Friday, September 16, 2005

One nation, under Diebold

From The Brad Blog (via The Raw Story):

In exclusive stunning admissions to The BRAD BLOG some 11 months after the 2004 Presidential Election, a "Diebold Insider" is now finally speaking out for the first time about the alarming security flaws within Diebold, Inc's electronic voting systems, software and machinery. The source is acknowledging that the company's "upper management" -- as well as "top government officials" -- were keenly aware of the "undocumented backdoor" in Diebold's main "GEM Central Tabulator" software well prior to the 2004 election. A branch of the Federal Government even posted a security warning on the Internet.

Pointing to a little-noticed "Cyber Security Alert" issued by the United States Computer Emergency Readiness Team (US-CERT), a division of the U.S. Department of Homeland Security, the source inside Diebold -- who "for the time being" is requesting anonymity due to a continuing sensitive relationship with the company -- is charging that Diebold's technicians, including at least one of its lead programmers, knew about the security flaw and that the company instructed them to keep quiet about it.

"A vulnerability exists due to an undocumented backdoor account, which could [allow] a local or remote authenticated malicious user [to] modify votes," states the US-CERT alert, issued in August, 2004.

"I was aware of the Diebold security flaw and had heard about the Homeland Security Cyber Alert Threat Assessment website, so I went there and 'bingo,' there it was in black and white," the source wrote. "It blew me away because it showed that DHS, headed by a Cabinet level George Bush loyalist, was very aware of the 'threat' of someone changing votes in the Diebold Central Tabulator. The question is, why wasn't something done about it before the election?"

The CEO of North Canton, Ohio-based Diebold, Inc., Walden O'Dell has been oft-quoted for his 2003 Republican fund-raiser promise to help "Ohio deliver its electoral votes to the president next year." O'Dell himself was a high-level contributor to the Bush/Cheney '04 campaign as well as many other Republican causes.


In trying to understand why the U.S. Homeland Security Department's Cyber Alert didn't force Diebold to make fixes, patches or corrections quickly available for their software prior to -- or even since -- the '04 election, DIEB-THROAT repeated over and over that Diebold was simply "not concerned about security".

"They don't have security solutions. They don't want them...They leave security policy issues up to the states. They've known about this for some time. They don't really care," the source said, comparing the security flaw to "leaving the front door at Fort Knox open." It's just "blatant sloppiness and they don't care."

The versions of the GEMS Central Tabulation software listed on the US-CERT site are 1.17.7 and 1.18 and DIEB-THROAT says the same versions of the same software are still in use by States around the country and haven't had any fixes or patches applied to correct the problem.

Obviously, this administration is not going to take this issue seriously. I'm hoping it's not too much to ask that my Democratic Secretary of State, Cathy Cox, might take an interest. But given how much she has invested in believing that the system is fool proof, I'm not holding my breath.

To give her a chance, I did write the following e-mail to her:

Dear Secretary Cox,

Previously, theories about potential problems with the Diebold's electronic voting machines have been announced by various computer scientists.

Now we learn from the US-CERT website that the reality of an undocumented backdoor was known to the government, and neither they nor Diebold itself took any action to correct this backdoor.

What are you doing to ensure that the faith we need to have in Georgia's elections are justified?

Thank you,
Charles Smith

I'll let you know how she responds.

See also: Diebold


Post a Comment

<< Home