Hopkins, Diebold argue over voting machine security flaws
- By Joab Jackson
- Jul 29, 2003
Researchers at Johns Hopkins University have found numerous security flaws in the electronic voting machines manufactured by Diebold Inc., North Canton, Ohio, according to a paper released last week. But the company claims that the software was analyzed improperly.
, "Analysis of an Electronic Voting System," found that "this voting system is far below even the most minimal security standards applicable in other contexts."
The paper's authors are Tadayoshi Kohno, Aviel Rubin and Adam Stubblefield of Hopkins' Information Security Institute
, and Dan Wallach from Rice University. They began the study when the source code of Diebold's AccuVote-TS touch screen voting terminals was made available on the Internet in 2002.
Among the flaws they noted were:The ability for an individual to obtain administrator access, seeing tally records or terminating further voting on that machine.The ability to cast multiple votes using a homemade smart card.The ability to tap into a machine using existing phone lines or network connections and viewing unencrypted results. The code was written in C, a programming language that, when improperly used, can result in security exploitations.
On July 25, Diebold responded
to the study. The company said that the software was run on a computer rather than on the terminal for which it was intended, so weaknesses found in the code would not apply to Diebold machines.
"As a result, many of the conclusions drawn by the researchers are inaccurate or incomplete with respect to the security of this particular element of Diebold's voting system," the company said.
Diebold noted that its terminals do not have connections to the Internet, so downloading voter data would not be possible. The terminal does not have a keyboard or monitoring, making it difficult to break into. And because card readers are integrated into the terminal itself, the signal monitoring needed to build a home made smart card would be difficult to execute.
Primarily a manufacturer of automated teller machines, Diebold reported revenue of $1.94 billion in 2002, with income of $99.2 million, according to Hoover's Online of Austin, Texas. In 2001, it acquired the electronic voting machine vendor Global Election Systems Inc. In 2002, Diebold reported a sale worth $55 million to the state of Maryland for its electronic voting machines.
Joab Jackson is the senior technology editor for Government Computer News.