Studies Revealing Diebold Election Security Flaws
An Updated List of Scientific Studies (from 2003 to 2007) Revealing Diebold/Premier Election Solutions Security Flaws
Scientific studies of Diebold/Premier Election Solutions' voting systems have unanimously revealed security flaws in its touch-screen and optical scan voting systems.
On July 24, 2003, Tadayoshi Kohno, Adam Stubblefield, Aviel D. Rubin and Dan S. Wallach released a report on their analysis of the security of the Diebold AccuVote direct recording electronic voting system [Tadayoshi Kohno, Adam Stubblefield, Aviel D. Rubin and Dan S. Wallach, Analysis of an Electronic Voting System, posted to the web July 24, 2003 as http://avirubin.com/vote.pdf ];
This story was covered on the same day by the New York Times [John Schwartz, Computer Voting is Open to Easy Fraud, Experts Say, The New York times July 24, 2003, page A12.]
While the vendor has strenuously denied the significance of these flaws [ http://www2.diebold.com/checksandbalances.pdf ]
subsequent reports commissioned by the state of Maryland from Science Applications International Corporation (SAIC) [Risk Assessment Report: Diebold Accuvote-TS Voting System and Processes, as redacted by the State of Maryland, Science Applications International Corporation SAIC-6099-2003-261, Sept 2, 2003. < http://www.dbm.maryland.gov/SBE ]
and RABA Technologies [Trusted Agent Report -- Diebold AccuVote-TS Voting System, RABA Technologies, Jan. 20, 2004. http://www.raba.com/text/press/TA_Report_AccuVote.pdf ]
and a study by the state of Ohio from InfoSentry [DRE Security Assessment, Volume 1, Computerized Voting Systems, Summary of Findings and Recommendations, InfoSENTRY, 21 November 2003. http://www.sos.state.oh.us/sos/hava/files/InfoSentry1.pdf ]
and Compuware [Direct Recording Electronic (DRE) Technical Security Assessment Report, Compuware Corporation, 21 November 2003. http://www.sos.state.oh.us/sos/hava/files/compuware.pdf ]
all substantially confirm all of the major security flaws identified in the Hopkins report and identified several additional flaws. According to Iowa Computer Scientist and Voting System Expert Doug Jones, "It is noteworthy that none of these studies are complete; each has missed some of the security flaws identified in the others."
And more recent studies of Diebold/PES voting systems have been released:
Black Box Voting [The Black Box Report SECURITY ALERT: July 4, 2005, Critical Security Issues with Diebold Optical Scan Design, prepared by: Harri Hursti http://www.blackboxvoting.org/BBVreport.pdf ]
University of California, Berkeley [Security Analysis of the Diebold AccuBasic Interpreter, David Wagner, David Jefferson, Matt Bishop, Voting Systems Technology Assessment Advisory Board (VSTAAB) with the assistance of Chris Karlof Naveen Sastry, February 14, 2006 http://www.votetrustusa.org/pdfs/California_Folder/DieboldReport.pdf ]
Black Box Voting [Diebold TSx Evaluation SECURITY ALERT discovered in Utah: May 22, 2006 Supplemental report, additional observations were unredacted on July 2, 2006, A Black Box Voting Project Prepared by: Harri Hursti http://www.blackboxvoting.org/BBVreportII-supplement-unredacted.pdf]
Princeton University [Security Analysis of the Diebold AccuVote-TS Voting Machine, Ariel J. Feldman, J. Alex Halderman, and Edward W. Felten, Center for Information Technology Policy and Dept. of Computer Science, Princeton University Woodrow Wilson School of Public and International Affairs, September 13, 2006, http://itpolicy.princeton.edu/voting/ts-paper.pdf ]
Cleveland State University audit revealing database corruption errors in Diebold vote counts [Collaborative Public Audit of the November 2006 General Election pursuant to the charge from the Cuyahoga County Board of Elections (April 18, 2007) http://electionmathematics.org/emaudits/OH/2006Audit/cuyahoga_audit_report.pdf ]
In November, 2007 the unredacted versions of SAIC's Maryland Diebold Report, September 2, 2003 which had been redacted by Maryland's Election Director and NASED President Linda Lamone, were finally publicly released. (Complete, unredacted version, 197 pages including suggested edits and changes as made by unknown party.) -- Section 1 [PDF, appx 3mb] http://www.bradblog.com/Docs/SAIC_Diebold_Maryland_090203_UnredactedEdit_091706_Section01.pdf
-- Section 2 [PDF, appx 8mb] http://www.bradblog.com/Docs/SAIC_Diebold_Maryland_090203_UnredactedEdit_091706_Section02.pdf
-- Section 3 [PDF, appx 8mb] http://www.bradblog.com/Docs/SAIC_Diebold_Maryland_090203_UnredactedEdit_091706_Section03.pdf
-- Section 4 [PDF, appx 6mb] http://www.bradblog.com/Docs/SAIC_Diebold_Maryland_090203_UnredactedEdit_091706_Section04.pdf- - Section 5 [PDF, appx 2mb] http://www.bradblog.com/Docs/SAIC_Diebold_Maryland_090203_UnredactedEdit_091706_Section05.pdf
and scientific studies were done in 2006 and 2007 for the State of Connecticut by the University of Connecticut Engineering Department [ http://voter.engr.uconn.edu/voter/Reports.html
and then a Top to Bottom Review was released by the California Secretary of State Bowen in October 2007 [ http://www.sos.ca.gov/elections/elections_vsr.htm ]
Thank you to all of the investigators, election officials, computer scientists, and election advocates who made these studies possible and brought attention to them and thank you to Brad Friedman, Doug Jones and others for listing some of these URLs on their web sites.
It is not just Diebold's Premier Election Solution voting systems which has security flaws. Other systems have many security flaws too, as shown in the CA SOS's Top to Bottom Review results.
These expert studies show that we need to implement routine effective independent manual audits of election results or the machine counts can undetectably put candidates into office whom voters do not elect.
Connecticut seems to come closest to conducting effective routine election audits, but Connecticut could improve its election audit effectiveness and reduce its administrative burdens for doing audits by doing them more scientifically. See http://electionarchive.org/ucvAnalysis/US/paper-audits/CriticalAuditMethodology.pdf