The indispensable John Harvey is continuing his quest to stop election fixing in Shelby County.

In a press release emailed yesterday morning (not available on the web), Harvey once again spanks the local election commission for issuing false statements.

Briefly, WMC news has discovered that there are videos on the internet that clearly demonstrates the vulnerability of Diebold voting machines to vote-stealing software. The video in question is one produced by a Princeton University professor that exposed the flaw.

Shelby County Election Commissioner Rich Holden responds to WMCTV by asserting:

People are not going to have that unfettered access to these machines,” says Shelby County Election Commissioner Rich Holden.  “It’s not going to occur.  It’s not going to occur in Shelby County because you’re not going to have that kind of access.”

The video claims that all a hacker needs is one minute in front of the machine.

It may be true – admits Holden – but it won’t happen in Shelby County because – he says – there’s too much oversight.

Yet John Harvey has posted pictures of unattended Diebold machines taken just three days before an election.

But even if the machines are kept locked down, even if security is heightened to Israeli airport levels, can we really trust every night guard, every cop that transports the machine, every precinct captain that takes the machine home the night before an election? I think not.

To see how vulnerable the Diebold machines are, you can watch the entire ten minute video produced by Princeton, a three-minute Fox News clip in which the Princeton professor demonstrates his findings, or view the Princeton report in PDF format. Or you can keep reading.

Basically, this is what the professor found:

  1. Malicious software can easily be installed on a Diebold machine, a process that takes less than one minute.
  2. During the election, a percentage of votes for one candidate are given to another. The exact amount is determined by the person who writes the virus.
  3. Infected Diebold machines can infect other machines via the memory card that voters use to cast their ballot. The infected machine alters the card and when it is reused by another voter on another machine, that machine is compromised.
  4. At the end of the election, the virus deletes itself, leaving no traces that it ever existed on the Diebold.

It has long been known that Diebold machines have more security holes than any random Microsoft patch Tuesday and frankly I am rather amazed that any election official would trust our votes to these machines.

In 2003, five years of Diebold company announcements, software bulletins and internal e-mails were released to the public by a hacker.

In one series of e-mails, a senior engineer dismissed concern from a lower-level programmer who questioned why Diebold lacked certification for the operating system in touch-screen voting machines. The Federal Election Commission requires such software to be certified by independent researchers.

In another e-mail, an executive scolded programmers for leaving software files on an Internet site without password protection.

In October 2005, the Diebold Accuvote 2000 Optical Scan was compromised with homemade devices, awarding 10,000 votes to a candidate without leaving any traces of the crime.

Last August, demonstrated a way to compromise the Diebold ballot scanner and details how poll workers routinely store the machines and election materials at their homes the day before an election.

Also in August, the Open Voting Foundation showed how flipping a single switch can cause a Diebold machine to boot from an unverified external flash card rather than the EPROM.

Of course, even if they fix every security vulnerability on these electronic machines you could still hack the central tabulating computer or manipulate the GEM.

Can we please go back to paper ballots?

Technorati tags: , , .