Wednesday, September 24, 2003

Electronic voting: The Empire Strikes Back

Two major fronts have opened up in the battle over the use of potentially vulnerable voting technologies in just the past couple of days. Both of them warrant significant media attention, but seem at present to be going ignored. So we'll document them here in the hopes it will finally surface.

Diebold threatens to sue over links

On Monday, Diebold sent a letter to the hosting company where Bev Harris' Black Box Voting had posted a link to the documents that Harris cites in her Salon interview. Diebold isn't claiming any falsity here -- only copyright infringement. And compared to other cases currently in the courts, Diebold's grounds are even shakier. It's a clear case of attempting to silence their critics even if everything they say is perfectly accurate.

As Harris herself noted in the Democratic Underground forum linked above:
1) These are memos which document numerous violations of the law

2) This is clearly an issue with public interest law

3) The discussion is under a public interest exclusion, fair use

Moreover, Harris is exactly right about the most disturbing aspect of this:
Everyone on the Internet will raise holy hell on this, if they get away with this -- the Internet will come to a screeching halt if this was allowed to stand.

If merely posting a link to another site violates its copyrights, the Internet -- and the blogosphere particularly -- will indeed be rendered moot.

Of course, it appears that this is simply a typical harassment suit, because its legal grounding seems somewhat dubious, but it does force the people dealing with the threats to hire lawyers and face both the bills and the little knots in their stomachs.

Fox News recently got a hard lesson in the rewards of legal thuggery. One can hope Diebold will as well. Because once Diebold actually sues Harris or anyone else, they in turn can proceed with discovery -- which means getting a look at Diebold's internal files.

In the meantime, Daily Kos has posted instructions on how to get to BBV despite the shutdown by Diebold. (Here's a handy link.)

Also worth noting: The tech-heads at Slashdot's discussion forums are all over this too.

Maryland proceeds with Diebold system

Diebold announced in a press release today that the state of Maryland was proceeding apace with its installation of the Diebold system in its voting machines. Note the subhed: Independent Analyst Submits Positive Review of Diebold Machine -- as well as the glowing words from (Republican) Governor Ehrlich, and the text of the release:
Governor Ehrlich in August ordered Science Application International Corp., (SAIC), under an existing contract for security services with the State, to conduct the independent analysis of the Diebold machine and its source code. The SAIC review responded in part to a report published by Aviel Rubin of Johns Hopkins University that questioned the use of the Diebold source code.

SAIC’s independent review states, "While many of the statements made by Mr. Rubin were technically correct, it is clear that Mr. Rubin did not have a complete understanding of the State of Maryland’s implementation of the AccuVote-TS voting system…The State of Maryland’s procedural controls and general voting environment reduce or eliminate many of the vulnerabilities identified in the Rubin report."

Note that the sentence immediately following this in the report is omitted from Diebold's press release:
However, these controls, while sufficient to help mitigate the weaknesses identified in the July 23 report, do not, in many cases meet the standard of best practice or the State of Maryland Security Policy.

It also piles further on regarding Rubin:
SAIC’s report continues, "Rubin states repeatedly that he does not know how the [Diebold] system operates in an election and he further identifies the assumptions that he used to reach his conclusions. In those cases where these assumptions concerning operational or management controls were incorrect, the resultant conclusions were, unsurprisingly, also incorrect."

Here's what the rest of this passage actually says in the report:
In general, most of Mr. Rubin’s findings are not relevant to the State of Maryland’s implementation of the AccuVote-TS system because the voting terminals are not connected to a network. In addition, LBE procedures and the openness of the DRE voting booth mitigate a large portion of his remaining findings.

We do concur with Mr. Rubin’s assessment that if the AccuVote-TS voting system were connected to a network that several high-risk vulnerabilities would be introduced. We also concur with Mr. Rubin’s assessment that transmissions of data are not encrypted in transit, and we have recommended that this be rectified.

The State of Maryland procedural controls and general voting environment reduce or eliminate many of the vulnerabilities identified in the Rubin report. However, these controls, while sufficient to help mitigate the weaknesses identified in the July 23 report, do not, in many cases meet the standard of best practice or the State of Maryland Security Policy.

The report later stresses that point in its recommendations:
Remove the SBE GEMS server immediately from any network connections. Rebuild the server from trusted media to assure and validate that the system has not been compromised. Remove all extraneous software not required for AccuVote-TS operation. Move the server to a secure location.

And yet, remarkably, ensuring that the server is not connected to a network is notably missing from the recommended steps listed by Diebold in its press release.

Diebold's release is, frankly, a bizarre and remarkably incomplete characterization of the SAIC report. If you go back through the report (available here as a PDF), here's what you find:
This Risk Assessment has identified several high-risk vulnerabilities in the implementation of the managerial, operational, and technical controls for AccuVote-TS voting system. If these vulnerabilities are exploited, significant impact could occur on the accuracy, integrity, and availability of election results. In addition, successful exploitation of these vulnerabilities could also damage the reputation and interests of the SBE and the LBEs. This Risk Assessment also identified numerous vulnerabilities with a risk rating of medium and low that may have an impact upon AccuVote-TS voting if exploited.

...

2.1.1 AccuVote-TS voting system is not compliant with State of Maryland Information Security Policy & Standards

Failure to meet the minimum security requirements set forth in the State of Maryland Information Security Policy and Standards indicates that the system is vulnerable to exploitation. The results of a successful attack could result in voting results being released too soon, altered, or destroyed. The impact of exploitation could lead to a failure of the elections process by failing to elect to office, or decide in a ballot measure, according to the will of the people. The impact could be a loss of voter confidence, embarrassment to the State, or release of incomplete or inaccurate election results to the media.

2.5. Overall Risk Rating

The system, as implemented in policy, procedure, and technology, is at high risk of compromise. Application of the listed mitigations will reduce the risk to the system. Any computerized voting system implemented using the present set of policies and procedures would require these same mitigations.

If I were a Maryland voter, I'd be demanding answers to the disparities in the SAIC report and what government and Diebold officials say it reports.

One would think that Maryland journalists, or perhaps those from, say, adjacent metropolitan areas, might be interested as well. We'll see. But I shan't waste my lungs holding my breath.

No comments: