Diebold has released a response to the Felten study. It appears to me to be misleading in several important respects, so I thought it merited a quick fisking:
Three people from the Center for Information Technology Policy and Department of Computer Science at Princeton University today released a study of a Diebold Election Systems AccuVote-TS unit they received from an undisclosed source. The unit has security software that was two generations old, and to our knowledge, is not used anywhere in the country.
As I noted yesterday, this response would be a lot more credible if Diebold had a habit of submitting its machines to independent review. It’s hardly Felten’s fault that he had trouble getting access to a newer version of the machine.
Continue reading →
Diebold is not happy with Prof. Felten’s paper:
The marketing director for the machine’s maker – Diebold Inc.’s Diebold Election Systems of Allen, Texas – blasted the report, saying Felten ignored newer software and security measures that prevent such hacking.
“I’m concerned by the fact we weren’t contacted to educate these people on where our current technology stands,” Mark Radke said.
This is pretty rich coming from a company that fiercely resists independent inspections of their machines. I rather doubt Prof. Felten deliberately chose an old version of Diebold’s software to make them look bad. In fact, I would be shocked if Diebold were willing to lend Prof. Felten a newer version of their voting machine so he could verify their claims that the security problems have been fixed.
Continue reading →
Today Ed Felten released a provacative new paper about Diebold’s AccuVote-TS voting machines. According to the paper, 33,000 of these machines will be used in this fall’s elections. He argues that the machines are fatally flawed, and that election materials need to take emergency measures to ensure the integrity of the elections.
Regular readers of TLF won’t be surprised to learn that I found the paper persuasive. But even though I read the paper expecting to agree with it, I was still surprised at just how poorly designed Diebold’s machines are.
Under the hood, the Diebold machines are glorified PDAs running Microsoft’s Windows CE software. Diebold simply took off-the-shelf computer components, build a more or less ordinary computer, and then wrote software that would perform the vote-counting functions.
The problem is that they took hardly any precautions at all to prevent someone from replacing that software. And because it’s what computer scientists call a general-purpose computer, the replacement software can be programmed to do virtually anything you can imagine. You could install software on your Diebold machine to play Tetris, balance your checkbook, or display a screen saver. Or, as Felten and his grad students demonstrated, you could install software to rig elections.
Continue reading →
In a new Brainwash column, I make the case against computerized voting machines:
Did George Bush steal the 2004 election?
Some left-wing activists are convinced he did. They point out that initial exit poll results in swing states predicted a Kerry victory. And they note that Walden O’Dell, the head of voting machine manufacturer Diebold, wrote in a 2003 fundraising letter that he was “committed to helping Ohio deliver its electoral votes to the president next year.”
Personally, I don’t find their evidence very compelling. Exit polls can be wrong for a variety of reasons, and the O’Dell quote only proves that he was a partisan Republican, not that he did anything illegal.
What’s disturbing, however, is that our nation’s headlong rush to adopt computerized voting machines has given such conspiracy theories a certain air of plausibility. There’s little evidence of foul play in this case, but there are good reasons to be concerned. Last month, a consumer group released a report warning of serious security problems with Diebold voting machines. The report shows that it’s possible to install malicious software in minutes that could surreptitiously miscount votes.
I point to source code disclosure and paper voting records as stopgap measures to minimize these dangers, but conclude that ultimately, computerized voting may just be a bad idea. At the very least, we should hold off on installing additional computerized voting machines until we’ve had more time to study the existing ones and better understand their flaws.
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.