Feeds

Diebold voting systems critically flawed

'It is like the nuclear bomb for e-voting systems'

5 things you didn’t know about cloud backup

When Bruce Funk called in BlackBoxVoting to look at some strange memory issues with Diebold voting systems in Utah, finding the "nuclear bomb" of e-voting security was not on his agenda.

As the auditor and clerk for Emery County, a large rural bite out of the middle of Utah, Funk had noticed that the county's voting machines - provided by Diebold - were having various maintenance issues. Because Utah had adopted a requirement for a verified voter paper audit trail - essentially a printout of a person's vote - Funk needed the printers to work flawlessly. However, they frequently jammed. Moreover, electrical cords had pulled out from the machines with components attached. Those issues made Funk believe the machines may not have been new, but refurbished.

A Diebold technician told the county auditor early this year that any components with problems would have to be replaced. Funk decided to do a manual check of the systems to find any other issues and discovered that the machines had a variety of different file sizes on backup memory. Uncertain why that should be and wanting an independent opinion, he contacted the e-voting muckraking group BlackBoxVoting to come and look at one of the systems, he said.

In March, BlackBoxVoting flew in Harri Hursti, a Finnish voting-machine security expert with whom the group had frequently collaborated. Funk remembers that he was surprised by what Hursti could do with only poll-worker-level access to the machine.

"He was able to - from the keyboard that appears on the machine - create a macro that doesn't even show up that you created it, go and pickup a program through the modem, and run it," Funk said during an interview with SecurityFocus from his home in Clawson, Utah. "I was thinking that this was not right."

As Hursti got more familiar with the machine, he and members of BlackBoxVoting, who were videotaping the process, became more concerned, Funk said.

"It became so serious, that my concern about memory was minor," he said. "They told me that the information that they'd found had to go to certain federal agencies and certain things had to be done before the issues were made public."

Officials in Utah apparently were not concerned with the security of the systems, but with what they considered a breach in authorization. State officials and representatives of Diebold told Funk that he had cost the county more than $40,000 in damages because Diebold technicians would have to return to the county and recertify the systems, according to transcripts of the public parts of an April meeting in Emery County published by BlackBoxVoting.

"The reason that we’re here today is because Mr. Funk, on his own, has gone outside that system and compromised the integrity of not only Emery County’s elections, but also the State of Utah and any other jurisdiction of the United States that is using this equipment, simply because he wouldn’t call and ask these questions that these people and the Lieutenant Governor’s staff know the answers to," said Utah's State elections director, Michael Cragun, according to the transcript. "It seems to me it’s inappropriate to be in this meeting now answering these questions he should have asked before he compromised the integrity of this system."

The officials asked for Funk's resignation, which he gave verbally at the meeting.

"They basically said that they have people that want to have you removed," Funk said. "This whole weight fell on me and I said, 'I'm so tired, just let me out.'"

By the next morning, he decided to fight the process, but he was informed that a verbal agreement to resign was enough, he said. Calls to both Diebold and the office of the governor of Utah by SecurityFocus were not returned.

Meanwhile, Funk maintains that he did what the county's voters elected him to do: Look out for their interests in a fair election process.

"Basically, (Utah officials) tried to portray BlackBoxVoting as some radical organization, and they portrayed me as a renegade villain," he said. "They don't want this to come out, but it needs to come out at a national level."

5 things you didn’t know about cloud backup

More from The Register

next story
GCHQ protesters stick it to British spooks ... by drinking urine
Activists told NOT to snap pics of staff at the concrete doughnut
Britain's housing crisis: What are we going to do about it?
Rent control: Better than bombs at destroying housing
What do you mean, I have to POST a PHYSICAL CHEQUE to get my gun licence?
Stop bitching about firearms fees - we need computerisation
Top beak: UK privacy law may be reconsidered because of social media
Rise of Twitter etc creates 'enormous challenges'
Redmond resists order to hand over overseas email
Court wanted peek as related to US investigation
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
NZ Justice Minister scalped as hacker leaks emails
Grab your popcorn: Subterfuge and slur disrupts election run up
We need less U.S. in our WWW – Euro digital chief Steelie Neelie
EC moves to shift status quo at Internet Governance Forum
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?