California Approves Diebold E-Voting

CALIFORNIA APPROVES DIEBOLD E-VOTING….I try not go overboard writing about California issues on the blog, but the decision this week by California Secretary of State Bruce McPherson to approve the use of obviously flawed Diebold voting machines deserves wider attention. Although a panel of experts concluded that the Diebold flaws were “manageable by a reasonably careful combination of short-and long-term approaches,” the language they used to describe these flaws was pretty uncompromising:

Anyone who has access to a memory card…can indeed modify the election results from that machine….Mr. Hursti’s attack on the AV-OS is definitely real….However, there is another category of more serious vulnerabilities….could change vote totals, modify reports, change the names of candidates….no way to know that any of these attacks occurred….classic security flaws….serious flaw in the key management of the crypto code.

And there’s more, as Michael Hiltzik summarized in his Thursday column:

The bugs pale next to another discovery by the panel. This is the presence of a cryptographic key written into the source code, or basic software, of every Diebold touch-screen machine in the country. The researchers called this blunder tantamount to “a bank using the same PIN code for every ATM card they issued; if this PIN code ever became known, the exposure could be tremendous.”

Here’s the punch line: The Diebold key became known in 2003, when it was published by researchers at Johns Hopkins and Rice universities. It can be found today via a Google search.

Yep. Despite the fact that the panel of experts concluded that Diebold could fix all the bugs in their machines in “only a few hours,” the problem with the hardcoded key has been known since 1997 and the key itself has been known since 2003 ? but Diebold has done nothing about it.

(Are you dying to know how to hack into a Diebold machine? Unless your local registrar has bothered to change it, here’s the key: F2654hD4. And the 8-byte password used for Diebold?s voter, administrator, and ender cards is ED 0A ED 0A ED 0A ED 0A. Aren’t you glad this stuff is so easily found on the internet?)

There’s simply no excuse for tolerating even the perception that the voting process is so easily open to abuse. I’m no conspiracy monger, but the fact that Diebold hasn’t corrected these problems despite the fact that they’re obvious, widely known, and easy to fix, does nothing except provoke suspicion ? well deserved or not ? that they’re stonewalling deliberately. I mean, why act so damn guilty unless they really are guilty?