New Security Risks Found In Diebold Voting Systems by Monica Davey

© 2006 New York Times

Reproduced under the Fair Use exception of 17 USC § 107 for noncommercial, nonprofit, and educational use.


| EJF Home | Where To Find Help | Join the EJF | Comments? | Get EJF newsletter |


| Vote Fraud and Election Issues Book | Table of Contents | Site Map | Index |


| Chapter 3 — Direct Recording Electronic Voting |

| Next — The Diebold Bombshell by David Dill, Doug Jones, and Barbara Simons |

| Back — As Elections Near Officials Challenge Balloting Security by Zachary Goldfarb |

The problems with Diebold voting machines just keep coming and the company just keeps lying. For additional details on this problem see the Hursti report at Black Box Voting.
See below for EJF perspective on this problem

Chicago, May 12, 2006 — With primary election dates fast approaching in many states, officials in Pennsylvania and California issued urgent directives in recent days about a potential security risk in their Diebold Election Systems touch-screen voting machines, while other states with similar equipment hurried to assess the seriousness of the problem.

"It's the most severe security flaw ever discovered in a voting system," said Michael I. Shamos, a professor of computer science at Carnegie Mellon University who is an examiner of electronic voting systems for Pennsylvania, where the primary is to take place on Tuesday.

Officials from Diebold and from elections' offices in numerous states minimized the significance of the risk and emphasized that there were no signs that any touch-screen machines had been tampered with. But computer scientists said the problem might allow someone to tamper with a machine's software, some saying they preferred not to discuss the flaw at all for fear of offering a roadmap to a hacker.

"This is the barn door being wide open, while people were arguing over the lock on the front door," said Douglas W. Jones, a professor of computer science at the University of Iowa, a state where the primary is June 6.

The latest concern about the touch-screen machines was only the newest chapter in an emerging political and legal fight around the country over voting machines. While some voting officials defend the ease of touch-screens (similar to A.T.M.'s), some advocacy groups argue that optical scan machines, using paper ballots, are far more secure.

The wave of high-tech voting machines was prompted by the 2000 election in Florida, which spotlighted the problems of old-fashioned punch card ballots. But the machines that soon followed have spurred division. Here in Chicago, where voters used both touch-screen and optical-scan systems in a March primary, it took officials a week to tally all the votes because of technical problems and human errors, touching off a flurry of criticism over the Sequoia Voting Systems equipment.

In Maryland this spring, the State House of Delegates passed a bill that would have scrapped touch-screen machines, but the Senate last month took no action on the bill, effectively killing the idea.

This week, Voter Action, a nonprofit group, assisted voters in Arizona in filing for a legal injunction to try to block the state from buying touch-screen electronic voting systems. The suit is among several the group says it has pursued, in states including California, New York and New Mexico.

The new concerns about Diebold's equipment were discovered by Harri Hursti, a Finnish computer expert who was working at the request of Black Box Voting Inc., a nonprofit group that has been critical of electronic voting in the past. The group issued a report on the findings on Thursday.

Computer scientists who have studied the vulnerability say the flaw might allow someone with brief access to a voting machine and with knowledge of computer code to tamper with the machine's software, and even, potentially, to spread malicious code to other parts of the voting system.

As word of Mr. Hursti's findings spread, Diebold issued a warning to recipients of thousands of its machines, saying that it had found a "theoretical security vulnerability" that "could potentially allow unauthorized software to be loaded onto the system."

The company's letter went on: "The probability for exploiting this vulnerability to install unauthorized software that could affect an election is considered low." [EJF note: In fact the probability is extremely high. Diebold is simply lying.]

David Bear, a spokesman for Diebold Election Systems, said the potential risk existed because the company's technicians had intentionally built the machines in such a way that election officials would be able to update their systems in years ahead.

"For there to be a problem here, you' re basically assuming a premise where you have some evil and nefarious election officials who would sneak in and introduce a piece of software," he said. "I don't believe these evil elections people exist." [EJF note: Mr. Bear lives in a fantasy world and is apparently totally unfamiliar with American elections and the fraud that has always been a part of our elections.]

Still, he said, the company will in the coming months solve the vulnerability, but not before most primary elections occur.

In places where the machines are used, most election officials said they were not worried.

"We' re prepared for those types of problems," said Deborah Hench, the registrar of voters in San Joaquin County, Calif. "There are always activists that are anti-electronic voting, and they' re constantly trying to put pressure on us to change our system." [EJF note: The reason experts, as opposed to airheads like Ms. Hench, are opposed to electronic voting is because Diebold has failed every security test it has ever been given, and many reliability and accuracy tests as well.]

Avi Rubin, a professor of computer science at Johns Hopkins University, did the first in-depth analysis of the security flaws in the source code for Diebold touch-screen machines in 2003. After studying the latest problem, he said: "I almost had a heart attack. The implications of this are pretty astounding."


Gretchen Ruethling contributed reporting from Chicago for this article, and John Schwartz from New York.


EJF perspective on how major this problem is


No less than 5 people (Cooper, Lee, Graye, Elder, and Dean) involved with the management and development of Diebold's systems are convicted felons, including Senior Vice President Jeff Dean, and topping the list are his twenty-three counts of felony Theft in the First Degree. According to the findings of fact in case no. 89-1-04034-1 (Washington State, King County District Court):

"Defendant's thefts occurred over a 2 1/2 year period of time, there were multiple incidents, more than the standard range can account for, the actual monetary loss was substantially greater than typical for the offense, the crimes and their cover-up involved a high degree of sophistication and planning in the use and alteration of records in the computerized accounting system that defendant maintained for the victim, and the defendant used his position of trust and fiduciary responsibility as a computer systems and accounting consultant for the victim to facilitate the commission of the offenses."

To sum up, Dean was convicted of 23 felony counts of theft by — note this — planting back doors in his software and using a "high degree of sophistication" to evade detection. The reason for the embezzlement? He needed the money because "he was embezzling in order to pay blackmail over a fight he was involved in, in which a person died."

A little more

Top's associate director Andy Stephenson obtained the court records of Jeffrey Dean which noted that the King County, Washington prosecutor was after him for over $500,000 in restitution. Stephenson said:

"So now we have someone who's admitted that he's been blackmailed over killing someone, who pleaded guilty to 23 counts of embezzlement, who is given the position of senior programmer of the (Diebold) GEMS central tabulator system that counts approximately 50 percent of the votes in the (Bush-Kerry) election, in 30 states, both paper ballot and touch screen."

In addition, Dean told prosecutors (whose offices were on the ninth floor of the King County courthouse) that he was unemployed, when in fact he was working for Diebold, who afforded him with 24-hour access to Diebold's King County, Washington GEMS central tabulator, according to Stephenson. (Dean worked on the GEMS tabulator on the fifth floor of the same King County courthouse!)

For additional details on this problem see the Hursti report at Black Box Voting.



| EJF Home | Where To Find Help | Join the EJF | Comments? | Get EJF newsletter |


| Vote Fraud and Election Issues Book | Table of Contents | Site Map | Index |


| Chapter 3 — Direct Recording Electronic Voting |

| Next — The Diebold Bombshell by David Dill, Doug Jones, and Barbara Simons |

| Back — As Elections Near Officials Challenge Balloting Security by Zachary Goldfarb |


Last updated 6/14/09