After almost three years, Diebold Election Systems won approval Friday to sell its latest voting machines in California, despite findings by computer scientists that the software inside is probably illegal and has security holes found in earlier Diebold products.
The scientists advised Secretary of State Bruce McPherson this week that those risks were "manageable" and could be "mitigated" by tightening security around Diebold's voting machines.
Of course, these are totally secure machines...
The scientists found the interpreted code was very limited in function and not particularly vulnerable, but the software that translates that code into computer instructions for the voting machine had at least 16 bugs that could be used to hack or frustrate elections, according to the team's public report.
"There are serious vulnerabilities in the AV-OS (AccuVote Optical Scanner) and AV-TSx (AccuVote TSx touch screen) interpreter that go beyond what was previously known. If a malicious individual gets unsupervised access to a memory card, he or she could potentially exploit these vulnerabilities to modify the electronic tallies at will, change the running code on these systems, and compromise the integrity of the election arbitrarily," the scientists wrote.
"The attack could manipulate the electronic tallies in any way desired. These manipulations could be performed at any point during the day. For instance, the attack code could wait until the end of the day, look at the electronic tallies accumulated so far, and choose to modify them only if they are not consistent with the attacker's desired outcome," the report went on. "The attack could erase all traces of the attack to prevent anyone from detecting the attack after the fact. It is conceivable that the attack might be able to propagate from machine to machine, like a computer virus."