| Author |
Message |
    
Bev Harris
Board Administrator
Username: Admin
Post Number: 4556
Registered: 12-2004
Best of Black Box? 
Votes: 33 (A keeper?) | | Posted on Thursday, May 11, 2006 - 12:34 pm: | 
|
Due to the nature of this report it is distributed in two different versions. Details of the attack are only in the restricted distribution version considered to be confidential. Fewer than 50 words have been redacted in the version below.
Overview
Click "more" for link to full report
Note: Please refrain from speculation or public discussion of inappropriate technical details.
This document describes several security issues with the Diebold electronic voting terminals TSx and TS6. These touch-pad terminals are widely used in US and Canadian elections and are among the most widely used touch pad voting systems in North America. Several vulnerabilities are described in this report.
One of them, however, seems to enable a malicious person to compromise the equipment even years before actually using the exploit, possibly leaving the voting terminal incurably compromised.
These architectural defects are not in the election-processing system itself. However, they compromise the underlying platform and therefore cast a serious question over the integrity of the vote. These exploits can be used to affect the trustworthiness of the system or to selectively disenfranchise groups of voters through denial of service.
http://www.blackboxvoting.org/BBVtsxstudy.pdf (327 KB)
Critical Security Alert: Diebold TSx and TS6 voting systems
by Harri Hursti, for Black Box Voting, Inc.
Three-layer architecture, 3 security problems
Each can stand alone or combine for 3-layer offense in depth
As an oversimplification, the systems in question have three major software layers: boot loader, operating system and application program. As appropriate for current designs, the first two layers should contain all hardware specific implementations and modifications, while the application layer should access the hardware – the touch pad, memory card, the network etc. – only via services and functions provided by the operating system and therefore be independent of the hardware design. Whether the architecture in question follows these basic guidelines is unknown.
Based on publicly available documentation, source code excerpts and testing performed with the system, there seem to be several backdoors to the system which are unacceptable from a security point of view. These backdoors exist in each of these three layers and they allow the system to be modified in extremely flexible ways without even basic levels of security involved.
In the worst case scenario, the architectural weaknesses incorporated in these voting terminals allow a sophisticated attacker to develop an "offense in depth" approach in which each compromised layer will also become the guardian against clean-up efforts in the other layers. This kind of deep attack is extremely persistent and it is noteworthy that the layers can conceal the contamination very effectively should the attacker wish that. A quite natural strategy in these types of situations is to penetrate, modify and make everything look normal.
Well documented viral attacks exist in similar systems deploying interception and falsification of hash-code calculations used to verify integrity in the higher application levels to avoid detection. The three-level attack is the worst possible attack. However, each layer can also be used to deploy a stand-alone attack. The TSx systems examined appear to offer opportunities for the three-level attack as well as the stand-alone attacks.
It is important to understand that these attacks are permanent in nature, surviving through the election cycles. Therefore, the contamination can happen at any point of the device's life cycle and remain active and undetected from the point of contamination on through multiple election cycles and even software upgrade cycles.
Here is a rough analogy:
- The application can be imagined as written instructions on a paper. If it is possible to replace these instructions, as it indeed seems, then the attacker can do whatever he wishes as long as the instructions are used.
- The operating system is the man reading the instructions. If he can be brainwashed according to the wishes of the attacker, then even correct instructions on the paper solve nothing. The man can decide to selectively do something different than the instructions. New paper instructions come and go, and the attacker can decide which instructions to follow because the operating system itself is under his control.
- The boot loader is the supreme entity that creates the man, the world and everything in it. In addition to creating, the boot loader also defines what is allowed in the world and delegates part of that responsibility to the operating system. If the attacker can replace the boot loader, trying to change the paper instructions or the man reading them does not work. The supreme entity will always have the power to replace the man with his own favorite, or perhaps he just modifies the man’s eyes and ears: Every time the man sees yellow, the supreme being makes him think he is seeing brown. The supreme entity can give the man two heads and a secret magic word to trigger switching the heads.
In the world of the Diebold touch-screen voting terminals, all of these attacks look possible.
The instructions (applications and files) can be changed. The man reading the files (Windows CE Operating System and the libraries) can be changed. Or the supreme entity (boot loader) can be changed, giving total control over the operating system and the files even if they are "clean software."
Specific conceptual information is contained in the report, with details and filenames in the high-security version which is being delivered under cryptographic and/or personal signature controls to the EAC, Diebold CEO Tom Swidarski and CERT.
