States and local jurisdictions did not take sufficient action to
Black Box Voting has provided the following to VoterAction.org for its
litigation. This will become a public record via the litigation filed
by Lowell Finley. Because public officials who have received the
unredacted reports have failed to take this risk seriously and arrange
for appropriate mitigations, and because Black Box Voting believes
this information is of critical public interest for pending litigation
and citizen actions, we are releasing it publicly now.
HERE'S AN INFORMAL SYNOPSIS OF THE UNMITIGATED RISKS IN THE DIEBOLD
A huge risk to the integrity of elections is a contaminated
bootloader. Here's why: If you own the bootloader, you own the
machine. The source code for the TSx, along with the technical data
package, have been publicly released since 2003. Estimates are that it
would take approximately three months for a reasonably skilled
programmer to design a working malicious bootloader.
You cannot clean a maliciously designed bootloader with the
mitigations performed so far by state officials (replacing programs
via memory cards).
HERE ARE SOME SPECIFIC PROBLEMS WITH THE DIEBOLD BOOTLOADER:
1) It appears not to have been examined by the Independent Testing
Authorities (ITAs). Therefore, we don't even know whether the original
bootloader contains malicious code.
2) There appears to be no authentication procedure when installing
"clean versions" to ensure that the code is the same as that which was
examined by the ITAs (and in this case, the ITAs didn't even examine
3) There is no forensic test that will reveal a malicious bootloader
4) Because of the design of the Diebold TSx machine, a malicious
bootloader can be installed at any time from factory installation to
the election itself. Once a bootloader is contaminated, it can control
the machine permanently.
A contaminated bootloader, especially in combination with other
security issues in the TSx, has the potential to allow manipulation on
an election-by-election basis, at any time during the election cycle
and even years in advance of the election.
5) The Diebold TSx machine's motherboard contains a JTAG connection
which can be used to take control of the motherboard. Although you
cannot reliably clean a malicious bootloader by reinstalling it with a
memory card, you can install a pristine version using the JTAG cable.
However, there appears to be no pristine version of the bootloader,
since it has never been examined by the ITAs.
6) Unfortunately, the JTAG connector can be used to overwrite a
so-called authentic and proper bootloader with a malicious one. Thus,
even if a so-called pristine bootloader is installed via the JTAG
connector, the same connector can be used to replace that one with a
new one at any time.
7) In order to access the JTAG connection, you must pop open the case
to the TSx tablet. Unfortunately, the case on the TSx is designed with
no security. You can open it by unscrewing 8 standard phillips head
screws, access the JTAG connector, replace the bootloader and control
the machine for the rest of its life, despite L&A tests,
reinstallations of "clean" copies via memory cards or network
8) TSx machines in California -- 10,000 machines in San Diego alone --
were sent home for "sleepovers" with poll workers in back in 2004,
when they were used for the March primary election. Over 1,000
machines originally used in Solano County, Calif, are now being used
in Johnson County, Kansas. The TSx machines are now being used
throughout the states of Mississippi, Utah, in dozens of Ohio
counties, and in many high-population California counties. A case can
be made that the Diebold TSx machine will dictate control of the U.S.
congress in November.
The sleepovers broke chain of custody. The combination of unsecured
cases with the ability to quickly alter the bootloader using the JTAG
connector means these machines cannot be considered "trusted" until
proper mitigations are done.
- The "official" bootloader needs to be sent to the ITAs for
examination, as well as provided to state voting machine examiners.
- An authentication device needs to be used to make sure that this
bootloader code, once examined by test labs, is the authentic version
of the code
- Once this is done, each of the cases needs to be opened and an
authentic clean bootloader installed using the JTAG cable.
- After this is done, the cases need to be sealed with tamper-evident
mechanisms. Note that "tamper evident" tape is quite different from
"tamper resistant" tape. Tamper evident tape should leave an indelible
mark if removed.
Note that the TSx tablet is stored inside a case, and is also seated
in the case during elections. It may be difficult to observe whether
the tablet has been opened -- even with tamper evident mechanisms --
unless it is removed from the case.
- Due to the severity of this security defect, and the deceptiveness
with which Diebold Election Systems has handled this situation, all
citizens who vote on these machines should be able to see for
themselves that the proper mitigations were done and that the case has
not been opened. This means:
a. The ITA review of the bootloader code should be done immediately
and the report should be made public.
b. The authentication methodology should be identified to the public.
c. The opening of the case and the installation of authentic, approved
bootloaders should be publicly announced and viewable by the public.
This process should be performed by public officials, not by Diebold
d. The sealing of the case should be publicly viewable.
e. The case should be sealed in such a way that poll workers and the
public can verify that cases have not been opened when the machines
are deployed on election day.
IN A SANE WORLD, THESE MACHINES WOULD BE RECALLED.
According to recent PBS coverage, the reason NASED and/or the EAC have
given for failing to require a recall of the Diebold TSx is that it
would involve a lot of litigation and trouble.
It would not, of course, require litigation if Diebold initiated it.
Also, when you pop the tablet casing open, you can also pop out the
modem and install another device in place of the approved modem. You
can also insert an SD card wireless card in the slot.
Problems with sealing the case after delivery:
- Elections officials don't know if the legitimate modem or a wireless
modem is inside the case
- Elections officials don't know if there is an SD wireless card in
- The only way to find out is to open the case, which invalidates the
HERE ARE THE UNREDACTED HURSTI REPORTS:
HERE IS THE CONFIGURATION GUIDE:
HERE IS THE SOURCE CODE (Diebold will claim it is "old" of course)
JTAG closeup (Section E4)
Closeup of SD card slot:
Closeup of modem (underneath it are piggyback connectors,
unfortunately we did
not get a photo of them)
HERE IS THE FIRST BATCH OF PHOTOGRAPHS:
Small versions will be uploaded in a day or two and will be appended
THE SYNOPSIS OF THE BOOTLOADER ISSUE WAS WRITTEN BY BEV HARRIS AFTER
CAREFUL REVIEW OF THE VIDEOTAPES AND INTERVIEWS WITH HARRI HURSTI AND
SECURITY INNOVATION. IF YOU SPOT ANY TECHNICAL CORRECTIONS OR SEE A
STATEMENT THAT REQUIRES FURTHER QUALIFICATION, PLEASE NOTIFY US AND WE
WILL EVALUATE AND ISSUE AN APPROPRIATE CLARIFICATION OR CORRECTION IF
Permission to reprint granted, with link to
* * * * *
Black Box Voting is a nonpartisan, nonprofit 501c(3) elections
watchdog group funded entirely by citizen donations. To support our
work, click to http://www.blackboxvoting.org/donate.htmlor mail to:
Black Box Voting
330 SW 43rd St Suite K
Renton WA 98055