Martin McKeay

Diebold machines found to have vulnerabilities. Again.

By Martin McKeay
September 14, 2006 9:17 AM EDT
I've never made it a secret:  I'm not a fan of electronic voting machines.  To the best of my knowledge, none of the evoting machines to date have even come close to having the safeguards in place to make sure that voting results aren't manipulated.  And, once again, Diebold has proved that they are the worst of the lot and don't care what anyone thinks.

I believe evoting machines can become secure and reliable, but like anything in security, there is no easy fix to the problem.  Rather than dismiss the reports that detail the vulnerabilities, companies like Diebold need to take the information and improve the voting process.  Digitally signed drivers, paper trails, audited and verified software updates are just a few of the problems they face, none of which are insurmountable with more time and effort.  But rather than fix theproblems, Diebold would rather spend it's time and money attacking the researchers who discover the problems.  Again and again.

What would I like to see in an electronic voting machine?  First off all, I'd like to see a paper trail.  I'd like there to be a human readable printout that is shown to the voter before being put in a locked box that isn't accessible until after the voting process is over.  The paper copy of the the vote would slide by under a piece of glass where the voter could verify his or her vote.  By having a physical copy of the voting records, the chance of a successful digital hack go undetected fall dramatically.

Second, I'd like to see all software patches to the systems undergo rigorous testing before being applied to any voting machine.  No more last minute patches from the factory or configuration changes at the last minute by installers.  The code on each of the machines needs to be vetted and verified at each machine days before an election and no one should be allowed to make changes without at least one other party authorizing the changes, preferably an uninvolved third party.

There are a host of other security measures that need to be in place, but those are my top two  I'm not suggesting anything that hasn't been suggested many times before.  Bruce Schneier, Avi Ruben aand many others are on the National Committee for Voting Integrity and have made many suggestions for increasing the security of evoting machines.  Most of which have been ignored so far. 

The danger with evoting is the ease with which massive voter fraud can be perpetrated.  On a local scale, flipping a bit here or there could easily shift the balance of an election.  On the national scale, a well placed bug on centralized servers could result on multiple local and national election results being shifted substantially.  If you think problems like hanging chads were worrisome, thenevoting should downright scare you.  Until evoting machines can have a legitimate verification process that doesn't rely on their own software, we need to keep fighting their use .  I don't want my voting results relying on the latest patch to WindowsCE operating system .