Hopkins, Diebold argue over voting machine security flaws

Researchers at Johns Hopkins University have found numerous security flaws in the electronic voting machines manufactured by Diebold Inc., North Canton, Ohio, according to a paper released last week. But the company claims that the software was analyzed improperly.

The paper, "Analysis of an Electronic Voting System," found that "this voting system is far below even the most minimal security standards applicable in other contexts."

The paper's authors are Tadayoshi Kohno, Aviel Rubin and Adam Stubblefield of Hopkins' Information Security Institute, and Dan Wallach from Rice University. They began the study when the source code of Diebold's AccuVote-TS touch screen voting terminals was made available on the Internet in 2002.

Among the flaws they noted were:
  • The ability for an individual to obtain administrator access, seeing tally records or terminating further voting on that machine.

  • The ability to cast multiple votes using a homemade smart card.

  • The ability to tap into a machine using existing phone lines or network connections and viewing unencrypted results.

  • The code was written in C, a programming language that, when improperly used, can result in security exploitations.


  • On July 25, Diebold responded to the study. The company said that the software was run on a computer rather than on the terminal for which it was intended, so weaknesses found in the code would not apply to Diebold machines.

    "As a result, many of the conclusions drawn by the researchers are inaccurate or incomplete with respect to the security of this particular element of Diebold's voting system," the company said.

    Diebold noted that its terminals do not have connections to the Internet, so downloading voter data would not be possible. The terminal does not have a keyboard or monitoring, making it difficult to break into. And because card readers are integrated into the terminal itself, the signal monitoring needed to build a home made smart card would be difficult to execute.

    Primarily a manufacturer of automated teller machines, Diebold reported revenue of $1.94 billion in 2002, with income of $99.2 million, according to Hoover's Online of Austin, Texas. In 2001, it acquired the electronic voting machine vendor Global Election Systems Inc. In 2002, Diebold reported a sale worth $55 million to the state of Maryland for its electronic voting machines.

    About the Author

    Joab Jackson is the senior technology editor for Government Computer News.

    Reader Comments

    Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

    Please type the letters/numbers you see above

    What is your e-mail address?

    My e-mail address is:

    Do you have a password?

    Forgot your password? Click here
    close

    Trending

    • VIDEO: Explore the 2019 M&A Trends

      Editor Nick Wakeman interviews Kevin DeSanto of the investment bank KippsDeSanto about the highlights of their annual M&A survey and trends driving acquisitions in the federal space. Read More

    • PROJECT 38 PODCAST

      In our latest Project 38 Podcast, editor Nick Wakeman and senior staff writer Ross Wilkers discuss the major news events so far in 2019 and what major trends are on the horizon. Read More

    contracts DB

    Washington Technology Daily

    Sign up for our newsletter.

    Terms and Privacy Policy consent

    I agree to this site's Privacy Policy.