Click Here To View The Video
I appeared on CNBC’s “On the Money” yesterday with Michael Shamos, Carnegie Mellon University computer scientist and voting systems consultant to the Commonwealth of Pennsylvania. The segment took as its point of departure the recent Princeton University study, which demonstrated once again that with minimal access, election results could be altered undetectably on a Diebold voting machine.
When asked by the host, Dylan Ratigan, if there was any cause for concern with the security of electronic voting machines, Mr. Shamos (pictured at left) quickly admitted that “There are very severe security drawbacks to current electronic voting machines.” He went on to recommend a reactive strategy of fixing flaws in the machines as they’re discovered.
Ratigan countered, “How do we know when its fixed? Anyone who’s worked with a computer knows how bugs perpetuate themselves seemingly indefinitely.” Mr. Shamos agreed, admitting that it was pointless to attempt to get voting machines into a “perfect” state. He went on to say that “there’s never been a verified instance of tampering with a voting machine.” Of course, one of the revelations of the Princeton Report and many studies that preceded it was that vote totals can be altered undetectably. Exactly how could anyone verify something that is undetectable?
When asked if, in light of the security vulnerability revealed in the recent Princeton report, he had confidence in the Diebold machines being used in November, Mr. Shamos replied “they certainly aren’t unless that vulnerability is corrected.” He then referred to a Directive (see below) issued by the Commonwealth of Pennsylvania in Pennsylvania in response to an earlier report of security vulnerabilities in Diebold’s equipment released last March, suggesting that everything was under control, at least in Pennsylvania. Of course, there was no mention of the fact that Diebold equipment is being used across the country and few of those states have addressed the concerns as Mr. Shamos claims Pennsylvania has.
And just what were the ‘remediating’ actions taken in Pennsylvania? Should voters feel confident that everything is under control and we should simply “move on” and trust the security and reliability of unverifiable elctronic voting machines”? And what about all the other electronic voting machines that will count Pennsylvania’s votes?
The Directive was issued in response to a report prepared by Finnish computer scientist Harri Hursti following an examination of the Diebold TSX machine in Emery County, Utah last Spring. The Directive is quick to reassure the county officials that the “probability for exploiting this vulnerability to install un-authorized software that could affect an election is considered low” and also asserts that Diebold “shall develop a permanent solution to this security vulnerability, which shall proceed through the ordinary certification process.” The possibility of Diebold developing a permanent solution without totally overhauling its software architecture is considered dubious by computer security experts familiar with the Diebold system. No such 'permanent solution' has been developed for the equipment being used this November.
The Directive does little more than tighten chain of custody procedures, requiring the re-installation of the authorized software during system startup prior to installing, testing, and sealing the election data PCMCIA card into the unit. It is somewhat surprising that such minimal security precautions were not already in place, but it is encouraging that they are now. However, the precautions do not eliminate the possibility that corruoted source code was already present in the machines or the possibility of corrupted software introduced by an insider, either within the company or in the election administration. It fails to prevent attack through the memory card inside the touchscreen machine as demonstrated in the Princeton study nor does it address the fact that equipment is left unguarded at polling places overnight before Election Day or sent home with pollworkers. And of course, the procedures assume that the ballot definition files, prepared by the vendors or in some cases the local election officials are free of malicious or unintentional errors, like those reported in dozens of jurisdictions across the country.
The most alarming factor though is the fact that this directive only addresses the Diebold equipment. Are similar security procedures in place for other electronic voting systems in use in Pennsylvania? Also troubling is the fact that Pennsylvania’s security directive came only after years of warnings from computer scientists and public advocacy groups about compromised security in Diebold’s machines. During an examination last March, Mr. Shamos himself demonstrated that by changing two or three digits in a binary file on a Sequoia Advantage, he could create over 8,000 votes for one candidate in a 12-vote test election. Are adequate security procedures in place for the Sequoia Advantage being used in Montgomery County?
Election officials are understandably concerned about voter “confidence” in the technology they’ve chosen to record and count votes. After all they’ve spent millions of those voters’ taxpayer dollars to purchase, service, program, and maintain the equipment – they wouldn’t want anyone to think there may be something to worry about. And the vendors that happily accepted those millions of dollars are eager to defend their wares. The Mr. Ratigan noted in his introduction, the 2000 presidential recount fiasco had resulted in a “huge business boom for Diebold and the $2 billion voting machines maker that it is”. and that's just Diebold.
Comforting reassurances aren't good enough anymore. These days, citizens are paying attention.
DIRECTIVE CONCERNING THE INSTALLATION OF FILES REGARDING THE DIEBOLD ACCUVOTE-TSX ELECTRONIC VOTING SYSTEM ISSUED BY THE SECRETARY OF THE COMMONWEALTH
Pursuant to Section 1105-A of the Pennsylvania Election Code, at 25 P. S. §3031.5, and revised as required by Act 150 of 2002, the following Directive is issued by the Secretary of the Commonwealth for the installation of files for the Diebold AccuVote-TSX electronic voting system.
1. Diebold Election Systems, Inc. (“DESI”) has determined there is a potential security vulnerability in the system installation and upgrade mechanism to the AccuVote-TSX version 4.6.4 equipment, which is currently certified in Pennsylvania. This security vulnerability could allow un-authorized software to be loaded on to the system. The probability for exploiting this vulnerability to install un-authorized software that could affect an election is considered low. To exploit this risk, physical access is required to the Personal Computer Memory Card International Association (PCMCIA) slots on the machine during system startup.
2. Diebold Election Systems shall develop a permanent solution to this security vulnerability, which shall proceed through the ordinary certification process. Once the permanent solution is certified, Diebold shall make that solution available to its customers through the normal software upgrade process.
3. In order to mitigate any immediate risk, all counties using the Diebold AccuVote-TSX shall re-install the authorized software during system startup prior to installing, testing, and sealing the election data PCMCIA card into the unit. The Department of State will furnish the authorized software to the counties on a PCMCIA card along with instructions for its installation.
Comment on This Article
You must login to leave comments...
Other Visitors Comments
You must login to see comments...