The massive security flaw recently revealed in Diebold touch-screen voting machines — which allows election software and systems to be overwritten with rogue software in minutes, without need of a password — and which has sent Elections Officials from Pennsylvania to California to Iowa to every state in the union which uses them, sequestering the machines and scrambling for a solution to mitigate the problem, was previously revealed in a 2004 security report commissioned by the state of Maryland, The BRAD BLOG has learned.
The security assessment of Diebold’s touch-screen voting systems was completed by RABA Technologies, and presented to the Maryland State Legislature in January 2004. The report, reviewed at the time by both Maryland election officials and officials at Diebold, consisted of “a ‘Red Team’ exercise to discover vulnerabilities in the actual voting system” prior to the state’s March 2004 primary election.
A “Red Team” attack is used by computer security teams to attempt to hack into a computer system or software package. The results of the RABA report in 2004, spelled out specific details of the latest Diebold security problems which have been splashed across the pages of maintream media outlets from coast to coast since last Wednesday.
Maryland was one of the first states to adopt Diebold’s paperless touch-screen systems in 2002 and, as previously reported, spent millions of dollars , in an initiative with Diebold at the time, to promote the new electronic voting systems to state voters.
The security problem exists in both Diebold’s paperless touch-screen systems, as well as their newer models which include a so-called “voter-verified paper trail.”
The BRAD BLOG broke exclusive details of the story originally on Friday before last, several days before the MSM joined the fray…but we’re glad that they’re all finally paying attention.
Apparently, though Diebold was apprised of the serious security problem back in early 2004, Diebold programmers and company officials appear to have done nothing to fix the flaws which were found as still present in voting systems being sold by the company this year. In March of this year, an independent security analysis of Diebold touch-screen systems deployed in Utah for the first time, confirmed the continuing presence of the same flaw and, additionally, found even more troubling details surrounding the same security vulnerability.
At least one computer scientist and E-voting expert has now described Diebold’s delinquency in failing to correct the problem after two years to be “criminal” and meriting complete decertification.
Furthermore, the security vulnerability — being described by computer security professionals as “the most serious security breach that’s ever been discovered in a voting system,” and “a major national security risk” — appears to be yet another apparent violation, by Diebold, of federal Voting System Standards…
The RABA Report…Ignored by Diebold Since January 2004
Douglas Jones, a computer science professor and e-voting expert at the University of Iowa has written that the new revelation — that Diebold knew about the problem as long as ago as 2004, but did nothing to correct it — merits at least decertification of Diebold’s touch-screen voting systems, if not criminal charges for their negligence in failing to correct the problem.
The 2004 RABA report which Jones was reacting to, clearly points to the problem which was thought to have been revealed for the first time in an examination of Diebold’s AccuVote TSx touch-screen voting system in Emery County, Utah in March.
That analysis, by Finnish computer security specialists Harri Hursti as well as the firm Security Innovation, was arranged by non-partisan e-voting watchdog group BlackBoxVoting.org. A version of Hursti’s report of the findings from Emery County, describing a “three-level security flaw” was posted on their site last week, slightly redacted for security reasons.
As it turns out, the RABA report, commissioned by the state of Maryland in 2003, reported the problem previously, and yet, apparently, nothing was done to mitigate the issue by either Diebold or state officials. Moreover, neither Diebold, nor the state of Maryland bothered to alert any other states or federal authorities to the enormous design flaw (which has actually been revealed as a “feature” purposely built into the systems by Diebold, reportedly to make updating system files and software much easier.)
That “feature” however, also allows anyone with access to the machine, to completely overwrite the installed software in a matter of minutes and without the need of a password.
“It seems that Diebold has deliberately opted to ingnore [sic] this finding of the RABA report,” Jones wrote in an email sent to an Iowa election official on Monday.
“They clearly had time, between then and now, to do the re-engineering necessary to correct this security flaw. If I had my way, the failure to correct a flaw of this magnitude would be considered criminal,” the professor wrote.
Jones’ email, released to Election Integrity activists goes on to say, “Given this, it seems to me that a call to decertify is quite reasonable, far more than it would have been had Diebold not had a 2-year warning about this design flaw.”
The section of the RABA report pointed to by Jones as evidence that the problem had been revealed to both Diebold and the state of Maryland in 2004 is as follows:
Wrote Jones, “This appears to clearly document: 1) The RABA group found and documented this flaw 2) Diebold has been sitting on it for most of 2 years, and has apparently opted to do nothing about it.”
The paragraph from the RABA report was apparently first uncovered recently by a poster at DemocraticUnderground.com.
