November 21, 2024

"Hotel Minibar" Keys Open Diebold Voting Machines

Like other computer scientists who have studied Diebold voting machines, we were surprised at the apparent carelessness of Diebold’s security design. It can be hard to convey this to nonexperts, because the examples are technical. To security practitioners, the use of a fixed, unchangeable encryption key and the blind acceptance of every software update offered on removable storage are rookie mistakes; but nonexperts have trouble appreciating this. Here is an example that anybody, expert or not, can appreciate:

The access panel door on a Diebold AccuVote-TS voting machine – the door that protects the memory card that stores the votes, and is the main barrier to the injection of a virus – can be opened with a standard key that is widely available on the Internet.

On Wednesday we did a live demo for our Princeton Computer Science colleagues of the vote-stealing software described in our paper and video. Afterward, Chris Tengi, a technical staff member, asked to look at the key that came with the voting machine. He noticed an alphanumeric code printed on the key, and remarked that he had a key at home with the same code on it. The next day he brought in his key and sure enough it opened the voting machine.

This seemed like a freakish coincidence – until we learned how common these keys are.

Chris’s key was left over from a previous job, maybe fifteen years ago. He said the key had opened either a file cabinet or the access panel on an old VAX computer. A little research revealed that the exact same key is used widely in office furniture, electronic equipment, jukeboxes, and hotel minibars. It’s a standard part, and like most standard parts it’s easily purchased on the Internet. We bought several keys from an office furniture key shop – they open the voting machine too. We ordered another key on eBay from a jukebox supply shop. The keys can be purchased from many online merchants.

Using such a standard key doesn’t provide much security, but it does allow Diebold to assert that their design uses a lock and key. Experts will recognize the same problem in Diebold’s use of encryption – they can say they use encryption, but they use it in a way that neutralizes its security benefits.

The bad guys don’t care whether you use encryption; they care whether they can read and modify your data. They don’t care whether your door has a lock on it; they care whether they can get it open. The checkbox approach to security works in press releases, but it doesn’t work in the field.

Update (Oct. 28): Several people have asked whether this entry is a joke. Unfortunately, it is not a joke.

Comments

  1. MagicBill says

    Tired of being scr*wed in the polls? Then TAKE YOUR LIFE BACK! VOTE PAPER, not PLASTIC! If everyone turned in an absentee ballot, made of PAPER, the MACHINES WOULD BE USELESS as everyone voted PAPER which is HARDER TO HACK.

    Not only that, if everyone voted PAPER, not plastic, I’m sure that errors would be caused by such a low population of electronic voters. You would see things like NEGATIVE VOTES for one candidate which would PROVE TAMPERING with the machines. Now the media would pass this off as an “anomaly” but we’d all KNOW BETTER!

    So FIGHT the SYSTEM – vote PAPER, not PLASTIC!
    And while you’re at it, VOTE RON PAUL!
    Even though he’s not running, HE’S STILL THE BEST CANDIDATE OUT THERE!

  2. I’ve done some heavy research recently regarding Electronic Voting Machines, specifically the ones manufactured by Diebold. They are expensive, inaccurate and inefficient. The only sensible solution to this mess is to return to good old fashioned paper ballots.

  3. Bill said:

    “What makes you think the ‘Bad Guys’ didn’t make and distribute the exact voting machine they wanted?

    Maybe I sound like a conspiracy theory nutcase, but didn’t the CEO of Diebold tell bush he would deliver Ohio?”

    Well, Bill…If I were conspiring to fix an election by producing voting machines that can be compromised, I know I would set out with these two goals in mind:
    1) Make a machine that can be opened by a fair number of people, so I am not the only one to blame in case something goes wrong.
    2) Make sure that the ‘fair number’ is not in the millions, so some random person doesn’t come along and fix the election in favor of the other guy (or girl).

  4. Lets not forget: this country ran for 200 years without electronic voting.

    The only benefits it serves are for the increased response time in counting votes, and padding Diebold’s pockets.

    Who needs this? The news networks and people who should be on Welbutrin are the only ones unable to wait for results.

    I’d rather wait a few days if it meant my vote was actually counted, by a selection of independent humans.

    If we must go with electronic voting machines, they should work this way:

    1. Make your vote on a touchscreen (if you insist)
    2. A printout of your choice descends partway into a sealed tube along side.
    3. You examine the printout and press a mechanical “continue” or “retry” button on the tube.
    4. The button cuts the printout and directs it to a vote bin or a paper shreader (respectively.)
    *. When it passes an eye going into the vote bin, the machine resets for the next voter.
    *. If it goes to the shredder, it resets back to a clean state so you can make a correction.

    This way, a voter would know that his electronic vote is tabulated in a backup medium that was not falsified and cannot be hacked or deleted. If any of these things are attempted, it will be either immediately evident to the voter, or overturned later by paper-trail audits. It would be great to see this in action with a mistake, because it would actually be catchable.

  5. 무직자,신용카드 발급 신용대출. 됩니다.
    (= 신용불량자 ,파산자,개인회생 불가)
    .
    ★★★★★타사 대출 불가자, 과다 조회자 100% 대출 ,,,,카드 발급 됩니다.★★★★후회 없는 상담이 되실 겁니다.

    대출은 미리미리 상담 하셔야 신용,대출금리가 저렴 합니다.
    ★★★★★타사 대출 안되시는 분 100% 대출 보장 합니다.★★★★★

    현재 신불자,파산,회생 등록만 돼있지 않으면 거의 모든분 대출,카드 발급됩니다

    무직자 대출,직장인.자영업자,프리랜서,부동산담보대출,전세대출등…

    최적에 대출상품을 찾아드리오니 편하게 상담요청해주세요..^^

    정실장 010-5116-9914

    연락처
    010-5116-9914
    담당:정윤성 실장

    귀사에 방해가 됐다면 삭제 부탁드립니다.비

    번1234

  6. “To security practitioners, the use of a fixed, unchangeable encryption key and the blind acceptance of every software update offered on removable storage are rookie mistakes;…”

    Mistakes? Surely, you’re aware there are forces at work that are installing these machines, quite deliberately, to throw elections to those whom they want in power? Wake up!

  7. a PCMCIA card reader, 2) One of the following three: a screw driver, lock picking skills, or a hotel mini-bar key, and 3) The desire to “take one for the

  8. Hi Jim. Photos i received. Thanks

  9. Hi Jim. Photos i received. Thanks

  10. helloy

  11. hi,
    janver by the computer

  12. I agree with Chaz, send the machines back to the manufacturers/Diebold company, and make them pay back all the money they were paid for them, that’s the only way they will get the message loud and clear and in the hip pocket. And why should public taxes be paying for such an atrocious waste of useless junk? Not that the government is leading by example.

  13. How can we protect from the low-tech approach to abuse of paperless electronic voting machines?

    Any unscrupulous voter can cancel the votes of several voters by the simple act of breaking the seal on a voting machine. Once the seal is broken, none of the votes entered into the machine can be considered accurate.

