Last updated on: 1/15/2009 | Author:

Princeton Study Challenges Security of Voting Machines, Manufacturers Fight Back


  1. Edward Felten, PhD, Finds Diebold Voting Machines Vulnerable to Attack – Sep. 13, 2006
  2. Diebold’s Response to Felten – Sep. 13, 2006
  3. Felten’s Rebuttal to Diebold’s Response – Sep. 20, 2006


I. Edward Felten, PhD, Finds Diebold Voting Machines Vulnerable to Attack – Sep. 13, 2006

Edward Felten, PhD, and two of his graduate students at Princeton University’s Center for Information Technology Policy, Ariel J. Feldman and J. Alex Halderman, released a paper on Sep. 13, 2006 titled “Security Analysis of the Diebold AccuVote-TS Voting Machine,”   which states:

“This paper reports on our study of an AccuVote-TS, which we obtained from a private party. We analyzed the machine’s hardware and software, performed experiments on it, and considered whether real election practices would leave it suitably secure. We found that the machine is vulnerable to a number of extremely serious attacks that undermine the accuracy and credibility of the vote counts it produces…

The main findings of our study are:

    • Malicious software running on a single voting machine can steal votes with little if any risk of detection. The malicious software can modify all of the records, audit logs, and counters kept by the voting machine, so that even careful forensic examination of these records will find nothing amiss…
    • Anyone who has physical access to a voting machine, or to a memory card that will later be inserted into a machine, can install said malicious software using a simple method that takes as little as one minute…
    • AccuVote-TS machines are susceptible to voting-machine viruses – computer viruses that can spread malicious software automatically and invisibly from machine to machine during normal pre- and post-election activity…
    • While some of these problems can be eliminated by improving Diebold’s software, others cannot be remedied without replacing the machine’s hardware. Changes to election procedures would be required to ensure security.”

Sep. 13, 2006 Edward Felten


II. Diebold’s Response to Felten – Sep. 13, 2006

Diebold Election Systems explained in their Sep. 13, 2006 “Diebold Election Systems Response to the Princeton University AccuVote-TS Analysis,”   a response to the Edward Felten, PhD, et al. paper:

“Three people from the Center for Information Technology Policy and Department of Computer Science at Princeton University today released a study of a Diebold Election Systems AccuVote-TS unit they received from an undisclosed source. The unit has security software that was two generations old, and to our knowledge, is not used anywhere in the country… By any standard – academic or common sense – the study is unrealistic and inaccurate.

The current generation AccuVote-TS software – software that is used today on AccuVote-TS units in the United States – has the most advanced security features, including Advanced Encryption Standard 128 bit data encryption, Digitally Signed memory card data, Secure Socket Layer (SSL) data encryption for transmitted results, dynamic passwords, and more.

These touch screen voting stations are stand-alone units that are never networked together and contain their own individual digitally signed memory cards. In addition to this extensive security, the report all but ignores physical security and election procedures. Every local jurisdiction secures its voting machines – every voting machine, not just electronic machines. Electronic machines are secured with security tape and numbered security seals that would reveal any signs of tampering.

Diebold strongly disagrees with the conclusion of the Princeton report. Secure voting equipment, proper procedures and adequate testing assure an accurate voting process that has been confirmed through numerous, stringent accuracy tests and third party security analysis. Every voter in every local jurisdiction that uses the AccuVote-TS should feel secure knowing that their vote will count on Election Day.”

Sep. 13, 2006 Diebold Election Systems


III. Felten’s Rebuttal to Diebold’s Response – Sep. 20, 2006

Edward Felten, PhD, in his blog, Freedom to Tinker, issued a rebuttal on Sep. 20, 2006 to Diebold’s response to his paper that analyzed the security of Diebold AccuVote electronic voting machines in which he states:

“We studied the most recent software version available to us. The version we studied has been used in national elections, and Diebold claimed at the time that it was perfectly secure and could not possibly be subject to the kinds of malicious code injection attacks that our paper and video demonstrate. In short, Diebold made the same kinds of claims about this version – claims that turned out to be wrong – that they are now making about their more recent versions…

Far from ignoring Diebold’s ‘normal security procedures,’ we made them a main focus of our study. The tape and seals are discussed in our paper (e.g., in Section 5.2), where we explain why they are not impediments to the attacks we describe. The main attack does not require removal of any screws. Contrary to Diebold’s implication here, our paper accounts for these measures and explains why they do not prevent the attacks we describe. Indeed, Diebold does not claim that these measures would prevent any of our attacks…

Our paper describes how the virus propagates (see Sections 2.2.2 and 4.3) via memory cards, without requiring any network…

We demonstrated these problems on our video, and again in live demos on Fox News and CNN. Common sense says to believe your eyes, not unsubstantiated claims that a technology is secure… If Diebold really believes its latest systems are secure, it should allow third parties like us to evaluate them.”

Sep. 20, 2006 Edward Felten

[Editor’s Note: Several attempts were made by to get a statement from Diebold regarding Dr. Felten’s rebuttal. An email was sent to Mark Radke, Director of Marketing, and David Bear, Public Relations Manager, on Sep. 26, 2006. A follow-up phone call and message were left for Mr. Radke on Sep. 29, 2006. Another email was sent to Mr. Radke on October 19, 2006. As of October 25, 2006, we have received no response to any of these inquiries.]


Related Links:

  1. Are Electronic Voting Systems Vulnerable to Hacking?
  2. Are Electronic Voting Machines More Susceptible to Fraud Than Other Types of Voting Machines?
  3. Should Electronic Voting Machines Have Voter Verified Paper Audit Trails?