David Allen, an Election Integrity Advocate from BlackBoxVoting.com (as distinct from BlackBoxVoting.ORG) contacted Jones after reading the DU post, to confirm whether or not the security issue cited in the RABA report seemed to be similar to the information revealed in the new report by Hursti based on the Utah analysis of Diebold machines.
“This is exactly the same problem!” Jones wrote in reply. “Thanks! I’ve been wondering whether this vulnerability was hiding in one of those old security evaluations.”
But Wait…There’s More!
Bev Harris, of BlackBoxVoting.ORG pointed out — in light of the discovery of the previous RABA revelations — that the newer Hursti report, in fact, revealed two more levels of security flaws not covered by RABA. She describes those two other levels of vulnerability as even more troubling than the warnings in RABA report concerning the ease of replacing election software on the systems.
She explained that both the bootloader (the firmware or “BIOS”) and operating system were found to be vulnerable to such an attack as well and described those problems as “bigger” potential exploits.
As well, Harris detailed additional items discovered by her team which went beyond the RABA report. For example, she describes the Hursti finding that no password or authentication is necessary to exploit these security holes and that additional “mechanisms…can be used instead of the PCMCIA card to contaminate the system.”
Johns Hopkins e-voting expert and computer scientist Avi Rubin confirmed the similarities discovered earlier by the RABA report and agreed that the Hursti report offers additional details, believed to be previously unknown by experts. As reported by Allen, Rubin wrote after reviewing the section from RABA:
Diebold Said to be in Violation of Federal Voting System Standards…Again
John Gideon, executive director of the non-profit elections advocacy organization VotersUnite.org (and a frequent contributor to BRAD BLOG) has suggested that these latest Diebold security matters are again in knowing violation of the FEC Voting System Standards (VSS).
In the VSS Volume 1, Section 6.4.1 “Software and Firmware Installation,” Gideon points towards the “requirements for installation of software, including hardware with embedded firmware.”
That section, as quoted by Gideon in an email to The BRAD BLOG, requires that system firmware must be “shown to be inaccessible to activation or control by any means other than by the authorized initiation and execution of the vote-counting program.”
Gideon says that the latest Diebold security hole seems to violate that standard, which must be met in order for electronic voting systems to receive Federal certification.
“Again,” wrote Gideon in the email, “it appears to my non-techie eyes that Diebold has violated the voting systems standards and that they were allowed to do this by the ITAs and NASED [two of the federal authorities responsible for testing, federal certification, and oversight to assure compliance with the Voting System Standards].”
A previous security flaw, discovered in December of 2005, also by Hursti and BlackBoxVoting.org, revealed that all Diebold voting machines — both touch-screen and optical scan systems — appear to be in violation of yet another VSS guideline which bans, “interpreted code”, a certain type of computer code found to be in Diebold machines. That type of code, specifically banned by federal guidelines, was exploited by Hursti in Leon County, Florida to hack a mock-election on a Diebold optical scan system. The attack was a success, completely flipping the election results and leaving no discoverable trace, save for the paper ballots, behind.
At this time, the governing federal authorities, including the Election Assistance Commission (EAC) and the National Association of State Election Directors (NASED) have failed to condemn, censure, reprimand or decertify Diebold in any way — despite their growing string of recently revealed and knowing violations of federal Voting Systems Standards.
And Once…Even Rightwingers Cared About E-Voting Security
Interestingly, rightwing media outlet NewsMax.com covered many of the concerns about security in Diebold’s voting systems in an article in February of 2004 following the release of the RABA report. Though most right-leaning publications have either ignored or ridiculed questions about Electronic Voting Machine security since the 2004 Presidential Election, the NewsMax article from early 2004 touched on many of those concerns.
In regard to the RABA report, NewsMax wrote: “Amazingly, Diebold officials hailed the report as proof that ? if not tampered with ? their election machines should work perfectly.”
They also quoted Rubin, who was part of a team at John Hopkins that issued their own report [PDF] on security problems in Diebold systems back in 2003. NewsMax reporter Charles R. Smith quoted several paragraphs from the Hopkins report which are interesting in light of the recent revelations:
“It would be far easier for someone to fix an election by modifying the software at Diebold’s installation or elsewhere before it is delivered to election offices to install on all the machines,” concluded the Johns Hopkins report.
The Other Redacted Report…Was Diebold Warned Even Earlier?
There was at least one other independent security evaluation made of Diebold’s touch-screen voting machines in Maryland from around the same period. That report is a “Risk Assessment” commissioned by the state of Maryland from the Science Applications International Corporation (SAIC). It predates the RABA report.
“The Raba report in Maryland findings were similar to the report issued by SAIC,” Diebold spokesman David Bear told NewsMax at the time.