    Imagine a voter aligned with one of the major parties who finds by the exit polls or recent telephone polls that voters at his assigned polling station will be voting against his party. All that voter has to do is damage the seal on his assigned voting machine and all of the votes on that machine will be thrown out. A concerted effort of like-minded party members can invalidate all of the votes at a voting station in this way.

    Is there is a way to fix this flaw? There is no software or physical protection that can stop an unscrupulous voter from damaging a seal on one of these machines in the privacy of the voting booth. There is no special hardware or software needed to invalidate votes.

    If this happens in one voting district, it will be viewed as an anomaly. If it happens in several voting districts, it will be seen as a problem. If it happens to all of the paperless electronic voting machines in the country, it will signal the end of paperless electronic voting.

  14. “Hotel Minibar” Keys Open Diebold Voting Machines…

    This article explains how to open up a Diebold voting machine on election day, bring a news reporter with you for some fun! Quote: Afterward, Chris Tengi, a technical staff member, asked to look at the key that came with the voting machine. He noticed…

  15. HAND COUNTED PAPER BALLOTS says

    The GOP did steal the presidency, twice, and the GOP is right now actively working to steal the 2006 Elections. A “do everything” Republican assault on democracy used intimidation, fraud, vote theft, computer rigging, machine distribution manipulation, a fake Homeland security alert, trashing of provisional ballots, denial of a recount and dozens more “dirty tricks” to produce a 118,775 “official” margin for Bush that was an utter fiction. Exit polls in nine swing states showed Kerry a clear winner as late as 12:21 am on election night. Nationwide exit polls showed him with a 1.5 million vote margin in the popular vote.

    But somehow, against all statistical probability, Bush wound up with a popular vote victory of nearly 3.5 million. And somehow, against all statistical probability, he carried Ohio and three other states (Iowa, Nevada and New Mexico) where he had been the clear loser in the exit polls. Ohio alone was sufficient to give him a second term, just as Florida had been in 2000. Such an outcome is beyond implausible – unless you saw how the Rove-Blackwell machine stole the vote. The tactics the GOP perfected in Ohio 2004 are now being used in 2006 and honed for re-use in 2008. Neither the Mainstream Media or the core of the Democratic Party has been willing to face the reality that unless our entire election system immediately gets a total top-to-bottom revamp by an informed public willing to deal with the systematic poisoning of American democracy, there will be no honest elections in the US in 2006 or in 2008.

  16. By the way, how third-party observers do their job with electronic vote machines?

    In case of paper voting they together with officials count papers, for example.

  17. Don’t worry. You won’t be prosecuted.

    That privilege is denied to dissidents fomenting unrest.

  18. Pissed Off says

    The end of our freedom, eh? Well inevitably, that’s what it seems. But remember, we still have freedom if we’re not prosecuted for writing our thoughts and opinions on a site like this…

  19. Here is what makes this whole thing unreal. I acquired about 2000 file cabinet keys from a bankrupt business a few years back. I am listing them on ebay. Most of them fit Hon file cabinets and desks. I did a Google search this morning on a c415a key just to see what kind of hits I would get to determine what they might fit., (these don’t fit hon products) as I have a couple of hundred of these. This site was the FIRST hit I received. By reading all of the info posted here, I should be able to give a fairly accurate description of the various applications that the c415a key has. WOW, I might get more than the $2.50 I am selling them for. (That includes shipping also.)

  20. ah,I have read it,but can’t understand,I’ll studing english more harder.

  21. Many types of cheap locks have less than 100 different keys available; often somewhere around 20. It would probably not be hard for someone to get a full set.

    Why does Diebold ship the machines with ANY locks and keys? A much more secure approach would be to have two places to insert padlock shackles. Someone trusted by the Democrats install (and keep the key for) one padlock and someone trusted by Republicans would install (and keep the key for) the other. If the machine was well constructed so that it could not be opened without breaking the padlocks, this would solve any dangers of corrupt people with copies of keys (which could happen even if the keys weren’t so trivial).

  22. WOW!! This country is starting to finally wake up. I think that there is still hope, but is there time?? I forget the famous person who once said, “If the American people truly understood what has been done to them over the last 50 years (now 90), I believe that there would be a revolution by morning’. WAKE UP AMERICA, this topic is but a drop in the bucket of corruption. Your children and grand children depend on your actions!!

  23. the_zapkitty says

    Neo Says:

    “Is that even legal?”

    It’s worse than illegal. It’s spam.

    (Note that the references to the business are in the third person, but the url of the poster is the business. Always a sure sign 🙂 )

  24. Is that even legal? There are laws against “possession of burglary tools” in many states. Of course there are legitimate uses for such things (locked yourself out of your home, or letting a tenant into their place who lost their keys, or whatever)…

  25. If you want to open locks, instead of spending a lot of money on “keys” you should invest in a lock pick set from http://www.spygearmerch.com their kits start out at $19, and some come with training manuals.

    I can pick even high security locks in seconds, quietly, without having to having to try a big ring of keys.

    They have pics to open any locks, doors, file cabinets, coke machines, candy machines, auto doors/locks, and even ATM machines.

    They also have safe busting equipment, if you have the $$$$ 🙂

    http://www.spygearmerch.com i recommend them, cause they are honest, NO HASSLE, and ship quick.

  26. I have been really trying to follow this entire story / video that you guys have posted. But I have one serious issue that all of you have overlooked.
    I thought George Washington past away a long time ago!!!

  27. W.O. Shakespeare says

    [This comment was inappropriate, so I removed it. — Ed]

  28. I’m sure that this revelation will cause people using the machines to demand better locks, but in the end, it’s the honesty of the people doing the job that will insure accuracy more than what devices we use to register votes.

    I disagree. Different devices result in completely different capapbilities for dishonest people.

    If one dishonest person wanted to hack paper ballots like this, they would need a lot more access, more time, more manpower. Again: with sufficient privacy at the machine, even the voter can play.

    To my knowledge there is no non-computerized voting method that allows this much malfeasance by one person with one minute of access to an apparatus.

  29. the_zapkitty says

    AST Saud:

    “We really ought to quit trying to guarantee security or honesty in anything to do with computers.”

    Oh… ooKaay.

    “There is no system of voting that can’t be corrupted, short of giving up the private ballot”

    By that standard there’s no system of voting that cannot be corrupted… private ballot or public.

    “but raising of hands also distorts the outcome of voting, too. “

    As would having any appointed officials watch you as you ballot.

    “I’ll say this for Diebold, the interface would not allow someone intending to vote for Gore to cancel that vote by also selecting Buchanan.”

    No? But voters will still find ways to make mistakes. And the machine that allowed the mistake you reference did not allow one malicious voter to deliberately screw with the votes of everyone that used that machine after them… as a Diebold machine used in the same race would have.

    No one with experience in public interactions is stupid enough to pursue the perfection that Diebold so glibly promised in their machines.

    But the current situation can be vastly improved with some effort… and some research… and some expenditure… and some external oversight… on Diebold’s part.

    “The answer is in allowing poll watchers to see the process.”

    I wonder if anyone at Diebold would be stupid enough to publicly volunteer that idea as an appropriate correction for their screwups?

