The main findings of the study are:
1. Malicious software running on a single voting machine can steal votes with little if any risk of detection. The malicious software can modify all of the records, audit logs, and counters kept by the voting machine, so that even careful forensic examination of these records will find nothing amiss. We have constructed demonstration software that carries out this vote-stealing attack.
2. Anyone who has physical access to a voting machine, or to a memory card that will later be inserted into a machine, can install said malicious software using a simple method that takes as little as one minute. In practice, poll workers and others often have unsupervised access to the machines.
3. AccuVote-TS machines are susceptible to voting-machine viruses—computer viruses that can spread malicious software automatically and invisibly from machine to machine during normal pre- and postelection activity. We have constructed a demonstration virus that spreads in this way, installing our demonstration vote-stealing program on every machine it infects.
4. While some of these problems can be eliminated by improving Diebold’s software, others cannot be remedied without replacing the machines’ hardware. Changes to election procedures would also be required to ensure security.
In fairness to Diebold and according to the statements released by Diebold, they disagree with the findings and they also, bring into question the unit used for the study.
September 13, 2006 – “Three people from the Center for Information Technology Policy and Department of Computer Science at Princeton University today released a study of a Diebold Election Systems AccuVote-TS unit they received from an undisclosed source. The unit has security software that was two generations old, and to our knowledge, is not used anywhere in the country. Normal security procedures were ignored. Numbered security tape, 18 enclosure screws and numbered security tags were destroyed or missing so that the researchers could get inside the unit. A virus was introduced to a machine that is never attached to a network.”“By any standard - academic or common sense - the study is unrealistic and inaccurate.”And in the best tradition of ping pong, we now return to Felten as quoted by the “Daily Princetonian” who disagrees with Diebold’s disagreement.
"The things they say they've fixed are not the problems we reported," Felten said. "As far as we can tell, the changes they're pointing to would not solve the problems ... The problems we report can only be fixed by redesigning the actual hardware on the machine."
It would seem all the attacks require physical access to the machines and again in fairness to Diebold it would seem that some effort (hence time) would be required to insert for example virus code into a voting machine. Also, unless the virus could be replicated to other machines, each tampering would relate only to the machine tampered with.
Still, when looking at the screenshots in the Princetown report, one does find one oddity in relation to the Diebold statement “a machine that is never attached to a network”. A screenshot from the software showing the ability to download results and with details such as Network type, Hostname and Phone number, one does have to wonder a little. Diebold also state they use (amongst other measures) SSL for “transmitted” results.
We urge you to read the entire report and also the Diebold statements on the matter.
- The study by Ariel J. Feldman, J. Alex Halderman, and Edward W. Felten
- The Diebold response
- The Daily Princetonian article