However, approximately two-thirds of the full 280-page SAIC report was redacted before it was released to the public [PDF] in September of 2003. Speculation has therefore swirled amongst the Election Reform community of late about whether or not that report also contained information and warnings on the same serious system flaws which went otherwise unannounced and uncorrected in the many months prior to the 2004 Presidential Election, and on up through the recent discoveries.
The BRAD BLOG is, as expected, attempting to obtain a complete, unredacted copy of the SAIC report in order to learn more.
UPDATE 5/20/06: NPR covers story…
UPDATE 5/21/06: NEWSWEEK COVERS STORY!…
Unbelievable that Diebold has been able to get away with all this crap….so far.
Brad…
…You and I both know why nothing was done…it was PLANNED that way.
…This electronic voting system was designed to cheat.
…I think you should re-Headline the piece to reflect that.
I’m listening to The Randi Rhodes show right now and a very interesting show indeed! She just interviewed the chief Marketing Officer of ChoicePoint because he wanted to refute “blogger (here we go again)” Greg Palast’s earlier appearance discussing the new book he AUTHORED.
Once again as with Brad’s “debate” on the radio recently with an election official, he wouldn’t agree to come on the show unless Palast was on hold during his interview. These “bloggers” (or the truth) are just too intimidating I guess.
Go here to download the Rhodes show from May 16th.
It’s long overdue that Diebold’s chickens come home to roost.
Hursti, BBV, Security Innovations, Bev Harris, Bruce Funk, Stephen Heller and Ion Sancho have been heroic pathbreakers in getting the goods on these machines and some of them have paid a heavy personal price. With Hursti’s most recent revelations–that some of the vulnerabilities CANNOT BE REPAIRED OR MADE SECURE–it begs the question how any election official can continue to use these machines.
Diebold memos have long revealed that they knew about various security vulnerabilities yet chose to do nothing, presumably because it was more convenient for their staff.
It is even harder to understand how Election Boards across the country can continue to believe Diebold’s steady stream of oft-repeated lies.
These machines should have their certification revoked immediately and states, counties and municipalities that have purchased their machines should give serious thought to legal proceedings against Diebold.
Locations that purchased other voting machines should entertain the possibility that their equipment is every bit as unreliable and insecure as Diebold.
This is the time for citizens to get informed and start asking question. (Ask at blackboxvoting.org in the 1-on-1 Consulting forum if you want to take action in your local area but you’re not sure how to proceed.)
Thanks for all you do Brad. I haven’t emailed my friends or relatives for a long time about the election 2004 irregularities. But now I think I am going to remind everyone within reach of my email account about my previous claims that e-voting was (is) very vulnerable. This article here has a ton in it. I think this article would be the perfect thing to show all of them.
…of course they didn’t "fix" those pesky machines, heh, heh
Speaking of Palast, did anyone catch him this last Sun a.m. on Washington Journal? It was a "round table" discussion with …well, I forget who exactly, as if it really matters, LOL …it was some ol codger who heads up a seminal "conservative" organization, and he spent most of the time fiibustering Greg with the usual "you’re an UNAmerican CONSPIRACY THEE-RIST!," and of course would always dodge confrontation and shift gears when Greg would calmly site the documentation that proved his point.
That old guy was just stammering, fit to throw a rod when Greg would state that our press is virtually a closed system of state/corporate propaganda, and that there is no "oil market," but rather a Saudi oil market we’re ensarned in.
Brad,
We have known the Diebold touchscreens load updates via PCMCIA cards for a long time now. Yes, RABA mentioned it. No doubt Doug Jones knew it. We at Black Box broke the story a year before RABA and then got it confirmed by James Dunn’s declaration in early ’04 – if you recall, he is the whistleblower Diebold temp who worked the California primaries and noted that different versions of Diebold files were getting loaded and not tracked.
What Harri added to the picture is the firm knowledge that there isn’t any validation – nothing inherent in the system makes sure that what’s loaded is a valid Diebold-supplied (and "certified", for whatever that’s worth) file. You can load a copy of a tic-tac-toe game in there, give it the right filename for whatever type of file you claim it is, and the TS/TSx will load it.
The machine won’t boot if it’s an old videogame of course, but the point is there’s no checking and it WILL start up a completely faked Windows CE installation or a "stunt bootloader".
That’s problem one.
Problem two is that it’s impossible for a county elections official to tell what code is really in there. Yes, the machine reports version numbers on startup but if you’re going to fake a code set, faking the version numbers is simple.
Problem three is that given how critical physical ("case") security is related to access to the PCMCIA slots, making sure anybody could get in and out with nothing but a standard Phillips screwdriver while leaving no trace is inexcusable.
