Contact Center Industry News

[May 12, 2006]

Experts see new Diebold flaw: They call it worst security glitch to date in state's voting machines and a 'big deal'

(Baltimore Sun, The (KRT) Via Thomson Dialog NewsEdge) May 12--Computer security experts say they have found the worst security flaw yet in the oft-criticized touch-screen machines that Maryland voters will use in this year's elections, leaving one computer scientist to warn that the state should have "stacks of paper ballots" on hand in case of a complete Election Day breakdown.

The machines, made by Diebold Elections Systems, are "much, much easier to attack than anything we've previously said," said Avi Rubin, a Johns Hopkins University computer science professor who first cast doubt on the reliability of the technology in a 2003 report.

"On a scale of one to 10, if the problems we found before were a six, this is a 10. It's a totally different ballgame," he said.

The new problem is being described as an intentional hole left in the system to allow elections workers to update voting software easily. Instead of using pass codes or other security protocols, anyone with access to a voting machine could install new software that could easily disable a precinct full of machines, Rubin said.

Diebold officials say they are aware of the situation and, although they say any problem can be avoided by keeping a close watch on voting machines, they are developing a permanent fix.

Still, said company spokesman David K. Bear, "it's one more what-if scenario. ... It's becoming somewhat ridiculous."

Maryland elections officials said they have known about the latest concerns for two weeks and will have an independent security consultant look into them next week to ensure that the state's Diebold machines are safe.

"We are taking steps," said state elections administrator Linda H. Lamone. She said she is confident that the problem will have little effect in Maryland because of strict rules about who is permitted to handle voting machines in the state. "Everyone that has access to them has to undergo a criminal background check," she said.

Before the Diebold machines were distributed statewide about two years ago, questions arose about whether hackers might be able to get into the automated-teller-like computers and alter their software, allowing multiple votes, vote-switching and other problems.

Computer experts, including Rubin, said security measures were insufficient and poorly designed. Activists pushed to add a paper ballot component to the machines in case a recount was needed.

Still, the state moved forward and nearly every voter in Maryland used a touch-screen machine in the 2004 presidential election. There were few complaints or problems.

Gov. Robert L. Ehrlich Jr. called on the state this year to abandon its touch-screen machines, saying he had no confidence in the technology, in part because lawmakers adopted other voting changes such as early voting.

He put money into his budget to pay for optical scan machines, which were used in the state for years before 2004. The General Assembly did not approve a voting machine switch during this year's session, which ended last month.

Rubin said he fears that the latest security problem could be serious enough to cause an Election Day "meltdown" that could put precincts of machines out of action. He recommends that counties have a pen-and-paper alternative on hand as insurance.

Joseph M. Getty, the governor's legislative and policy director, called the newly disclosed security flaw "not really a new problem."

"It's the same problem of vulnerability to outsiders," he said.

Getty said the latest Diebold problem bolsters the administration's case against early voting, which was approved by the legislature last year. He said any security risk can be minimized in one day of voting but is multiplied when machines are in public use for six days.

Michael Shamos, a computer science professor at Carnegie Mellon University and a Pennsylvania voting machine examiner, pushed his state, which will have a primary election next week, to lay out strict new rules for installing software and sealing machines for safety.

"It's a big deal. It's a very big deal," Shamos said. "The good part is it's very easy to fix. You have to repair it. You can't just do nothing. ... It's not just like leaving the key to your door under the mat. It's like leaving the key dangling from a string" from the door.

The temporary fix, Shamos said, involves reinstalling the proper software just before the election, preferably in a public setting, then locking the machines to keep them from being tampered with before voting begins.

In 2004, Shamos testified on behalf of the state of Maryland in a suit filed by a citizens group asking a court to compel the state to address possible security problems and give voters the option of using paper ballots instead of the new machines. The state won.

"If I had known about this problem then, I wouldn't have had good things to say," he said.

The latest security hole was discovered by Finnish computer scientist Harri Hursti, who was doing work in Utah for Black Box Voting Inc., a nonprofit group that has focused on computerized voting.

Most computer scientists don't want to disclose too many details about the problem because they fear that would provide hackers with the tools needed to cause havoc during an election. They waited many weeks before making their findings public.

"We were worried the threat was so serious that if the details were to get out, someone could actually do it," Rubin said.

[ Back To Cloud Contact Center's Homepage ]


Featured Resources

Featured Report
Millennial Research on Customer Service Expectations

Millennial Research on Customer Service Expectations

The "why" behind this research is simple: our clients recognize that different generations bring different expectations, varied communication preferences and new customer service patterns to the customer experience...
Featured Report
Optimizing the Customer Experience through Cloud Contact Centers

Optimizing the Customer Experience through Cloud Contact Centers

Adoption of cloud contact centers is on the rise. Findings from Aberdeen's January 2014 'Public Cloud vs. On-Premise: How to More Effectively Deploy a Cloud Center' study shows that 31% of contact centers are deployed in the cloud, and our related blog post highlights that companies anticipate their adoption of cloud technology to rise further throughout 2014...
Featured Report
Aberdeen report

Aberdeen Report: Cloud for Mid-Sized Contact Centers – What You Must Know

Cloud Technology is opening new doors for many businesses. However, it does so only when it's combined with the use of best practices and key technology enablers. This document highlights the adoption of cloud technology by mid-size contact centers and illustrates the reasons driving their investments...
Featured Whitepaper
Aberdeen report

Seven Critical Capabilities to Demand From Your Cloud Contact Center Provider

To deliver a world-class customer experience, your contact center must be flexible and reliable, while providing all the tools agents and supervisors need to manage their workflows. Here are seven critical capabilities to look for when deploying a contact center in the cloud...
Featured Webinar

Contact Center Economics and the Cloud

Together, Bob and Drew will help you understand the economic value of upgrading technology, important business and financial considerations, and how to compare total cost of ownership of a premises vs. cloud or hosted solution. Watch the webinar on-demand now...
Featured Datasheet
Zipwire Cloud Contact Center

Zipwire Cloud Contact Center

The appeal of moving services to the cloud is obvious. Cloud services offer reliability and robust feature sets without the need to implement or maintain complex contact center infrastructure. The Zipwire™ cloud-based contact center allows businesses to leverage the flexibility and cost savings of cloud architecture while offering a seamless, first-class customer experience...