Guest Blogged by John Gideon (with additional snark provided by Brad Friedman)
The Washington Post is reporting in Friday editions that the FBI is investigating the "possible theft" of Diebold electronic touch-screen voting system source code in Maryland.
While the Maryland State Board of Elections admits that the disks contained "the software...used in Maryland in the 2004 elections," Diebold denies everything. Of course. They gave their catch-all apologia --- the software is for "versions...that are no longer in use in Maryland" --- although they were forced to acknowledge "the version of one program apparently stored on the disks is still in use in 'a limited number of jurisdictions.'"
The disks feature logos from Ciber Inc. and Wyle Labratories, Inc., two labs that test voting machines and software (sort of) for Diebold. Both firms deny the disks are theirs.
According to the article...
Three years ago, Diebold was embarrassed when an activist obtained some of its confidential software by searching the Internet. The company vowed to improve its security procedures to prevent another lapse.
The release of such software poses a risk, computer scientists say, because it could allow someone to discover security vulnerabilities or to write a virus that could be used to manipulate election results."
WaPo goes on to report...
"I would be stunned if it's not real," Rubin said.
Rubin, who has said that electronic voting systems that do not produce a paper record of each vote cannot be secured, led a team that produced an analysis that pointed out security vulnerabilities in the Diebold software found on the Internet in 2003.
Sam Small, the graduate student, said the version of Ballot Station "was consistent with what we've seen previously." Small could not gain access to the GEMS software because the material on two of the disks was protected by a password."
The Diebold statement said "it would take years for a knowledgeable scientist" to break the encryption used on the software apparently contained on the disks delivered to Kagan. But Rubin said "the data and files were not encrypted" on the Ballot Station disk he reviewed.
So will Diebold just continue to deny that anything has happened or can happen? Will MD State Election Director Linda Lamone just pass on Diebold disinformation as she always does (despite knowing better...since she's seen the unredacted scientific reports on these systems from security organizations like SAIC and RABA?) Or will someone finally understand that this is a massive problem that needs immediate attention?
Maryland, along with Georgia, was one of Diebold's original "showcase states," implementing Diebold's hackable paperless touch-screen voting across virtually the entire state since 2002. With failure after failure, we might add.
If it's all not bad enough, in what is reported by WaPo as "an unrelated development" in the same article, a new report from Maryland state auditors revealed that the state's new voter registration database does not have proper security controls in place for access to the data...