1) Boot loader reflashing
2) Operating system reflashing
3) Selective file replacement
In addition, the casing of the TSx machines lack basic seals and security, and within the casing additional exploitations are found.
Conclusions and Recommendations
Because there is no way of having chain of custody or audit trail for machines, the machines need to be reflashed with a known good version (assessing the risks potentially inherited). Ideally this should be done by the proper governmental authorities rather than being outsourced.
After that, extensive chain of custody management has to be established to make sure that machines do not potentially get recontaminated. Less than five minutes is required for contamination.
The bootloader needs to be re-engineered.
The cases need to be properly and permanently sealed.
Further study is warranted around these issues and others in the May 15, 2006 Supplemental Report for the Emery County TSx study.
While these flaws in design are not in the vote-processing system itself, they potentially seriously compromise election security. It would be helpful to learn how existing oversight processes have failed to identify this threat.
A secondary report will be released on May 15, 2006. This report contains approximately 12 other areas of secondary concern to the problems described in this initial report.
PERMISSION TO REPRINT GRANTED, WITH LINK TO http://www.blackboxvoting.org
Black Box Voting is a nonpartisan, nonprofit 501c(3) organization focusing on investigations related to ensure accurate and fair elections. This organization is supported entirely by citizen donations.
To support this work:
http://www.blackboxvoting.org/donate.html
Mailing Address:
Black Box Voting, Inc.
330 SW 43rd St Suite K
PMB 547
Renton WA 98055 |
Jody Holder
Voting Rights Forum Participant
Username: Holder
Post Number: 16
Registered: 11-2005
Best of Black Box? 
Votes: 5 (A keeper?) | | Posted on Thursday, May 11, 2006 - 1:18 pm: |
|
Bev:
I am unsure what you mean by "public discussion of inappropriate technical details". Do you mean among voting activists or at public presentations?
What this means is that another election should not be conducted on a Diebold voting system until all the required fixes have been accomplished. Yet elections are going on all over the country currently, and there is no time to do the fixes prior to many of those elections.
It also means that an attack could have already occurred several years ago and no one would know.
My great thanks to Black Box Voting, and those patriots who have stepped forward in defense of their country. Also to a patriot of the world, Harri Hursti. |
Bev Harris
Board Administrator
Username: Admin
Post Number: 4558
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 1:41 pm: |
|
CORRECT: What this means is that another election should not be conducted on a Diebold voting system until all the required fixes have been accomplished. Yet elections are going on all over the country currently, and there is no time to do the fixes prior to many of those elections.
CORRECT: It also means that an attack could have already occurred several years ago and no one would know.
And by inappropriate public speculation, we mean do not speculate about the specific filenames or tools regardless of whether you think they are already discussed or easy to find or simple to guess.
No file names should be named. Or other details. |
Pat Vesely
Frequent Voting Rights Forum Participant
Username: Pat_vesely
Post Number: 308
Registered: 02-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 1:48 pm: |
|
Hi Jody, Some of us who are more familiar with the inner workings of the Diebold software and computer systems in general can reasonably deduce what the "redacted" portions may contain. I think Bev may have added that line to remind us NOT to speculate in public and make an already bad situation even worse since we know that some jurisdictions will still try to use these machines in upcoming elections.
It's bad enough that the 'pros' will be able to figure it out, no sense in giving every 'script kiddy' on the Internet more clues than we have to.
Pat A. Vesely ;-) |
John Gideon
Frequent Voting Rights Forum Participant
Username: Johngideon
Post Number: 219
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 1:57 pm: |
|
Does anyone have an unredacted copy of the SAIC security report done for Maryland? Was this problem found by SAIC? |
Bev Harris
Board Administrator
Username: Admin
Post Number: 4561
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 2:02 pm: |
|
If it was found by SAIC it is not possible to fathom why entire states are taking delivery on machines with these vulnerabilities three years later. |
John Gideon
Frequent Voting Rights Forum Participant
Username: Johngideon
Post Number: 220
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 2:05 pm: |
|
The SAIC report that was released is redacted. The question is whether the SAIC report found this problem and whether Maryland and Diebold kept it quiet and just told SAIC that they had fixed the problem. There was no follow-up by SAIC, to my knowledge.
Let me be clear that I am not accusing anyone of covering-up a security problem like this one. I am only asking the question. |
V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir
Post Number: 237
Registered: 04-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 2:06 pm: |
|
Pat,
"It's bad enough that the 'pros' will be able to figure it out, no sense in giving every 'script kiddy' on the Internet more clues than we have to. "
Pat, that is one of the most responsible and profound statements I think I've ever read, and why I never felt that "open source" was the solution to anything. Bravos, Pat, bravos.
