Diebold voting machines shown to be insecure

Haven't been blogging-- life has gotten in the way-- I guess blogs should be limited to people who promise to make time, somehow...

This was in the news lately, though, and I thought it worth posting.

This is not a partisan thing, and it's not about the last election, it's about democracy, period. The most important thing about a democracy is that an election needs to be verifiable. At the end of the election, we want to be able to say, this election was fair, and nobody cheated, and be able to have confidence that this is true. It is a goal for everybody, libertarian and conservative, Republican and Democrat, to be sure that election results are true. It is a bad thing to have an election where the results are questioned, and there's no way to verify whether the election was stolen or not, and we should do everything possible to make sure it does not happen.

There's been a lot of controversies lately about electronic voting machines (some of which I've posted here) including a great uproar about the fact that you have to trust the machines, and if the result has been tampered with, how would you know, other than to trust the company's assurances saying "you can't tamper with the result."

A recent resulting shows, yes, you can tamper with them:

Princeton University Scholars hack Diebold electronic voting machines.

The details are here

The abstract is:
Security Analysis of the Diebold AccuVote-TS Voting Machine
Ariel J. Feldman, J. Alex Halderman, and Edward W. Felten

Abstract This paper presents a fully independent security study of a
Diebold AccuVote-TS voting machine, including its hardware and software. We obtained the machine from a private party. Analysis of the machine, in light of real election procedures, shows that it is vulnerable to extremely serious attacks. For example, an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates. An attacker could also create malicious code that spreads automatically and silently from machine to machine during normal election activities - a voting-machine virus. We have constructed working demonstrations of these attacks in our lab. Mitigating these threats will require changes to the voting machine's hardware and software and the adoption of more rigorous election procedures.

The full paper is online.

In their frequently-asked questions portion of the site, they say: Have the vote-stealing methods you discuss ever been used in real elections?

Probably not, but we don't know for sure. We haven't seen evidence that these attacks have been used, but one lesson of our report is that the design of these voting technologies makes attacks relatively easy to cover up.

and
Isn't this all just partisan politics? Aren't you just unhappy with how recent elections have gone?

Our goal is to make elections more accurate. That shouldn't be a partisan issue, and when others try to make it partisan we do our best to ignore them.

The purpose of an election is to accurately measure the intent of the voters. The challenge is to convince the losing candidate and his supporters that he truly lost the election. Sufficient evidence can only come from a combination of properly-engineered technology and robust procedures for handling it. We can all benefit from a system that can supply that
evidence.

--for what it's worth, I agree with this last statement. My personal belief is that no voting machine should ever be qualified to be used in an election unless its source code is available for inspection by any registered voter.

And paper trails are a good thing, too.