September 19, 2017

Diebold Fails Yet Another Security Evaluation

A group of ex-NSA security experts, hired by the state of Maryland to evaluate the state’s Diebold electronic voting systems, found the systems riddled with basic security flaws. This confirmed two previous studies, one led by Johns Hopkins researchers and one by SAIC. Here are some excerpts from John Schwartz’s New York Times story:

Electronic voting machines made by Diebold Inc. that are widely used in several states have such poor computer security and physical security that an election could be disrupted or even stolen by corrupt insiders or determined outsiders, according to a new report presented today to Maryland state legislators.

The authors of the report said that they had expected a higher degree of security in the design of the machines. “We were genuinely surprised at the basic level of the exploits” that allowed tampering, said Mr. Wertheimer, a former security expert for the National Security Agency.

William A. Arbaugh, an assistant professor of computer science at the University of Maryland and a member of the Red Team exercise, said, “I can say with confidence that nobody looked at the system with an eye to security who understands security.”

Read the second (on-line) page of the NYT story for a litany of problems the team found. In short, they could easily corrupt individual voting machines so that they counted votes for the wrong candidate or not at all; they could introduce false vote counts for whole precincts into the central vote-tallying server; or they could use well-known hostile exploits to seize control of the servers remotely.

Diebold’s response?

In a statement released today, Bob Urosevich, president of Diebold Election Systems, said this report and another by the Science Applications International Corporation “confirm the accuracy and security of Maryland’s voting procedures and our voting systems as they exist today.”

Mr. Urosevich added: “With that said, in our continued spirit of innovation and industry leadership, there will always be room for improvement and refinement. This is especially true in assuring the utmost security in elections.”

University of Maryland professor Bill Arbaugh, one of the study participants and a genuine security expert, gets the last word: “It seemed everywhere we scratched, there was something that’s pretty troubling.”

Comments

  1. I understand the troubles with internet voting, but getting an in-person kiosk to be relatively secure (at least as secure as a paper ballot system) should not be that difficult. Diebold has been making ATM machines and other non-trivially secure systems for a while. Why are the voting machines such an apparent fiasco? I haven’t seen the machines myself, but it can’t be all due to bad press.

  2. These guys are worse than the White House…

    NASA, the CIA, dozens of scientific journals, and numerous scientists have all insisted that up is up.

    “We are glad to see that the scientific community continues to affirm that up may in fact be down,” responded White House Press Secretary Scott McClellan. “With that said, we look forward to further research on this point validating our position.”

  3. California Lawsuit Against Diebold

    A group of Californians has filed a lawsuit in state court against voting machine vendor Diebold, in advance of the March 2 primary election. The complaint asks the court to order Diebold to do three main things: (1) to refrain from further violations …