Michael Shamos remembers that the call came late at night, during the last week of April.
The call – from election watchdog BlackBoxVoting.org – described a critical vulnerability in Diebold Election Systems’ touchscreen voting systems that could allow any person with access to a voting terminal the ability to completely change the system code or ballot file on the system. As a professor of computer science at Carnegie Mellon University and adviser to the Commonwealth of Pennsylvania on electronic voting, Shamos realized that, at the very least, a workaround for the flaw needed to be in place by Pennsylvania’s next election – at the time, less than three weeks away.
“This one is so bad, that we can’t do just nothing,” Shamos told the state’s election officials at the time. “Any losing candidate could challenge the election by saying, ‘How do I know that the software on the machine is the software certified by the state?'”
What Diebold was trying to downplay is apparently much worse than initially thought.
On page 3 of the article it says:
With little interest from California, Harris turned to Carnegie Mellon’s Shamos and Pennsylvania.
After hearing the details of the issue, Shamos knew that he needed to get Pennsylvania officials involved. Within a week, the state held a conference call with Diebold and, under threat of decertification, asked the company to come clean on the security issue. Diebold acknowledged the issue, but classified the threat as low, Shamos said.
The computer scientist’s estimation of the flaw is less charitable.
“There are two types of security holes,” he said. “The ones that are designed in and which you didn’t think about the security implications beforehand or a bug- a mistake – in the program code. This is the first kind: It is not a bug; it’s a horribly designed feature.”
I sure hope they get this fixed or voter confidence will be right out the window — more than it was before. 😉