Home
Hot NewsEconCrisisObamaElection IntegrityLGBT GayMediaBiz- EconEdgesGovtReligionsLife/ArtsSecurity WMDs Terror
Rights Justice DemocracyHealthVeterans MilitaryTorture GuantanamoFood/FarmingMideast Iran Iraq Afg PaMid East911Eco EnviroActivismCommunity
Refresh   Tag(s): ;
Add to My Group
May 13, 2006 at 12:05:25

View Ratings | Rate It

Diebold's AccuVote-TS Voting Machine Security

submit to twitter
submit to reddit
submit to digg
Tell A Friend
SAVE AS FAVORITE
VIEW FAVORITES

By runner (about the author)     Page 1 of 2 page(s)

opednews.com     Permalink

For OpEdNews: Runner - Writer

I'm a computer scientist and an election clerk who has helped many tens of thousands of citizens cast their vote on Diebold's AccuVote-TS (Touch Screen) voting machines through several election cycles. From an external election management perspective it is a very good and efficient system. Voters too seem to like the Touch Screen system because it is so easy and fast use.

Many people are very concerned over the so-called "Hursti Hack" and increasing numbers of computer scientists are speaking out to express their concern on various Diebold AccuVote-TS security issues. Johns Hopkins University computer science professor Avi Rubin published a very good security analysis of Diebold voting software two years ago and the Voting Systems Technology Assessment Advisory Board (VSTAAB) with the assistance of the University of California, Berkeley also issued a good security analysis this year.

The hot topic currently in the news is the “chain-of-custody” issue. Voting machines are moved often just before and after Election Day and then stored for long periods of time between elections, often with little, if any, security oversight. Many worry that election officials wouldn't know if hackers had installed malicious programs on the machines during these unguarded periods. Blackboxvoting.org recently issued a redacted version of its “chain-of-custody report, after first stripping details that could help hackers. That report says someone with significant knowledge of computer code could install malicious programs on voting machines in a matter of minutes during transport and storage.


The proposed fix involves reinstalling the proper software just before each election, preferably in a public setting, and then locking, sealing and guarding the machines to prevent tampering before voting begins. Presumably that would require the reformatting of each voting machine, which is a standard Intel-based PC, hard drive to guarantee each machine is cleaned of any possible malicious code infection. Next, the standard Microsoft Windows operating system must be reinstalled followed by the reinstallation of Diebold's AccuVote-TS voting application on each of Diebold's voting machines. Times dozens of voting machines in every voting jurisdiction in every state, that's a big job! It would require a small army of competent computer technicians for each election! No wonder most election officials are throwing bucket after bucket of cold water on that proposed fix! Most voting jurisdictions will never have the money or competent manpower for that significant amount of work at every election cycle. That's not to say it shouldn't be done, because it really should!!

I must say, the voting jurisdiction where I volunteer as a “poll worker” has secure chain-of-custody procedures, very good poll worker training and an excellent track record with Diebold's AccuVote-TS. In this voting jurisdiction, procedures to manage the AccuVote-TS system are tight enough that the "Hursti Hack" and most of the other headline security issues to date generally are not of great concern. That said, I know this is probably not the case in every, or even most, voting jurisdictions in every state.

Focusing on the voting machine “chain-of-custody” issue may be like worrying someone will break down your relatively secure back door to rob your house while ignoring the fact that your house has no front door at all and is open to the world. There may be a more accessible and innocent-looking security issue in the AccuVote-TS machine that some concerned computer scientists have disregarded because they have not observed an actual election with these machines. The Diebold system's use of “smart-cards” provides an open door for any voter or poll work to commit vote fraud. Johns Hopkins University computer science professor Avi Rubin discusses “smart-card” issues in his voting machine security analysis ( http://avirubin.com/vote.pdf ) report.

What are smart-cards?

Smart-cards look like a credit card, but have an imbedded computer chip with data storage memory. Smart-cards and smart-card read/write devices are widely used in industry and government. The technology's specifications are commonly available as are the cards themselves and card programming guides. It is the smart-card, as used by the Microsoft Windows PC based AccuVote-TS voting system, that offers an opportunity for a motivated person or group of people with some technical skill to commit voter fraud.

