quote:Harris has found critical flaws in Diebold's voting software, and she's uncovered internal Diebold memos in which employees seem to suggest that the vulnerabilities are no big deal. The memos appear to be authentic
I have to say I'd be more concerned if a) this wasn't from salon and b) they told us what these "critical flaws" were.
quote:its manufacturer is run by a die-hard GOP donor who vowed to deliver his state for Bush next year.
quote:But according to Bev Harris, a writer who has spent more than a year investigating the shadowy world of the elections equipment industry, the replacement technologies the court cited may be worse -- much worse
quote:The problems Harris found in Diebold's system are perhaps the best proof yet that electronic voting systems aren't ready for prime time
It seems to me that they really are getting pretty doomsdayish for an article whose only proof is a set of "internal memos" that say the problems aren't very bad.
posted
Except that one of the problems that the memos say "aren't that bad" is the fact that anyone with access to the computer can change the vote totals without leaving a record.
Even if we assume that everyone involved has the purest of motives and would never dream of rigging an election, having no way of verifying or recounting the actual votes is a bad thing. If my state were considering this system I'd be raising a fuss. Not becasue I think there's any sort of conspiracy, but because I think legitimate voting systems must be auditable. These aren't.
Posts: 9866 | Registered: Apr 2002
| IP: Logged |
posted
I clicked through for the Day Pass. As a note that is a bit tedious, but its free.
They go into more depth about the problems if you read the whole article.
Here are some relevant bits. Just as a note some of the formating was lost in the paste. It is a question answer interview deal.
quote: Tell me about the flaw you uncovered in the Diebold system.
Well, we uncovered a few problems in the memos, but the first one that we published specifically supported the flaw that I wrote about in July of 2003. And to my surprise these memos admitted they were aware of the flaw, and it was actually brought to their attention by Ciber labs -- which is a certifier -- in October 2001, and they made a decision not to fix it.
So it was brought to their attention two years ago?
Right.
So what was the flaw?
Specifically the flaw was that you can get at the central vote-counting database through Microsoft Access. They have the security disabled. And when you get in that way, you are able to overwrite the audit log, which is supposed to log the transactions, and this [audit log] is one of the key things they cite as a security measure when they sell the system.
So you can break in and then hide your tracks.
You don't even need to break in. It will open right up and in you go. You can change the votes and you can overwrite the audit trail. It doesn't keep any record of anything in the audit trail when you're in this back door, but let's say you went in the front door and you didn't want to have anything you did there appear anywhere -- you can then go in the backdoor and erase what you did.
Who would have access to this? Are we talking about elections officials?
A couple situations. Obviously anybody who has access to the computer, whether that's the election supervisor, their assistants, the IT people, the janitor -- anybody who has access to the computer can get into it.
Where is this computer -- is there one per county?
Yes, there's one per county.
The other situation would be supposing someone gets in by either hacking the telephone system or by going backwards in through the Internet, because the Internet does connect to these GEMS computers, even though they deny it. A lot of the press watches election results come in on the Web and what they're watching is actually being uploaded directly off the GEMS computer.
These computers in the counties are connected to the Internet, and someone can go through the Internet --
-- and just go into it, correct. It would be as the results are uploading. You see, they make a big point of the fact that there's no Internet connection to the voting machine, but that's sort of parsing the issue. That's true, in the polling places there's no Internet connection, but the voting machines connect into the GEMS machine through modem. And the GEMS machine then connects to the Internet, and that's what the press watches.
And somebody who knows about this can go to each one of those GEMS machines and have access to the vote and change the results?
Yes, as they're coming in.
What led you to believe that there might be this flaw in the first place?
Well I work with about 22 computer programmers who have been looking at this stuff -- I'm not that brilliant. Immediately when they began looking at the GEMS program they began commenting on the fact that it has no -- it's something called referential integrity. And what that means is that there are many different ways that it can become vulnerable to hacking. It has to do with how one part of the database is hooked into the next part.
I got a call from one of our more brilliant computer programmers -- he's got quite a few advanced degrees -- and he called me on a weekend and he said, "I want you to go to your computer." And he walked me through it just like a support tech does -- open this panel, click this, do this, do that. And as I'm doing this it was appalling how easy it was. Once you know the steps, a 10-year-old can rig an election. In fact it's so easy that one of our activists, Jim March in California, put together a "rig-a-vote" CD. He's been going around showing it to elections officials, and now this CD has been making its way to Congress members.
