Diebold Equipment Vulnerabilities Affect 27 States
Verified Voting's Preliminary Summary Shows Diebold Equipment Vulnerabilities Affect 27 States
June 8th, 2006
Thursday, June 8, 2006
SAN FRANCISCO – Verified Voting today released a preliminary* summary of states whose elections are at risk due to newly-revealed security vulnerabilities in Diebold voting systems, including the Diebold TSx, TS, and optical scan machines, as uncovered by computer expert Harri Hursti of Black Box Voting.
The summary, which is the first part of an ongoing Verified Voting effort to track voting equipment in use throughout the country from all vendors, was presented yesterday at a Capitol Hill briefing held by Verified Voting and the National Committee for Voting Integrity. The briefing provided technical information on the recently revealed Diebold vulnerabilities. The vulnerabilities would allow substitution of false vote totals without any trace or the insertion of malicious software, using the smart card technology and design features integral to the machines.
“These security vulnerabilities are classic examples of why we worry about electronic voting,” said Verified Voting Founder David L. Dill, who is a Computer Science Professor at Stanford University. “There will be an endless series of security holes, and not just with Diebold equipment. Instead of trying to make perfectly secure systems, we need to plan for security problems, by ensuring that we can independently check the results of the machines. That's what voter-verified paper records are all about.”
According to the Verified Voting’s preliminary information on the Diebold systems, 27 states are at risk with varying degrees of vulnerability, depending in part on whether the jurisdiction has a voter-verified paper record. Diebold TSx touch screen machines can be equipped to produce such a record, although not all jurisdictions with the TSx chose that option. Diebold TS systems do not offer a voter-verified paper record. Optical scan voting systems use a paper ballot (inherently voter-verified), but they too must be audited to check for accuracy. The three largest states in the country – California, Texas, and Florida – all fall into the at-risk group.
“It’s important for policymakers, local election officials, and voters to know whether their state or local jurisdiction is at risk so that appropriate action can be taken immediately for upcoming elections,” said Courtenay Strickland Bhatia, President & CEO of Verified Voting. “But states and jurisdictions without Diebold equipment should not rest easy,” Bhatia added. “Because these vulnerabilities are emblematic of the problem overall, every jurisdiction should require voter-verified paper records and routine, random, manual audits to provide for election integrity.”
Eight states had primaries this past Tuesday, and four more hold their primaries next week. Twenty-six more states throughout the country have primary elections from late June through September.
Of the 27 states listed in the report, nine are at high risk, using paperless Diebold TSx and TS machines without any means to recover from exploitation of this vulnerability. Hundreds of counties are at medium risk, having a blended system of Diebold TSx, TS, and optical scan systems, with some votes in some jurisdictions capable of being recovered through paper records. Eighteen states are at lower risk, but only if meaningful audits are carried out using manual counts of the paper record to check the machine vote totals. Most states do not have audit requirements at this time.
For very close races, votes in just a few jurisdictions can determine statewide results. In such cases having just one unverifiable jurisdiction throws the entire election into doubt.
In order to provide a way to verify accuracy of election results and allow for recovery in the event of voting system problems, Verified Voting urges all states that have not yet passed legislation mandating a voter-verified paper record and routine, random audits to pass such laws this year. In states that already have a voter-verified paper record, random audits should be conducted prior to certification of election results.
“Such audits can and should be voluntarily undertaken by election officials whether or not a law requiring them has been passed,” Bhatia stated.
For jurisdictions where there is no voter-verified paper record, Verified Voting urges voters to insist that local officials provide paper ballots as an alternative way to vote at the polling place.
Pennsylvania provided an example of the critical importance of providing paper ballots as an alternative in the polling place two weeks ago, when hundreds of voting machines failed to start on time or malfunctioned during the day, and thousands of voters used paper ballots successfully. Recent experiences in California and Georgia, where thousands of voters were disenfranchised by machine malfunctions, have shown that no electronic voting jurisdiction can afford to go without paper ballots.
Voter-verified paper records provide the necessary tool to conduct routine, random audits: manual counts of a significant portion of the paper records, compared to the machine totals. Such auditing facilitates detection of problems before election results are certified, and makes recovery possible when machine counts are in error, whether due to fraud or machine malfunction. These diagnostic and recovery systems are all the more important because voting system software is proprietary and, for the most part, not available for inspection.
At present, Verified Voting encourages the use of precinct-count optical scan voting systems and accessible ballot-marking devices, combined with audits, as a practical, cost-effective and accessible means of providing verifiability and recovery capabilities.
The Verified Voting preliminary summary of Diebold equipment vulnerability by state and county is [linked below]. Updates to the Verified Voting database of voting equipment in use throughout the country will be posted to our web site as they become available.
* This preliminary report does not claim to be complete; information subject to change, addition or correction.
Diebold Equipment Vulnerability, by state Note:
Information may not be complete. Subject to change/addition/correction.