[E-voting] (USA) New security defect evidence
cansbro at eircom.net
Tue Aug 1 08:27:40 IST 2006
[See the original article at BBV.org for live links. --Catherine]
The Diebold TS voting machine (what Global/Diebold called internally the
"R6") now stands as the most stunning failure to date of the federal and
state certification processes.
Printed right on the motherboard of the unit is a manual for vote fraud,
obvious to anybody with even moderate personal computer experience. A
single Diebold TS machine is now in private hands and photographs of the
internals have just been posted, thanks to Open Voting Foundation, here:
Black Box Voting conducted studies with Harri Hursti and an expert from
Security Innovation, who did a biopsy on the newer Diebold TSx voting
machine in Emery County UT earlier this year.
The core of their findings was that the software on the unit could be
replaced in it's entirety or at any of several key points, in all cases
without any validation of the authenticity of the code in question. This
was soon declared "the worst voting system security issue to date" by
addition experts in and out of the certification process, including
David Dill, Doug Jones and Barbara Simons
(http://www.truthout.org/docs_2006/072506C.shtml) and Dr. Michael Shamos
of the Pennsylvania state certification panel
The older model, the TS (used statewide in Georgia and Maryland) may be
as bad or worse.
With the TS, it is still possible to do total-code-replacement such as
the Black Box Voting studies with Hursti and SI found. But an attacker
might not even need to bother. Instead, they would use motherboard
switch settings on the TS to alter which area of memory the TS boots
from, knowing that the machine can be switched back to the "certified"
code set at any time with no tools required other than a standard
The TS motherboard has a chart showing how to set the machine to boot
from any of three memory locations:
* Internal Flash – this is similar to the TSx and is apparently how the
machine was set from the factory. In this switch position the machine
acted like a Diebold touchscreen voting machine as has been shown in
demos, official manuals, certification documents and the like.
* EPROM – in this switch position, the screen came up in a different
color pattern, a copyright notice by BSquare Corporation and ends with
"about to sync parallel port". Apparently, in this "mode" the machine
wants to read data from the parallel port on the motherboard, normally
used as a printer connection but likely capable of 2-way
("bi-directional") data transfer. Not having a set of files to load via
the parallel port, we don't know what was intended for this mode but if
it wants input, somebody could give it some.
(For those technically familiar with the Hursti-SI Emery County report,
this appears to be an alternate bootloader, and hence a very dangerous
bit of code that has no business being in the unit at all, let alone
switch-enabled and live.)
* External Flash – potentially the most troubling. The motherboard has a
large white internal memory slot labeled "external flash memory",
probably the memory location this switch setting would point to.
PCMCIA-based flash memory is also a possibility. Either way, new code
running on extra added memory that fits in a vest pocket appears to be
able to completely change the functionality of the machine and at any
time could be removed and the switches set back to make it a normal
certified setup with all traces of the modifications eliminated.
*Yet another indictment of the federal and state certification processes*
Anyone at the Federal or state level who had looked inside the TS would
have caught this in seconds and at a minimum, demanded that the switches
and jumpers be glued and sealed in the certified direction. (Which would
still leave the "Emery County style" attack available.)
These so-called professionals are asleep at the wheel. Every last one of
them. Nobody who approved the TS as a voting technology should keep
their jobs and the entire concept of "certification" that approved this
nightmare must be rethought.
The Open Voting Consortium's solution is to throw all the source code
open and let the "geeks of America" collectively probe these things.
Black Box Voting's position is that, after spending billions of taxpayer
dollars on junk, it is time for Watergate-style hearings.
The current voting machine fiasco in the United States involved bribes,
corruption and collusion. Citizens long to hear their representatives
ask the tough questions. Citizens want the perps held accountable.
It is premature to try to paper over the parade of disastrous findings
with a law. First, we need to know how this happened in the first place
-- under oath and with subpoenas, in ,bipartisan hearings with tough
The collective will to enact real solutions, which must include citizen
oversight every step of the way, will only appear when citizens can see
the full extent of the failures in our electoral procurement process
exposed, and those who are responsible must be held accountable.
* Jim March took a leave of absence from Black Box Voting beginning June
1, 2006 to work on some political campaigns, activities which cannot be
done under the a 501c(3) nonprofit.
Beginning on Tuesday, August 1 2006, Black Box Voting will unveil a
CITIZEN'S TOOL KIT TO TAKE BACK ELECTIONS.
If you are visiting this link on Aug. 2 or afterwards, click this link:
http://www.blackboxvoting.org/toolkit.pdf to download the Citizen's Tool
Kit. If you haven't taken personal actions to take back your elections,
now is the time to start.
* * * * *
"Regardless of size, just 1-3 people do all the work in any group.
Better to have 10 groups of 10 people than one group with 100 people.
That way, at least 10 people will get things done."
(-- John Brakey, an Arizona citizen)
You own your government, not the other way around. This is your task:
Pick 1 thing and just DO IT. Then lead, mentor or organize 9 people to
do the same thing.
Citizen Tool Kit to Take Back Elections:
More information about the E-voting