    No, the answer is forcing the evolution of a better voting machine. With Diebold paying… 🙂

  30. Impeach Bush yourself! No Joke.
    This is much more than just a petition.

    There’s a little known and rarely used clause of the “Jefferson Manual” in the rules for the House of Representatives which sets forth the various ways in which a president can be impeached. Only the House Judiciary Committee puts together the Articles of Impeachment, but before that happens, someone has to initiate the process.

    That’s where we come in. In addition to the State-by-State method, one of the ways to get impeachment going is for individual citizens like you and me to submit a memorial. ImpeachforPeace.org has created a new memorial based on one which was successful in impeaching a federal official in the past. You can find it on their website as a PDF.

    STOP WAITING FOR YOUR MEMBERS OF CONGRESS TO ACT FOR YOU.

    You can initiate the impeachment process yourself by downloading the memorial, filling in the relevant information in the blanks (your name, state, etc.), and sending it in.

    http://ImpeachForPeace.org/ImpeachNow.html

    More information on the precedent for submitting an impeachment
    memorial, and the House Rules on this procedure, can also be found at
    the above address.

    If you have any doubts that Bush has committed crimes warranting
    impeachment, read this page: http://ImpeachForPeace.org/evidence/

    If you’re concerned that impeachment might not be the best strategy
    at this point, read the
    bottom of this page: http://ImpeachForPeace.org/

    “I just want you to know that, when we talk about war, we’re really talking about peace.”
    Bush, June 18, 2002

    “War is Peace”
    Big Brother in George Orwell’s 1984

  31. You don’t mean to say that Democrats in Broward County would tinker with the vote, do you?

    We really ought to quit trying to guarantee security or honesty in anything to do with computers. There is no system of voting that can’t be corrupted, short of giving up the private ballot, but raising of hands also distorts the outcome of voting, too.

    I’ll say this for Diebold, the interface would not allow someone intending to vote for Gore to cancel that vote by also selecting Buchanan.

    The answer is in allowing poll watchers to see the process.

    I suspect that if the machines had unique keys, you’d find that they could be picked. If the locks were perfect, what guarantee do we have that some supervisor wouldn’t grant access to someone who wants to tamper with the voting? We’ve all seen as well that recounting isn’t exactly a tamper proof way of establishing the correct totals. The last Washington State gubernatorial election comes to mind. Turning it over to the courts doesn’t make us any more sure that the results are correct.

    After 2000, I decided that, without actual evidence of fraud, the votes certified by the official given the duty by law to do so should stand, period.
    That means that people will have to pay more attention to who gets elected as Secretary of State, County Clerk or Lieutenant Governor. It’s a political process, and the courts ought not intervene without real evidence of fraud.

    I’m sure that this revelation will cause people using the machines to demand better locks, but in the end, it’s the honesty of the people doing the job that will insure accuracy more than what devices we use to register votes.

  32. The solution is simple. Spread rumors that Al Quaeda is mass duplicating keys in order to put more pro-muslim politicians in office. Watch Diebold spring into action overnight!

  33. Very Interesting.

    In my opinion, things like this are not accidental, and not a product of stupidity. They are a product of two things: 1) Greed of the people in power or people who want to be in power & 2) The fact that american citizens are not willing to act & cause positive change.

    When you read this, are you hoping that someone else will actually do something about the problem, or are you wanting to get out of your chair, write a letter to your public officials & diebold, or do you want to get everyone you know together and protest, impeach somebody, make sure that diebold goes out of buisness, and make damn sure that we get a new voting system in our country which is fair and equal and gives everyone a chance?

    In all honesty, I feel that now is the time to act & cause change…so are you going to help or just sit there?

  34. So, maybe we should all make an attempt to break into the machines on election day. If enough people did it, it would invalidate the elections, forcing the various agencies involved to re-evaluate how they are administering voting and maybe get ride of the stupid machines.

  35. GOOD GRIEF CHARLIE BROWN!!!!!!!!!!!!!!!!
    HOW SIMPLE – as it “KEEP IT SIMPLE STUPID!”

  36. [By comparison, Windows is ironclad…]

    I am reading the technical paper about the voting machine now (available at http://itpolicy.princeton.edu/voting). It’s clear that the operating system of the Diebold machine _is_ Windows!

    From p. 5:

    “The second method is to exploit a back door feature in Diebold’s code to manually install the attack files from a memory card. When the machine boots, it checks whether a file named explorer.glb exists on the removable memory card. If such a file is present, the machine boots into Windows Explorer rather than Diebold’s BallotStation election software. An attacker could insert a memory card containing this file, reboot the machine, and then use Explorer to copy the attack files onto the machine or run them directly from the card.”

  37. “And same said EAC has the FEC standards only available to the public in a proprietary Microsoft Word format.

    Someone took exception to that and pdf’d it :)”

    Great. So now it’s available in a proprietary Microsoft format *and* a proprietary Adobe format.

    Anyone planning to make it available in text, HTML, or some other open format?

  38. the_zapkitty says

    Ccluelessfl60 Said:

    “Wonder if Diebold ever heard of this technology.Keys that can not be duplicated and locksmiths who keep records and with a paper trail of who requested a key.”

    There’s been no indication that the Diebold customers (the people running the state elections) had ever asked for such a thing.

    As for Diebold’s actual level of culpability…

    A more expensive lockset with individual keying was too expensive…

    Even a version of the same cheap lockset they used that was equipped with variegated keying was too expensive…

    (Not that, as I said far back upthread, that class of lockset is expected to hold out against determined snooping for more than a few seconds.)

    So Diebold apparently values the security of the American election process at the cost of protecting an 15-year old office desk or hotel minibar… and not nearly so valuable as the contents of a modern vending machine.

    More importantly… it seems to have slipped their minds entirely that certain people will be trying to get into those machines!

    While it’s not chic to call a corporation minding its profit margins “greedy” there is a point where penny-pinching devalues what the corporation has promised to the customer… and that is greedy.

  39. Ccluelessfl60 says

    Well a few years ago I lost the key to a rental car and had to wait for the locksmith who had to have the vin number to duplicate the key.Took a good deal of time but it made me more careful with keys.Wonder if Diebold ever heard of this technology.Keys that can not be duplicated and locksmiths who keep records and with a paper trail of who requested a key.

  40. the_zapkitty says

    Vulturevalley Says:

    “All I’ve been hearing about this electronic voting is that it has tons of flaws. Why is it so necessary to make everything electronic? Just give me some paper and I’ll be happy.”

    HAVA, the Help America Vote Act of 2002, has made both punch cards and lever-type voting machines illegal and required states to set up computerized voter registration databases.

    While this act technically doesn’t outlaw all forms of paper balloting, states saw the writing on the wall and rushed to e-votes…

    … and “rushed” is the operative word, although so many of the state election board representatives caught at ground zero with their pants down in the resulting election day train wrecks have earnestly assured us that the destruction of the democratic process really was carefully thought out in advance…

    One can see why the word “conspiracy” gets mentioned so often in relation to these messes. It can be hard to believe that people can really be so idiotic.

