Diebold voting systems critically flawed

While state election officials are scrambling to ensure that this month's primaries go off without a hitch, the real deadline is the mid-term elections in November.

Tens of thousands of the AccuVote systems have been deployed by Diebold to various states. Almost 40 per cent of voters will cast ballots on "digital recording-electronic" (DRE) systems - a class that included the AccuVote touchscreen terminals - in 2006, according to a report from Election Data Services. Only optical-scan voting systems, which account for about 41 per cent of voters, exceed the popularity of touch screens, according to the report.

Many states will not be able to remediate the problem by elections this month, said BlackBoxVoting's Harris. Moreover, those that are doing some sort of workaround for the problem are not doing enough.

"None of the states are doing a mitigation that is going to address the bootloader issue," Harris said. "If the bootloader has been contaminated, you cannot clean it through software, and they are taking a software approach to fixing this."

Instead, the systems need to be opened up, the on-board system rewritten, and the machines need to be sealed up permanently, she said. Otherwise, the bootloader could again be compromised.

The move to electronic voting systems has largely been due to the Help America Vote Act (HAVA) of 2002, which requires that states who want federal funding to modernize their systems adopt certified voting machines, adhere to certain election standards and provide citizens with disabilities the power to vote without aid. Yet, the latest security incident could lead to greater scrutiny on systems that many election officials had given passing marks in the 2004 general elections. The insecure design of Diebold's touch screen systems is only the latest problem flagged this year.

In West Virginia, the Secretary of State filed a complaint this week against e-voting machine maker Election Systems & Software, citing numerous problems counting ballots that "place great hardship" on election officials during primaries on May 9, according to a statement (PDF). At the end of March, Florida's attorney general subpoenaed voting systems makers to testify as to why they refused to sell machines to one Florida county whose election supervisor is an outspoken critic of the reliability and security of the machines.

For Diebold, however, the incident is the latest blow to the image of its voting systems. The company faces shareholder lawsuits and the exit of its CEO. In 2003, a leak of Diebold's source code resulted in a highly critical independent security report. And, in a February letter to the Election Assistance Commission, the governor of Maryland--which has committed to move statewide to Diebold's AccuVote terminals--lambasted the company for the high costs of the deployment, which jumped 78 percent over initial estimates, and a staggering 1000 percent increase in maintenance costs.

"The cost of Maryland’s Diebold voting machines has skyrocketed as our confidence in the system has plummeted,” Maryland governor Robert Ehrlick Jr. stated in the letter (PDF).

Shamos also criticized Diebold's engineering of their product. While he believes that the severity of the flaw is offset by the ease with which he believes a workaround can be put in place, the computer scientist did not let Diebold off the hook. Between now and the November election, the company has to fix all the systems in the field.

His message? "Go back, and for the first time in your life, think about security," Shamos said. "It is clear that they might not be able to do that by themselves."

Already, the company has engineers in the field implementing fixes. This week, Diebold technicians were in Emery County, Utah, completely replacing the system software and recertifying the machines, according to news reports.

"Over the past few months we have been out in the counties in Utah, training and helping with machines--we are just doing it all here in Emery County at one time," Diebold technician Bryan Simpson told the Emery County Progress. "One of the big issues the former county clerk had was the amount of memory the machines have. We have been erasing the operating system software and reinstalling everything on these machines."

As for Emery County's former clerk, he still feels he made the right call.

"You do create a few enemies when you do your job correctly," Funk told SecurityFocus. "I feel what was done was the most important thing to do, and I have not regretted it."

And now, he is just happy to be away from the to-do of county politics.

"I'm trying to catch up on things that I haven't been able to do for years," he said.

This article was originally published at SecurityFocus.