The online world has been buzzing about the relative ease that a
Princeton professor and his students had in
hacking into a Diebold E-Voting machine. In case you've been on vacation of buried in work, here's the original
YouTube Video Announcement,
a dKos link, and a later
Brad Blog Diary.
So far the collective world outside the Internet has put up a collective shrug - in effect, asking what's the big deal? So some brains got into this thing. After all, if FOX News raises a stink, it can't be really that serious. Media has reported it, but the story isn't developing, and so it's slowly slipping below the national attention span. Time to get back to the All Terror All The Time election theme.
In one more attempt to try and get some traction, the blog Freedom to Tinker came up with a very astute illustration, and I've snagged some appropriate images.
The access panel door on a Diebold AccuVote-TS voting machine -- the door that protects the memory card that stores the votes, and is the main barrier to the injection of a virus -- can be opened with a standard key that is widely available on the Internet.
On Wednesday we did a live demo for our Princeton Computer Science colleagues of the vote-stealing software described in our paper and video. Afterward, Chris Tengi, a technical staff member, asked to look at the key that came with the voting machine. He noticed an alphanumeric code printed on the key, and remarked that he had a key at home with the same code on it. The next day he brought in his key and sure enough it opened the voting machine.
This seemed like a freakish coincidence -- until we learned how common these keys are.
A little research revealed that the exact same key is used widely in office furniture, electronic equipment, jukeboxes, and hotel minibars. It's a standard part, and like most standard parts it's easily purchased on the Internet. We bought several keys from an office furniture key shop -- they open the voting machine too. We ordered another key on eBay from a jukebox supply shop. The keys can be purchased from many online merchants.
The money quote:
Using such a standard key doesn't provide much security, but it does allow Diebold to assert that their design uses a lock and key. Experts will recognize the same problem in Diebold's use of encryption -- they can say they use encryption, but they use it in a way that neutralizes its security benefits.
It's not unlike locking your worldly possesions with those little itty bitty locks that are sold for luggage.
And if your thief is unable to visit the closest TrueValue or ACE Hardware Store, they can always resign themselves to replacing the machine's data card out with 20 minutes of phillips screwdriving. That's right - Diebold hasn't even secured this voting machine with tamper-resistant screws.
Keep this issue front and center - talk to your friends and relatives, tell people you know in the media, that electronic voting is insecure and simply opens the door to faster, easier, and cheaper election malfeasance.