BlackBoxVoting News Release - March 18, 2006

By Joseph Holder

This will explain to some of you who were wondering why I was questioning the efficacy of the mandated security mitigations for use of the Diebold TSx in California elections.

We know that because of the logistical nightmare of distributing thousands of TSx machines to various polling locations (i.e. San Diego County has around 10,000 units), many counties send home the units with poll workers up to 2 weeks prior to the election. We also know that many times units are left unattended overnight prior to the election. We also know from the examination done last week in Utah that it only takes 60 seconds to seriously compromise a voting system.

Part of the mitigation in Secretary McPherson's certification with conditions was to secure the memory card from physical contact by an unauthorized individual. Unfortunately that mitigation was suggested by the VSTAAB team without having an actual AccuVote TSx unit in front of them. They therefore did not know of all the various electronic pathways to the memory card. Given that the memory card can be accessed electronically other than by actual removal, the physical isolation of the memory card gives a false sense of security.

I searched the conditions attached to the certification and did not find any reference to protecting access to the TSx unit itself, especially prohibiting sending the units home with poll workers prior to an election. Given the following information, it is obvious that any person given physical possession, or access to a AccuVote-TSx, can easily bypass any security tape and access the memory card through another communication port. Of course this form of attack only deals with the vulnerability of the memory card to attack. It does not address the ongoing discovery of the many other vulnerabilities revealed this last week in Utah.

The key portions of the following email that addresses the multiple methods of accessing the memory card are:

Connectivity The method of loading election data onto the AccuVote-TSx’s PCMCIA Flash Card will be by means of a modem or LAN/WAN/wireless card plugged into the PCMCIA slot.

"We're going to have problems on Election Day, and we're just going to have to work through them," he said.

Internal modem The AccuVote-TSx modem is a daughterboard module that is configured at the point of manufacture.

2.2.1.2.3. Communications structure AccuVote-TSx units are capable of communicating with other AccuVote-TSx units as well as with the GEMS host computer. The AccuVote-TSx may transmit data either by wireless or wireline modem, local area network, or directly, over a RAS connection.

The AccuVote-TSx communicates with the GEMS host computer in order for memory cards to be programmed once ballot artwork has been completed.

Memory card programming is conventionally performed over a local area network, the GEMS host computer being connected to one or more AccuVote-TSx units over a hub.

5. PCMCIA: The processor communicates with the PCMCIA connectors directly via a processor interface.

6. VIBS Keypad: The processor communicates with the VIBS keypad over a serial RS232 interface via external UART.

7. Touch screen: The processor communicates with the touch screen over a serial RS232 interface via external UART.

8. Modem: The processor communicates with the modem over a serial RS232 interface via external UART.

Begin forwarded message:


From: Joseph Holder
Date: February 23, 2006 12:33:41 AM PST
Subject: Some early TSx technical information

I did not find any reference in any of the hardware specifications that the current Diebold DRE, the TSx, has an infra-red port still. It does have a serial port, internal modem, as well as a second PCMCIA card slot.

These are the claims made to the ITA by Diebold in their submission of the original TSx in 2003. They would essentially be relative to the TSx machines delivered to San Diego, Solano, San Joaquin, and Kern County in California.

Improper data entry/retrieval

No input is possible to the AccuVote-TSx unit other than by means of:

1. touching the touch screen,

2. operating a numeric keypad, which is used in conjunction with the voting of an audio ballot,

3. operating a keyboard, which may be used optionally if and where the entry of numeric information is required. No other functionality is available to the AccuVote-TSx other than that offered by the Ballot Station firmware, which provides access to permissible functions only. On election day, the only function available to the unit is the voting and casting of a ballot, and at the close of the election, ending the election. The Ballot Station includes no functions which allow for the improper entry or retrieval of data. [We know from other sources these claims are not accurate or are spun in such a way as to distort the truth].

The following comes from a Diebold System Overview Document submitted to the ITA, January 2003. It would be accurate for the TSx machines that were delivered to the 4 California counties at that time. It is unknown how accurately these statements reflect the current TSx voting system.

Connectivity The method of loading election data onto the AccuVote-TSx’s PCMCIA Flash Card will be by means of a modem or LAN/WAN/wireless card plugged into the PCMCIA slot.

Internal modem The AccuVote-TSx modem is a daughterboard module that is configured at the point of manufacture.

Interfaces: The AccuVote-TSx motherboard interfaces with the: • power • battery • LCD • inverter for the LCD • touch screen • printer • smart card reader • VIBS keypad • VIBS headphones • modem • PCMCIA (2)

2.2.1.2.3. Communications structure AccuVote-TSx units are capable of communicating with other AccuVote-TSx units as well as with the GEMS host computer. The AccuVote-TSx may transmit data either by wireless or wireline modem, local area network, or directly, over a RAS connection.

