Princeton Scientists Create Vote-Stealing Program for Diebold AccuVote-TS
A group of Princeton computer scientists said they created demonstration vote-stealing software that can be installed within a minute on a common electronic voting machine. The software can fraudulently change vote counts without being detected.
http://www.truthout.org/docs_2006/091406K.shtml
--------
Princeton prof raises alarm over electronic voting machines
A Princeton University computer science professor is adding new evidence to support claims that electronic voting machines can be hacked.
http://www.kltv.com/Global/story.asp?s=5406411
From Information Clearing House
--------
Princeton Study of Diebold Voting Machines: http://itpolicy.princeton.edu/voting/
Diebold Election Systems Response to the Princeton University AccuVote-TS Analysis http://releases.usnewswire.com/GetRelease.asp?id=72390 Diebold's Contact Info: Mark Radke of Diebold Election Systems, 330-490-6633
MY Response to Diebold's Response to Princeton's Examination of Diebold Voting Machines Subtitle: Doubletalk, Bosh, and Mumbo Jumbo
by Kathy Dopp
Diebold says:
"The unit [that Princeton studied] has security software that was two generations old, and to our knowledge, is not used anywhere in the country."
Yet:
In March, 2005 the same severe Diebold security problems were discovered in Emery County, Utah by BlackBoxVoting and Bruce Funk that had been originally discovered in the late 1990's and in early 2003 by RABA Technologies in MD and by others previously. (See http://www.blackboxvoting.org/BBVtsxstudy.pdf)
Diebold advertised dozens of non-existant office locations in the white pages in dozens of states, and originally delivered a mixture of used, rejected voting machines to Utah for the price of new ones. (See http://UtahCountVotes.org )
Why should we believe Diebold now? Diebold could prove its claims are true by allowing independent thorough examination of its voting system. (Not by The Election Center - an Association of Election Officials and Voting Machine Vendors favored by Maryland's Election Director, Linda Lamone because it includes the same election insiders who pushed through unauditable paperless, fundamentally flawed, hackable voting systems despite public and expert opposition).
The Princeton team noted that Diebold's hardware also needs to be fixed.
Diebold says:
"Normal security procedures were ignored. Numbered security tape, 18 enclosure screws and numbered security tags were destroyed or missing so that the researchers could get inside the unit."
Yet:
Diebold voting machines do not use available common-sense security measures and did not even remove the development tools from its operating system, making its system less secure than an electronic toy.
Insiders are always the biggest threat to any voting system. Insiders include all Diebold staff and election officials and workers.
The Princeton team demonstrated that election stealing software can be inserted without ignoring any security procedures, by simply accessing a memory card prior to an election. Princeton even showed that a savy voter could possibly buy cards and vote multiple times.
To anyone observing an election, election rigging would look exactly like a normal election. (See the Princeton film http://itpolicy.princeton.edu/voting/ )
Diebold says:
"A virus was introduced to a machine that is never attached to a network."
Yet:
The Princeton team did not network the machines and the virus can be transferred from one machine to another on a memory card, such as whenever the software is updated or when an election supervisor installs the election definition files, or if someone like a poll worker has one minute's access to the machine.
Diebold says:
"The current generation AccuVote-TS software - software that is used today on AccuVote-TS units in the United States - has the most advanced security features, including Advanced Encryption Standard 128 bit data encryption, Digitally Signed memory card data, Secure Socket Layer (SSL) data encryption for transmitted results, dynamic passwords, and more."
Yet:
Edward Felten, director of the Center for Information Technology Policy and professor of computer science at Princeton, claimed that the new safeguards still don't ensure security. "Just because they use a digital signature, just because they use encryption, that's a check-box approach that doesn't pass muster in any security analysis," he said. Felten also noted that encryption doesn't prevent an attack of the kind used in the study because the encryption key is present in the machine.
"The malicious software has the full run of the computer. It has access to everything."
Diebold says:
"In addition to this extensive security, the report all but ignores physical security and election procedures. Every local jurisdiction secures its voting machines - every voting machine, not just electronic machines. Electronic machines are secured with security tape and numbered security seals that would reveal any sign of tampering."
