david.bozziUS voting machines easily rigged: reportFri Jul 25 17:40:05 2003208.152.73.189US voting machines easily rigged: reportWhy Bush hasn't appeared worried about how he will get re-elected:Report Here: http://avirubin.com/vote.pdf http://www.bestoftheblogs.com/2003_07_24_bestof.html#105905836404872673 Thursday, July 24, 2003Electronic Voting Fears ConfirmedThe first independent analysis of electronic voting machine software has justbeen released by the Information Security Institute at Johns HopkinsUniversity and it is scary as hell. The bottom line finding is that anyonewith a modicum of computer knowledge and $100 worth of equipment couldcreate a chip-embedded smart card that would allow them to cast as many votesas they wanted. It would also allow poll workers to alter ballots after theyare cast without being detected.Voting machine makers have been extremely secretive about their "proprietary"software. The opportunity to analyze this application came about whencritics of electronic voting discovered the source code on a Diebold Internetsite in January. This is the software used in the Georgia state-wideelections in 2002. Diebold Election Systems is one of the largest of theelectronic voting machine manufacturers, with about 33,000 voting machinesoperating in the United States.The report is entitled 'Analysis of an Electronic Voting System' by TadayoshiKohno (JHU), Adam Stubblefield (JHU), Aviel Rubin (JHU), and Dan Wallach (RiceUniversity). The Abstract confirms all the worst fears of critics ofelectronic voting machines:Our analysis shows that this voting system is far below even the most minimalsecurity standards applicable in other contexts. We highlight several issuesincluding unauthorized privilege escalation, incorrect use of cryptography,vulnerabilities to network threats, and poor software developmentprocesses. For example, common voters, without any insider privileges, cancast unlimited votes without being detected by any mechanisms within thevoting terminal. Furthermore, we show that even the most serious of ouroutsider attacks could have been discovered without the source code. In theface of such attacks, the usual worries about insider threats are not theonly concerns; outsiders can do the damage. That said, we demonstrate thatthe insider threat is also quite considerable. We conclude that, as a society,we must carefully consider the risks inherent in electronic voting, as itplaces our very democracy at risk.~~~~~~~~~~~~~~~~~~~~~~~ http://www.nytimes.com/2003/07/24/technology/24VOTE.html July 24, 2003Computer Voting Is Open to Easy Fraud, Experts SayBy JOHN SCHWARTZThe software that runs many high-tech voting machines contains serious flawsthat would allow voters to cast extra votes and permit poll workers to alterballots without being detected, computer security researchers said yesterday."We found some stunning, stunning flaws," said Aviel D. Rubin, technicaldirector of the Information Security Institute at Johns Hopkins University,who led a team that examined the software from Diebold Election Systems,which has about 33,000 voting machines operating in the United States.The systems, in which voters are given computer-chip-bearing smart cards tooperate the machines, could be tricked by anyone with $100 worth of computerequipment, said Adam Stubblefield, a co-author of the paper."With what we found, practically anyone in the country -- from a teenager onup -- could produce these smart cards that could allow someone to vote asmany times as they like," Mr. Stubblefield said.The software was initially obtained by critics of electronic voting, whodiscovered it on a Diebold Internet site in January. This is the firstreview of the software by recognized computer security experts.A spokesman for Diebold, Joe Richardson, said the company could not comment indetail until it had seen the full report. He said that the software on thesite was "about a year old" and that "if there were problems with it, thecode could have been rectified or changed" since then. The company, he said,puts its software through rigorous testing."We're constantly improving it so the technology we have 10 years from nowwillbe better than what we have today," Mr. Richardson said. "We're always open toanything that can improve our systems."Another co-author of the paper, Tadayoshi Kohno, said it was unlikely that thecompany had plugged all of the holes they discovered."There is no easy fix," Mr. Kohno said.The move to electronic voting -- which intensified after the troubled Floridapresidential balloting in 2000 -- has been a source of controversy amongsecurityresearchers. They argue that the companies should open their software topublicreview to be sure it operates properly.Mr. Richardson of Diebold said the company's voting-machine source code, thebasis of its computer program, had been certified by an independent testinggroup. Outsiders might want more access, he said, but "we don't feel it'snecessary to turn it over to everyone who asks to see it, because it isproprietary."Diebold is one of the most successful companies in this field. Georgia andMaryland are among its clients, as are many counties around the country. TheMaryland contract, announced this month, is worth $56 million.Diebold, based in North Canton, Ohio, is best known as a maker of automatedteller machines. The company acquired Global Election Systems last year andrenamed it Diebold Election Systems. Last year the election unit contributedmore than $110 million in sales to the company's $2 billion in revenue.As an industry leader, Diebold has been the focus of much of the controversyover high-tech voting. Some people, in comments widely circulated on theInternet, contend that the company's software has been designed to allow voterfraud. Mr. Rubin called such assertions "ludicrous" and said the software'sflaws showed the hallmarks of poor design, not subterfuge.The list of flaws in the Diebold software is long, according to the paper,whichis online at avirubin .com/vote.pdf. Among other things, the researchers said,ballots could be altered by anyone with access to a machine, so that a votermight think he is casting a ballot for one candidate while the vote isrecordedfor an opponent.The kind of scrutiny that the researchers applied to the Diebold softwarewouldturn up flaws in all but the most rigorously produced software, Mr.Stubblefieldsaid. But the standards must be as high as the stakes, he said."This isn't the code for a vending machine," he said. "This is the code thatprotects our democracy."Still, things that seem troubling in coding may not be as big a problem in thereal world, Mr. Richardson said. For example, counties restrict access to thevoting machines before and after elections, he said. While the researchers"areall experts at writing code, they may not have a full understanding of howelections are run," he said.But Douglas W. Jones, an associate professor of computer science at theUniversity of Iowa, said he was shocked to discover flaws cited in Mr. Rubin'spaper that he had mentioned to the system's developers about five years agoas astate elections official."To find that such flaws have not been corrected in half a decade is awful,"Professor Jones said.Peter G. Neumann, an expert in computer security at SRI International, saidtheDiebold code was "just the tip of the iceberg" of problems with electronicvoting systems."This is an iceberg that needs to be hacked at a good bit," Mr. Neumann said,"so this is a step forward."------------------------------------------- BLACKBOXVOTING.COM — anonymous, Sat Jul 26 18:55
Main Page - Monday, 07/28/03
Message Board by American Patriot Friends Network [APFN]
APFN MESSAGEBOARD ARCHIVES