Kurt Bellman |
Bruce Sims
Frequent Voting Rights Forum Participant
Username: Ubetchaiam
Post Number: 768
Registered: 06-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 2:26 pm: |
|
What is most distrubing about this report summation is the following:"It is important to understand that these attacks are permanent in nature, surviving through the election cycles."
This means that if such has already occurred, the machines are fatally comprised and ,it would appear from the summation, all such machines would have to be examined and then redone.
It would be good to undersand whether this "The bootloader needs to be re-engineered." is referencing the ntldr module or referncing bios firmware. |
Bev Harris
Board Administrator
Username: Admin
Post Number: 4564
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 2:44 pm: |
|
This kind of speculation is requested not to happen here. |
Jean-Baptiste Biard
Voting Rights Forum Participant
Username: Jbbiard
Post Number: 1
Registered: 05-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 2:54 pm: |
|
Kurt,
- First of all, my first post here, great to be allowed to do that, thanks BBV.
- Second, about your "open source is not a solution" remark: the same rule used here ("do not expose a vulnerability while no fix is available") is routinely used in the open source community. Open Source does not changes much there, except that fair scutiny is much easier and fixes often more quickly provided...
- Third, about the bottom of the matter: would not it be sadly "nice" to find modified machines. Any machine that is "flashed" will erase potential tampering proofs. That is fine for the coming votes, but this amounts to destroying proofs. How are you coping with that? |
Jesse Weinstein
Voting Rights Forum Participant
Username: Jessew
Post Number: 1
Registered: 05-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 4:06 pm: |
|
I (using pdftohtml-0.38 ) have made an HTML version of the report. If it would be acceptable to the authors of the report, I'd be delighted to upload it here, or on my personal webspace if that would be preferred. (although I'd prefer if it was here, for bandwidth cost reasons ;-) ) |
Marian Beddill
Voting Rights Forum Participant
Username: Uu7thprinciple
Post Number: 28
Registered: 08-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 4:15 pm: |
|
Jesse;
Send it to me and I'll post it on my webspace:
http://noleakybuckets.org/
Marian
<beddill@nas.com> |
Bev Harris
Board Administrator
Username: Admin
Post Number: 4566
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 4:21 pm: |
|
Thanks, Marian. All we require is a live link to http://www.blackboxvoting.org on its front page. |
V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir
Post Number: 238
Registered: 04-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 4:23 pm: |
|
Jean-Baptiste,
Welcome. Glad to have you here.
"Open source" means many people have ability to do mischief. Propreitary means few do, but fewer still have the ability to detect mischief. Tough call.
As a slightly sardonic aside, "open source" also typically connotes "I don't like Microsoft much." In that, we agree, but not because I'm an open sourcer. Actually, I'm a Macintosh man at heart.
About the "bottom of the matter":
What you have stated is a fairly perfect conumdrum. What to do? Do we attempt to prevent future harm by erasing potential evidence of past wrongdoing?
The answer to that depends on what brings one to the table. If one is motivated by retribution and "being right", the choice is far more difficult. If "letting it go" is impossible, then that choice is torture. If, on the other hand, you are motivated by fear for the future, and you don't believe you've seen enough to make you distrust what has come before, the choice is easy. You must flash, just to be extra sure, if only to reassure the electorate that voting can still matter. |
Marian Beddill
Voting Rights Forum Participant
Username: Uu7thprinciple
Post Number: 29
Registered: 08-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 4:39 pm: |
|
Bev;
I have created a prominent link on my front page at http://noleakybuckets.org/ , with direct links back to BBV, and a copy of your PDF.
(Nothing like having a backup.)
Marian |
Joseph Hall
Voting Rights Forum Participant
Username: Joehall
Post Number: 82
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 4:53 pm: |
|
The debate over source code is much more complicated. I have a paper on access to source code and open source in e-voting in this summer's USENIX/ACCURATE workshop... I should be able to have a shareable version of that paper when finals and such are over here.
Note that there is evidence of this design flaw dating back to 2002 without having to see the 2/3 of the redacted part of the SAIC report. If I know you (John, Kurt and BBV crew, of course) and you have a GPG/PGP key, I can send you what I've got. You know my email. best, Joe |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 2368
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 5:03 pm: |
|
I really appreciate the clarity and simplicity in these explanations. That is not an easy thing to achieve.