    But as the saying goes, it is unwise to attribute to malice what can be attributed to stupidity… and people really can be that stupid.

    And, of course, the e-vote machine vendors who score millions of dollars in contracts for their badly-designed wares by promising miracles of “easy deployment” “ease of use” and “security” while consistently lying through their collective teeth hasn’t helped matters at all.

  41. the_zapkitty says

    Hal Did Say:

    “I guess it’s even possible that all minibar keys are alike and also match the key that opens all Diebold machines.”

    More like “the common key type that can open certain types of minibars, jukeboxes etc. etc…. can also open a Diebold vote machine”

  42. the_zapkitty says

    Hal Did Say:

    “Chris’s last sentence relates to my other point. Although ZapKitty insisted that I had conjured up the distinction between a key and a key blank, and berated me for my continued lack of reading comprehension”

    And I was right….

    Not intending to berate you further 🙂 , since you seem to understand the situation now, but the report simply said that they had ordered keys from differing sources, and the keys worked.

    Assuming the research team had “omitted” the fact that they had to cut blank keys was in fact imputing to them a level of deception uncalled for given the simple facts.

    But I will say that I was wrong in thinking that Diebold had used the very cheapest form of locksets for their vote machine… they just used one of the cheapest manufacturing methods for their vote machine locksets 🙂

  43. With a lot of keys of this type, as oposed to car or house keys, the number on the key is the actual cut of the key, and not a key blank number. So all keys with the same number on then will open the same locks. I first ran into this with Masterlock locks when working construction. A company will buy a couple hundred locks that are keyed the same. You get so you know what numbered key opens what company’s locks.

    You run into the same thin with electrical pannels. The same key will open all GE pannels, another will open all Square-D pannels, and so forth. You can tell what brand the key will open by the number on the key. I used to keep a keyring in my tool box that had keys for all the major brands of electrical pannels, as well os several brands of fire alarm, security, and lighting control pannels. It looks like the company buys locks all keyed the same so that they do not have to worry about matching key and locks shipped. While this is not a big risk when you are talking about electrical pannels, it is not a good thing when talking about voting machines.

  44. This from a company that used to build bank vaults!

  45. Okay, I see in the RABA report that all the Maryland machines do use the same key. Maryland received 32,000 copies of the same key from Diebold. That’s pretty dumb all right. It’s odd that RABA did not recommend that they change this – it seems like the state made a good effort to implement RABA’s recommendations. Their only suggestion on this issue was to put tamper tape on the doors so it would be detectable if a machine had been opened. As others have noted, this tape is not that reliable.

    I guess it’s even possible that all minibar keys are alike and also match the key that opens all Diebold machines.

    I apologize for insinuating that you were intentionally allowing misinformation to circulate. I will shut up on this matter until I have done more to acquaint myself with the current state of research in this area.

  46. So as Xcott Craver said, a somewhat remarkable incident. Remarkable, but far from “impossible”

    Note, I’m using “remarkable” in the literal sense. Prof. Felten found it an interesting coincidence worthy to mention and others found it worthy to pass along, and so it is by definition remarkable.

    I don’t mean to imply that the coincidence is amazing or weird, or improbable. It would be foolish to say such things without knowledge of just how common certain keys are, and how many people have them lying around.

    Also,

    It is not a surprise that these cheap keys are often the same exact shape. Think of their usual function. Is there really any point in a hotel assigning distinct keys to separate hotel mini-bars? Why?

    Meanwhile, it is a pain for units to have distinct keys which require non-zero effort to replace when lost—versus a single bag of mini-bar keys. There are many other scenarios in which the lock provides a flimsy local access restriction, e.g. to keep kids out of the liquor cabinet, and nobody really cares if the owner of an identical unit in another house has the same key.

  47. Laugh? Cry? Move to Canada?

  48. Hal,

    According to the RABA report (cited in our paper), all of the AccuVote-TS machines in Maryland use the same key. And when I say two keys are the same I don’t just mean they’re cut from the same blank; I mean they’re cut into the same shape so they open the same locks.

  49. Following up to my earlier comments:

    I asked Chris Tengi about the key-recognition incident, and he remembers it slightly differently. Where Ed Felten had him remembering “that he had a key at home with the same code on it,”, Chris says, “As for remembering the key’s code, I did not remember it with clarity when I saw the key at the demonstration, but told Ed that the code looked familiar. It turns out that I did have a key with that code which, from what I’ve been told, defines the exact cut to be applied to the blank.”

    Chris also mentioned that he has the key on the same ring as his guitar case so he does glance at it occasionally. I do think that he nevertheless must have an excellent visual memory to have recognized the key as well as he did.

    Chris’s last sentence relates to my other point. Although ZapKitty insisted that I had conjured up the distinction between a key and a key blank, and berated me for my continued lack of reading comprehension, Chris reminds us that keys are formed by cutting key blanks, and says that the code describes the particular cut to be made. If this is true, then it’s likely that not all Diebold machines of this model can be opened by the same key. And therefore not all minibar keys (even among those that use the same key blank) will open an arbitrary Diebold machine.

    I would request that Ed Felten or someone else familiar with the matter speak up to clarify this issue. Many people are getting the impression that any minibar key can open any Diebold machine. Assuming that this is false, it means that Ed Felten’s report is inadvertantly giving people an excessively negative picture of the security of these machines. If his goal is to work as an activist and get people to stop using Diebold machines, this misconception is helpful and he would see no reason to confuse people with the facts. If on the other hand he is working as a professional and seeking to provide the highest quality information so that the public can be as well informed as possible while making their decisions, then he would want to correct errors in how people are interpreting his report, even if his corrections make Diebold look better.

  50. Has “Hal” ever said anything that _doesn’t_ make him look like a Diebold shill? I mean, has he ever commented on any areas not related to the Diebold fiasco?

    Has anyone else noted the irony in Hal’s name (As in “Open the pod bay doors, Hal.”)

    It sounds paranoid to say that this was a deliberate attempt to de-legitmize democracy by destroying the voting process, but it is equally hard to come to any other conclusion that does not require massive amounts of stupidity by a great many people.

    What is interesting here is the apparent breakdown in communication between critical scientific minds and policy makers.

    Ed, haven’t you been asked to testify on electronic voting before?

  51. Sage Thrasher says

    At this point it doesn’t even matter if the electronic voting machines can or can’t be hacked. What matters is that the public has no confidence in the machines and this erodes their confidence in their government and their willingness to spend hours in line to cast their votes–why bother if the rich guys/techWizards of the world can just erase your vote with a click of the keyboard?

    Most people don’t understand technology and until they do we should use paper ballots or at least systems that create a verifiable, undeleteable paper trail that gives people confidence that their rights aren’t being eroded.

  52. All I’ve been hearing about this electronic voting is that it has tons of flaws. Why is it so necessary to make everything electronic? Just give me some paper and I’ll be happy.

  53. the_zapkitty says

    The View From My Feet Said:

    “Keys and Memory…”

    Hmmm… not the sort of key I was thinking it was… So as Xcott Craver said, a somewhat remarkable incident. Remarkable, but far from “impossible” 🙂

    Ed, sorry about the duplicate posts… I hadn’t noticed the originals had appeared inline way upthread after you passed on them.

