Brad Friedman on the Princeton study

Thank God Salon has finally dumped Farhad Manjoo…

Hack the vote? No problem
Diebold, the e-voting-machine maker, has long sworn its systems are secure. Not so, says a new Princeton study. Converting votes from one candidate to another is simple.
By Brad Friedman

Sep. 13, 2006 Having reported extensively on the security concerns that surround the use of electronic voting machines, I anxiously awaited the results of a new study of a Diebold touch-screen voting system, conducted by Princeton University. The Princeton computer scientists obtained the Diebold system with cooperation from VelvetRevolution, an umbrella organization of more than 100 election integrity groups, which I co-founded a few months after the 2004 election. We acquired the Diebold system from an independent source and handed it over to university scientists so that, for the first time, they could analyze the hardware, software and firmware of the controversial voting system. Such an independent study had never been allowed by either Diebold or elections officials.

The results of that study, released this morning, are troubling, to say the least. They confirm many of the concerns often expressed by computer scientists and security experts, as well as election integrity activists, that electronic voting — and indeed our elections — may now be exceedingly vulnerable to the malicious whims of a single individual.

The study reveals that a computer virus can be implanted on an electronic voting machine that, in turn, could result in votes flipped for opposing candidates. According to the study, a vote for George Washington could be easily converted to a vote for Benedict Arnold, and neither the voter, nor the election officials administering the election, would ever know what happened. The virus could also be written to spread from one machine to the next and the malfeasance would likely never be discovered, the scientists said. The study was released along with a videotape demonstration.

Read more.

  1. Chris

    September 15, 2006 at 3:52 pm

    Unfortunately the problem is worse than what the Princeton study and numerous other demonstrations have shown : that the system can be hacked AFTER or at the time it is running. This is know, has been known for a long time and, yes, this study makes it even more clear.

    The big elephant in the room, however, is that the code itself, from the very time it is manufactured can be easily modified to manipulate counts.

    For example, you could put a flag in that adds a vote one way or the other for every couple of thousand votes. For a semi-skilled software engineer this flag would be very easy to implement and also pretty easy to cloak. You could make it so that it would be very hard to trace even with the code in front of you.

    That is why really one of the best solutions is the open source voting code showcased here :

    Open source means that not just one but hundreds and thousands of engineers have access to the code and get to review it constantly. Think of wikipedia but for software, but more limited in its scope than wikipedia because it would be the code for one project only. The open source process has led to the development of numerous super secure Unix flavors over the years (Unix = a type of Operating System used anywhere from home to military to space flight applications). Just to give you a sense of it, Unix is to Windows what a heavy tank armored truck is to a Datsun pickup. This might be overstating it a little, but not by much :). Point is, open source software has led to some of the most secure software on the planet and its so ironic that it has its home in many ways in the US (although it is certainly world wide), yet it is the US that turns its back on this proven engineering concept when it comes to the technology that should be prized the most (namely voting technology).

    Lastly, implementing widely reviewed software processes like that will be much cheaper, yet more effective.

    I suggest all of us support the open voting consortium.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.