The longer you are around technology, the easier it becomes to use, the more it becomes ingrained in your lives, that it’s often impossible to imagine there being a better way. But with the recent report on Diebold Election Systems AccuVote-TS voting machines, I have to wonder, isn’t the best way still the old fashioned way? I know e-voting machines will make the pollsters work easier, but will it make them feel better about the outcome? If it is that easy to hack a voting machine, infect it with a virus that spreads by their memory cards and change the outcome, then what are we really saving? And, to take a conspiracy theory to the edge, how hard would it be for an employee to infect each voting machine as it is created, to make sure their party wins.
Recently, Diebold responded to the report in a PDF, and said, basically that the machines they tested were old and had outdated software, that the machines would not be tied to a network to spread the virus and called the report unrealistic and inaccurate, essentially attacking the reviewers trying to deflect the criticism. Well, Ed Felten posted their response to Diebold.
We studied the most recent software version available to us. The version we studied has been used in national elections, and Diebold claimed at the time that it was perfectly secure and could not possibly be subject to the kinds of malicious code injection attacks that our paper and video demonstrate. In short, Diebold made the same kinds of claims about this version — claims that turned out to be wrong — that they are now making about their more recent versions.
We demonstrated these problems on our video, and again in live demos on Fox News and CNN. Common sense says to believe your eyes, not unsubstantiated claims that a technology is secure.
Our paper discusses physical security, election procedures, security tape, and numbered security seals. See, for example, Sections 3.3 and 5.2 of our paper. These sections and others explain why these measures do not prevent the attacks we describe. And once again, Diebold does not assert that they would.
Secure voting equipment and adequate testing would assure accurate voting — if we had them. To our knowledge, every independent third party analysis of the AccuVote-TS has found serious problems, including the Hopkins/Rice report, the SAIC report, the RABA report, the Compuware report, and now our report. Diebold ignores all of these results, and still tries to prevent third-party studies of its system.
If Diebold really believes its latest systems are secure, it should allow third parties like us to evaluate them.
Sounds like a challenge Diebold, are you going to step up to the plate and let them review your secure machine, or are voters like myself just supposed to believe the hype and ignore reports such as this? If you really want to discount what they did, let them test it and have your people watch, it’s win-win for everybody, unless you are afraid of what they will find.