company’s voting machines were easily hacked to provide incorrect results. Given the company’s history, however, it probably wasn’t that surprising. What’s even more horrifying, though, is the reaction of certain politicians to this news. While Florida Governor Jeb Bush has now said that the state needs to review how it certifies voting machines, this bit of very positive news comes with the odd response by Florida’s acting Secretary of State. Instead of noting concern about the easily hacked machines, David Mann claimed his main concern was with the election official who let the hack test proceed. His “concern” seems to be that this test may have exposed information that shouldn’t have gotten out. Apparently, he believes that security through obscurity is the best way to protect the integrity of our elections, rather than actually making sure our voting equipment is safe and accurate.
Comments on “Misplaced Concern Over Diebold Hack Tests”
Security
While I agree that “security through obscurity” is not a good way to secure your machine/program, it is always going to be the case that having more information about the workings of a machine will help the hacker in breaking into it. So I totally agree with David Mann not wanting the information to get out. Obviously the machines are not very secure and need to be examined for security. But that doesn’t mean that everyone should be given the information on the workings of the machine. The machine should be secure even with the information, but the information may also make it easier to break into. So it should be kept secret.
Re: Security
There is no misplaced concer when considering Democracy under an administration that starts with Repubulic and is run by a man accused himself of being hitler by one of the Fore-most clan member who has reformed ever.
Re: Re: Security
testing attention please.
Re: Re: Security
“There is no misplaced concer when considering Democracy under an administration that starts with Repubulic and is run by a man accused himself of being hitler by one of the Fore-most clan member who has reformed ever.”
What is misplaced is a whole mess of modifiers.
Re: Re: Re: Security
What is misplaced is a whole mess of modifiers
And the location of a political rant that nobody here cares one way or the other about.
Re: Re: Security
Typically, when submitting flame-bait, it is best to have spelling at a level which will allow readers to digest your posting.
Re: Security
Wow, the extent to which some people don’t understand the problem is breathtaking. The concern with electronic voting machines is not that that local script kiddie is going to break in and record 10,000,000 votes for Darth Vader, it’s that the company that manufactures the machines, or the company responsible for maintaining them, could rig them to modify election results. This is a real and reasonable concern under any circumstances, made moreso by the blatently partisan leanings of the senior executives (not just the fmr ceo) of Diebold.
Once you understand that, it is clear that exposing ANY opening through which these machines can be tampered with as widely as possible is of paramount importance. So long as we allow riggable machines (unlike the tried and true lever systems – errors, yes, wholesale rigging, no) to be used in our elections we are forsaking the democractic process.
Re: Re: Security
I think what people don’t understand is that there is an existing model for security evaluations that already covers all the problem areas. Casino gaming machines. Having worked in the industry it’s pretty obvious that it *is* possible to build a hack-proof machine. It *is* possible (and desirable) to submit source code for evaluations by state authorities and/or companies that they hire. It *is* possible to put a dot matrix printer in the device that will give the voter a copy of their vote while keeping an audit copy in the machine.
In the gaming machines I worked on all data was stored to triply redundant, battery backed up SRAM. They operate 24×7. Power failures, intetional resets, resets due to static shock or brownounts have no effect on them. During acceptance testing some states cycle power at random intervals while the game is in an “auto-play” mode. The test runs for several days. If the accounting is off by so much as a penny during that testing, it fails.
When Diebold and other companies say that it can’t be done they are either surprisingly ignorant or else they are lying through their teeth. It can be done, it has been done for well over a decade.
Americans consider their money at least as important as their elections. Who would play the slots in Vegas if they thought they might be getting cheated electronically? Yet they’re almost all computer driven now.
Re: Re: Re: Casino Security
… and I will see the code for these slot machines published on the internet when?
Re: Re: Re:2 Casino Security
Oh crap, accusing Bush of being Hitler is now a valid argument? No wonder the moonbats do it *constantly*
No seriously, please give up the whole ballot conspiracy silliness. Read please.
Re: Re: Re:3 Casino Security
James, you probably know nothing about any of this. Your dumb link to the even dumber movie is reprehensible on a site like this. Asking why is very patriotic and very scientific. For some very real voting box hacks and data on this very serious subject please refer to http://www.blackboxvoting.org/
And another thing, you can leave your right wing apologetic nonesense at the door. It has been shown that the Democrats and Republicans have tampered with elections(but mostly Republicans in 2000, 2002 & 2004).