The AccuVote-TSx communicates with the GEMS host computer in order for memory cards to be programmed once ballot artwork has been completed. Once the election has ended, results from individual AccuVote-TSx units are accumulated to a single Accumulator AccuVote-TSx unit at the polling location, and following the completion of accumulation, results are uploaded to the GEMS host computer. The AccuVote-TSx functions on a strictly stand-alone basis in the course of voting.

Memory card programming is conventionally performed over a local area network, the GEMS host computer being connected to one or more AccuVote-TSx units over a hub. Vote center/machine Id combinations are queued on the AccuVote-TS Server v2 console in GEMS, and downloaded to memory cards installed in one of the AccuVote-TSx units designated for memory card programming.

Results accumulation is performed at polling locations featuring more than one AccuVote-TSx unit. Accumulation may be performed using wireline or wireless transmission. In order to perform wirelinebased accumulation, memory cards are removed from all AccuVote-TSx units at the polling location, physically installed on a one-by-one basis into the PCMCIA slot of the Accumulator AccuVote-TSx unit, and loaded into the Results Accumulator. In order to perform wireless accumulation, a wireless modem card must be installed in each AccuVote-TSx prior to accumulation. Initiating the loading function on the Accumulator unit automatically accumulates results from all active units at the polling location.

Results uploading to the GEMS host computer may be performed by modem from the polls, or memory cards returned to election central for uploading over a local area network. Uploading from the polling location involves connecting a telephone cable to the Accumulator AccuVote-TSx unit, then uploading accumulated results to the host computer. Once results have successfully been uploaded, all of the vote center’s memory cards listed in the AccuVote-TS Server v2 console are tagged as uploaded.

Memory cards returned to election central for uploading, on the other hand, are installed in an AccuVoteTSx unit designated for results uploading, installed in local area network configuration with the GEMS host computer. Every successfully uploaded memory card is marked in the AccuVote-TS Server v2 console as uploaded.

2.2.1.4.2. Operating system This section describes functional relationships between system components and the operating system. • Communications with GEMS: Communications with GEMS, both download and upload, is done via network sockets using TCP/IP. The physical connection is usually done using a PPP connection over a serial connection, either via a direct serial port connection or a modem connection.

2.2.1.4.3. Device components This section describes functional relationships within hardware components of the AccuVote-TSx.

Printer: The processor communicates with the printer over a serial RS232 interface via external UART.

2. Smart card: The processor communicates with the smart card reader over a serial RS232 interface via external UART.

3. Audio: An AC 97 digital interface presents AC 97 compliant Codec output to the headphone jack and amplifier for speaker.

4. Video: The processor bus communicates via a Graphics Engine to a DVI transmitter/receiver pair, then on to the LCD TFT display.

5. PCMCIA: The processor communicates with the PCMCIA connectors directly via a processor interface.

6. VIBS Keypad: The processor communicates with the VIBS keypad over a serial RS232 interface via external UART.

7. Touch screen: The processor communicates with the touch screen over a serial RS232 interface via external UART.

8. Modem: The processor communicates with the modem over a serial RS232 interface via external UART.

9. RAM Memory: RAM memory communicates directly with the processor bus.

10. Persistent Storage: Persistent storage consists of NOR technology, and is connected directly to the processor bus.

11. Real-Time Clock: The real-time clock connects directly to the processor via the Synchronous Serial bus interface.

12. System Power Management: System Power Management connects directly to the processor via Inter-Integrated Circuit interface emulating a System Management bus (SMBus) protocol.

COTS hardware and software products used in the AccuVote-TSx include the following:

• Windows CE operating system • Sharp TFT LCD LQ150X1DG11 • ELO LCD Panelmount touchmonitor 1567L • TDK DC AC connector (inverter for display backlight) • Socket Communication ethernet PCMCIA card 8510-00093C with CF to PCMCIA adapter 852000025 • Wireless LAN card Orinoco/Proxim PCMCIA Card • Sankyo smart card reader Model ICM0A0-0130 • AT Flash Card (election media) Sandisk Industrial grade (Part# SDP3B-128-101-80 for the 128MB card) • Headphones •Printer engine Citizen MLT-289


STAY INFORMED. Please join "Utah Count Votes" email announcements list
elections-subscribe@utahcountvotes.org
UtahCountVotes.org HOME
kathy@utahcountvotes.org
ElectionMathematics.org
ElectionArchive.org
Kathy Dopp's Blog
435-658-4657