Serious Diebold voting machine flaws

(via Freedom to Tinker)

A recently released report at BlackBoxVoting details some serious flaws in Diebold voting machines. The information is enough to make one wonder (wonder again, for those that have been keeping track of this stuff) why all electronic voting machines do not have mandatory paper ballots to go with the electronic votes. Every location using these, or any other electronic voting machines, should have a mandatory paper ballot which prints out for review by the voter and is kept seperately in a voting box for later review in close elections or in instances of suspected fraud or error.

It may seem that printing a paper ballot would invalidate the whole concept of electronic voting, but it is a simple and effective safety measure that might not ever be called upon. Given the difficulty in reviewing the code running inside these machines, a paper trail is just a smart backup. Most results will likely not be challenged, but when they are, the paper box is invaluable. Additionally, voters will be able to verify their votes by looking at the paper print-out before they leave the voting box.

A report by Harri Hursti, released today at BlackBoxVoting, describes some very serious security flaws in Diebold voting machines. These are easily the most serious voting machine flaws we have seen to date — so serious that Hursti and BlackBoxVoting decided to redact some of the details in the reports. (We know most or all of the redacted information.) Now that the report has been released, we want to help people understand its implications.

. . .

Election officials are in a very tough spot with this latest vulnerability. Since exploiting the weakness requires physical access to a machine, physical security is of the utmost importance. All Diebold Accuvote machines should be sequestered and kept under vigilant watch. This measure is not perfect because it is possible that the machines are already compromised, and if it was done by a clever attacker, there may be no way to determine whether or not this is the case. Worse yet, the usual method of patching software problems cannot be trusted in this case.

[tags]Diebold, Electronic voting[/tags]