the citizen-viewer

Today the New York Times follows the Oakland Tribune and the AP in reporting that computer scientists have discovered a serious, shocking, horrifying vulnerability in the Diebold machines used to collect votes in thousands of districts across the country. I'm not making fun, it really is.

It turns out that Diebold made its machines so that election officials can update the software on the machines. Well, not just election officials, but anyone who can get at the machines and knows how to do it.

Exactly how it's done is known by a not-very-small number of responsible experts, by an unknown but probably non-zero number of irresponsible or malicious hacker-types, and by who knows how many Diebold programmers, technicians, contractors, sub-contractors etc, some of whom have criminal records.

In fact, the responsible experts are being very careful not spread the details, for fear of increasing the likelihood that someone will tamper with upcoming elections (such as the primaries in Pennsylvania on Tuesday).

The short version is this: Any of the above-listed people, having some programming ability and knowledge of the system (which runs on Windows, by the by), can pick up an "easily available component" from any computer store and put some code on it, then go to a machine--perhaps even on voting day, as a voter--and change how that machine records the votes. (Here's a somewhat more detailed description.)

Oh yeah, the other thing is that the job can be done leaving "no residue," according to a voting security consultant to the state of Pennsylvania. That means you wouldn't be able to tell if the vote tally had been tampered with.

Here's David Bear, spokesman for Diebold Election Systems and--since the resignation of Scott McClellan--the single most tortured spokesperson in the country:

"For there to be a problem here, you're basically assuming a premise where you have some evil and nefarious election officials who would sneak in and introduce a piece of software," he said. "I don't believe these evil elections people exist."

Thousands upon thousand of election officials, from secretaries of state like Ohio's Kenneth Blackwell down to the lowliest pollworker have access to the these machines, along with the Diebold technicians they call in whenever something goes wrong. And not a single one of them is nefarious. Mr. Bear, the Tooth Fairy and the Easter Bunny applaud you.

Bear says, as the Times cites him, that the potential risk existed because the company's technicians had intentionally built the machines in such a way that election officials would be able to update their systems in years ahead.

As the security experts are pointing out, this is not a "glitch." It is a feature. That's the genius of these machines. They are computers and they have to be programmed. What's more, they have to be programmed before every election. Also, you have to be able to fix them when they malfunction or crash. And that means you have to leave the door open.

Read more about it on Brad Blog and on Black Box Voting among others.