Only an onsite inspection by people outside of the voting system industry and agencies could have documented all this. And doing so has moved the ball forward a good solid distance.
There have been misrepresentations that RABA covered all of this. Posters on DU have libeled Hursti as a plagiarist. This is unconscionable. Yet the election integrity community has yet to take these individuals aside and inform them of the harm they are doing to Hursti’s reputation at a critical time when we’ve finally made the pages of the New York Times.
The RABA report is online. Anyone can see that the bootloader is never mentioned as a separate installable component, that the lack of validation means that completely malevolent components including an entirely subversive bootloader or anything else can be loaded and that NO elections official can possibly tell what’s been done. I also note the lack of any mention of creative uses of screwdrivers as a security threat in the RABA document. There’s certainly no photographs of the Diebold motherboard by RABA.
Now, all that aside, it IS worth noting that Diebold knew that people were at least thinking about the PCMCIA slots as an attack vector several years ago. While we on the "outside" may not have known about the lack of validation of the files, Diebold sure as heck knew and has done nothing, and kudos to Brad for pointing this out!
Time to vote Diebold off the island.
Hidden Hand #6
The Washington Journal?
Really?
People in the same room, LIVE, with Greg Palast? The investigative reporter who knew all about the 2000 election theft WHILE IT WAS HAPPENING and couldn’t get Salon.com to cover it because Jeb Bush said everything was OK?
That Greg Palast?
No!
Brad:
I want to thank you once again for your coverage, and resulting dissemination of the inherent risk that electronic voting poses to the future of our form of government.
I am very glad that Jim March has added clarification of the differences between what was previously known, and the latest report sponsored by and distributed by Black Box Voting (org).
Jim and I were in constant contact during the latter half of 2003. We went over the SAIC, Compuware, and later RABA Reports thoroughly. Both Jim and I submitted Comments to the California Secretary of State’s Voting Systems and Procedures Panel throughout the fall of that year. We also were in touch with Bev Harris. Her making available the contents of the FTP site, and the subsequent emergence of the Diebold Memoes, were a treasure trove of "gems" that hinted at all the various security vulnerabilities resident in the Diebold voting systems. We attended and testified at every VSPP hearing held that fall. When I asked a series of questions regarding the known security risks in my public testimony the reaction from the chairman was "That’s interesting". It took several months of misrepresentations and outright lies before the VSPP and Kevin Shelley finally started to realize what we had been telling them was true. Ending in the culmination of the de-certification of the TSx by Kevin Shelley in April 2004. Shorthly thereafter he started being hounded from office.
Black Box Voting has provided the consistent and relentless push that this movement has needed. The information that has had to be gathered from various sources, despite the obstruction, obfuscation, and stonewalling of election officials and vendors, which established they had something to hide. Because of the courage of a few election officals, the perseverence of Black Box Voting, and Bev Harris in particular, led to the opportunity to examine an actual touch-screen voting machine. The suspicions were more than confirmed. they were validated and enhanced.
In the Staff Report issued by California Secretary fo State Kevin Shelley in April 2004, it describes a pattern of deception engaged in by Diebold in relationship to its seeking certification of its AccuVote-TSx touch-screen voting system.
This despite the assurances of Diebold Election Systems’ President Bob Urosevich at a public hearing that Diebold was instituting a "new day" in its approach to complying with the law. I can assure your readers that the attitude and reception of the VSP Panel to voting activists changed markedly between the October public hearing and the following April hearings. They discovered that we were right about Diebold Election Systems and their corporate personality. That personality had already been revealed in the Memoes.
Here we are two years later and they are still using every tactic possible to prop up their untenable position and product. What they have engaged in is a form of domestic terrorism, the willful and duplicious subverting of our right to choose our representatives. They are just as culpable in attacking our form of government as are those supplying means to attack us physically.
We knew from the Memoes that it was acceptable in the organization to deceive election officials and the public. We now know that the public pronouncements made by Diebold of addressing the security risks revealed in every prior report were a lie. Even now, they had the gall to describe these major security risks as "low". It also appears there is a campaign to attack the "messenger". I urge all voting reform activists not become part of such a campaign.
There is no mitigation available to ensure the public that these voting systems have not been compromised short of stripping them of all coding and re-installing trusted firmware and software, without the inherent security risks. Barring that, these voting systems should not be used in another election. The Department of Justice, and State Attorney Generals should also start a criminal investigation.
