AccuVote

The Diebold Accvote TSX is one of the most commonly used DRE voting systems in the United States, in spite of the fact that it has numerous known vulnerability and can be hacked with little CS knowledge or inside access. Known problems include:

  • Because most of the access restrictions on the machines are implemented by graying out menu entries, they can be easily bypassed by anyone with limited CS knowledge.
  •  All the databases on each machine use Microsoft Access and its underlying database system Microsoft Jet, despite many known vulnerabilities and the fact that Ohio elections official were directly told by Microsoft not to use MS Jet for this or any purpose.
  •  Simply  renaming files on a memory card  can change the operating system of or download any files from the accuvote machines including the tallies from past elections
  •  The Diebold machines also have hidden SD card slots once the casing is removed, which may allow an attacker to add wireless networking capability and new methods of entry.
  • The Diebold machines have a jumper port which can be accessed by removing the casing of machine, allowing one to temporarily or permanently bypass the OS and or firmware of the machine itself, and can act as a recovery method allowing for unlimited experimentation with the software. (see the BBV report for more details on this and the above errors).
  • In 2003 an activist (Bev Harris) discovered that Diebold had maintained a cache of voting machine software source code (this code is no longer online but we have it and will make it available on request) and internal emails on an unprotected GeoCities website. Most of what we know about the vulnerabilities of the to machines are based off of an analysis of this code. The internal emails show that amongst other things, Diebold employees had illegally issued software updates to Georgia’s voting machines ahead of the 2002 federal elections, and knowingly lied to federal testing labs about the security of the software. See these article’s from the time of the leak One and Two.
  • A study commissioned by the California Secretary of State’s office in the early 2000’s found that Diebold Accuvote TSX machine fail at 15 times the maximum level set by federal guidelines, likely a result of issues with the way in which they are tested. See Here.
  • Disputed elections resulting from voting machine errors with Diebold have in two case led to grand jury investigations, first in Polk County Florida in 1996, after the machines flipped a county commissioner race, and once in Stanislaus Country California when the machines flipped a state ballot measure. In the first case, a senior official from Diebold was forced to testify. (Black Box Voting)
  • Errors in the 2008 presidential election results in Humboldt County California lead to an investigation by the secretary of state, which concluded among other things that Diebold knew their database software would discard ballots and fail to record this in the audit log, something which violate federal guideline and had not been discovered during the certification process.
  • Unique Transparency Program Uncovers Problems with Voting Software  A Letter From The California SOS Summerizing what happened
  • Multiple analyses of these machine have concluded that there are security issues that cannot be mitigated by any steps poll worker may take.

Further Reading:

 

 

  • Start here for a good overview of the issues with Diebold and how the situation has played out over time: How To Hack An Election In Seven Minutes.
  • This was one of the first study’s done analyzing the issues with the Accuvote source code and which later led to reviews of the system by individual states, including  Ohio and Maryland, which confirmed the issues described here. See Avi Rubin’s book Brave New Ballot for a full description of his experience working on this issue.
  • Black Box Voting By Bev Harris. Now out of print, this book is Bev Harris’s first hand account of looking into the voting industry and the various problems which have occurred with the machines over time.
  • This Study from Harris’s Black Box voting summarizes many of the different errors discovered and is based on first hand research and field work in Emory County Utah and Leon County Florida. Part One and  Part Two
  • Broken Ballots By Douglas Jones. A good, technically literate book discussing the issue with many different types of voting machines and the history of their usage.
  • A later, more complete analysis of Diebold Source code, which was provided by the manufacturer for this study, most of the issues identified remain un-patched. This research was commissioned by the California Secretary of State to examine the continued use of Diebold tech.
  • A prior study by the same researchers that examined the machines, this one looks at the whole machine rather than just the source code.
  • Ohio’s independent analysis of the Diebold System comisisioned after the 2004 election.
  • A Bloomberg article summarizing many of the issues already mentioned as well as incidents of the machines malfunctioning in Tennessee.
  • This article summarizes a new attack on the SmartCard access system discovered by Arrogone National labs in 2011.
  • This article summarizing past elections whose results may have been affected by electronic voting and Diebold’s GOP links (very partisan).
  • This BBV page has more documentation for various machines and software resources see here for how to use GEMS (Diebold’s back-end software).

 

 

 

 

Advertisements