So not only was Diebold dumb enough to use a universal key for all their voting machines, and not only did they sell those keys off their website (though supposedly only to "authorized people" as if we could trust them to handle who's authorized or not), but they posted a picture of the keys on the Internet which allowed at least one researcher to make a perfect working copy at home with a key blank bought from the store and a file.
This story came to light a while ago, but there's been some updates such as:
In a classic Diebold bury-the-evidence move, they've now replaced the entire page in their online store featuring the mechanical, copyable key with a page featuring a "Smart Card, Security Key Card." A digital key card. Same link, different key entirely. Which can only be done, given the database they use for their online store, quite deliberately in order to try to fool folks again. Par for the course. And, of course, shameless.
I should make a song. I'll call it "Duh" and repeat the word "duh" over and over. Then I'll send it to all the state election boards who have been using e-voting.
To put it in every-day terms, the tools needed to compromise an accurate vote count could be as simple as tampering with the paper audit trail connector or using a magnet and a personal digital assistant," Brunner said in a statement. Note that Brenner here is describing machines that have been in use in Ohio since before the 2004 presidential election. This isn't some glimpse of how bad things might be in November 2008. It's a look at how bad they've been all along.
As it should. No better way to encourage voters than to give them e-voting machines that have been proven faulty. Yeah… I really feel my vote counts now.
Anyway, let's hope a well placed lawsuit or two can set them back on the right track.
I don't know what authority or noteriety this group has, but if you want to have a say in what their recommendations for e-voting guidelines are, now's your chance.
Premier: The first in importance or rank, the chief.
How fitting. They are indeed the first, most important, and chief example of how e-voting can be implemented completely wrong, completely insecure, with complete and absolute failure.
A quick summary of the article author's explanation for the name change:
Why the name change? Well, Diebold's got a lot of other businesses — it makes ATMs and security systems for health firms and for the government, and the election subsidiary has always been something of a sideline. Lately it became an embarrassing sideline, dragging down Diebold's good name. That's why, a couple of years ago, Diebold moved to sell the unit. Shockingly, it found no takers.
To keep a long story short, my view on this is simply: how does a company release products this bad for something this important and not expect it to blow up in their face? Every state that has used these machines should sue Diabold etc.
People don't seem to realize that e-voting needs to be an extremely air-tight system with a strong set of procedural controls to work. If you don't treat it like the crown jewels, you're going to have problems like this.
The e-voting company in question (Sequoia Voting Systems), isn't too happy either:
A spokeswoman for Sequoia Voting Systems, which uses some of Microsoft's development technology in its devices, defended her company's lobbying. "We also vigorously protect our intellectual property and trade secrets as well as the overall security of our voting system," she said. Sequoia currently complies with all current state and federal review and escrow laws, she noted.
Over the past year, she said Sequoia has worked with the Elections Board to satisfy its requirements without disclosing any third-party proprietary source code such as Microsoft's. After the legislature's session closed, she expressed frustration, claiming the issue remains unresolved. "We would ideally like to work with the board to reach a solution that works for all parties involved," she said Friday.
How about an e-voting system that works? That would be nice for a change.
Philippe de Villiers, a nationalist Catholic candidate in the election, called it a "cheating machine" as he voted in his home town of Herbiers in western France.
Note that it doesn't actually say who makes the voting machines. Maybe it really was Diebold.
. In the closing hours of the 2007 legislative session, a four-year effort to require paper ballots for Maryland's voting system passed the House and the Senate unanimously.
…
The final bill ensures that any new voting system certified for use must include a voter verified paper ballot. The bill requires an optically scan-able paper ballot marked by hand or with the help of a ballot-marking device.
It's nice to be able to report on good news coming from lawmakers once in a while.
HR 811 features several requirements that will warm the hearts of geek activists. It bans the use of computerized voting machines that lack a voter-verified paper trail. It mandates that the paper records be the authoritative source in any recounts, and requires prominent notices reminding voters to double-check the paper record before leaving the polling place. It mandates automatic audits of at least three percent of all votes cast to detect discrepancies between the paper and electronic records. It bans voting machines that contain wireless networking hardware and prohibits connecting voting machines to the Internet. Finally, it requires that the source code for e-voting machines be made publicly available.
Holly Clap! There's not one thing in there that's wrong! If they actually implemented all those provisions, e-voting might actually work!
The proposal wasn't without its detractors, however. Several state election officials testified about the practical challenges of implementing the new requirements. Chris Nelson, South Dakota's secretary of state, warned that many of the requirements in the legislation would conflict with the states' own election procedures.
Oh BOO HOO HOO! Cry me a freaking river. "Oh it's too HARD to implement security! We need to have less restrictions so we can do this cheaper!" Idiots.
The law allows flexibility in how some of the auditing is done as long as it's NIST approved and the states always have the option of keeping the optical current methods if they decide that the regulations for e-voting are too strict or too expensive to implement at this time.
Of course, this almost sounds too good to be true. I'll have to read the law later, but I'm betting it has some terrible hidden catch like it legalizes eating little puppies or provides millions of pork dollars for human RFID implantations.
The Register reports that Diebold has hurt its relationship with customers and election officials with their pathetic voting machine fiasco.
Negative publicity about the voting machines - such as the HBO documentary Hacking Democracy - has cast a shadow over the 150-year old company, analysts say. Until its move into e-voting, the firm was better known for its safes and automated teller machines.
Which, of course, anyone would now question the ATMs as well. The article goes on to speculate that Diebold may try to sell off the division… if anyone would buy it.
Lastly, can we all just share a little chuckle at the name? Die… bold. Well, they're dying alright.
In a recent EFF newsletter, they explain that Florida Governor Charlie Christ is pushing to dump e-voting machines in that state.
"You go to an ATM machine, you get some kind of a record. You go to the gas station, you get a record. If there's a
need for a recount, it's important to have something to count," said Crist. The governor plans to ask the Florida legislature for $20 million to replace the touch-screen machines.
It's nice to see that someone with decision-making authority is paying attention.
You will be amazed by how much you can learn about a person if you only pay attention to the signals they give off. Read this book to learn the language.
