IP Democracy: Print This

IP Democracy: Mini-Bar Keys and Voting Machines

Princeton computer science professor Ed Felten made news last week when he and his colleagues presented a paper (and, how cool is this, a video) that demonstrated how easily hacked Diebold digital voting machines are. It’s a tricky technical assessment of Diebold’s “rookie” mistakes when it comes to encryption.

In an almost funny follow-up, Professor Felten has this item today that is not so hard for the layperson to understand. Not only does Diebold use shoddy software-based security methods, its physical security techniques are also, um, terrible. Here, in a nutshell, is the latest revelation:

The access panel door on a Diebold AccuVote-TS voting machine — the door that protects the memory card that stores the votes, and is the main barrier to the injection of a virus — can be opened with a standard key that is widely available on the Internet.

By “standard key” Professor Felten doesn’t mean software key or encryption key or anything that complex — he means physical key, like the kind that opens hotel minibars. In fact, prompted by a chance remark from a colleague, who said he had an old key that looked a lot like the key for opening the voting machine cabinet, Professor Felten ordered several similar keys off the Internet. They all worked in opening the machine.

A little research revealed that the exact same key is used widely in office furniture, electronic equipment, jukeboxes, and hotel minibars. It’s a standard part, and like most standard parts it’s easily purchased on the Internet. We bought several keys from an office furniture key shop — they open the voting machine too. We ordered another key on eBay from a jukebox supply shop. The keys can be purchased from many online merchants.

Clearly, Diebold can’t say that its voting technology is secure, although, as Professor Felten points out, Diebold can say its machines are secured by a lock and key, a hollow “checkbox” approach to security. (I can just see local elections officials asking the Diebold sales representative if the machine is secure from physical tampering. Yup, the sales representative says, no one can get into the machine without a key. Box checked.)

Posted by Cynthia Brumfield on September 18, 2006 2:35 PM to IP Democracy