Diebold: that security hole is a feature, not a bug


Are electronic voting machines ever held to any baseline computer security standards? It certainly doesn’t seem so. To wit, the discovery of a security hole in Diebold Election Systems’ touch-screen voting machines that experts are calling the “worst ever” in a voting system. Discovered by Harri Hursti, a Finnish computer expert who was working at the request of Black Box Voting, the vulnerable technology is intended as a means of quickly upgrading the machines’ boot loader, operating system and application program. But it can be easily exploited to load almost any software without a password or proof of authenticity, potentially without leaving any signs the machines have been tampered with. “It’s worse than a hole,” Michael Shamos, a computer science professor at Carnegie Mellon University, told the Associated Press. “It’s a deliberate feature that was added by Diebold that we all believe is unwise.” Avi Rubin, a professor of computer science at Johns Hopkins University who first cast doubt on the reliability of Diebold’s systems in a 2003 report, agreed. The machines are “much, much easier to attack than anything we’ve previously said,” he told the Baltimore Sun. “On a scale of one to 10, if the problems we found before were a six, this is a 10. It’s a totally different ballgame.”

Er, it was Diebold machines that decided the outcome of the last Presidential election, wasn’t it?