In the latest criticism of the new Diebold touch-screen voting machines, a computer science professor claimed today that the same key that unlocks some office furniture and hotel mini-bars can be used to open the AccuVote-TS machine.
"The access panel door on a Diebold AccuVote-TS voting machine – the door that protects the memory card that stores the votes and is the main barrier to the injection of a virus – can be opened with a standard key that is widely available on the internet," Ed Felten, professor of computer science and public affairs at Princeton University, said today on his "Freedom to Tinker" blog.
Felten said he became aware of the problem when, after performing a demonstration concerning the security flaws of Diebold machines, a Princeton staff member, Chris Tengi, noticed the key that came with the voting machine was the same one he had at home.
"This seemed like a freakish coincidence – until we learned how common these keys are," Felten said. "Chris' key was left over from a previous job, maybe 15 years ago. He said the key opened either a file cabinet or the access panel on an old VAX computer. A little research revealed that the exact same key is used widely in office furniture, electronic equipment, jukeboxes and hotel mini-bars. It's a standard part, and like most standard parts, it's easily purchased on the internet."
This is not the first time critics have publicly questioned the security of the Diebold touch-screen machines. In May, nonprofit election watchdog group Black Box Voting said the devices are susceptible to hacker attacks.
Additionally, Felten and two graduate students authored a Sept. 13 paper, "Security Analysis of the Diebold AccuVote-TS Voting Machine," which states that the machines are vulnerable to viruses that can install malicious software that can spread automatically and invisibly from machine to machine, modifying records.
The paper claims that the AccuVote-TS machines are planned to be used in 357 counties this November, representing nearly 10 percent of the nation's registered voters.
Diebold spokesman David Bear could not be reached for comment this morning. He said in May that as long as proper access controls are in place at polling places, no malicious activity should occur.
Dave Byrd, president of Diebold Election Systems, blasted the Princeton report, saying in a statement that Diebold machines are secured with advanced encryption software.
"In addition to this extensive security, the report all but ignores physical security and election procedures," Byrd said. "Every local jurisdiction secures its voting machines – every voting machine not just electronic machines. Electronic machines are secured with security tape and numbered security seals that would reveal any sign of tampering."
The touch-screen voting machines, designed for increased accessibility and accuracy than traditional devices, became popular after the controversial 2000 presidential election. Diebold has since deployed some 100,000 units in Ohio, Georgia, California, Mississippi, Maryland, among other states, Bear said.
Click here to email reporter Dan Kaplan.