Diebold Election Systems of North Canton, Ohio, is taking a beating. As outlined in last month's Statehouse, a recent study found that the AccuVote-TS, the company's touch-screen voting system, contained five high-risk security flaws and 15 overall security flaws. The analysis discovered that, among other things, Diebold failed to properly encrypt sensitive election data; employed an insecure smart-card access system that can be manipulated; and provided only rudimentary, easily decoded password protection on significant functions such as ending the election and erasing votes.
A similar September 2003 study commissioned by the Maryland Board of Elections also found the Diebold system lacking.
"This risk assessment has identified several high-risk vulnerabilities in the ... AccuVote-TS voting system," the report says. "If these vulnerabilities are exploited, significant impact could occur on the accuracy, integrity and availability of elections."
But Diebold is haunted by more than negative product evaluations. Last November Congressman and presidential candidate Dennis Kucinich (D-Cleveland) posted on his congressional Web site excerpts from the Diebold employee manual. In this manual, the company instructs employees to lie about the accuracy of its AccuVote-OS, a machine that reads paper cards on which voters have penciled in circles to designate their selections.
If ballots are not correctly counted by a malfunctioning AccuVote-OS, the Diebold manual instructs employees to tell election officials that poll workers "were not observant when using the AccuVote-OS." After delineating numerous reasons that a recount might not be accurate, including "slightly skewed sensors" on the unit and the smearing of the ballot by the voting machine, the manual reminds employees, "Irrespectively, we must always promote the consistency and accuracy of our voting system."
In other sections of the manual, Diebold similarly directs its employees to conceal the truth or lie: "Do not offer damaging opinions of our systems, even when their failings become obvious ... Do not promote the fact that the AccuVote-OS is anything but absolutely accurate ... In case you encounter numerous undefined marks, indicate that ballot printing is at fault ... Be very diplomatic in both cases (of machine failure), offering the minimal amount of information to officials."
Like Kucinich, electronic voting watchdog Bev Harris has damning, written evidence that comes directly from inside the walls of Diebold and the company's 2001 acquisition, Global Election Systems (GES). On her Web site, www.blackboxvoting.org, Harris has compiled dozens of intra-company e-mails that reveal both companies' deceptive business practices and spotlight the security flaws in their machines.
In one such e-mail, a technical support manager recommends rigging a demonstration of the vote-tallying accuracy of both the AccuVote-TS and AccuVote-OS for election officials who are considering purchasing them. This is a practice with which the company was apparently familiar.
"For a demonstration, I suggest you fake it," the e-mail says. "Program (the votes and the vote counts) so they look the same ... That is what we did in the last ... demo."
Another e-mail shows that the company falsely presents a simple memory test as the test of the entire voting machine that election officials have mandated.
"(A) number of jurisdictions require a 'system test' before every election," the e-mail says. "That is why the AccuVote displays the silly ***System Test Passed*** message on boot-up, instead of 'memory test passed', which is all it actually tests."
Most states also require that updated election software be reviewed and recertified prior to installation in approved voting machines. This is intended to prevent the introduction of flawed programs into certified systems. The following e-mail, written by a Diebold technical support manager, is just one example of the many instances in which Diebold knowingly provides uncertified software for use in elections. According to most states' election laws, the correction of a minor software problem, known as a "bug," does not require recertification.
"We'll slip the change into (the software) and declare this a bug rather than a new feature," the e-mail says. "What good are rules unless you can bend them now and again?"
In these e-mails, Diebold and GES employees also openly discuss the security flaws of their companies' electronic voting systems. A technical support worker even describes the complete lack of access controls on the system's database file, which contains the ballot definition, the vote counts and the audit log — everything important to the election. "GEMS" is the software that runs the Diebold voting system and ".mdb" identifies the database file. "MS-Access" refers to a widely available database application.
"Right now you can open GEMS' .mdb file with MS-Access, and alter its contents," says the e-mail, which then describes the simple step necessary to accomplish this: "Double-click the .mdb file."
In the same e-mail, the author discusses the changes necessary to secure this important database.
"There might be some clever crypto techniques to make it ... harder to change the log," the e-mail says. "We're talking big changes here, though, and at the moment largely theoretical ones."
Aviel Rubin and other computer security experts are apparently more clever than Diebold. Rubin, a researcher with the Information Security Institute at Johns Hopkins University, analyzed the programming code used by Diebold and noted the lack of password security and cryptography.
"Our analysis shows that this voting system is far below even the most minimal security standards applicable in other contexts," says the report Rubin co-authored. "In many places where cryptography would seem obvious and necessary, none is used."
Contrary to the Diebold employee's assessment, securing the database is simple and mainstream, not clever and theoretical, according to Rubin.
"Adversaries could be easily defeated by properly using standard encryption suites ... used throughout the World Wide Web for e-commerce security," Rubin's report says.
Independent analysis by computer security experts has determined that Diebold's machines are not secure. Now evidence from the company's internal communications and employee manuals shows that, contrary to public claims and sales pitches, Diebold is aware of the relative ease with which its machines and the important voting records on them can be accessed and manipulated.
The e-mails and employee manual also clearly reveal that the company has frequently engaged in dishonest business practices. Nevertheless, Ohio Secretary of State Ken Blackwell has given Diebold permission to sell its voting machines to Ohio's counties.