It's shocking. All you do is double-click the icon. You go backwards through the Internet to that county computer, and if you have Microsoft Access on your machine you can walk right into that election database while it's open. It's configured for multiple access at the same time. You can be in there changing things and you can change anything you want.
There's nothing -- no security in this?
No, in fact in the memo, [Ken Clark, an engineer at Diebold] says specifically that they decided not to put a password on it because it was proving useful. They were using the back door to do end runs around the voting program. And he named two places where they were doing this, Gaston County, N.C., and King County, Wash.
Right, in the memo he says, "King county is famous for it. That's why we've never put a password on the file before." What does that mean? Why would the counties find this useful?
I have no idea what they were doing. [But] because you can change anything on the database, they could have been doing anything, whether it was nefarious or just fixing a stupid thing that they had done. The problem is this: You should set up the program so that anything you do is going to be recorded and watched and audited -- it's official. There's nothing you can do that's legitimate by going into a back door that never records anything. If you need to go change some vote total because they came out wrong, that needs to be done publicly and the candidates should be aware of it. You don't do that by going into a back door.
posted
So Microsoft is linked with voter fraud. Finally, Bill Gates' intention to rule the world is becoming clear.
Posts: 3056 | Registered: Jun 2001
| IP: Logged |
posted
The flaws are incredibly serious. The researchers found exposed source code for the application running on an unsecured ftp server. The version number for the source code was the same as that which has been certified for use in elections. The source code allowed arbitrary changes to be made to the election results both on site in the voting booth (with a hand held computer interfacing to the built in interfaces on the hardware provided) and by anyone with a few seconds of access to the machines recording the votes after the votes had been taken, and in such a way that the changes would be undetectable by the audit procedures for electronically counted votes.
Posts: 15770 | Registered: Dec 2001
| IP: Logged |
posted
Yeah, Hobbes, please, next time read the article completely; the flaw (at least, one of them) is documented in the interview. Of course, honestly I'm surprised they can get away with disclosing as much as they did. Copyright laws such as they are these days likely give Diebold a good case against this journalist.
Some of the conspiracy stuff just seems like hearsay and idle speculation, mind you, but it is still worrisome.
I'm just glad that all my votes have been optical scan systems (connect the arrow types).
posted
Just to let you nay-sayers know, NPR has been reporting on this for several months, it's also been picked up by the New York Times, and various other major news organizations.
The fear over the abuse of electronic voting isn't partisan ax grinding, but a major technological concern. What's so disturbing are the reactions of the manufacturers of these devices and the public officials who support this stuff.
There has never been a time when the transparency of the open source community was ever more necessary.
Posts: 4482 | Registered: May 2000
| IP: Logged |
posted
I couldn't read the whole article since I'm not a member and I really don't like their "one day pass" system. I retract what I said since I guess it's covered in the rest of the article though.
posted
here's the truely suspicious stuff which was on page two of the article
quote:OK, so we should talk about how Diebold responded to your posting these memos.
As soon ... a few days after we posted them they sent us a cease-and-desist letter -- interestingly authenticating the memos and laying claim to them, telling us that they were copyrighted. So they claimed copyright and they told us to take them off the Web.
Right. By claiming copyright they're saying they own them, so that seems to indicate they are authentic memos.
Exactly.
So what's your response to their copyright claim?
Well, I don't believe you can protect intent to break the law by slapping a copyright on it. And the memos that we posted show that the law has been broken. If you can protect intent to break the law, all anybody would need to do is take their bank robbery plans and put a copyright on it, and then say nobody can look at them because they're copyrighted.
Do you really think that their memos show intent to break the law?
Oh yes, yes. The Ken Clark memo is absolutely clear. It says they have been aware of these security flaws for years and they have chosen not to correct it. He says something to the effect of, find out what it will take to make this problem go away. [Referring to a voting equipment certifier, Clark tells a colleague to "find out what it is going to take to make them happy."] He says if you don't mention [a problem] you may "skate through" certification. And talking about doing "end runs" is not a good thing either.
And what's disturbing is the very same thing that these memos are talking about -- overwriting the audit log -- in the presentation in which they sold their machines to the state of Georgia they specifically bring up the audit log and say that no human can change it. This shows they made fraudulent claims, frankly.