    I’ll be quiet for a while now 🙂

  54. the_zapkitty says

    Ed Did Edit:

    ” I just changed it to allow up to three hyperlinks without getting auto-moderated. (But the spam filter might still trigger.) -Ed]”

    That explains it…. so 4-5 urls was right out… note to self: do not use Ed’s blog to write own thesis… 😉

    Thanks for the response!

  55. the_zapkitty says

    johno Did Say:

    “We have Federal standards for everything from aspirin to cars to iPods, and an alphabet soup of agencies that create and test the standards. Why isn’t there a Federal standard for voting machines?”

    That’s what I went looking for 🙂

    There are standards. In fact Diebold violated them… and got a slap on the wrist for it.

    http://www.votetrustusa.org/index.php?option=com_content&task=view&id=1091&Itemid=847

    The “current 2 generations down systems” Diebold is trumpeting about now are supposed to comply with the standards… but the standards were originally crafted in the last century. (1999, actually 🙂 )

    They are Federal Election Commission standards of course, but the FEC’s standards work is being superceded by yet another Bush administration creation: the “Election Assistance Commission”

    And same said EAC has the FEC standards only available to the public in a proprietary Microsoft Word format.

    http://www.eac.gov/election_resources/vss.html

    Someone took exception to that and pdf’d it 🙂

    http://josephhall.org/fec_vss_2002_pdf/

  56. the_zapkitty says

    johno Did Say:

    “We have Federal standards for everything from aspirin to cars to iPods, and an alphabet soup of agencies that create and test the standards. Why isn’t there a Federal standard for voting machines?”

    That’s what I went looking for 🙂

    There are standards. In fact Diebold violated them… and got a slap on the wrist for it.

    http://www.votetrustusa.org/index.php?option=com_content&task=view&id=1091&Itemid=847

    The “current 2 generations down systems” Diebold is trumpeting about now are supposed to comply with the standards… but the standards were originally crafted in the last century. (1999, actually 🙂 )

    They are Federal Election Commission standards of course, but the FEC’s standards work is being superceded by yet another Bush administration creation: the “Election Assistance Commission”

    And same said EAC has the FEC standards only available to the public in a proprietary Microsoft Word format.

    http://www.eac.gov/election_resources/vss.html

    Someone took exception to that and pdf’d it 🙂 :

    http://josephhall.org/fec_vss_2002_pdf/

  57. the_zapkitty says

    Apparently the spam filter doesn’t like it when you reference a URL twice in a post?

    [It was set to automatically hold for moderation any comment that had more than one hyperlink. That was the default setting. I just changed it to allow up to three hyperlinks without getting auto-moderated. (But the spam filter might still trigger.) We’re doing our best on the spam issue, but with 1000+ comment spams per day we have no choice but to use automated filtering. The filters we use are good but not perfect. — Ed]

  58. the_zapkitty says

    “Trained on Diebold AccuVote” Did Proudly Announce:

    “I’m trained on the Diebold AccuVote…
    Yeah, the key hole is a standard barrel lock.”

    Really? The demo showed a flat key being used to open a (cheap) standard cylinder lock.

    “But obviously, thats why elections officials seal the opening with a tamper-evident strip of tape. “

    Is that the “multiple-reuse” tamper-evident tape described here?

    http://avi-rubin.blogspot.com/2006/09/my-day-at-polls-maryland-primary-06.html

    This sounds like Diebold’s using the cheap stuff yet again.

    “Just like those seals that the U.N. uses on monitored nuclear equipment.”

    “Somewhat imilar in basic concept to”
    does not equal
    “just like”.

    I very much doubt that when the UN seals nuclear-related gear they follow Diebolds voting machine example of using the cheap materials.

    “Sorry Ed, you’re intentionally stirring up hype over a non-issue…”

    Adding verifiable evidence to the ever-growing paper trail showing that Diebold has a history of providing insecure equipment for elections is hardly a “non-issue”.

    “Obviously, anyone with physical access…”

    Did you note the e-vote virus?

    “…and first-hand knowledge…”

    Did you note the existence of the internet?

    “… can open the machine. The whole point is that it will be spoiled if they do and you have like 5 judges there from different political parties who have taken an oath to protect it…”

    Read the Rubin story I referenced above again, Hal. Read it carefully 🙂

    By the evidence to date you are entirely incorrect, even given that all of the judges and workers present have the best of intentions.

    “Cue the X-Files theme, this conspiracy is FICTION.”

    Ed mentioned no conspiracy.

    I see only a conspiracy by Diebold to cover up and handwave away their incompetence in designing voting machines.

  59. Ozark Geezer says

    For decades, every Caterpillar dozer, loader, grader and scraper could be started with the same key. Having a “Cat Key” on your key chain was a heavy equipment bona fide.

  60. All the problems with voting appears to happen in heavy democrat areas run by democrats. Perhaps that is where the problem is.

  61. Same thing with coin operated vending and video game machines. This is why the distributer would CHANGE THE LOCK.

  62. the_zapkitty says

    “the_zapkitty Says: Your comment is awaiting moderation

    … again? For two different posts?

    Hey, Ed, any idea as to what set it off this time? 🙂

  63. Sorry to fragment my posts, but the “tamper-evident tape” solution of
    “Trained on Diebold AccuVote” seems vulnerable to the following attack:

    Party A to the elections pay criminals to tamper with the seals on the
    machines in voting districts which largely support Party B over Party A,
    towards the close of election day.

    Because of lack of physical voting record backups and the low security
    of the machines to physical tampering, the votes of these districts are
    disqualified, leading to Party A winning the election.

  64. “Trained on Diebold AccuVote” claimed:

    But obviously, thats why elections officials seal the opening with a tamper-evident strip of tape. Just like those seals that the U.N. uses on monitored nuclear equipment.

    Some quick Google research leads me to believe that the IAEA uses
    totally different technology than the “tamper-evident tape” you claim
    is/will be used by election officials: see URL

    http://www.iaea.org/NewsCenter/Focus/IaeaDprk/DPRK_gallery/DPRK_gallery01/pages/002.shtml

    While perusing the IAEA website I noticed that they don’t just rely on
    their seals and surveillance cameras, they actually carry out inspections.
    I’d suggest that for Diebold machines, also, if they weren’t designed to
    make such inspections impossible by not creating a physical paper-trail
    or something similar.

  65. the_zapkitty says

    RonK Said:

    “Why do people here bother to reply to Hal when he’s obviously a shill or troll?”

    Because we give him/her the benefit of the doubt while gently correcting their errors and misapprehensions… 🙂

  66. Why do people here bother to reply to Hal when he’s obviously a shill or troll?

  67. the_zapkitty says

    “Trained on Diebold AccuVote” Did Proudly Announce:

    “I’m trained on the Diebold AccuVote…
    Yeah, the key hole is a standard barrel lock.”

    Really? The demo showed a flat key being used to open a (cheap) standard cylinder lock.