Just doing a quick google came up with so much dirt that this conversation is loud and everywhere as it should be. http://www.apfn.net/messageboard/08-31-05/discussion.cgi.80.html
Re: Re: Re:2 Casino Security
Why would it be published on the internet?
Putting source code in escrow and submitting copies of it to independent labs for review and testing is sufficient.
Unless of course some open source worshippers start an “OpenVoting” software and hardware project. Then you can see it on the internet and find and fix bugs in it just like you can do with gcc. (that would be sarcasm at it’s finest you’re reading there)
Re: Re: Re: Security
When Diebold and other companies say that it can’t be done they are either surprisingly ignorant or else they are lying through their teeth. It can be done, it has been done for well over a decade.
What I find scary is that most of the people who comment on these rarel ask themselves WHY Diebold (or anyone else) is fighting/lying so hard against all this when we KNOW its possible.
I cannot find ANY good and reasonable reason…but plenty of nefarious ones.
Its easy to throw an election and be subtle about it when you control the counts.
Re: Re: Re: Security
I saw a show on discovery channel that was about a guy who wrote software code to enable him to cheat the slot by playing coin combinations. The code was part of the validation testing software used on the machine and it modded the machine to enable the cheat, during the testing. An inside job makes a lot of things possible.
Re: Re: Re:2 Security
There have always been attempts to put ‘gaffes’ into the code. That’s why they are reviewed by third parties.
An inside job cannot cover up a manual recount if the user has a paper copy (on watermarked security paper of course) of their vote.
that’s also sort of comparing apples to oranges – rigging the outcome of one individual’s “game” (vote) is not the same as rigging the outcome of everyone’s game/vote – which is the danger in a voting machine.
Re: Re: Re:3 Security
I was just talking about slots, this wasn’t an attempt it was a success. I think this guy was the third party.
Re: Re: Re:4 Security
There’s a big difference between being able to detect fraud and being able to prevent it from occuring. There’s also a big difference between rigging the outcome of one vote/game and rigging the entire system.
I think everyone must accept that fraud will occur. That is the assumption that casinos and lotteries make. So the effort should be on detecting it before it costs anything. I don’t think it’s a good idea to throw out the whole goal of fraud-proof voting because fraud will be attempted.
There have been many gaffs put into gaming machines over the years, and many hardware bugs. I know of cases where hardware could be affected by using a cell phone or radio in close proximity to the machine. That was detected and fixed in very short order. In the old mechanical slot days there were people out there so dedicated to ripping off a single machine that they’d sit for hours playing a machine – with a drill bit held in their fingers, slowly making a hole in the side of the machine through which they could insert a wire to try and stop or manipulate the reels to a winning combination. There are even cleaning people who worked at casinos (they traded those jobs for full-time license plate stamping jobs) who discovered they could insert a thin vaccum cleaner extension into a ventilation slot and suck quarters out of the coin buckets. In the first case – who cares if they used some trick to “rig” their own vote? In the other cases the fraud was detected by the accounting system. The paper trail said x coins went in, the actual counts of coins said y coins went in.
Re: Re: Re: Security
> It *is* possible to put a dot matrix printer in the device that will give the voter
> a copy of their vote while keeping an audit copy in the machine.
Except that the voter should never be allowed to leave the premises with a copy of his receipt. This is to guard against “rubberhose” vote fixing – if I have nothing that shows which way I voted after leaving, I can tell my extortionist that I voted however he wanted. If it’s even an option for me to keep my record, Guido from the Election Subcommitte can assume that no record is the same as voting wrong.
Re: Re: Re:2 Security
Even if the voter “shouldn’t” leave (that seems like it should be up to the voter) – take the printed ticket and put it in a traditional ballot box in case someone challenges the electronic tally.
Just like a lottery ticket, the paper bears a watermark that proves which roll of paper it came from. In lottery terminals each roll of paper has a unique id embedded in it. When someone claims a high tier win, the lottery confirms that the tranaction id printed on the ticket matches the one that was sent by the host computer. They then confirm that the identification embedded in the ticket paper itself matches the one that was installed in that machine.
Even if someone had the technology to fake the watermark, it would require at least a three pronged attack in order to rig an election. They’d have to gain physical access to the device, they’d have to figure out how to fake out the communication protocol so that the host and they’d have to fake the ticket – as well as fudge the records of which roll of paper was installed.
