NEWSWEEK quoted Johns Hopkins computer sciences professor Avi Rubin a few days later as San Diego's machines thusly: "If Diebold had set out to build a system as insecure as they possibly could, this would be it."
Washington Post quoted yet another computer scientist this way just last week:
In California, David Jefferson, a computer scientist at Lawrence Livermore National Laboratory who consults with the state on its elections, said he was "stunned when he found out" about the vulnerability identified in the Utah test and agreed with the "frequently expressed opinion that this is the worst vulnerability that we have ever seen."
"It's the most serious security breach that's ever been discovered in a voting system. On this one, the probability of success is extremely high because there's no residue.... Any kind of cursory inspection of the machine would not reveal it."
Shamos went on to say that the systems could have their entire set of election software, system software and even computer firmware ("BIOS") completely overwritten to do anything the malicious user wanted, in less than two minutes time, with physical access to the machines.
In an NPR report, Rubin described the machines used in yesterday's election this way:
"I believe that this is not only the most serious security problem that I've seen in a voting machine, but I can't think of a security problem that I've seen in any kind of system that is severe as this."
He added that all one needs to exploit the security hole is "a few seconds of physical access to the machines."
Well, guess what? Poll workers in San Diego County had much more than just "a few seconds of physical access to the machines" when they stored the voting machines at their own homes on the night prior to yesterday's election!
You read that correctly. The most vulnerable voting machines ever created and used in an American election were given to random, volunteer poll workers in San Diego to keep in their houses overnight to do with as they please. The systems were "guarded" by little more than a thin strip of plastic "tamper tape" over some, but not all, of each machines' dozens of vulnerable physical access points.
A spokesperson this morning from the San Diego Registrar of Voters office confirmed to The BRAD BLOG that "Yes, the machines were sent home with poll workers the night before the election."
Given the severe security vulnerabilities described above, and given that the number of votes recorded for the two "third-party" candidates alone (6,367 out of more than 355,000 registered voters in San Diego) could have easily swung the announced "victory" from Bilbray to Busby in one of the most important, expensive and closely-watched elections in the country -- an election regarded by both major political parties as well as political analysts and observers as an important bell-weather for the upcoming '06 general elections -- The BRAD BLOG finds no reason to have confidence in the California Secretary of State's announced results in the race.
Who actually won it? Busby or Bilbray? We cannot tell you. Neither can the California state or San Diego County election officials. Even with a full, manual hand-count of all the paper ballots used with the optical-scan systems, and a full, manual hand-count of the so-called "paper trails" created by the touch-screen machines, there will still be questions about the accuracy of the results.
As we documented in an exclusive photo-essay of Diebold's AccuVote TSx machine after a security analysis by the non-partisan e-voting watchdog group BlackBoxVoting.org in March, the printer for the so-called "voter verified paper trail" on the TSx machines is installed behind a plastic door that may be closed by the voter -- or a poll worker -- thus obscuring the printed results and disallowing the voter from confirming that the printed "paper trail" accurately reflects their intended vote.
(Note: You can view every article as one long page if you sign up as an Advocate Member, or higher).