OK, this will be the last voting machine post for the week, but I couldn’t help plugging Avi Rubin’s new blog, which was pointed out to me by Mike Masnick. In particular, Rubin has a chilling account of his experiences as an election judge. He describes how two of the machines didn’t have the right security tags, and so they were set aside. However, later in the day, facing high turnout, they got a call from the elections board telling them to put those machines back into service. And there’s more:
Throughout the early part of the day, there was a Diebold representative at our precinct. When I was setting up the poll books, he came over to “help”, and I ended up explaining to him why I had to hook the ethernet cables into a hub instead of directly into all the machines (not to mention the fact that there were not enough ports on the machines to do it that way). The next few times we had problems, the judges would call him over, and then he called me over to help. After a while, I asked him how long he had been working for Diebold because he didn’t seem to know anything about the equipment, and he said, “one day.” I said, “You mean they hired you yesterday?” And he replied, “yes, I had 6 hours of training yesterday. It was 80 people and 2 instructors, and none of us really knew what was going on.” I asked him how this was possible, and he replied, “I shouldn’t be telling you this, but it’s all money. They are too cheap to do this right. They should have a real tech person in each precinct, but that costs too much, so they go out and hire a bunch of contractors the day before the election, and they think that they can train us, but it’s too compressed.” Around 4 pm, he came and told me that he wasn’t doing any good there, and that he was too frustrated, and that he was going home. We didn’t see him again.
I haven’t written at all about the Accuvote machines. I guess I’ve made my opinions about that known in the past, and my new book deals primarily with them. Nothing happened today to change my opinion about the security of these systems, but I did have some eye opening experiences about the weaknesses of some of the physical security measures that are touted as providing the missing security. For example, I carefully studied the tamper tape that is used to guard the memory cards. In light of Hursti’s report, the security of the memory cards is critical. Well, I am 100% convinced that if the tamper tape had been peeled off and put back on, nobody except a very well trained professional would notice it. The tamper tape has a tiny version of the word “void” appear inside it after it has been removed and replaced, but it is very subtle. In fact, a couple of times, due to issues we had with the machines, the chief judge removed the tamper tape and then put it back. One time, it was to reboot a machine that was hanging when a voter was trying to vote. I looked at the tamper tape that was replaced and couldn’t tell the difference, and then it occurred to me that instead of rebooting, someone could mess with the memory card and replace the tape, and we wouldn’t have noticed. I asked if I could play with the tamper tape a bit, and they let me handle it. I believe I can now, with great effort and concentration, tell the difference between one that has been peeled off and one that has not. But, I did not see the judges using that kind of care every time they opened and closed them. As far as I’m concerned, the tamper tape does very little in the way of actual security, and that will be the case as long as it is used by lay poll workers, as opposed to CIA agents.
I would say this undermines Diebold’s claims that “numbered security tape” and “numbered security tags” would stop the kinds of attacks that Felten describes in his paper.