Bravo and thanks to everyone involved in this project. |
John Dean
Frequent Voting Rights Forum Participant
Username: Bozosforbush
Post Number: 363
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 6:30 pm: |
|
Yes, bravo and thanks to everyone involved! |
Samuel Scharff
Voting Rights Forum Participant
Username: Abacus
Post Number: 31
Registered: 08-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 8:01 pm: |
|
If I may be forgiven for a bit of irreverence -- and , please, all hands have my great respect and thanks -- this reminds me of the old arguments about how many angels can dance on the head of a pin...
A small voice for hand counted paper ballots? [I know some of you arfe sympathetic...] |
sheila solomon
Voting Rights Forum Participant
Username: Sheilas
Post Number: 1
Registered: 04-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 8:11 pm: |
|
Hi - I have read the redacted report. We are fighting the battle right now in Pima County Arizona. and have a board of supervisors who will make a decision in less than a week.
I have quite a bit of security experience but the challenge I have is translating this information into something I can concretely demonstrate to local politicians for maximum effect.
Is there any way we can provide more complete information under secrecy directly to their IT staff? |
Kathleen Wynne
Moderator
Username: Admin_ii
Post Number: 301
Registered: 08-2005
Best of Black Box? 
Votes: 1 (A keeper?) | | Posted on Thursday, May 11, 2006 - 9:12 pm: |
|
Samuel,
quote:this reminds me of the old arguments about how many angels can dance on the head of a pin
This report is not an argument, it's undeniable proof. The contents of this report makes change more possible than it's ever been before.
Citizens now have leverage they didn't have before too. We've proven that the certification process and the Diebold voting machines have failed miserably. No other report before this one has gotten the election industry to sit up and pay attention the way this one has. That's because it's the most devastating report of a voting system ever.
As a result, citizens are now in a position to call into question all the other voting systems and work toward having them independently tested in order to find out whether they too possess similar security flaws as the Diebold voting systems.
The next step is for those citizens, for example, who are advocates for hand counting our ballots to develop and present realisic, well-thought out arguments that address all the issues and concerns expressed by election officials and politicians, who are still resisting the change to hand counts (which is pretty much the majority). Fortunately, JoAnne Karasek and Sheila Parks, two members of BBV, along with many other dedicated citizens are working diligently to develop such a plan and to build a critical mass of support for hand counting paper ballots. I support their vision because their goal is to make certain citizens are dominant in every phase of the voting process and that the process has a transparency that allows average citizens to judge for themselves whether it's working or not.
What this report shows us is that we can no longer outsource our elections to vendors and experts to oversee the process on our behalf ever again. So, at the end of the day, those citizens who make the best case in their plan for change, will have the better chance of garnering the necessary support for implementing it.
More importantly, I sincerely hope this report will be a motivating factor in getting citizens involved in the election process again. That it gets citizens believing that it is they who can make the difference in bringing about the change we've all been fighting for.
This is cause for celebration, IMO.
Kathleen
(Message edited by admin_ii on May 11, 2006)
* * * * * *
* * * * * *
* * * * * *
* * * * * *
TRIPLE PROTECTION FOR ELECTION 2006 - STARTING NOW:
(1) Use Freedom of Information, public records requests ("All American Paper Chase")
(2) Try Dumpster Diving for Democracy
(3) Candid America Project - Don't leave home without your camcorder
HOW TO DO IT: http://www.bbvforums.org/forums/messages/6/6.html
|
Michael McKay
Voting Rights Forum Participant
Username: Seaan
Post Number: 1
Registered: 05-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 11:25 pm: |
|
From the top post:
It would be helpful to learn how existing oversight processes have failed to identify this threat.
and from Kathleen Wynne:
What this report shows us is that we can no longer outsource our elections to vendors and experts to oversee the process on our behalf ever again.
I have several thoughts on this topic. In no particular order:
* I've generally found that formal security reviews (my experience is with FIPS 140) don't find many design bugs. The main point of the review is to establish that your product does what your documentation says it does. If your design has subtle logical flaws, they probably won't find it.
* There are exceptions - usually in areas where the nature of attacks are well understood. For example the security labs that I've worked with for FIPS 140 accreditation are very good with testing and evaluating physical security claims (tamper detection, etc.).
* I don't know which labs are performing the eVoting evaluations, but from my experience with the financial industry I'm not too worried about the industry funded aspect of the evaluation labs. Granted the financial industry has much more of a track record, but at least it shows an example of how impartial reviews can be done. The labs I've worked with are willing to help the testee get the product passed, but this is by making the product better.
