September 13, 2006 | By Matt Zimmerman

Princeton Researchers Release Devastating Diebold Security Report

Less than two months before the November election, Princeton researchers Ariel Feldman, Alex Halderman, and Ed Felten have released a remarkable new study demonstrating just how vulnerable Diebold AccuVote-TS voting machines are to manipulation. With clarity and in vivid detail, the study reveals glaring vulnerabilities with Diebold's technology and the simple methods an attacker could use to exploit them in order to change election results.

This report should finally put to rest the myth that the current generation of e-voting machines adequately protects the integrity of the electoral process. According to the report, the paperless Diebold's AccuVote-TS permits "leave no trace" manipulation with under-sixty-second physical access and easily-written malicious code. This sharply refutes the assurances of Diebold and election officials who weakly defend the system's performance by claiming that the absence of any evidence of tampering proves that none has ever occurred.

What's the answer? Paper-trails are necessary, but not enough. Most jurisdictions using touchscreen voting machines with voter-verified paper ballots don't require that the paper ballots be inspected except in the rarest of circumstances. The Princeton report shows how easily vote totals can be gently massaged to lead to the desired outcome without raising suspicion or triggering a recount. What's more, the physical security of the machines is of paramount importance. Yet today, the amount and quality of training that most pollworkers receive is laughable. What are the odds that an under-trained, under-staffed precinct will be able to notice and prevent the subtle tampering that is apparently required to hack an AccuVote-TS?

The challenges presented by the introduction of electronic voting are systemic and require a systemic response. Paper trails, regular audits, and robust physical security are a good start, as are improved pollworker training and radically upgraded machine certification requirements and procedures. HR 550, making its way through the House of Representatives, would go a long way towards implementing many of these fixes on a nationwide basis. EFF's Ohio e-voting lawsuit, seeking top-to-bottom improvements in voting technology and procedures in what was perhaps the most criticized election administration in the country in 2004, may result in important reforms that would serve as a model for other states.

In the upcoming election, however, voters in Diebold states will once again have to be satisfied with the standard line from those running the show: "trust us."

Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Great news! Gov. Brown has signed SB 741—a great first step towards limiting the use & acquisition of IMSI catchers in California.

Oct 8 @ 3:52pm

BREAKING: Victory! @JerryBrownGov signs CalECPA, guaranteeing warrant protection for digital records in California

Oct 8 @ 2:53pm

Do you sit on a police oversight board? Here’s a quick guide to surveillance technology:

Oct 8 @ 1:21pm
JavaScript license information