RK ARCHIVE - Voting Machine Security- NOT!

The info from my email is presented on the other side of the fold, without my commentary.
From Votersunite.org News July 31, 2006

"Upon examining the inner workings of one of the most popular paperless touch screen voting machines used in public elections in the United States, it has been determined that with the flip of a single switch inside, the machine can behave in a completely different manner compared to the tested and certified version. "Diebold has made the testing and certification process practically irrelevant," according to Alan Dechert. 'If you have access to these machines and you want to rig an election, anything is possible with the Diebold TS -- and it could be done without leaving a trace. All you need is a screwdriver.'"

+óGé¼-ª+óGé¼-ª+óGé¼-ª+óGé¼-ª+óGé¼-ª+óGé¼-ª+óGé¼-ª+óGé¼-ª+óGé¼-ª+óGé¼-ª+óGé¼-ª+óGé¼-ª+óGé¼-ª+óGé¼-ª+óGé¼-ª+óGé¼-ª+óGé¼-ª+óGé¼-ª+óGé¼-ª+óGé¼-ª+óGé¼-ª+óGé¼-ª+óGé¼-ª.
NAtional: Worst Ever Security Flaw found In Diebold Touchscreen Voting Machine

and -
From: OVC Announce
alan@openvotingconsortium.org
Date: July 31, 2006 6:04:17 AM PDT

Subject: Worst Flaw Ever in Diebold Touch Screen Voting Machine
Revealed by Open Voting Foundation
Reply-To: OVC Announce Dear Friends of Open Voting:

Open Voting Foundation has released information and pictures concerning the Diebold TS model touch screen voting machine.

OPEN VOTING FOUNDATION
http://www.openvotin...
9560 Windrose Lane
Granite Bay, CA 95746
Phone (916) 295-0415
alan@openvoting.org

Subject: WORST EVER SECURITY FLAW FOUND IN DIEBOLD TS VOTING
MACHINE
Contact: Alan Dechert
Reference: http://www.openvotin...

SACRAMENTO, CALIFORNIA -- +óGé¼+ôThis may be the worst security flaw we have seen in touch screen voting machines,+óGé¼-¥ says Open Voting Foundation president, Alan Dechert. Upon examining the inner workings of one of the most popular paperless touch screen voting machines used in public elections in the United States, it has been determined that with the flip of a single switch inside, the machine can behave in a completely different manner compared to the tested and certified version.

+óGé¼+ôDiebold has made the testing and certification process practically irrelevant,+óGé¼-¥ according to Dechert. +óGé¼+ôIf you have access to these machines and you want to rig an election, anything is possible with the Diebold TS -- and it could be done without leaving a trace. All you need is a screwdriver.+óGé¼-¥ This model does not produce a voter verified paper trail so there is no way to check if the voter+óGé¼Gäós choices are accurately reflected in the tabulation.

Open Voting Foundation is releasing 22 high-resolution close up pictures of the system. This picture (http://www.openvotin... ), in particular, shows a +óGé¼+ôBOOT AREA CONFIGURATION+óGé¼-¥ chart painted on the system board. The most serious issue is the ability to choose between "EPROM" and "FLASH" boot configurations. Both of these memory sources are present. All of the switches in question (JP2, JP3, JP8, SW2 and SW4) are physically present on the board. It is clear that this system can ship with live boot profiles in two locations, and switching back and forth could change literally everything regarding how the machine works and counts votes. This could be done before or after the so-called "Logic And Accuracy Tests".

A third possible profile could be field-added in minutes and selected in the "external flash" memory location, the interface for which is present on the motherboard.

This is not a minor variation from the previously documented attack point on the newer Diebold TSx. To its credit, the TSx can only contain one boot profile at a time. Diebold has ensured that it is extremely difficult to confirm what code is in a TSx (or TS) at any one time but it is at least theoretically possible to do so. But in the TS, a completely legal and certified set of files can be instantly overridden and illegal uncertified code be made dominant in the system, and then this situation can be reversed leaving the legal code dominant again in a matter of minutes.

+óGé¼+ôThese findings underscore the need for open testing and certification. There is no way such a security vulnerability should be allowed. These systems should be recalled+óGé¼-¥

OPEN VOTING FOUNDATION is a nonprofit non stock California corporation dedicated to demonstrating the need for and benefits of voting technology that can be publicly scrutinized.

Comments

Verified Voting Committee Aug 9 Richmond (Sen. Howell) (thegools - 8/1/2006 3:30:59 PM)

Event: JCOTS advisory subcommittee on electronic voting
When: Aug. 9 at 2pm
Where: Speaker conference bldg on 6th. flr in the Richmond General Assembly bldg.

Their charter is to make recommendations for the development of a pilot study for the state of VA. Sen. Janet Howell is the chair.
Link for the meeting: http://jcots.state.v...

An additional advisory meeting of the panel will be held in September. We will do our best to let those who can't attend know what happened.

Actions to take:
1. Attend the meeting. Wear an orange ribbon or something else orange to show support for VVPR.
2. Write us and let us know if you think you would like to attend.
3. Further, if you have any specific suggestions about the content of VAVV.org's recommendations, please send suggestions to us for consideration.
4. Forward this notice to those interested in a voter verified record of elections who may be able to attend.

This was a Dkos diary (Bubby - 8/1/2006 4:32:07 PM)

This was the subject of a interesting diary yesterday. As one poster said, "this isn't a flaw, it is a feature". Thanks for bringing it up again, very important issue.

http://www.dailykos....