    “But obviously, thats why elections officials seal the opening with a tamper-evident strip of tape. “

    Is that the multiple-reuse tamper-evident tape described here?

    http://avi-rubin.blogspot.com/2006/09/my-day-at-polls-maryland-primary-06.html

    This sounds like Diebold’s using the cheap stuff yet again.

    “Just like those seals that the U.N. uses on monitored nuclear equipment.”

    “Similar in basic concept to” does not equal “just like”. I very much doubt that when the UN seals nuclear-related gear they follow Diebolds voting machine example of using the cheapest available parts.

    “Sorry Ed, you’re intentionally stirring up hype over a non-issue…”

    Adding verifiable evidence to the ever-growing paper trail showing that Diebold has a history of providing insecure equipment for elections is hardly a “non-issue”.

    “Obviously, anyone with physical access…”

    Did you note the e-vote virus?

    “…and first-hand knowledge…”

    Did you note the existence of the internet?

    “… can open the machine. The whole point is that it will be spoiled if they do and you have like 5 judges there from different political parties who have taken an oath to protect it…”

    http://avi-rubin.blogspot.com/2006/09/my-day-at-polls-maryland-primary-06.html

    By the evidence to date you are entirely incorrect, even given that all of the judges and workers present have the best of intentions.

    “Cue the X-Files theme, this conspiracy is FICTION.”

    Ed mentioned no conspiracy.

    I see only a conspiracy by Diebold to cover up and handwave away their incompetence in designing voting machines.

  68. Trained on Diebold AccuVote says

    I’m trained on the Diebold AccuVote…

    Yeah, the key hole is a standard barrel lock. But obviously, thats why elections officials seal the opening with a tamper-evident strip of tape. Just like those seals that the U.N. uses on monitored nuclear equipment.

    Sorry Ed, you’re intentionally stirring up hype over a non-issue… Obviously, anyone with physical access and first-hand knowledge can open the machine. The whole point is that it will be spoiled if they do and you have like 5 judges there from different political parties who have taken an oath to protect it…

    Cue the X-Files theme, this conspiracy is FICTION.

  69. the_zapkitty says

    oops… spamming kitty alert! 🙂

    Actually, lag in the system. If admin could zap two of those I’d appreciate it.

    Actually, quite some lag there for a while, apparently…

  70. the_zapkitty says

    johno Did Say:

    “We have Federal standards for everything from aspirin to cars to iPods, and an alphabet soup of agencies that create and test the standards. Why isn’t there a Federal standard for voting machines?”

    That’s what I was looking for.

    There are standards. Diebold violated them… and got a slap on the wrist.

    http://www.votetrustusa.org/index.php?option=com_content&task=view&id=1091&Itemid=847

    The “current 2x generation systems” Diebold is trumpeting about now are supposed to comply with the standards… but the standards were originally crafted in the last century (1999, actually 🙂 )

    They are Federal Election Commission standards of course, but the FEC’s standards work is is being superceded by yet another Bush creation: the “Election Assistance Commission”

    Which only has the FEC standards available to the public in a proprietary Microsoft Word format.

    http://www.eac.gov/
    http://www.eac.gov/election_resources/vss.html

    Someone took exception:
    http://josephhall.org/fec_vss_2002_pdf/

  71. I’m so glad that we don’t have electronic voting machines in Australia… With the way the last two presedential elections have been run in the US I reckon you guys should call in the Australian Electoral Commission to do the job – they do international elections (usually on small pacific islands, but I reckon they’d do a better job of the US elections than the last two tries) 😛

  72. the_zapkitty says

    Xcott Craver Did Say:

    (re: remembering a key number)

    “I would call that remarkable (after all, here’s a blog entry about it) but I would not make the mistake of declaring it unlikely, impossible, or an enormous mental feat.”

    I take your point, but you should be aware that the “alphanumeric code” for these types of standardized utility lock keys tend to be things like… H1… 🙂

    Often 2-3 characters. Rarely more than 5.

  73. If you are going to try, “Security through obscurity”, whose limitations are understood by security experts (real security experts), one should at least find something more obscure than a minbar key. I used to do a lot of security consulting, but I backed off because of the liability. I hate thinking I know more about security than the people working on the voting machines. Maybe we should use game console as voting machines. Then we would only have to worry about who the cheaters want as president. I am joking, I think. I think maybe we should have NIST create some secure voting machines, I have confidence in them. They create the standards for encryption that the government uses for procurement. They have to be better at this than Diebold. In one of my previous projects, I worked with a company that was writing Mindows NT based security software and using secure RPC. I asked why and they said, Its the secure way to do this. Just a while later, the slammer worm went right into Microsoft’s RPC layer with a buffer overflow exploit. My gut instinct was right on. Blind trust in Microsoft based security is a poor idea. Again, I would start with NIST certified technology and go from there. They care about security, as do I.

  74. Have you considered open-sourcing the virus source code?

    Just putting it on your site, and saying “Download it”?

    That might solve a lot of problems, since either:

    1. The Diebold machines really can’t be infected, in which case releasing the source code is harmless, or

    2. The Diebold machines are vulnerable, in which case emergency injunctions would certainly follow, with great benefit to verified voting.

    If you do this, though, you should do it soon, to allow the election officials time to adjust.

    Thanks for this great work!

  75. As an system developer I just shook my head when I saw California and others jump on the Diebold wagon. Here in Oklahoma (at least in Oklahoma City and Tulsa) we use a fairly large heavy paper ballot that is optically scanned. After marking the ballot, the voter personally slides it into the scanner slot on the machine. If it reads OK, the ballot is stacked in the bottom of the machine and a green light displays. It there is a problem with the scan, a red light displays and the ballot is backed out of the slot. If the power happens to go out at the voting site, the ballots are deposited in a holding slot for later scanning. Poll watchers from both major parties observe to ensure there are no shenanigans. Since the ballots are paper and must be clearly marked to be accepted by the machine, a manual recount is about as easy as it can be.

  76. The first is that Christ Tengi recognize the alphanumeric code as matching one on a key he had used on a job 15 years ago to open a file cabinet or a VAX access panel! This would not have been a key that played an important or emotional role in his life, and he had presumably not used it for 15 years, yet on site he recognized that a new key had the same alphanumeric code. Rain Man himself would have trouble duplicating that feat of memory. Doesn’t that strike anyone else as remarkable

    Whether this is remarkable depends in part on whether one sees the thing every day, for example every time one opens a pencil drawer.

    Also, there is a limit to how remarkable this can be, depending on the number of distinct alphanumeric codes and their distribution. As the old saying goes, most card tricks are only showing you an event of probability 1/52 by chance.

    I would call that remarkable (after all, here’s a blog entry about it) but I would not make the mistake of declaring it unlikely, impossible, or an enormous mental feat. None of us would know, and it is very easy to overestimate these things in retrospect.

  77. “I fear for the future of this country if these kinds of problems go unsolved.”

    The future of that country has already become apparent: freedoms are further curtailed, mainly in the name of the war on terror, and there starts to be a slump in immigration and investment unprecedented in its history, as well as growing agitation. California leads the secession of the entire West Coast, and a Second Civil War is fought. In the aftermath, the leadership of civilization has shifted to currently rapidly developing, fairly free nations like India and Brazil, as well as Canada, Japan, the EU, while in the communist corner, we still have China.

