SOL :: Princeton report into voting security

The Diebold AccuVote-TS voting machine in the Princeton lab

Scientists Reveal Electronic Voting Security Flaws

Although a growing number of direct recording electronic (DRE) voting machines are being used in U.S. elections, manufacturers have never made the machines available for independent third-party testing. Recently, however, a team of Princeton scientists gained access to a Diebold DRE voting machine from an undisclosed source. In September, the Princeton team, led by Edward W. Felten, Professor of Computer Science and Policy Studies, released the results of their independent security testing on the Diebold machine.

The researchers designed a vote-stealing program that can be installed on the machine in less than one minute by anyone who has access to the machine or to the DRE memory cards. The vote-stealing program can be spread to other machines through memory cards and is undetectable. The Princeton team also designed an easily installed denial of service program that, when triggered, crashes the voting machine and erases all its vote records.

The machine the researchers examined was the AccuVote-TS, the very machine about which Diebold said, in 2003, “The assertion that there are any exploitable attack vectors is false. The implication that malicious code could be inserted into the system is baseless.” Just as the researchers had predicted, Diebold issued a similar response to the Princeton report.

The Princeton team concludes that paperless DRE machines have serious security vulnerabilities, and that making them safe “will require safeguards beginning with a voter verifiable paper audit trail and truly independent security evaluation.”

— Doug Pibel

Full text of the Princeton report, as well as Diebold's response and the researchers' rebuttal.