One of the challenges of blogging is finding things to write about. If you want to keep a loyal audience, you have to write regularly; and sometimes it’s hard to come up with several topics a week. Happily, whenever the well is about to run dry, I can always count on Diebold to fail a test or do something ridiculous. Thanks, guys!

The Diebold travesty du jour comes from Elise Ackerman’s story in today’s San Jose Mercury-News. The story recounts Diebold’s response, in California, to the recent Raba report, which demonstrated that Diebold e-voting systems were prone to several serious security attacks.

The story quotes Diebold’s spokesman:

Diebold representative David Bear said Thursday that the integrity of next month’s election was not at risk. “I think it’s important to reflect that the Maryland Department of Legislative Services concluded based on the Raba report that the election could be held successfully without any changes to the Diebold software,” he said. “They went on to say the software accurately counts votes cast.”

Here’s the opinion of authors of the Raba report, according to the New York Times:

Authors of the [Raba] report

A group of ex-NSA security experts, hired by the state of Maryland to evaluate the state’s Diebold electronic voting systems, found the systems riddled with basic security flaws. This confirmed two previous studies, one led by Johns Hopkins researchers and one by SAIC. Here are some excerpts from John Schwartz’s New York Times story:

Electronic voting machines made by Diebold Inc. that are widely used in several states have such poor computer security and physical security that an election could be disrupted or even stolen by corrupt insiders or determined outsiders, according to a new report presented today to Maryland state legislators.

…

The authors of the report said that they had expected a higher degree of security in the design of the machines. “We were genuinely surprised at the basic level of the exploits” that allowed tampering, said Mr. Wertheimer, a former security expert for the National Security Agency.

William A. Arbaugh, an assistant professor of computer science at the University of Maryland and a member of the Red Team exercise, said, “I can say with confidence that nobody looked at the system with an eye to security who understands security.”

Read the second (on-line) page of the NYT story for a litany of problems the team found. In short, they could easily corrupt individual voting machines so that they counted votes for the wrong candidate or not at all; they could introduce false vote counts for whole precincts into the central vote-tallying server; or they could use well-known hostile exploits to seize control of the servers remotely.

Diebold’s response?

In a statement released today, Bob Urosevich, president of Diebold Election Systems, said this report and another by the Science Applications International Corporation “confirm the accuracy and security of Maryland’s voting procedures and our voting systems as they exist today.”

Mr. Urosevich added: “With that said, in our continued spirit of innovation and industry leadership, there will always be room for improvement and refinement. This is especially true in assuring the utmost security in elections.”

University of Maryland professor Bill Arbaugh, one of the study participants and a genuine security expert, gets the last word: “It seemed everywhere we scratched, there was something that’s pretty troubling.”

Four respected computer scientists, members of a government-commissioned study panel, have published a report critical of SERVE, a proposed system to let overseas military people vote in elections via a website. (Links: the report itself; John Schwartz story at N.Y. Times; Dan Keating story at Washington Post.) The report’s authors are David Jefferson, Avi Rubin, Barbara Simons, and David Wagner. The problem is not in the design of the voting technology itself, but in the simple fact that it is built on ordinary PCs and the Internet, leaving it open to all of the standard security attacks that ordinary systems face:

The real barrier to success is not a lack of vision, skill, resources, or dedication; it is the fact that, given the current Internet and PC security technology, and the goal of a secure, all-electronic remote voting system, the [program] has taken on an essentially impossible task. There really is no good way to build such a voting system without a radical change in overall architecture of the Internet and the PC, or some unforeseen security breakthrough.

SERVE advocates have two reponses. The first is simple stonewalling (for example, saying “We have addressed all of those problems”, which is just false). I’ll ignore the stonewalling. The second response, which does have some force, says that SERVE is worth pursuing as an experiment. An experiment would have some value in understanding user-interface issues relating to e-voting; and the security risk would be acceptable as long as the experiment was small.

The authors of the report disagree, because they worry that the “experiment” would not be an experiment at all but just the first phase of deployment of a manifestly insecure system. If an experiment is done, and no fraud occurs – or at least no fraud is detected – this might be taken as showing that the system is secure, which it clearly is not.

This reminds me of an analogy used by the physicist Richard Feynman to criticize NASA’s safety culture after the Challenger space shuttle accident. (Feynman served on the Challenger commission, and famously demonstrated the brittleness of the rubber O-ring material by dunking it in his glass of ice water during a hearing.) Feynman likened NASA to a man playing Russian Roulette. The man spins the cylinder, puts the gun to his head, and pulls the trigger. Click; he survives. “Aha!” the man says, “This must be safe.”

UPDATE (Saturday, January 24): The Washington Post site has a chat with Avi Rubin, one of the report’s authors.

UPDATE (Thursday, February 6): The DoD has decided not to use SERVE in the November 2004 elections.

Lately it seems that we’ve seen one story after another about the carelessness of e-voting vendors, especially Diebold. Here are two.

(1) Kim Alexander of the California Voter Foundation (who has been, in my experience, a reliable source of information) reported this:

This afternoon [apparently Tuesday – EF] I attended a meeting of the California Secretary of State’s Voting Systems Panel, which is in charge of certifying and decertifying voting systems for California elections.

At this meeting the initial results from the Secretary of State’s audit of counties using Diebold equipment were released. The Secretary of State’s auditors discovered that of the 17 counties using Diebold equipment (both optical scan and touchscreen), all 17 had some software or firmware version in use that was not certified by the Secretary of State.

It was an astonishing piece of information – no one knew how widespread the problem was of Diebold installing uncertified software in voting systems as was discovered in Alameda County. It turns out all of Diebold’s California clients are using some version of Diebold software or firmware that is not certified by the state.

…

It was a real bombshell. Secretary of State Kevin Shelley came into the meeting to address the panel and spoke very firmly and passionately about the need for voters to have confidence in elections. He also suggested that it is possible Diebold could be decertified in California altogether.

(2) An AP story by Rachel Konrad reported on allegations that Global Election Systems, a company purchased by Diebold, had employed convicted felons, some in upper management. Here’s a sample:

The programmer, Jeffrey Dean, wrote and maintained proprietary code used to count hundreds of thousands of votes as senior vice president of Global Election Systems Inc. Diebold purchased GES in January 2002.

According to a public court document released before GES hired him, Dean served time in a Washington correctional facility for stealing money and tampering with computer files in a scheme that “involved a high degree of sophistication and planning.”

Diebold said that Mr. Dean left his job when Diebold bought GES. Diebold apparently did not comment on the status of the other four current or past employees who are said to be convicted felons.

[Link credit for (2): Siva Vaidhyanathan.]

In today’s Washington Post, Jonathan Krim reports on a new effort by the e-voting machine vendors to do … something or other. The article, which is titled “Voting-Machine Makers to Fight Security Criticism”, doesn’t quite say what they’re planning to do. The following two paragraphs come the closest to revealing their plans:

Electronic-voting-machine companies announced yesterday that they are banding together to counter mounting concerns about whether their machines are secure enough to withstand tampering by hackers.

…

The leading voting-machine companies, which argue that their systems are safe, have yet to put forward any proposals on addressing the concerns. But under the umbrella leadership of the Information Technology Association of America, the industry hopes to foster conversation that includes security experts, academics, local elections officials, and the National Institute of Standards and Technology, the federal agency overseeing technical standards.

In other words, although they “have yet to put forward any proposals”, they hope to have some conversations with people. Amusingly, the chairman of the ITAA calls this “an inflection point in the history of voting in this country.”

You’ve really gotta wonder how a non-story like this got onto page 2 of a major newspaper.