Thursday, June 09, 2005
More than one kind of security: voting machines, AGAIN
Optical scan voting machines take a form that's just like those tests you took in school where you fill in an oval with a dark pen or pencil. They have a counter you can see, so you know right away whether your ballot was readable. There's a piece of paper available for auditing and for recounts if necessary. A simple, clean system which should be easy to do right.
Diebold didn't do optical scan voting machines right, according to the folks at Black Box Voting.
The scanning machine stores its count of votes on a removable memory card. That card should be as simple as a floppy disk or a USB thumb drive.
For some reason known only to Diebold, those cards can have programs on them. The program inside the scanning machine starts the program on the card. What can the program on the card do? Well, among other things, it can rewrite the results.
You think that's bad? It's a bad design but the risk it causes could be controlled. All the software is supposed to be certified, so the voting machine should check the authenticity of the software in the card.
It doesn't. It doesn't check the right way, it doesn't check the stupid way, it doesn't check at all. Any of millions of computer programmers could write a vote-changing program and stick it on one of the memory cards, and the ballot results would go into the system undetectably changed.
Now you could control even that risk with good physical security on the memory cards. But the Black Box Voting report says
Read the report at the link above. It's non-technical, and there's lots more information there. Yes, it's actually even worse than my description. I'm a software engineer and a security consultant and can say with confidence that this system is bad. Not just Detroit-car bad. Not screen-door-on-a-submarine bad. This is pile-of-oily-rags-up-against-the-kindling bad.
Too many of us have died for the right to vote to take this sitting down.
|
Diebold didn't do optical scan voting machines right, according to the folks at Black Box Voting.
The scanning machine stores its count of votes on a removable memory card. That card should be as simple as a floppy disk or a USB thumb drive.
For some reason known only to Diebold, those cards can have programs on them. The program inside the scanning machine starts the program on the card. What can the program on the card do? Well, among other things, it can rewrite the results.
You think that's bad? It's a bad design but the risk it causes could be controlled. All the software is supposed to be certified, so the voting machine should check the authenticity of the software in the card.
It doesn't. It doesn't check the right way, it doesn't check the stupid way, it doesn't check at all. Any of millions of computer programmers could write a vote-changing program and stick it on one of the memory cards, and the ballot results would go into the system undetectably changed.
Now you could control even that risk with good physical security on the memory cards. But the Black Box Voting report says
these cards were seen scattered on tables in King County, piled in baskets accessible to the public in Georgia, and jumbled on desktops in Volusia county
Read the report at the link above. It's non-technical, and there's lots more information there. Yes, it's actually even worse than my description. I'm a software engineer and a security consultant and can say with confidence that this system is bad. Not just Detroit-car bad. Not screen-door-on-a-submarine bad. This is pile-of-oily-rags-up-against-the-kindling bad.
Too many of us have died for the right to vote to take this sitting down.
# posted by Frederick @ 6:30 PM Email to a friend:
Haloscan: they provide trackback