BBV details the latest worst security flaw ever detected.

Here's the BBV take on the latest unbelievable security flaw, apparently a different flaw (as explained to me in the other thread dealing with this issue) from the one that had Avi Rubin et al. up in arms a few months ago. www.blackboxvoting.org

What in God's name is it going to take to wake the elections official up to what's coming down?

The Georgia and Maryland touch-screens are older than the TSx machines that Black Box Voting's Hurst study found "nuclear bomb" sized defects in. The older Diebold TS (R6) voting machine now stands as the most stunning failure to date of the federal and state certification processes.

Printed right on the motherboard of the unit is a manual for vote fraud.

The instructions for swapping from one bootloader to another are obvious to anybody with even moderate personal computer experience. A single Diebold TS machine is now in private hands and photographs of the internals have just been posted to here:
http://www.openvotingfoundation.org/ts/

Background:
Black Box Voting conducted studies with Harri Hursti and an expert from Security Innovation, who did a biopsy on the newer Diebold TSx voting machine in Emery County UT earlier this year.

http://www.blackboxvoting.org/BBVtsxstudy.pdf
http://www.blackboxvoting.org/BBVtsxstudy-supp.pdf

The core of their findings was that the software on the unit could be replaced in it's entirety or at any of several key points, in all cases without any validation of the authenticity of the code in question. This was soon declared "the worst voting system security issue to date" by addition experts in and out of the certification process, including David Dill, Doug Jones and Barbara Simons (http://www.truthout.org/docs_2006/072506C.shtml) and Dr. Michael Shamos of the Pennsylvania state certification panel (http://www.votetrustusa.org/index.php?option=com_content&task=view&id=1281&Itemi d=51).

The older model, the TS (used statewide in Georgia and Maryland) may be as bad or worse.

With the TS, it is still possible to do total-code-replacement such as the Black Box Voting studies with Hursti and SI found. But an attacker might not even need to bother. Instead, they would use motherboard switch settings on the TS to alter which area of memory the TS boots from, knowing that the machine can be switched back to the "certified" code set at any time with no tools required other than a standard Phillips screwdriver.

The TS motherboard has a chart showing how to set the machine to boot from any of three memory locations:

* Internal Flash – this is similar to the TSx and is apparently how the machine was set from the factory. In this switch position the machine acted like a Diebold touchscreen voting machine as has been shown in demos, official manuals, certification documents and the like.

* EPROM – in this switch position, the screen came up in a different color pattern, a copyright notice by BSquare Corporation and ends with "about to sync parallel port". Apparently, in this "mode" the machine wants to read data from the parallel port on the motherboard, normally used as a printer connection but likely capable of 2-way ("bi-directional") data transfer. Not having a set of files to load via the parallel port, we don't know what was intended for this mode but if it wants input, somebody could give it some.

(For those technically familiar with the Hursti-SI Emery County report, this appears to be an alternate bootloader, and hence a very dangerous bit of code that has no business being in the unit at all, let alone switch-enabled and live.)

* External Flash – potentially the most troubling. The motherboard has a large white internal memory slot labeled "external flash memory", probably the memory location this switch setting would point to. PCMCIA-based flash memory is also a possibility. Either way, new code running on extra added memory that fits in a vest pocket appears to be able to completely change the functionality of the machine and at any time could be removed and the switches set back to make it a normal certified setup with all traces of the modifications eliminated.

THIS IS YET ANOTHER INDICTMENT OF THE CERTIFICATION PROCESS

Anyone at the Federal or state level who had looked inside the TS would have caught this in seconds and at a minimum, demanded that the switches and jumpers be glued and sealed in the certified direction. (Which would still leave the "Emery County style" attack available.)

These so-called professionals are asleep at the wheel. Every last one of them. Nobody who approved the TS as a voting technology should keep their jobs and the entire concept of "certification" that approved this nightmare must be rethought.

The Open Voting Consortium's solution is to throw all the source code open and let the "geeks of America" collectively probe these things.

Black Box Voting's position is that, after spending billions of taxpayer dollars on junk, it is time for Watergate-style hearings.

The current voting machine fiasco in the United States involved bribes, corruption and collusion. Citizens long to hear their representatives ask the tough questions. Citizens want the perps held accountable.

We need to know how this happened in the first place -- under oath and with subpoenas, in bipartisan hearings with tough questions.

The collective will to enact real solutions, which must include citizen oversight every step of the way, will only appear when citizens can see the full extent of the failures in our electoral procurement process exposed, and those who are responsible must be held accountable.