* The certification labs depend a lot upon standards, and this is an area where I can see a practical method of improving. By having better standards, we can significantly improve the eVoting evaluations. While standards won’t prevent all design flaws, they can rule out various unsafe practices and mandate other good practices; which collectively can greatly increase the level of security.
* The standards are the real place where knowledgeable experts, representing the voters, can make a difference. This won’t be easy, for example standards almost always take a long time, so changes won’t happen swiftly. The system is also rigged (perhaps on purpose) against non-sponsored participants. For example, in the ANSI X9 financial standards (x9.org) you don't get to vote unless you pay the higher membership rates. Combined with travel requirements, and the amount of work it takes to keep up with the standards, this is just not the type of thing a typical individual can afford to do on their own.
* I think the mid-term solution (over the next 4-5 years) is to have NGO sponsored experts participate in the eVoting standards, where the NGO serves as a proxy to represent the interests of the voters. |
V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir
Post Number: 239
Registered: 04-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, May 12, 2006 - 4:27 am: |
|
I have a question. What is the central "crux" of this Diebold problem, the main element?
Is it that the machines will boot from a memory card and potentially then rewrite all three layers? Is that the central problem?
And if it is, isn't it fairly likely that all of the new generation of DRE's have used the same technique? Once you read the report, it doesn't really look like something that would be especially unique, or am I missing something?
Kurt |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 2372
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, May 12, 2006 - 4:38 am: |
|
It may not be unique at all. But so far BBV hasn't been able to arrange for similar tests of equipment made by other vendors. (And/or the computer scientists who have seen some of the others are gagged because they signed restrictive Non Disclosure Agreements.) |
John Burik
Voting Rights Forum Participant
Username: Jburik
Post Number: 1
Registered: 05-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, May 12, 2006 - 6:46 am: |
|
Kathleen wrote above:What this report shows us is that we can no longer outsource our elections to vendors and experts to oversee the process . . ..
My continued hope is for growing interest among average citizens and the corporate media. I pointed out to a number of reporters in Ohio that the Secretary of State's own consultants' report indicated that memory cards were not reviewed (Diebold report, 4/15/2005, http://www.sos.state.oh.us/sos/HAVA/hava.aspx?section=4). They said, "Thanks," and did not follow up.
Perhaps with Hursti II and national attention we are beginning to really get somewhere useful. |
Bev Harris
Board Administrator
Username: Admin
Post Number: 4569
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, May 12, 2006 - 7:24 am: |
|
for Joe Hall: I saw the excellent piece you wrote on your blog, but it appears to contain information that is not quite accurate regarding the recovery method.
Is it not true that you cannot clean a contaminated boot loader with itself?
It appeared to me that your blog was saying you could. |
Joseph Hall
Voting Rights Forum Participant
Username: Joehall
Post Number: 83
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, May 12, 2006 - 12:27 pm: |
|
You're right Bev... that is an issue with my post... I'll clarify that right now. |
Bev Harris
Board Administrator
Username: Admin
Post Number: 4570
Registered: 12-2004
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Friday, May 12, 2006 - 7:27 am: |
|
Kurt: To the best of our knowledge, Diebold has the only DRE using Windows CE as the platform. You are correct that the problem could exist elsewhere, and that should ABSOLUTELY be studied.
We very nearly got access to an iVotronic last month, but at the last minute the elections official was blocked by another public official.
However -- building a DRE on Windows CE is especially dangerous because the sheer number of people who understand how to exploit Windows is huge.
The boot loader is the biggest problem of all. |
Yuri Bertsch
Voting Rights Forum Participant
Username: Yuri
Post Number: 1
Registered: 05-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, May 12, 2006 - 7:41 am: |
|
Pat, that is one of the most responsible and profound statements I think I've ever read, and why I never felt that "open source" was the solution to anything. Bravos, Pat, bravos.
I have to completely disagree on your position about keeping the flaw details confidential. This is information that has to be widely distributed so that people are aware how insecure these systems are. Most script kiddies aren’t going to have access to the physical machines and I can’t see many of them resisting the temptation to make their hack obvious.
The people who do have physical access or even systematic physical access will know exactly what you are redacting anyway.
Seeing that King George III (or even Bevus & Butthead) win an election in someplace would be wonderful.
Additionally, without the particulars, Diebold will be able to more effectively downplay or dismiss the problems.
Given the scope of the problem, I can’t see there being a real chance of making these systems secure short of total replacement. There is nothing on the machine that is secure—from the case, to the motherboard, to the OS to the software. |
Patrick J. Kobly
Voting Rights Forum Participant
Username: Pkobly
Post Number: |
