Dueling endorsements

Problems cited by Cox in the 2002 election on Deibold equipment:

• Screen freezes during voter use
• Error message stating "Memory Critically Low"
• Calibration problems potentially affecting the recording of voter's selection (this is the one they blame on voters when voters report the problem)
• Deficient "0808" patch (sounds ominous)
• Deficient and obsolescent memory cards (where votes are stored)
• Defective encoders (used to initialze ballots)
• Defective voting machines
• Evidence that the systems were certified to state and national standards was absent.
• Voter's selection of candidates improperly reflected on summary screen
• Faulty design of system led to voters trying to stick access cards (their ballot) into an "inappropriate location" (Must. Resist. Obvious. Smartass. Comment)
• Inadequate and innacurate training manuals
• Inadequate training of support staff
• Preparation and printing of absentee ballots "deficient"
• "Training on safeguards to prevent and detect tampering or theft not provided" (And these are the people who call me a a crank for worrying about security)
• Battery backup up time promised: 7 hours. Actual time: 4-6
• Five county servers failed prior to election day, ongoing problems after election day
• Diebold staff providing training were not adequately trained themselves

And my favorite given the above endorsement:

• Tech support vanished after election day leaving post-election tasks uncompleted

"Above and beyond"? I assume this stellar service was supplied before they "vanished".

Cox also called Diebold's training and tech support BEFORE the election "...technically and practically flawed and found to be inadequate for the task at hand..."

And what was said about Diebold in Maryland?

"[Diebold] basically had no interest in putting actual security in this system. It's not like they did it wrong. It's like they didn't bother."

Paul Franceus
Security consultant hired by the state of Maryland to test Deibold equipment.

One guy picked the locks protecting the internal printers and memory cards. Another figured out how to vote more than once - and get away with it. Still another launched a dial-up attack, using his modem to slither through an electronic hole in the State Board of Elections software. Once inside, he could easily change vote totals that come in on Election Day.

"My guess is we've only scratched the surface," said Michael A. Wertheimer, who spent 21 years as a cryptologic mathematician at the National Security Agency.

In Annapolis, tales of trickery, vote rigging
Baltimore Sun

This Risk Assessment has identified several high-risk vulnerabilities in the implementation of the managerial, operational, and technical controls for AccuVote-TS voting system. If these vulnerabilities are exploited, significant impact could occur on the accuracy, integrity, and availability of election results. In addition, successful exploitation of these vulnerabilities could also damage the reputation and interests of the SBE and the LBEs. This Risk Assessment also identified numerous vulnerabilities with a risk rating of medium and low that may have an impact upon AccuVote-TS voting if exploited.

The system, as implemented in policy, procedure, and technology, is at high risk of compromise.

Summary of SAIC report analyzing Diebold security
for the state of Maryland