RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes

["David Querin" <david () securityage com>]

It seems these devices are illegally deployed, regardless.  They're not
upheld to the same Information Assurance requirements necessitated for other
governmental information technologies, including FIPS140-2 and Common
Criteria.  Instead, these electronic voting systems have been "approved" by
unnamed, unsupervised third parties with vested interests in these systems
being deployed.  It's absurd.

-----Original Message-----
From: Jaeson Schultz [mailto:jaeson () jaeson net] 
Sent: Wednesday, September 22, 2004 12:33 PM
To: pressinfo () diebold com; bugtraq () securityfocus com
Subject: RE: Diebold Global Election Management System (GEMS) Backdoor
Account Allows Authenticated Users to Modify Votes


How about providing the source code so we can see for ourselves?  Shouln't
the machines used for elections in a democracy such as The United States of
America be open to such review?  Just because you refute the existence,
doesn't mean that the "back doors" or "hidden codes" aren't there.  Only the
source code can prove that.  Why should we just take your word for it?

~Jaeson Schultz


-----Original Message-----
From: pressinfo () diebold com [mailto:pressinfo () diebold com] 
Sent: Tuesday, September 21, 2004 8:05 AM
To: bugtraq () securityfocus com
Subject: Re: Diebold Global Election Management System (GEMS) Backdoor
Account Allows Authenticated Users to Modify Votes


In-Reply-To: <20040831203815.13871.qmail () www securityfocus com>

Diebold strongly refutes the existence of any "back doors" or "hidden codes"
in its GEMS software.  These inaccurate allegations appear to stem from
those not familiar with the product, misunderstanding the purpose of
legitimate structures in the database.  These structures are well documented
and have been reviewed (including at a source code level) by independent
testing authorities as required by federal election regulations.

 

In addition to the facts stated above, a paper and an electronic record of
all cast ballots are retrieved from each individual voting machine following
an election. The results from each individual machine are then tabulated,
and thoroughly audited during the standard election canvass process. Once
the audit is complete, the official winners are announced.  Any alleged
changes to a vote count in the election management software would be
immediately discovered during this audit process, as this total would not
match the true official total tabulated from each machine.