There's a thing called a Qui Tam suit which citizens can file if they feel that federal money has been spent based on fraudulent claims. I haven't done it because it gives you a gag order and I refuse to be gagged even for billions of dollars, but these things are wide open for such a thing. If you go and look at the sales documents, they made one claim after the next.
So because the memos show what you say is clear intent to break the law, that's why you don't think that they have a valid copyright claim.
Well, the other issue is an overriding public interest. We are told that we are to depend on these systems in 37 states and yet they are admitting that they are easy to tamper with.
Are you going to respond to them?
Well, these memos are on the Web in so many locations that we took them off and put a link to someone else who put them up. So that fulfills our requirement under the law.
But do you know if it's possible for you to face any --
-- any retaliation? It's certainly possible that they will try retaliation, and if so I will use the full extent of the law available to me for full discovery of everything. And I think that going through discovery will become a very uncomfortable process and perhaps put some people in jail ... Not on our side, by the way.
At this point activists are now taking these memos from various places on the Web into their state attorneys general and asking for an investigation, and since Diebold has now authenticated them it's no longer, "I found this on the Web," it's, "I found this on the Web and Diebold says they wrote them."
When Diebold is put to greater scrutiny, won't the elections officials say, "We won't go with Diebold, but we'll use touch-screen systems from this company or this company?"
Well, I think that won't fly in the long run because the same illness is afflicting all of them, and that is that they are not auditable and secret. The solution is pretty simple and obvious, and that is to get properly auditable machines. A lot of the security stuff goes away -- the most bulletproof system that I know anyone has come up with is one that is a touch screen but then prints a ballot that the voter verifies.
Whatever the software is doing, if you have something with a really bulletproof audit -- the voter verifying the paper, and the computer tally -- if those two things match, you've got a pretty good confidence level.
If Diebold, ES&S and Sequoia want to come up with a nice paper trail, voter-verified paper trail that's a touch screen, I'm supporting them. But right now they're fighting it tooth and nail.
How are they fighting it?
For one thing they had a meeting on Aug. 22 -- the voting machine manufacturers and the Election Center [a nonprofit management division of the National Association of State Election Directors, which handles part of the voting-machine certification process] and a lobbyist. The whole purpose of this meeting was to try to get the public to figure out how to accept machines without a paper trail.
How did you find out about this meeting?
Actually, this is kind of funny. My publisher found out about this. It was a teleconference and he just called in under his own name and nobody asked him where he was from, and he sat in on the whole meeting. [Harris' publisher, David Allen, posted notes on the meeting on his Web site.]
The meeting had quite a few things of concern in it. They were being told that as an industry they had to come up with $200,000 in seven days in order to come up with a P.R. campaign to whitewash their P.R. problem, as they put it.
So apparently they feel they have a problem?
Yeah, they do. And in this particular meeting, one of the things they discuss is, they say, "Now we need to make sure the press never finds out this because we don't want them to know we have a problem." [According to David Allen, Harris Miller, the president of the Information Technology Association of America, said, "We just didn't want a document floating around saying the election industry is in trouble, so they decided to put together a lobbying campaign."]
Was there anything discussed about addressing the problem?
Absolutely, what they want to do is not fix the problem, but they agreed to fix the perception of the problem.
Did they indicate what they thought would be a problem with printing paper ballots?
No. It was a foregone conclusion that we don't want paper.
But they say that they would try to convince the public that having no paper is fine?
posted
What's fun is that there's already one known instance of a Diebold voting machine shooting off the final results of an election a few hours before the polls closed. Can't remember the state, though.
Posts: 13123 | Registered: Feb 2002
| IP: Logged |
posted
Bartcop has also had an article on their site about this problem for some time. Most of the bigwigs on the boards of Diebold, Seqouyah and ESS are major Republican contributors. It goes way beyond the one guy that Salon mentions.
Posts: 13123 | Registered: Feb 2002
| IP: Logged |
quote: The transparency of the open-source community is exactly why their software will never be adopted for something like this. There is still a prevailing notion that having the source available is an extremely dangerous security hazard, as anyone will be able to examine the code for vulnerabilities. I fear hat notion will remain prevelant as long as campaign finance is legal.
that's insane. democracy needs a transparent method of insuring that it's actually functioning properly. I don't think its a far jump from "hey look democracy needs transparency" and "hey look open source software provides transparency" to "using open source software GOOOOOOD."
