From super-intern Rob Kier:
Analysis of the machine, in light of real election procedures, shows that it is vulnerable to extremely serious attacks.
Edward W. Felten, Security Analysis of the Diebold AccuVote-TS Voting Machine, September 13, 2006.
A new study published by Princeton University has been attracting lots of blog-coverage; it caught our eye on digg.
Testing the security of a Diebold AccuVote-TS Voting Machine, Prof. Edward W. Felton and grad students Ariel J. Feldman and Alex Halderman found that an attacker could install enough malicious code to “steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates” in less than a minute. There’s even an instructional video.
For more, check out our show on voting machines.
Equality and Democracy go against the grain of selection and Survival. It is a Foolish and Naive Belief to think that all Men are Created Equal and that Democracy is somehow Holy. What is needed in this Battle we call Life is not Goodness but Strength. Not Humility but Pride. Not Altruism but Resolute Intelligence. We Must be Brave enough to see the World in the Cold Harsh Light of Reality. Don’t be Ideological or Theological. Grasp the inevitatibleness of Empiricism. Good is that which Survives. Bad is that which Gives Way and Fails. Power not Justice is the Arbiter of All Differences and Destinies
huh?
Thank you very much for this update. The original show was chilling enough, but this new study is positively frightening. In view of the proximity of this publication to the November 2006 elections, there is now an urgency about disseminating this story for critical review. I read the pdf file available at the Princeton web site, which, through its assemblage of specific technical details, brings home the potential dangers even to those of us who are not computer experts. A very interesting concept in that article is that whereas the electronic voting machine makes small-scale election fraud much more difficult, it actually vastly increases the susceptibility of an election to large-scale fraud. You should by all means do another show on this subject, bringing in one or more of the authors of this new study. Since the posted study, even from such a distinguished institution, does not appear to have yet undergone peer review, I think it would be very wise to have one or more additional guests on the program possessing the technical ability to probe the methodology of the present study as well. While a radio show cannot replace proper peer review of scientific studies, given the immediacy of the upcoming elections, such a program might at least contribute in part to such a process.
Interesting, I have been watching the recent GOP swing up from the gutter, and think that perhaps the elections wont be a brutal ans many are predicting. If this is the case, will the more extreme elements of the DLC blame voter fraud as they did in 2004 Ohio?
Now that there are public instruction on how to manipulate the vote, what if everybody tries it? How about thousands of people getting in there and hacking in consecutive minutes? Then what?
Chris, I was happy to hear you hold out hope that a fool-proof open source voting system could be created. I believe one has been. It encrypts each vote and publishes them online as they are cast, and creates separate backups of all its data at each stage of the election to facilitate auditing. Thus, each voter can opt to take a printed (or hand-copied on machines without printers) receipt and check online that their vote was included in the count. Votes, of course, remain secret (unless all of those entrusted with the decryption keys divulged, I suppose).
This system is sold by VoteHere. I don’t know what their pricing is like but I certainly think of their system as a lower cost alternative because of the vastly lesser person hours that seem to be required for auditing and executing the elections. But regardless of whether it can win on the cost dimension, I have yet to hear any relevant reason from anyone about where this system is vulnerable. I encourage you to read these brief descriptions and see if any of your disaster scenarios persist.
The Times had a great description of the ‘trust no one’ verifiability of the VoteHere system on 3/2/04. I think that the discussion of voting machines pointed to the need for a consistent, auditable, open source, transparent system, which doesn’t rely on affadavits of ballot security. Empowering citizens to audit the results themselves, hopefully erasing the last doubts of whether a vote will be counted, could drastically increase voter turnout (especially if we counted popular votes and dropped the electoral college). And perhaps most importantly, this system would silence all but the faintest accusations of impropriety and fraud. Millions of us believe that the last two big elections were stolen, and are really itching for someone to get caught. And narrow margins are inevitable. But voting irregularities are not. I think we need a full show devoted to understanding this system and dealing with all potential flaws. The guest of honor should be Dr. Andrew Neff, chief scientist of VoteHere.
Shameless but relevant plug, my program on the dangers of voting machines in the Netherlands, featuring one of the foremost hacker-activists in the world.
Paper ballots Please, and I’d like voter id’s with that order. Thank you.