EXACTLY WHAT YOU DON'T WANT: YOUR ELECTIONS ON DIEBOLD'S SERVER

No fan of BBV but this may be worth looking into


NEW CONSUMER REPORT --
EXACTLY WHAT YOU DON'T WANT: YOUR ELECTIONS ON DIEBOLD'S SERVER

Black Box Voting has obtained information on a new product that
Diebold will try to sell to elections officials. The "AccuProject"
election management software seems like a fine idea, until you
look at the feature which seems to involve keeping your sensitive
elections documents on Diebold's server. Do you really want the
Diebold guy this close to your elections as they are prepared,
planned, and carried out?

14-page internal Diebold document about the new product:
http://www.bbvdocs.org/diebold/accuproject.pdf

"File Upload Application -- Web-based storage and delivery"

A chart depicts the kinds of files to keep on the Diebold
server: "gbf" files (GEMS central tabulator files containing
ballot configuration, passwords, and vote data); ballot proofs,
and "DIMS extracts" (Voter Registration database information).

What the literature does not mention is that the above files
could provide Diebold with information on everything needed to
fudge an election ahead of time.

The system allows for uploading files up to 200mb, with
SSL/role/PGP security.

The security of this system (from Diebold) appears to depend
entirely on where the private key is stored, and how the PGP
is implemented in this system. PGP can be used in correct or
incorrect ways. Based on this documentation, we do not know
anything about how the keys are handled, nor how much access
Diebold will have to our elections.

What we do know is that many elections jurisdictions are not
sufficiently staffed with IT personnel, nor sophisticated about
such matters, and are likely to trust Diebold to take care of
their files for them.

"Both project managers and state officials can view election
progress across all areas of responsibility" documents state,
indicating that this software may be aimed at less local
control, more state involvement in election management.

Documents also hint at continued, or even greater roles that
Diebold can play to manage local elections.

"Everything seems to be in perfect order. Thanks, Diebold!"
says a task panel, leading one to wonder just who is talking
to whom. If local elections officials are managing their own
elections, why is Diebold inside their project planner viewing
thank-you notes?

This product underlines two troubling trends:

1) Even more privatized control of public functions, now to
include the storage of public files on servers held by a
private company

and

2) A strange myopia about the fact that major security breaches
tend to come from inside. By placing security-sensitive documents
onto a server owned by a private company in Ohio, the number of
inside access participants may increase to include Diebold.

The AccuProject product appears to fall into an unregulated area
of elections, requiring no certification and very little scrutiny.

is Diebold's Corporate creed... (not kidding)

http://www.diebold.com/aboutus/newbrand/default.htm

up,I think we can all agree, we have to put a stop to corporate America counting our votes. The machines got to go.


Keep spreading the truth !