Thursday, September 25, 2003

 

More on 'Steal This Election'

Today's Washington post says, Md. Plans Vote System Fixes After Criticisms (washingtonpost.com)

Spinmeisters at work:
An independent review released yesterday found 328 security weaknesses, 26 of them critical, in the computerized voting system Maryland has just purchased, flaws that could leave elections open to tampering or allow software glitches to go undetected . . . 'Because of this report, Maryland voters will have one of the safest election environments in the nation,' said Gov. Robert L. Ehrlich Jr. (R), who last month ordered the review by computer security experts Science Application International Corp . . . [Voting machine maker] Diebold executive Mark Radke [said] "The electorate throughout the entire country should be very comfortable with the security of our system."
Whew! I am so relieved that they found (all of the?) 328 security weaknesses. The system that created these weaknesses is now fixed, and I don't have to worry anymore.

The report was a reaction to "an explosive" report by Johns Hopkins computer scientist Aviel Rubin after Rubin found Diebold's source code that had "mistakenly been left on an open Internet site." Rubin "excoriated Diebold's software designers, who had built passwords such as 1111 into the machines, and said he would have flunked them in basic computer security classes."

The "328 security weaknesses" report was written by government contractor SAIC. The Washington Post quoted from it as follows:
"The system, as implemented in policy, procedure, and technology, is at high risk of compromise . . . Unencrypted information could be intercepted and released prematurely or altered . . . failure to [train poll workers in computer security [WTF?!? -- David I]] makes it significantly more likely that an intruder's actions will not be detected . . . exploitation of any of the resultant security holes could lead to voting results being released too soon, altered or destroyed."
The SAIC report was "heavily redacted" -- that means that they blacked out the really good parts so only the "good guys" at Diebold and SAIC could see them.

Thanks to Jim Warren for pointing me to this article, and to Tony Cafferty, who originally posted a pointed pointer on FOI-L.



Comments: Post a Comment

This page is powered by Blogger. Isn't yours?