Fw: THE TOUCH SCREEN OF DEATH TO DEMOCRACY

[Guest guest]

" Magginkat " <magginkat

Fri, 12 May 2006 16:19:49 -0500

[GranniesAgainstGeorge] Fw: THE TOUCH SCREEN OF DEATH TO

DEMOCRACY

 

 

THE TOUCH SCREEN OF DEATH TO DEMOCRACY.

 

Scientists call Diebold security flaw 'worst ever'

Critics say hole created for upgrades could be exploited by

someone with nefarious plans

By Ian Hoffman, STAFF WRITER

Inside Bay Area

 

Computer scientists say a security hole recently found in

Diebold Election Systems' touch-screen voting machines is the " worst

ever " in a voting system.

Election officials from Iowa to Maryland have been rushing to

limit the risk of vote fraud or disabled voting machines since the

hole was reported Wednesday.

 

Scientists, who have conferred with Diebold representatives,

said Diebold programmers created the security hole intentionally as a

means of quickly upgrading voting software on its electronic voting

machines.

 

The hole allows someone with a common computer component and

knowledge of Diebold systems to load almost any software without a

password or proof of authenticity and potentially without leaving

telltale signs of the change.

 

" I think it's the most serious thing I've heard to date, " said

Johns Hopkins University computer science professor Avi Rubin, who

published the first security analysis of Diebold voting software in

2003. " Even describing why I think it's serious is dangerous. This is

something that's so easy to do that if the public were to hear about

it, it would raise the risk of someone doing it. ... This is the

worst-case scenario, almost. "

 

Diebold representatives acknowledged the security hole to

Pennsylvania elections officials in a May 1 memo but said the

" probability for exploiting this vulnerability to install unauthorized

software that could affect an election is considered low. "

 

California elections officials echoed that assessment Friday in

a message to county elections chiefs.

 

But several computer scientists said Wednesday that those

judgments are founded on the mistaken assumption that taking advantage

of the security hole would require access to voting machines for a

long time.

 

" I don't know anyone who considers two minutes lengthy, if it's

that, " said Michael Shamos, a Carnegie Mellon University computer

science professor and veteran voting-systems examiner for the state of

Pennsylvania.

 

" It's the most serious security breach that's ever been

discovered in a voting system. On this one, the probability of success

is extremely high because there's no residue. ... Any kind of cursory

inspection of the machine would not reveal it. "

 

States using Diebold touch screens are " going to have to fix it

because they can't have an election without having a fix to this, " he

said. Otherwise, states risk challenges from losing candidates while

being unable to prove easily that the machines worked as designed.

 

At least two states - Pennsylvania and California - have ordered

tighter security and reprogramming of all Diebold touch screens, using

software supplied by the state and a method opened by the security

hole. Local elections officials then must seal certain openings on the

machines with tamper-evident tape.

 

David Wagner, an assistant professor of computer-science at the

University of California, Berkeley and a technical adviser to the

California secretary of state's office, said the new measures should

minimize risks in the June 6 primary.

 

Elections officials in Georgia, which uses Diebold touch screens

statewide, said existing state rules already are sufficient.

 

Bev Harris, founder of BlackBoxVoting.org, a nonprofit group

critical of electronic voting, said she isn't sure reprogramming and

sealing the touch screens will fix the problem.

 

Voting machines often are delivered to polling places several

days before elections, and the outside case of Diebold's touch screens

is secured by common Phillips screws. Inside, a hacker can take

advantage of the security hole, as well as access other security

holes, without disturbing the tamper-evident seals, Harris said.

 

" Ultimately, there's no way to get rid of the huge security

flaws in the design, " she said.

 

 

Contact Ian Hoffman at ihoffman.

 

 

http://www.insidebayarea.com/portlet/article/html/fragments/print_article.jsp?ar\

ticle=3809493

 

 

 

 

http://BuzzardsRoost.aimoo.com

http://www.GranniesAgainstGeorge.us