It's a point that's been made over and over again, these companies claim their devices are secure, but even without seeing their code, it's plainly clear that they can't even secure their own web-presence.
If we can't see how they're securing things, how can we tell if they're doing it at all? (since they've immesurably demonstrated how they're certainly not trustworthy)
Posts: 4482 | Registered: May 2000
| IP: Logged |
posted
I still like the paper ballots that you mark out the easily identified squares beside the candidate names using a black felt tip marker.
But how much gear can you sell for that? Some printing paper and a pack of Bic pens... It's pretty darned secure though.
Posts: 2848 | Registered: Feb 2003
| IP: Logged |
posted
Any voting system should be completely transparent to the people. Only if everyone can scrutinize the process/code will anything be totally secure.
While all code can be compromised, code can be made just as secure as hard copies (the method I favor is using a combination system of hard copies and computer voting -- the initial count is done in software, but in case of an audit there's a complete paper trail). This combines the easy voting and double checking at the booth of computers with the easier auditing and security features of paper ballots.
Posts: 15770 | Registered: Dec 2001
| IP: Logged |
posted
In Iowa we use an optical scanning system. It involves the paper ballots and black felt tip markers that Sopwith mentioned, but they're read and counted by a computer. Fast and easy ballot counting, complete and auditable paper trail.
posted
At this point, I too am going a little bit Luddite and would prefer paper ballots, marked with indelible ink and hand counted in front of whoever wants to watch. Of course, this could never be done now because we live in a society where everyone wants their election results right now.
As far as I can see, no voting method is completely foolproof. But any method of counting by computer seems to me to be vulnerable to tinkering. I have worked as a precinct officer on election day for years, and so I've thought a lot about this. One of the main reasons I work is that I can see that at least at my polling place, while the ballots are in the polling place, nothing hinky is going on with the votes. But what is to stop whoever programs the computer to count the votes, be they by punch card, optical scan, or touch screen, to program it to count - for example - every fifth vote for the democrat in a specific race to tally as republican instead?
On a side note, I have to say I don't have as many problems as some people do with the punch card method of voting. We used this method in my county up until a couple of elections ago, and there are a number of safeguards in place to see that mistakes aren't made. First of all, the inspector of each precinct is mandated to check each voting machine by voting a sample ballot to make sure that the correct hole is punched for each candidate and answer on the ballot. For example if George Bush is place number 102 on the ballot, the inspector makes sure that when you punch the hole next to his name, number 102 on the ballot is punched out.
Secondly, once the polling place closed, we would have to remove all the ballots from the ballot box to be counted to make sure that we had the same number of ballots as people who voted. This, of course, was done in front of any pollwatcher who cared to be present. (The funny thing was, hardly anyone ever cared enough to watch.) One of the things we had to do was check the back of each ballot to see that there were no "hanging chads". "Pregnant chad" had not entered the vocabulary until after we quit using those ballots, but I have to say that I cannot ever recall having seen one - and we looked those ballots over fairly closely.
Posts: 2454 | Registered: Jan 2003
| IP: Logged |
posted
perhaps i didn't make the distinction clear enoung. Diebold can't even secure their web-presence.
How can we be sure they're securing their voting devices when they hide behind copyright law? This is especially salient because they seem to a) neglect any sor of security problems pointed out to them, b) mae claims they know are false.
Needless to say i don't have great confidance in this company. As a result i'd like to be able to see how they implimented their devices. If they're good, it'll be in such a way that noone can mess with them with out sending red flags flying everywhere (that includes themselves) if they implimented them poorly, we shouldn't be using them. Thats about the long and short of it.
Posts: 4482 | Registered: May 2000
| IP: Logged |
posted
I'm not sure complete oopen-source is necessary, but I'd certainly approve of significant inspection of the code by people not working for them first. I can't decide if open source code would make it easier or harder to do something to the votes; I'm leaning towards easier so I think open-source isn't necessary but I can definitly see why it could be. Also, if they wont show anyone their code, why doesn't the goverment hire someone else who does?
Printer-friendly view of this topic
![[Smile]](smile.gif)
![[Wink]](wink.gif)
oh well.
![[Confused]](confused.gif)
Are you sayin open-source software is good for this type of thing or bad? ![[Dont Know]](graemlins/dontknow.gif)