Yet:
Malicious software can be most easily installed during the normal course of storing, maintaining, updating, or conducting elections without raising any suspicion. It is virtually impossible to secure these machines using the security procedures in use today in election jurisdictions.
BlackBoxVoting, Princeton, and Avi Rubin, among others, have shown that Diebold's "security tape" is easy to tamper with, without leaving any noticeable evidence. New security tape is also available for purchase. Third, The security tape can be avoided altogether by removing a few screws. (See Avi Rubin's "day as a poll worker" http://avi-rubin.blogspot.com/2006/09/my-day-at-polls-maryland-primary-06.html )
Diebold says:
"Secure voting equipment, proper procedures and adequate testing assure an accurate voting process that has been confirmed through numerous, stringent accuracy tests and third party security analysis."
Yet:
Only persons uneducated in computer science would buy that logic. Diebold deliberately avoided having its modified operating system software federally tested. No amount of testing would assure a tamper-free election, as Princeton explained in its movie clip and is further explained in this testimony before the US Congress by DAVID WAGNER, PH.D. COMPUTER SCIENCE DIVISION UNIVERSITY OF CALIFORNIA, BERKELEY, SEPTEMBER 11, 2006 in Question #1 of Responses to "Questions for the Record Submitted by Chairman Ehlers and Chairman Boehlert..." http://www.votetrustusa.org/pdfs/qfr-house06.pdf
Diebold says:
"Every voter in every local jurisdiction that uses the AccuVote-TS should feel secure knowing that their vote will count on Election Day."
Yet:
To secure the accuracy of election results we must audit - manually count - voter verifiable paper ballot records associated with sufficient vote counts to give a 99% probability of detecting any outcome-altering vote miscount.
Banks, businesses, and churches are subjected to independent audits. Election outcomes determine who controls budgets in the millions to trillions of dollars, yet are not sufficiently audited in any state.
Kathy Dopp
http://electionarchive.org
The National Election Data Archive Dedicated to accurately counting elections.
The National Election Data Archive will soon be publicly releasing a new mathematical method of calculating vote count audit amounts that will ensure election outcomes are accurate.
--------
http://freepage.twoday.net/search?q=Diebold
http://www.truthout.org/docs_2006/091406K.shtml
--------
Princeton prof raises alarm over electronic voting machines
A Princeton University computer science professor is adding new evidence to support claims that electronic voting machines can be hacked.
http://www.kltv.com/Global/story.asp?s=5406411
From Information Clearing House
--------
Princeton Study of Diebold Voting Machines: http://itpolicy.princeton.edu/voting/
Diebold Election Systems Response to the Princeton University AccuVote-TS Analysis http://releases.usnewswire.com/GetRelease.asp?id=72390 Diebold's Contact Info: Mark Radke of Diebold Election Systems, 330-490-6633
MY Response to Diebold's Response to Princeton's Examination of Diebold Voting Machines Subtitle: Doubletalk, Bosh, and Mumbo Jumbo
by Kathy Dopp
Diebold says:
"The unit [that Princeton studied] has security software that was two generations old, and to our knowledge, is not used anywhere in the country."
Yet:
In March, 2005 the same severe Diebold security problems were discovered in Emery County, Utah by BlackBoxVoting and Bruce Funk that had been originally discovered in the late 1990's and in early 2003 by RABA Technologies in MD and by others previously. (See http://www.blackboxvoting.org/BBVtsxstudy.pdf)
Diebold advertised dozens of non-existant office locations in the white pages in dozens of states, and originally delivered a mixture of used, rejected voting machines to Utah for the price of new ones. (See http://UtahCountVotes.org )
Why should we believe Diebold now? Diebold could prove its claims are true by allowing independent thorough examination of its voting system. (Not by The Election Center - an Association of Election Officials and Voting Machine Vendors favored by Maryland's Election Director, Linda Lamone because it includes the same election insiders who pushed through unauditable paperless, fundamentally flawed, hackable voting systems despite public and expert opposition).
The Princeton team noted that Diebold's hardware also needs to be fixed.
Diebold says:
"Normal security procedures were ignored. Numbered security tape, 18 enclosure screws and numbered security tags were destroyed or missing so that the researchers could get inside the unit."
