September 13, 2006 | By Matt Zimmerman

Princeton Researchers Release Devastating Diebold Security Report

Less than two months before the November election, Princeton researchers Ariel Feldman, Alex Halderman, and Ed Felten have released a remarkable new study demonstrating just how vulnerable Diebold AccuVote-TS voting machines are to manipulation. With clarity and in vivid detail, the study reveals glaring vulnerabilities with Diebold's technology and the simple methods an attacker could use to exploit them in order to change election results.

This report should finally put to rest the myth that the current generation of e-voting machines adequately protects the integrity of the electoral process. According to the report, the paperless Diebold's AccuVote-TS permits "leave no trace" manipulation with under-sixty-second physical access and easily-written malicious code. This sharply refutes the assurances of Diebold and election officials who weakly defend the system's performance by claiming that the absence of any evidence of tampering proves that none has ever occurred.

What's the answer? Paper-trails are necessary, but not enough. Most jurisdictions using touchscreen voting machines with voter-verified paper ballots don't require that the paper ballots be inspected except in the rarest of circumstances. The Princeton report shows how easily vote totals can be gently massaged to lead to the desired outcome without raising suspicion or triggering a recount. What's more, the physical security of the machines is of paramount importance. Yet today, the amount and quality of training that most pollworkers receive is laughable. What are the odds that an under-trained, under-staffed precinct will be able to notice and prevent the subtle tampering that is apparently required to hack an AccuVote-TS?

The challenges presented by the introduction of electronic voting are systemic and require a systemic response. Paper trails, regular audits, and robust physical security are a good start, as are improved pollworker training and radically upgraded machine certification requirements and procedures. HR 550, making its way through the House of Representatives, would go a long way towards implementing many of these fixes on a nationwide basis. EFF's Ohio e-voting lawsuit, seeking top-to-bottom improvements in voting technology and procedures in what was perhaps the most criticized election administration in the country in 2004, may result in important reforms that would serve as a model for other states.

In the upcoming election, however, voters in Diebold states will once again have to be satisfied with the standard line from those running the show: "trust us."

Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Some states are considering charging you $20 for each device you want to use to surf the uncensored Internet.

Apr 22 @ 2:27pm

Don't let U.S. entry screenings get even more privacy-invasive.

Apr 21 @ 4:11pm

EFF's @evacide and ProPublica's @JuliaAngwin talk about protecting your privacy online on @NPR's Science Friday:

Apr 21 @ 3:26pm
JavaScript license information