Hopkins, Diebold argue over voting machine security flaws

Researchers at Johns Hopkins University have found numerous security flaws in the electronic voting machines manufactured by Diebold Inc., North Canton, Ohio, according to a paper released last week. But the company claims that the software was analyzed improperly.

The paper, "Analysis of an Electronic Voting System," found that "this voting system is far below even the most minimal security standards applicable in other contexts."

The paper's authors are Tadayoshi Kohno, Aviel Rubin and Adam Stubblefield of Hopkins' Information Security Institute, and Dan Wallach from Rice University. They began the study when the source code of Diebold's AccuVote-TS touch screen voting terminals was made available on the Internet in 2002.

Among the flaws they noted were:
  • The ability for an individual to obtain administrator access, seeing tally records or terminating further voting on that machine.

  • The ability to cast multiple votes using a homemade smart card.

  • The ability to tap into a machine using existing phone lines or network connections and viewing unencrypted results.

  • The code was written in C, a programming language that, when improperly used, can result in security exploitations.


  • On July 25, Diebold responded to the study. The company said that the software was run on a computer rather than on the terminal for which it was intended, so weaknesses found in the code would not apply to Diebold machines.

    "As a result, many of the conclusions drawn by the researchers are inaccurate or incomplete with respect to the security of this particular element of Diebold's voting system," the company said.

    Diebold noted that its terminals do not have connections to the Internet, so downloading voter data would not be possible. The terminal does not have a keyboard or monitoring, making it difficult to break into. And because card readers are integrated into the terminal itself, the signal monitoring needed to build a home made smart card would be difficult to execute.

    Primarily a manufacturer of automated teller machines, Diebold reported revenue of $1.94 billion in 2002, with income of $99.2 million, according to Hoover's Online of Austin, Texas. In 2001, it acquired the electronic voting machine vendor Global Election Systems Inc. In 2002, Diebold reported a sale worth $55 million to the state of Maryland for its electronic voting machines.

    About the Author

    Joab Jackson is the senior technology editor for Government Computer News.

    Reader Comments

    Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

    Please type the letters/numbers you see above

    What is your e-mail address?

    My e-mail address is:

    Do you have a password?

    Forgot your password? Click here
    close

    Trending

    • Dive into our Contract Award database

      In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Our databases track awards back to 2013. Read More

    • Navigating the trends and issues of 2016 Nick Wakeman

      In our latest WT Insider Report, we pull together our best advice, insights and reporting on the trends and issues that will shape the market in 2016 and beyond. Read More

    contracts DB

    Washington Technology Daily

    Sign up for our newsletter.

    Terms and Privacy Policy consent

    I agree to this site's Privacy Policy.