Media Then Reported Diebold's Downplaying of Threat as State's Own Assessment
(Why not just do away with the middle man and let Diebold run everything?)
By Brad Friedman on 5/15/2006, 8:31am PT  

"It is like the nuclear bomb for e-voting systems," said Avi Rubin, computer science professor at Johns Hopkins University. "It's the deal breaker. It really makes the security flaws that we found (in prior years) look trivial."
-- From Security Focus, 5/12/06

Pennsylvania officials warned local election registrars last week about the vulnerability in the mechanism that installs and upgrades software on Diebold equipment. It said the risk of the vulnerability being exploited was "low".
-- From AP, 5/11/06

The first graf above, quoting Rubin, comes from a superb and indepth article by Robert Lemos at Security Focus on the latest Diebold security disaster. We recommend his report for a host of reasons, amongst them; his broad coverage of dozens of the stories we've yelled and screamed about here at The BRAD BLOG over the past several months, but also because he adds loads of details to the latest Diebold mess which is finally being picked up by the mainstream media. Big time. (Here's an eye-popping compilation of scores of articles from just last Wednesday, Thursday and Friday, with many more to come.)

We point to Rubin's quote --- similar to on the record statements from of the other computer scientists and e-voting security professionals familiar with the details of the built-in "feature" in Diebold's touch-screen systems now revealed to be an extraordinary security vulnerability --- by way of contrast to the way both Diebold and the State of Pennsylvania (and subsequently the bulk of the media) reported their characterization of the problem. That would be the second graf of this story in which AP quotes PA officials describing the risk as "low."

From Diebold's Mouth to Your Ears...

We're often asked, by media folks and others, why it is that Election Officials seem to stand by their E-Voting Machines and Vendors, such as Diebold, ES&S and others, instead of holding them accountable and independently verifying their (usually unsupported) claims about the security and reliability of their voting machines --- as Leon County, FL Supervisor of Elections, Ion Sancho and Emery County, UT County Clerk, Bruce Funk, both rare exceptions --- did.

Setting aside that both Sancho and Funk have been fighting with state officials to hang on to their jobs ever since, The BRAD BLOG has obtained a few documents which underscore what's really at work in the bulk of Election Official/Election Machine Vendor relationships...

While we're unable to give a definitive answer to those who ask why so many of these Election Officials seem to stand by their vendors, we might suggest it most likely has to do with a) Most of these officials have been wined, dined and wooed by the Voting Machine company reps, and in the process told that anybody who suggests these machines are enormously flawed are little more than kooks, luddites and/or conspiracy theorists (see this story from one of our Diebold insiders, "DIEB-THROAT", on how that works inside the company culture) and b) After Elections Officials pitch these million dollar contracts to their state and county superiors, putting their own reputations on the line in favor of these companies and their systems, it'll be their own asses in a sling if they now admit they were wrong to have done so, and have wasted millions of state and county dollars in the bargain.

There is also the idea that c) Many of these officials hope to get higher paying jobs with the vendors themselves when they leave office. But we'll leave that notion largely aside for now since it's generally speculative (albeit, based on a fair bit of circumstantial evidence to bear it out.)

Once the Election Officials have signed their deal with the devil, however, they've got so much money and reputation invested, and so little ability (time, resources, technical know-how) to actually double-check anything they are told by the company --- technical or otherwise --- that they become little more than company mouthpieces, crossing their fingers, and hoping the company line ends up being the truth come Election Day.

For a practical, easy-to-understand, visual example of how that works, see the two short documents posted in full below.

The first is Diebold's "Notification of Potential Security Threat to AccuVote-TS/TSx Machines" as sent to the Secretary of the Commonwealth in Pennsylvania on May 1, concerning the hugely absurd, newly revealed flaw/"feature"/security risk built in to all Diebold touch-screen voting machines.