If they’re that good that they could round up all thoe specialists required, keep them quiet and get away with it without anyone discovering it – then they deserve to win the election just based on organizational skills.
Re: Re: Re:3 Security
Hmmm. What about intentionally faking votes?
That is – what each machine generated a number of fake votes that could be traced back to the machine that generated them.
The central system then filters out the fake votes as they come in.
If someone hacks the voting machines – they’ll be as likely to alter the fake votes as the real ones – and that would be detected.
Re: Security
Since when has this worked with microsoft?
See the bit about Claude Shannon’s information theory at http://en.wikipedia.org/wiki/Information_theory
Re: Security
Black boxes fail as ballot boxes, always. The ballot box must ever be transparent. This is obvious enough even for the obtuse David Manns and Jamies of this world. If Florida election officials were less concerned about getting the son of a JFK assassin elected US Senator and more worried about the danger of robbing their fellow Americans of their free voice, perhaps transparency might be more in evidence in Florida?s various election deception devices.
Misplaced Attention
Of all the types of security involved in the voting process the most important is quite likely physical security. The number of things that have to “wrong” to make this hack test a reality are staggering. Where are the election judges (not to mention the police officers) while the anarchist is playing with the machine(s)? What machine could be invented that would be tamper proof? None.
Finally, the concern here expressed is also misplaced in that in any major election thousands of these machines are used. So one would have to modify perhaps dozens of machines to make any real difference or the vote counts in a precinct would outnumber the voters who live in the area.
If you want a real case study in vote fraud come to Chicago. We offer PhD’s on the subject.
No Subject Given
I think it much more likely that the FL Secretary of State was expressing concern that this investigation might lead to the exposure of past electoral wrongdoing in which he was complicit?
Voting Fraud
So what a test like this demonstrates is that there is the possibility for there to be voter fraud in area’s that use these machines. Interesting that Florida is a focus for use of these machines and that is where most of the complaints were that voter fraud occured.
Security
I never said that the machines shouldn’t be reviewed. I said “it is always going to be the case that having more information about the workings of a machine will help the hacker in breaking into it.” The first thing that any hacker does when he wants to break into a particular machine or system, is find out all the information he can about how it works. There are many details about how the system works that do not need to be public knowledge. This is not to say that the information shouldn’t be available to trusted parties. But before that information is given out, some type of verification process should be done on the person who will be recieving that information.
The Diebold machines have some serious problems! One of which is that the makers do not want to allow others(the trusted parties refered to above) to look at the source code of the machines. But that doesn’t mean that they should publish that info on the net. The info/source code needs to remain protected and confidential.
Someone above mentioned the casino machines as examples of hackproof machines. Well, that isn’t really true. They have been hacked/broken in the past. A large part of the security of the casino machines is that the info on how they work is not published. It is kept secret and only looked at by trusted parties. In the case of the casino machines, though the info isn’t published, the state officials and experts are allowed to review the code and machinery. That should be the model to follow in the case of the Diebold machines.
Re: Security
Actually the gaming machine info is fairly widely distributed. For example, player tracking systems. Those are card readers that allow individual users to insert their id card and let the house track their playing, which in turn is used to award “comps” – free hats, free rooms at the casino, free meals, whatever keeps the players coming back to their property. Those tracking devices are made by third parties. They are “add on” hardware that connect to the machines and monitor the coin in/coin out.
Same thing with communication protocols. Those protocols are well documented because no casino wants to be held hostage to a single game supplier. Any machines they buy must be able to talk to their accounting system, regardless of manufacturer. Each manufacturer gets a protocol manual from whoever supplies the central control system and their implementation has to conform to that.
So at least those two aspects are well known – the documentation may only be released under NDA but there are hundreds if not thousands of engineers who have access to that documentation.
Actually – I that might be a better approach. Instead of a single vendor making the machines and control system, why not have third parties manufacture the machines – that way they have a financial/business incentive to make sure they’re hack-proof. If you can buy the machines from five companies but one of them is known to have been hacked, they’ll find them harder to sell.
Re: Security
Well, Diebold also has shown that they are incapable of protecting their source, as (if you read the history of BBV.org) much of their internal data was available on a publicly accessible site.
Additionally, the point of the exploit is that it could be pre-programmed before the voting site is ever set by company insiders, and be undetectable.