Maryland vote from 2004 ….. rough #s
750,000 repubs produced 1,100,000 bush votes
1,200,000 dems produced 1,200,000 Kerry votes
https://BradBlog.com/Images/emoticons/doze.gif
Hi Brad! One quick correction to your story. Diebold didn’t find out about this "flaw" when RABA told them about it two years ago, they knew about it the day they signed off on the design and called it a "feature".
The real question is who the people are behind the RABA study that knew about it. What qualifications do the ‘red team’ members have to do these tests?
What are their backgrounds?
Just a hint, for many of the red team members, there’s no need to phone their former employer, they’re already on the line. 😉
Hi, Brad, and thanks for continuing to cover the story. Pat Vesely beat me to it — but I think this point should be underlined.
Diebold knew, because Diebold DESIGNED the back doors into the system. What you have is three levels with separate back doors designed into each of the three levels. If someone spots one, closes it, you can always use one of the other back doors to go right back and reopen it.
Or, in the politician’s sound byte, "It’s the DESIGN, stupid!"
One reason Diebold is admitting this so quickly and "fixing it" is that they want to get the press reporting "Diebold is fixing its system" instead of the even more fundamental question, "How did this get in there in the first place?"
Who designed this in? How can we subpoena that person and get them under oath for public questioning in front of TV cameras?
The importance of Watergate-style hearings is this: To implement REAL election reform, the American citizenry needs to see these lying, spinning bastards doing their obfuscation before congressional examiners. Taking a page from the tobacco industry expose’s, it may be more feasible to do this at state levels and compile together results, since the federal level lacks the will to do the people’s business.
It’s going to take public hearings and exposure of the pattern of false claims and lies to galvanize the public to FORCE representatives at the federal level to take appropriate action.
It is, of course, inaccurate to depict the Hursti II study as repeating the RABA study — it breaks new ground with several stunning developments. Among these are that there are three different back doors built into three different levels — the PCMCIA card software delivery is one of the delivery mechanisms, but the report describes others as well, including the use of a (redacted) hardware connector and the use of a hidden SD card built into the motherboard.
The importance of the Emery County study performed by Hursti and Security Innovation is that it takes away all excuses and produces real evidence, not theories or snippets from memos or words from interviews, but demonstrable evidence that these back doors are designed in to the latest systems delivered just weeks before the study.
I believe Hursti has done our republic a great service by proving, once and for all, that these machines contain multiple delivery mechanisms which can enter through multiple back doors on at least three different levels, built in.
Let’s keep our eye on the ball: The question now is not "can Diebold redesign it" but "who put this elaborate system of back doors in?"
You see, if the back doors are designed in by a Diebold programmer, you have to get the guy under oath and learn straight from his lips what he thought he was doing. This is not a situation where the PR team should be answering those questions. If a Diebold programmer did this, perhaps we should think twice before asking him to "fix" his own back doors.
Brad
You indicated that "criminal charges for their negligence in failing to correct the problem" …
This is not criminal negligence, because, as Bev and Jim point out, it is deliberate. That means intentional.
The IT department at Diebold which does the election machines does not operate at the professional level that the ATM machine division does.
This is intentional or in other words by design.
Three people are in charge of the IT departments at Diebold, Sequoia, and ES&S. This tiny number of people can effect the votes of hundreds of millions of people, and therefore they are clearly targets of nefarious scheming that would destabilize the election system of the United States.
If that system is now destabilized, which is what all these stories scream, democracy itself in the United States is destabilized.
Which leads to a republican dictatorship, if one accepts the definition of a modern and sophisticated dictatorship: that is, a modern dictatorship exists anytime the will of the people cannot be expressed by their votes.
I’ll chime in a little as well,
1. Indisputable evidence, that voting machines were intentionally built with three separate, unique and fatal design flaws, so that results could be altered without detection if someone wanted to…
vs.
2. Indisputable evidence that voting machines had a severe problem (only part of "one of the three" identified by Hursti), and the manufacturer didn’t fix it after RABA’s detection…
I have no doubt that all real BBV activists would choose door #1.
John
Larry,
Yes, the one and only Greg Palast, live on W.J. in a "round table" discussion. Don’t know if C-SPAN provides video links to W.J. segments or not, but you could try there if you want to see it.
As to what you mentioned, yes, exactly! CBS contacted Greg about his story and said they wanted to check into it, Greg said by all means do. A few days passed and it became clear nothing was breaking, Greg contacted CBS and was told that they contacted Jeb Bush’s people who naturally denied any wrong doing, and that was good enough for CBS to DROP IT. The target of the allegations made the deciding factor for our press to leave it alone.
…but hey, there’s not really any, ahem, "conspiracy" at work here. :plain:
Links with topic descriptions related to recent BBV Hursti II Report is here.
Just reading the list of topics is quite interesting.