    This comes from the same crystal ball that predicted the dot bomb six months before it went off, by the way.

    “A one bit error on a computerized voting machine can potentially change the results by half as high as the maximum the machine can count votes.”

    Depending, by even twice as high: if the high order bit is a sign bit but normally zero, it would make the machine subtract its votes if it got flipped!

  78. Casualreader says

    Has “Hal” ever said anything that _doesn’t_ make him look like a Diebold shill? I mean, has he ever commented on any areas not related to the Diebold fiasco?

    As to Hal’s contention that paper ballots aren’t secure either Hal. For mistakes, if a paper ballot gets screwed up, you lose or change one vote. A one bit error on a computerized voting machine can potentially change the results by half as high as the maximum the machine can count votes.

    To cheat ten thousand votes with paper ballots, you have to fill out 10,000 paper ballots, if that takes one minute each, you are still looking at 166 man hours just to fill them out. Then you have to sneak 10,000 ballots into the ballot boxes. Think of a ream of paper, that is 500 sheets, far thinner than a typical ballot. Now think of a pile 20 reams high. Then multiply it by at least a factor of 2. That is how high a stack of ballots you would be dealing with.

    You would also have to steal or counterfeit 10,000 ballots. Sufficiently before the election to fill them out. Electronic version, one off the shelf memory card.

    Your window for tampering is also shorter, since you have to do it during or just after the election, while people are paying attention. With these electronic ones, you could do it weeks before the election, while no one is paying attention.

    I look at the bright side in this, these things are apparently so easy to hack that it is only a matter of time before someone, just as a prank, makes an untraceable, unverifiable change to “Bill Gates” wins the presidential votes in this area. Or that some tiny district gets 200 million votes for some candidate.

    Not that this prank would be appropriate or legal, but there are enough people out there with no common sense or with no sense of self preservation that it is bound to happen sooner or later.

  79. zzzzzzzz…..

    …my ipod might open them, too. So, what?

  80. “Maybe I sound like a conspiracy theory nutcase, but didn’t the CEO of Diebold tell bush he would deliver Ohio? Why else would you use such a simplistic locking mechanism?”

    I can think of one very good reason. The people who are counting the votes are dumb enough to buy Diebold equipment. Could they be trusted NOT TO LOSE a key that would be hard to duplicate?

  81. This is simply inexcusable. Even vending machines use a more secure locking mechanism. I fear for the future of this country if these kinds of problems go unsolved.

  82. the_zapkitty says

    Actually…
    … while I’m checking out “standards”…
    … couldn’t it be said that Diebold is actually guilty of fraud?

    I mean… how much weight did the name “Diebold” play in the acquisition of the ballot machine contracts?… how many public officials were swayed by thoughts of massive impenetrable safes, intricate and nigh-unpickable locks and sturdy, secure ATM machines?…

    … not suspecting that what they would actually get would be hacked Windoze software guarded by cheap locks…

  83. the_zapkitty says

    Of more interest than Hal’s gyrations is the “standards” that these machines were supposedly built to…

    …and apparently met.

  84. the_zapkitty says

    Hal Hath Wrought:

    “I have to say, there are a couple of things about this story that surprise me. The first is that Christ Tengi recognize the alphanumeric code as matching one on a key he had used on a job 15 years ago to open a file cabinet or a VAX access panel! This would not have been a key that played an important or emotional role in his life, and he had presumably not used it for 15 years, yet on site he recognized that a new key had the same alphanumeric code. Rain Man himself would have trouble duplicating that feat of memory. Doesn’t that strike anyone else as remarkable?

    What’s remarkable is the continuing display of your lack of reading comprehension skills.

    He still had the key. Perhaps a memento? I have such things.

    I know this will be difficult for you to parse, but bear with me here: People keep mementos because they inspire memories. Thus Tengi’s recognition of the number is not “remarkable”.

    “The second oddity is the apparent lack of distinction between a key and a key blank.”

    That’s because the distinction sprang full-blown from your imagination and had nothing to do with the events described in the article.

    “I understand that these keys only have a modest degree of variation, but still, it’s not literally true that they are all identical, is it?”

    Yes. They are. The purpose of this class of locks is to simply restrict access from casual prying by passers by etc. That’s why the locks and keys are so inexpensive. Which is no doubt why Diebold used them. No one who has actually dealt with security matters imagines that they will stop a determined break-in.

    “Last, I don’t suppose anyone here wants to even consider whether this failure of physical security might point to the possibility of similar failures in other aspects of the election process, including handling of paper.”

    True… the idea of pursuing something irrelevant to the matter at hand did not occur to us.

    “It’s nicer to imagine that this failure is limited to Diebold and is a general manifestation of the company’s evil nature and/or incompetence, than to conclude that the same tendency towards choosing economy over security might apply to other, even non-electronic, voting technologies.”

    And again it is as if you can read, but you do not truly comprehend what you have read: NON-ELECTRONIC TECHNOLOGIES DO NOT HAVE THE “FORCE MULTIPLIER” EFFECT OF DIEBOLD’S SCREWUPS.

    Those effects alone would justify this getting a lot of attention.

    As for Diebold’s reputation… it’s obvious that what has really happened is that they have risen to the level of their own incompetency in pursuing the voting machine market.

    Perhaps they can improve… but they won’t improve by trying to ignore the problems. And if truly independent researchers are not allowed to inspect Diebold’s machines and code it seems a sure bet that Diebold will continue to overlook and/or ignore serious problems. They would have no motivation to change the “cheap and easy” mentality that so obviously permeates their voting machine work.

  85. Hahaha this is funny the word usage of the video narrator is a bit odd. He says that “a criminal” could do this but really do you have to be a preordained criminal to do this or are you a criminal after you have commited the act. They imply that thinking of commiting an act is the criminal offence. So much for a judge. Good work on the diebold hacks though.

  86. the_zapkitty says

    Information Week downplays it just a little bit:

    http://www.informationweek.com/industries/showArticle.jhtml?articleID=193001284

    re; Diebolds 2x gen later systems w/ “improved encryption”, “digitally signed cards” and…

    “and each system includes an audit security tag with an ID number. If the tag appears tampered with, the system isn’t used,”

    Is this like the security tape that worked so well?

  87. We have Federal standards for everything from aspirin to cars to iPods, and an alphabet soup of agencies that create and test the standards. Why isn’t there a Federal standard for voting machines?

    Can voting machines ever be made secure? ATM’s are pretty secure, but that’s money of course.

  88. Although I’m a big supporter of electronic voting _in theory_ the technology’s current downhill slide continues to get more discouraging everyday. At this point, we might as well consider running one of those simple polls on a website. Perhaps http://www.blogthings.com could host our next Presidential Election? At least we’d have our choice of output formats and we can alway print out our responses as proof. And, although one could easily hack a website, I’d imagine actually getting to the servers blogthings is on would be a lot more difficult than getting into a “secure” electronic voting system like Diebold’s.