The second, is the PA Secretary's "DIRECTIVE CONCERNING THE INSTALLATION OF FILES REGARDING THE DIEBOLD ACCUVOTE-TSX ELECTRONIC VOTING SYSTEM ISSUED BY THE SECRETARY OF THE COMMONWEALTH," issued to county Elections Officials the following day on May 2.

Titles Change, But the Words Remain the Same...

Both documents are, word for word, virtually identically (and "virtually" is rather an understatement). No checks, no balances, no questions, no independent verification of any of Diebold's claims about the problems or the solutions for it. Just a repetition of what Diebold told them, verbatim.

Note the phrase, identical in both the Diebold "notification" and the PA "directive": "The probability for exploiting this vulnerability to install un-authorized software that could affect an election is considered low."

That very phrase, also verbatim, then made it's way into innumerable media stories (see the AP reporte quoted at the top of this piece) which covered this immensely dangerous security chasm, and reported "risk considered low" as the official point of view of "officials in Pennsylvania".

Perhaps Pennsylvania and the other states could save some money and just do away with any pretense of actually testing anything --- since they failed to find this problem (undoubtedly failed to even look for it!) --- or in notifying county elections officials about these problems, and instead just let Diebold take care of everything for them.

Why not? All they seem to do is retype and repeat what Diebold tells them anyway. Taken at face value, and dutifully passed on to the counties...and then to the media.

Have any doubts? See the May 1 "notification" from Diebold and the May 2 "directive" from Pennsylvania's Secretary of the Commonwealth which follow in their near-identical entirety. Other than the change of format, the two documents are virtually identical...word-for-word...

Notification of Potential Security Threat to
AccuVote-TS/TSx Machines

May 1, 2006

Overview:

Diebold Election Systems, Inc. ("DESI") has determined there is a security vulnerability to the AccuVote-TS and AccuVote-TSx equipment in the system installation and upgrade mechanism. This security vulnerability could potentially allow un-authorized software to be loaded onto the system. The probability for exploiting this vulnerability to install un-authorized software that could affect an election is considered low.

To exploit this risk, physical access is required to the PCMCIA slots on the machine during system startup.

Diebold Election Systems is currently working on a fix to this security vulnerability and once it is tested and certified it will be made available to customers.

Procedures to mitigate the risk:

If there is a concern that this security vulnerability has been, or could be, used to load un-authorized software on the system then re-install the authorized software during system startup prior to installing, testing, and sealing the election data PCMCIA card into the unit.

DIRECTIVE CONCERNING THE INSTALLATION OF FILES REGARDING THE DIEBOLD ACCUVOTE-TSX ELECTRONIC VOTING SYSTEM ISSUED BY THE SECRETARY OF THE COMMONWEALTH

Pursuant to Section 1105-A of the Pennsylvania Election Code, at 25 P. S. �3031.5, and revised as required by Act 150 of 2002, the following Directive is issued by the Secretary of the Commonwealth for the installation of files for the Diebold AccuVote-TSX electronic voting system.

1. Diebold Election Systems, Inc. ("DESI") has determined there is a potential security vulnerability in the system installation and upgrade mechanism to the AccuVote-TSX version 4.6.4 equipment, which is currently certified in Pennsylvania. This security vulnerability could allow un-authorized software to be loaded on to the system. The probability for exploiting this vulnerability to install un-authorized software that could affect an election is considered low. To exploit this risk, physical access is required to the Personal Computer Memory Card International Association (PCMCIA) slots on the machine during system startup.

2. Diebold Election Systems shall develop a permanent solution to this security vulnerability, which shall proceed through the ordinary certification process. Once the permanent solution is certified, Diebold shall make that solution available to its customers through the normal software upgrade process.

3. In order to mitigate any immediate risk, all counties using the Diebold AccuVote-TSX shall re-install the authorized software during system startup prior to installing, testing, and sealing the election data PCMCIA card into the unit. The Department of State will furnish the authorized software to the counties on a PCMCIA card along with instructions for its installation.