As many states face a decision of what technology to choose to replace the old voting machines, more security issues are cropping up around the touch-screen (DRE) machines.

I already have reported on how the DRE machines are easily hackable, use prorietary software that prevents open public oversight of elections, have no official paper trail preventing any kind of independent recount and, on top of it all, are far more expensive to buy, maintain and replace than the alternative, "scantron" (PBOS) system. A summary of a Princeton study on security issues surrounding DRE machines can be found here.

But the DRE machines are also easy for almost anyone to open. Turns out the locks they use can be opened by a standard key that will open hotel minibars and many kinds of office furniture. From the "Freedom to Tinker" technology blog:

“Hotel Minibar” Keys Open Diebold Voting Machines

Monday September 18, 2006 by Ed Felten

Like other computer scientists who have studied Diebold voting machines, we were surprised at the apparent carelessness of Diebold’s security design. It can be hard to convey this to nonexperts, because the examples are technical. To security practitioners, the use of a fixed, unchangeable encryption key and the blind acceptance of every software update offered on removable storage are rookie mistakes; but nonexperts have trouble appreciating this. Here is an example that anybody, expert or not, can appreciate:

The access panel door on a Diebold AccuVote-TS voting machine — the door that protects the memory card that stores the votes, and is the main barrier to the injection of a virus — can be opened with a standard key that is widely available on the Internet.

On Wednesday we did a live demo for our Princeton Computer Science colleagues of the vote-stealing software described in our paper and video. Afterward, Chris Tengi, a technical staff member, asked to look at the key that came with the voting machine. He noticed an alphanumeric code printed on the key, and remarked that he had a key at home with the same code on it. The next day he brought in his key and sure enough it opened the voting machine.

This seemed like a freakish coincidence — until we learned how common these keys are.

Chris’s key was left over from a previous job, maybe fifteen years ago. He said the key had opened either a file cabinet or the access panel on an old VAX computer. A little research revealed that the exact same key is used widely in office furniture, electronic equipment, jukeboxes, and hotel minibars. It’s a standard part, and like most standard parts it’s easily purchased on the Internet. We bought several keys from an office furniture key shop — they open the voting machine too. We ordered another key on eBay from a jukebox supply shop. The keys can be purchased from many online merchants.

Using such a standard key doesn’t provide much security, but it does allow Diebold to assert that their design uses a lock and key. Experts will recognize the same problem in Diebold’s use of encryption — they can say they use encryption, but they use it in a way that neutralizes its security benefits.

This really should NOT be the kind of shoddy, careless security we trust our vote to.

Let me emphasize that new technology is fine. I have in the past been accused of wanting to stick with the old voting machines. I am not confident in those either because they have not been well maintained, at least in NY State. Here we use very, very old lever-operated machines whose counters are often hard to read. In the last primary I caught a counting error made by the (by then very tired) poll worker. His count was off by 10 votes for one candidate and when I called his attention to it, he very willingly changed it. But it was an error due to the fact that our current machines are old and the counters are hard to read.

But to abandon a problematic technology for one that is completely unreliable and not open to public scrutiny is crazy. I think this is what is hard for people to understand. DRE/touchscreen machines make fraud not only possible but easier than with existing machines and makes fraud much harder to prove. These machines would, in essence, make our voting an act of faith rather than a fair, verifiable election. The PBOS/scantron technology is a cheaper and more reliable system. Even though problems can arise with this technology as well, ultimately it is verifiable. If there is fraud, it can be caught. With DRE/touchscreen machines, fraud can never be proven.

We cannot turn our vote into an act of faith. We need a voting system that is open to public scrutiny, has adequate security, and where a recount is possible.