Monday, September 25, 2006

Want to bet your country? Diebold will take that action!

Randall Stross in The New York Times:

Edward W. Felten, a professor of computer science at Princeton, and his student collaborators conducted a demonstration with an AccuVote TS and noticed that the key to the machine’s memory card slot appeared to be similar to one that a staff member had at home.

When he brought the key into the office and tried it, the door protecting the AccuVote’s memory card slot swung open obligingly. Upon examination, the key turned out to be a standard industrial part used in simple locks for office furniture, computer cases, jukeboxes — and hotel minibars.

Once the memory card slot was accessible, how difficult would it be to introduce malicious software that could manipulate vote tallies? That is one of the questions that Professor Felten and two of his students, Ariel J. Feldman and J. Alex Haldeman, have been investigating. In the face of Diebold’s refusal to let scientists test the AccuVote, the Princeton team got its hands on a machine only with the help of a third party.

[...]

The researchers demonstrated the machine’s vulnerability to an attack by means of code that can be introduced with a memory card. The program they devised does not tamper with the voting process. The machine records each vote as it should, and makes a backup copy, too.

Every 15 seconds or so, however, the rogue program checks the internal vote tallies, then adds and subtracts votes, as needed, to reach programmed targets; it also makes identical changes in the backup file. The alterations cannot be detected later because the total number of votes perfectly matches the total number of voters. At the end of the election day, the rogue program erases itself, leaving no trace.

[...]Diebold issued a press release that shrugged off the demonstration and analysis. It said Princeton’s AccuVote machine was “two generations old” and “not used anywhere in the country.”

[...]

Mark G. Radke, director for marketing at Diebold, said that the AccuVote machines were certified by state election officials and that no academic researcher would be permitted to test an AccuVote supplied by the company. “This is analogous to launching a nuclear missile,” he said enigmatically, adding that Diebold had to restrict “access to the buttons.”

WTF?

Read it all

0 Comments:

Post a Comment

<< Home