Subject: Re: Cuyahoga update
From: "Joseph Lorenzo Hall" <joehall@gmail.com>
Date: 5/6/2006, 12:47 PM
To: "Candice Hoke" <shoke@law.csuohio.edu>
CC: election-law@majordomo.lls.edu

<x-flowed>On 5/6/06, Candice Hoke <shoke@law.csuohio.edu> wrote:
 As you may recall, in Cuyahoga County/Cleveland, the Diebold optical
scanners could not read any of the paper ballots cast in the May 2 election.
 These ballots were cast both by absentee voters and by those who
encountered technical problems with the DREs at their polling places.  The
nature and source of the problem is unclear, and, like construction
litigation, fingers have been pointing back and forth between the ballot
printing company and Diebold.   [...]

This is a great update, thanks.

There is yet a further troubling wrinkle that I believe you will start
to see.  A very serious security vulnerability has recently been
partially disclosed that affects all of Diebold's DRE technology. This design flaw (note: not a bug, but a flaw in purposeful design)
would allow arbitrary code to be run on a machine with moments access
to the machine before the polls were opened.

Unfortunately, the vulnerability has been known since at least 18 Mar
2006, and yet primary elections were conducted on vulnerable equipment
(as in OH) where it appears that the proper defensive mechanisms were
not put in place to protect against this vulnerability.  It's now not
clear if this is because warnings related to the vulnerability were
never communicated to entities such as the OH SoS or if the warnings
fell on deaf ears due to the provenance of the information (from Black
Box Voting (BBV) who are far far far from being or being seen as
neutral in this area).

I think this is symptomatic of a need for central, responsible and
neutral disclosure of election technology vulnerability information
from an entity such as CMU's CERT Coordination Center. CERT/CC
publishes vulnerability alerts about other software products that
include a vague description of the issue and steps that defenders can
take to ensure they are protected against those who would exploit the
vulnerability.  If this information had been communicated to
jurisdictions, such as those in OH, running primary elections on DESI
DRE equipment in a timely manner, we'd at least be more confident that
the myriad of problems we've seen this week were not a consequence of
this vulnerability.

In short, I think it's time for the EAC to start talking to entities
like CERT/CC to see if this kind of role could be filled.  BBV will
release a redacted version of their full report on 10 May (unredacted
reports will be sent to election officials)... However, there is quite
a bit happening in the time between now and then on this equipment and
it takes a nontrivial amount of time to secure systems against this
particular vulnerability.

best, Joe

--
Joseph Lorenzo Hall
PhD Student, UC Berkeley, School of Information
<http://josephhall.org/>
blog: <http://josephhall.org/nqb2/>

This email is written in [markdown] - an easily-readable and parseable
text format.
[markdown]: http://daringfireball.net/projects/markdown/


</x-flowed>