princeton security analysis of diebold voting machines
Some folks at Princeton's CS department have done a good analysis of a Diebold voting system, the kind used in many elections across the country. They've done a good job of presenting their findings in several different forms, for various audiences ("executive summary", a video, an in-depth technical whitepaper). There's ways for anyone with web access to really grasp the content of their research, which i find pretty admirable.
Folks who know me know my personal preference is for the technical whitepaper, which was actually a great read. It's very clearly explained, sober and direct, and points out the wide range of potential vulnerabilities that the machines share with most commercial PCs, in addition to a series of vulnerabilities specific to the Diebold-proprietary software. If you have any interest in computer security, do yourself a favor and read it. They're thinking about these things the right way.
They're aware of the more general problem of physical access (emphasis mine):
Assuring a computer’s software configuration is also a notoriously difficult problem, and research has focused on mechanisms to ensure that only approved code can boot [1] or that a machine can prove to a remote observer that it is running certain code [28]. For example, commercial systems such as Microsoft’s Xbox game console have incorporated mechanisms to try to resist modification of the boot code or operating system, but they have not been entirely successful [13]. Although mechanisms of this type are imperfect and remain subjects of active research, they seem appropriate for voting machines because they offer some level of assurance against malicious code injection. It is somewhat discouraging to see voting machine designers spend much less effort on this issue than game console designers.Furthermore, they're politically aware of how this study will be attacked or countered, and they're anticipating it directly:
In 2003, Diebold claimed that the AccuVote-TS software provided strong security guarantees:If only people making decisions about electoral machinery would listen to this stuff!The correctness of the software has been proven.. . . The assertion that there are any exploitable attack vectors is false. The implication that malicious code could be inserted into the system is baseless.([7], p. 25, emphasis in original) Our analysis shows conclusively that these statements by Diebold were incorrect—there are several exploitable attack vectors and malicious code can be inserted into the system.We expect Diebold to respond to this paper by offering similar assurances about other versions of their software and about their closely related AccuVote-TSx product. In light of past experience, public officials should remain skeptical until such claims are confirmed by independent investigators with full access to the machines and software.
Lastly, i am quite intrigued by the kind of work the princeton folks are doing. Breaking systems and demonstrating their vulnerabilities for the public good is a great service, and an interesting technical challenge. I'd be happy working on things like this.
Caveats
The authors do include these items, but one can imagine reading the paper and trying to fix each technical vulnerability point by point and glossing over these larger policy points which are currently broken in this country. Even the authors' executive summary does not place enough emphasis on these points.
This is not to say that the techincal details are worthless: they're not, and without this kind of close analysis, public audits of these systems would be worthless. But it should be emphasized that fixing these particular vulnerabilities does nothing to protect the electoral system without systemic changes in the way the infrastructure is chosen and managed.