A smart-card read/write device on the Windows-based AccuVote machine is just another standard Windows controlled PC device, just like a PC's hard drive or phone modem connecting it to the Internet. Anyone smart enough to hack a virus into Windows through an Internet browser or email could likely hack a virus or other code into Windows and/or the AccuVote-TS voting application itself through a smart-card read/write device with a specially prepared smart-card.

Why are smart-cards used for Diebold AccuVote-TS voting system?

The Diebold AccuVote-TS voting application is a "smart-card" activated, multilingual touch screen voting system that records votes on a removable internal flash memory card. As yet this Microsoft Windows PC based application does not produce a paper “ballot” receipt that voters can verify and deposit in a ballot-box for later “recount” verification of election results. If a voting machine's flash memory is corrupted during an election then the election vote count is also corrupted on that machine.

In the AccuVote-TS voting procedure smart-cards are encoded with a "virtual" election ballot and given to each voter as they enter the polling place. Poll workers individually encode the smart-cards with the appropriate “ballot style” according each voter's precinct number, political party and language after confirming the voter is properly registered to vote. The card is encoded via an AccuVote-TS machine and its standard smart-card read/write unit or small calculator-sized card-encoding device. The smart-card “virtual ballot" then defines the candidates and propositions for which the voter may cast their vote.

The voter then takes the smart-card to a Touch Screen voting machine and inserts it into the machine's smart-card read/write device. The machine reads the smart-card and displays the voter's election ballot image on its Touch Screen to allow voting. The voter then touches the check boxes by the candidate names to make their selections. Headphones for computer generated voice instructions and keypads are available for visually-impaired voters to privately cast their vote on the AccuVote-TS machine too. Before the ballots are finally recorded to the flash memory card the voter is given a final chance to review and change their selections.

When satisfied, the voter completes the voting process by touching the “cast ballot” button. When the cast ballot button is touched the vote is recorded on the flash memory card in the machine. The voting machine then writes a “voted” code on the smart-card, to ensure that it can only be used to vote once, and ejects it out of the card reader with a loud clunk. The voter then returns the smart-card to a poll worker who then re-encodes it with a virtual ballot for the next voter in line. Keep in mind that voters have physical possession of these smart-cards in private at the voting machine for up to several minutes.

When the polls close, a poll worker or election administrator uses a smart-card to put each machine into a post election mode where it no longer record votes. At this point, the administrator may instruct each machine to read its flash memory, where votes have been recorded, to tabulate and write a vote count summary on a cash register-like tape.

Next Page  1  |  2

 

Bachelors of Science Degree in Computer Science and Business Administration with 25 years of experience working in the Independent Software Vendor Industry.

The views expressed in this article are the sole responsibility of the author
and do not necessarily reflect those of this website or its editors.

Contact Author Contact Editor View Authors' Articles

 

Book Recommendations for "Electronic Voting USA United"
Electronic Elections: The Perils and Promises of Digital Democracy
by R. Michael Alvarez

$32.95
Lowest New Price $19.85
Number of pages: 232
Publisher: Princeton University Press

The Machinery of Democracy: Protecting Elections in an Electronic World
by Brennan Center Task Force on Voting Security

$16.95
Lowest New Price $8.22
Number of pages: 200
Publisher: Academy Chicago Publishers

Secure Electronic Voting (Advances in Information Security)

$139.00
Lowest New Price $105.00
Number of pages: 240
Publisher: Springer

Voting Technology: The Not-So-Simple Act of Casting a Ballot
by Paul S. Herrnson

$19.95
Lowest New Price $14.99
Number of pages: 215
Publisher: Brookings Institution Press

View All Book Recommendations

Share this page: (what's this?)                   Tell a Friend: Tell A Friend

FACEBOOK      DIGG THIS      Add This Page to Mr Wong!           NEWSVINE      DEl.ICIO.US      Looksmart Furl      NETSCAPE      My Web      Tag!RawSugar      Blink List     (More...)

Comments: Expand   Shrink   Hide  
1 comments
To view all comments:
Expand Comments
 

The machines in question are not standard intel PCs by Jason Schmitz on Sunday, May 14, 2006 at 12:16:03 PM

 
Want to post your own comment on this Article? Post Comment

 

 

 

Tell a Friend: Tell A Friend

Copyright © 2002-2009, OpEdNews

Powered by Populum