    Ugh…

  89. See it all in action right here…

    Lynching by Laptop Part 2
    http://video.google.com/videoplay?docid=29166033447680735&q=Lynching+by+Laptop

    the original…

    Lynching by Laptop
    http://video.google.com/videoplay?docid=832266622252138740&q=Lynching+by+Laptop

    Politics is the entertainment branch of industry. -Frank Zappa

  90. To the guy who thinks “bump keys” will open this lock:
    Learn more about locks. Cheap wafer tumbler locks, like those used on mini-bars, equipment cabinets, and (apparently) voting machines are not susceptible to “bumping”. Bumping only works on pin tumbler locks. Regular wafer locks, though, are incredibly easy to pick.

  91. I have to say, there are a couple of things about this story that surprise me. The first is that Christ Tengi recognize the alphanumeric code as matching one on a key he had used on a job 15 years ago to open a file cabinet or a VAX access panel! This would not have been a key that played an important or emotional role in his life, and he had presumably not used it for 15 years, yet on site he recognized that a new key had the same alphanumeric code. Rain Man himself would have trouble duplicating that feat of memory. Doesn’t that strike anyone else as remarkable?

    The second oddity is the apparent lack of distinction between a key and a key blank. I understand that these keys only have a modest degree of variation, but still, it’s not literally true that they are all identical, is it? Not every key wlil open every lock that it can be crammed into? It sounds like you would need more information to open up a Diebold machine than just that it used a certain brand of lock. You’d need to know the code for the key used by that particular machine; not all keys fit all machines. Is that right?

    Last, I don’t suppose anyone here wants to even consider whether this failure of physical security might point to the possibility of similar failures in other aspects of the election process, including handling of paper. It’s nicer to imagine that this failure is limited to Diebold and is a general manifestation of the company’s evil nature and/or incompetence, than to conclude that the same tendency towards choosing economy over security might apply to other, even non-electronic, voting technologies.

  92. Wow, this is great news! You mean to say that election officials can use their Diebold Voting Machine keys to steal from minibars! Are these hotels stupid or what, don’t they know anything about security? You’d have thought they’d know better than to buy minibars from Diebold!!!

    (for people in the USA, this is called irony, and we Brits find it amusing)

  93. So, ummm, when are you (collectively) going to rise up to the man? What more evidence is needed that you’re (collectively) being played for patsies?

    I miss the old America… you know, the sane one.

  94. By comparison, Windows is ironclad…

    If you didn’t trust Diebold voting machines before — I didn’t — this won’t make you feel any better about them: The access panel door on a Diebold AccuVote-TS voting machine — the door that protects the memory card that……

  95. There’s only one way to set this right. Not only do we need to get these machines decertified in every state of the Union that’s purchased them (way to go California, for leading that charge), but then each and every machine needs to be returned to Diebold, and a full refund demanded. I urge everyone who cares about this issue to call and/or write their State’s Secretary of State and Attorney General, and impress upon them the importance of doing this. For a fiasco such as this, the LEAST Diebold deserves is to be forced to give a full refund for each and every machine sold. And such a result will go a long way to making sure something like this never happens again. Go do it; call ’em now.

  96. No one is going to do anything about it. This is the end of what we have always called our Freedom. Freedom that never existed, just an illusion.

    They will change the locks, they’ll change the memory card. But what they won’t change is who controlls it. It’s over. Our Freedom, our rights, or way of life.

    Soon the Internet will be controlled. Live with it, or without it. It will be controlled.

    Our entire goverment is corrupt. Our entire country stinks of corruption.

  97. John Trotter says

    Does this remind anyone of a 2600 story about the east coast drop boxes of a major delivery service were installed unchanged from the factory. Comobination in the box every body gets opened all the drop boxes on the east coast.

    At least they should have been a big enough company to get them
    numbered differently than stock

  98. It’s about time we put the Nevada Gaming Commission in charge of voting machines.

    As a society we seem to do a much better job insuring our citizens get a fair game of video poker than a fair presidential election.

  99. This doesn’t surprise me in the least but it sure does bother me a whole damn lot.

  100. Good f***ing stuff. I love this.

    People will probably just steal a memory card, not votes, but that’s cool. I’d love to hear them try to censor this news as a copyrighttrade secret. lol…

  101. Sorry, I unintentionally posted before I finshed.

    As I was saying, bump keys and Dieobold machines are a marriage made in heaven.

    Bump keys have been in the news recently as the skill-free way to open locks without knowing how to pick a lock. ( That sound you hear is Richard Feynman turning slowly in his grave.)

    Even if Diebold uses different key serial numbers on their toy locks in different states, a bump key is the universal approach to opening them all. (One key to rule them all, one key to unbind them.)

  102. Bump keys and Diebold machines

  103. DIE-bold: Drunk with power

  104. I guess Ross Anderson was right when he said this was a lemons market!

  105. Gee, I wonder if Diebold’s automatic teller machines use the same key 😉

    I doubt it. The banks probably won’t put up with the same shenanigans that goverment will tolerate.

  106. So rigging elections is no longer limited to the upper echelons of the American Political Elite?
    Thanks, Diebold, for democratizing this “interesting” aspect of elections! 🙂

  107. So give the alphanumeric code already. What more perfect way is there to convince those still on the fence about this issue? Anyone looking to exploit the lapse will obviously already have that information.

  108. [quote]as long as these machines are allowed to determine election results.[/quote]

    The only conspiracy theroy I belive is the “golden rule”. They that have the gold make the rules and it doesnt matter if you have an R or D after your name. It doesn’t matter who we vote for because our votes no longer mean anything.

  109. paper and pen

  110. They can do whatever they want. It’s pretty amazing the way any semblance of Democracy is faded out in our times.
    Thing is, although this particular thing is so frickin’ crazy, people were talking about these machines before the elections and nothing happened. People were talking about them before the recent primary elections, and still nothing happened…
    All the talk about democrats taking over Congress is meaningless as long as these machines are allowed to determine election results.

  111. Or, if I had to give access to people, I would build a strong lock and give them the keys.

    This is just a case of stupidity.

  112. What makes you think the “Bad Guys” didn’t make and distribute the exact voting machine they wanted?

    Maybe I sound like a conspiracy theory nutcase, but didn’t the CEO of Diebold tell bush he would deliver Ohio?

    Why else would you use such a simplistic locking mechanism? Why else keep votes on a plug-in USB card instead of a hard disk? Their engineers can’t ALL be THAT stupid.

    Sometimes the simplest explanation possible actually is that some people are evil and will conspire for personal gain–it’s not always a theory.

  113. Hank Roberts says

    So, is Diebold going to sue you for violating their digital rights management security?

  114. At least the minibar has a paper record of what you’ve taken out.

    You are HONEST, aren’t you?

  115. This simultaneously brightened and darkened my morning. I’m trying to decide whether to laugh derisively or click my tongue derisively.

    Thank you for finding a very good explanation for non-technical users as to why these machines are not secure.

  116. Very nice work.

    The office products website leads to a 404, by the way. Google cache still available, but they seem to have yanked the page.