At the Hadrian Hotel

At the Hadrian Hotel

Wednesday, September 13, 2006

Security Analysis of the Diebold AccuVote-TS Voting Machine

Ed Felten (author of the Freedom To Tinker blog, among other things) has released an analysis of the Diebold AccuVote-TS voting machine. Here's a short quote from the abstract:

This paper presents a fully independent security study of a Diebold AccuVote-TS voting machine, including its hardware and software. We obtained the machine from a private party. Analysis of the machine, in light of real election procedures, shows that it is vulnerable to extremely serious attacks.

UPDATE: I thought it might be nice to tell Rush Holt, my congressional representative, about this, just in case he doesn't get the Freedom To Tinker RSS feed. :-) I found the timing interesting when I saw that yesterday he had released a statement about the Maryland and D. C. elections. Don't they use Diebold machines?

Technorati Tags: , , ,

4 comments:

Anonymous said...

Yo 10G-

GG here from when we knew each other in 8th-9th grade, when you were in 38x and I was in 26x (further authentication later) and area codes didn't look like prefixes. Looks like we're both still in the geek universe and fighting the good fight. Let's get in touch, where can I write to you?

What you should do next: Start selling those keys online, Ebay or a web site. As souvenirs of course. If you don't want to, I just might, if you send me the details.

I swear, if this doesn't get Americans to wake up, the only hope left is getting rescued by little green men in flying saucers.

-G

Hal Finney said...

Hi - I asked a question on Ed Felten's blog regarding this passage:

"On Wednesday we did a live demo for our Princeton Computer Science colleagues of the vote-stealing software described in our paper and video. Afterward, Chris Tengi, a technical staff member, asked to look at the key that came with the voting machine. He noticed an alphanumeric code printed on the key, and remarked that he had a key at home with the same code on it. The next day he brought in his key and sure enough it opened the voting machine."

I wrote,

"I have to say, there are a couple of things about this story that surprise me. The first is that Christ Tengi recognized the alphanumeric code as matching one on a key he had used on a job 15 years ago to open a file cabinet or a VAX access panel! This would not have been a key that played an important or emotional role in his life, and he had presumably not used it for 15 years, yet on sight he recognized that a new key had the same alphanumeric code. Rain Man himself would have trouble duplicating that feat of memory. Doesn’t that strike anyone else as remarkable?"

I thought I would ask you, how did it happen that you were able to remember the code on a key you had not used for 15 years? Did you save it, as some suggested, as a memento, and perhaps saw it every day when you opened your desk drawer? Or do you simply have remarkable powers of memory?

Unknown said...

The key in question has, in my opinion, a somewhat unusual shape, making it a bit easier for me to remember. It is also a key that I did use quite often - another factor in my being able to remember it. Finally, even though I haven't used the key in over 15 years, that doesn't mean I haven't seen it. It lives in a box of old keys on a keyring with my guitar case key, so I do see it now and then.

As for remembering the key's code, I did not remember it with clarity when I saw the key at the demonstration, but told Ed that the code looked familiar. It turns out that I did have a key with that code which, from what I've been told, defines the exact cut to be applied to the blank.

I don't know precisely how I was able to recognize the code, just as I don't know how, in my previous position at the University, I was able to commit 50 or so ethernet vendor prefixes to memory (fortunately, I've reclaimed most of those neurons). Maybe being a programmer and sysadmin for almost 30 years has something to do with it, or maybe not....

Unknown said...

Howdy Mr. 26x! :-)

Sorry I didn't get back to you sooner. I missed the "where can I write to you" part of your message. My EMail address is now listed in my Profile and is cjtengi@gmail.com.

/Chris