Yet:
Diebold voting machines do not use available common-sense security measures and did not even remove the development tools from its operating system, making its system less secure than an electronic toy.
Insiders are always the biggest threat to any voting system. Insiders include all Diebold staff and election officials and workers.
The Princeton team demonstrated that election stealing software can be inserted without ignoring any security procedures, by simply accessing a memory card prior to an election. Princeton even showed that a savy voter could possibly buy cards and vote multiple times.
To anyone observing an election, election rigging would look exactly like a normal election. (See the Princeton film http://itpolicy.princeton.edu/voting/ )
Diebold says:
"A virus was introduced to a machine that is never attached to a network."
Yet:
The Princeton team did not network the machines and the virus can be transferred from one machine to another on a memory card, such as whenever the software is updated or when an election supervisor installs the election definition files, or if someone like a poll worker has one minute's access to the machine.
Diebold says:
"The current generation AccuVote-TS software - software that is used today on AccuVote-TS units in the United States - has the most advanced security features, including Advanced Encryption Standard 128 bit data encryption, Digitally Signed memory card data, Secure Socket Layer (SSL) data encryption for transmitted results, dynamic passwords, and more."
Yet:
Edward Felten, director of the Center for Information Technology Policy and professor of computer science at Princeton, claimed that the new safeguards still don't ensure security. "Just because they use a digital signature, just because they use encryption, that's a check-box approach that doesn't pass muster in any security analysis," he said. Felten also noted that encryption doesn't prevent an attack of the kind used in the study because the encryption key is present in the machine.
"The malicious software has the full run of the computer. It has access to everything."
Diebold says:
"In addition to this extensive security, the report all but ignores physical security and election procedures. Every local jurisdiction secures its voting machines - every voting machine, not just electronic machines. Electronic machines are secured with security tape and numbered security seals that would reveal any sign of tampering."
Yet:
Malicious software can be most easily installed during the normal course of storing, maintaining, updating, or conducting elections without raising any suspicion. It is virtually impossible to secure these machines using the security procedures in use today in election jurisdictions.
BlackBoxVoting, Princeton, and Avi Rubin, among others, have shown that Diebold's "security tape" is easy to tamper with, without leaving any noticeable evidence. New security tape is also available for purchase. Third, The security tape can be avoided altogether by removing a few screws. (See Avi Rubin's "day as a poll worker" http://avi-rubin.blogspot.com/2006/09/my-day-at-polls-maryland-primary-06.html )
Diebold says:
"Secure voting equipment, proper procedures and adequate testing assure an accurate voting process that has been confirmed through numerous, stringent accuracy tests and third party security analysis."
Yet:
Only persons uneducated in computer science would buy that logic. Diebold deliberately avoided having its modified operating system software federally tested. No amount of testing would assure a tamper-free election, as Princeton explained in its movie clip and is further explained in this testimony before the US Congress by DAVID WAGNER, PH.D. COMPUTER SCIENCE DIVISION UNIVERSITY OF CALIFORNIA, BERKELEY, SEPTEMBER 11, 2006 in Question #1 of Responses to "Questions for the Record Submitted by Chairman Ehlers and Chairman Boehlert..." http://www.votetrustusa.org/pdfs/qfr-house06.pdf
Diebold says:
"Every voter in every local jurisdiction that uses the AccuVote-TS should feel secure knowing that their vote will count on Election Day."
Yet:
To secure the accuracy of election results we must audit - manually count - voter verifiable paper ballot records associated with sufficient vote counts to give a 99% probability of detecting any outcome-altering vote miscount.
Banks, businesses, and churches are subjected to independent audits. Election outcomes determine who controls budgets in the millions to trillions of dollars, yet are not sufficiently audited in any state.
Kathy Dopp
http://electionarchive.org
The National Election Data Archive Dedicated to accurately counting elections.
The National Election Data Archive will soon be publicly releasing a new mathematical method of calculating vote count audit amounts that will ensure election outcomes are accurate.
--------
http://freepage.twoday.net/search?q=Diebold
rudkla - 14. Sep, 23:37
