[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Hacking the Presidential Election

 

At the National Press Club, today, Bev Harris demonstrated how easily Diebold voting equipment can be hacked, and election results changed.

 

Colorado is planning to use this equipment in November.  To protect our votes, they must not do so.

Officials should print up paper ballots rather than relying on touch-screen systems, and print out vote totals in each precinct and deliver them by hand to make sure centralized vote-counting computers are working properly”, she said.

The first news report is pasted below.

 

 

Al Kolwicz

 

CAMBER

Citizens for Accurate Mail Ballot Election Results

2867 Tincup Circle

Boulder, CO 80305

303-494-1540

AlKolwicz@xxxxxxxxx

www.users.qwest.net/~alkolwicz

http://coloradovoter.blogspot.com 

 

 

 

Sheila Lennon: Hacking the Presidential Election

September 23, 2004

By Sheila Lennon / The Providence (R.I.) Journal

7:31 p.m. Wednesday (Blogroll)

Day off tomorrow, back Friday.

Hacking the Presidential Election -- A Bipartisan Problem, Anyone Can Do It. That's the title of the press release for today's press conference at Washington's National Press Club at which voting activist Bev Harris (Black Box Voting) and computer experts demonstrated how election results could be changed.

And now the reports are rolling in. More overnight, I'd expect, as reporters who were there file for print deadlines.

Reuters reports that spokesmen for voting software manufacturers Diebold and Sequoia "said people were unlikely to get access to make any changes, and any attempts to alter the vote would be caught by security procedures already in place."

Nevertheless, all the campaigning, the volunteering, the time, money and effort is meaningless if the totals are electronically altered on election night. Safeguards and paper trails now could prevent a passel of Floridas on Nov. 3.

(Politicians of all stripes should be concerned. Hackers come in all stripes, too.)

Hacking the Vote: A Real and Present Danger: A release from the Institute for Public Accuracy boils it down:

At the National Press Club this morning, Harris and others demonstrated methods of manipulating vote-counting programs. Harris said: "We are able to use a hidden program for vote manipulation, which resides on Diebold's election software. This is a hidden feature enabled by a two-digit trigger (not a 'bug' or an accidental oversight; it's there on purpose). Also participating is Dr. Herbert H. Thompson, computer security expert and editor/author of 12 books including How to Break Software Security. Thompson shows how easily an election can be rigged by implanting a virus. Also, Jeremiah Akin, an independent computer programmer from Riverside, Calif., shows how to manipulate Sequoia Voting Systems software just before an election by switching the labels on the names of candidates. Andy Stephenson, associate director of Black Box Voting, shows how an unscrupulous person with no computer skills whatsoever can sabotage an election."

Activists Find More E-Vote Flaws: The crux of it, at Wired:

The vulnerabilities involve the Global Election Management System, or GEMS, software that runs on a county's server and tallies votes after they come in from Diebold touch-screen and optical-scan machines in polling places. The GEMS program generates reports of preliminary and final election results that the media and states use to call the winners....

Harris said the problem lies in the fact that GEMS creates two tables of data that don't always match. One table consists of rows showing votes for each candidate that were recorded on voting machine memory cards at each precinct. The other table consists of summaries of that precinct data. Officials use the raw precinct data to spot-check accuracy. For example, if all of the machines at a precinct record a total of 620 votes for Arnold Schwarzenegger, then the data in GEMS should show 620 votes for Schwarzenegger for that precinct. The official results that go to the state are based on the vote summaries produced by GEMS.

When election officials run a report on GEMS on election night, it creates the vote summaries from the raw precinct data. Then as absentee and provisional ballots get counted after Election Day and added into GEMS, the raw data numbers increase, while the vote summaries remain the same until the next time officials run a summary report and it regenerates totals from the raw precinct data.

Harris said it's possible to alter the vote summaries while leaving the raw data alone. In doing so, the election results that go to state officials would be manipulated, while the canvas spot check performed on the raw data would show that the GEMS results were accurate. Officials would only know that the summary votes didn't match precinct results if they went back and manually counted results from each individual polling place and compared them to the vote summaries in GEMS.

Diebold said because the two sets of data are coupled in GEMS it would be impossible for someone to change the summaries without changing the precinct data that feeds the summaries. And if they did, the system would flag the change.

But Harris said it's possible to change the voting summaries without using GEMS by writing a script in Visual Basic -- a simple, common programming language for Windows-based machines -- that tricks the system into thinking the votes haven't been changed. GEMS runs on the Windows operating system.

The trick was uncovered by Herbert Thompson, director of security technology at Security Innovation and a teacher of computer security at the Florida Institute of Technology. Thompson has authored several nonfiction books on computer security and co-authored a new novel about hacking electronic voting systems called The Mezonic Agenda: Hacking the Presidency...

More Diebold E-Voting Vulnerabilities: At Slashdot Politics, pointing to the Wired story above,

...it looks like Diebold has more to worry about now that it is possible to change votes with a 5 line VB script. 'The vulnerabilities involve the Global Election Management System, or GEMS, software that runs on a county's server and tallies votes after they come in from Diebold touch-screen and optical-scan machines in polling places.'"

This is followed by hundreds of comments from the programmers who call this site home.

Electronic-Vote Critics Urge Changes to System: Reuters,

...While it is too late to fix such flaws, officials should ensure that they have a paper backup of vote counts on every level, Harris and other activists said.

Officials should print up paper ballots rather than relying on touch-screen systems, and print out vote totals in each precinct and deliver them by hand to make sure centralized vote-counting computers are working properly, they said.

Congress has authority to force local officials to improve their procedures if they are reluctant to do so, they said.

But it has so far shown little interest in voting security, and bills that would require touch-screen systems to print out votes have failed to make it out of the committee level.

E-voting critics report new flaws: News.com covers the demonstration and adds,

Also on Wednesday, the San Francisco-based Electronic Frontier Foundation released a kind of election guide for geeks. Complete with photographs of the most popular models of e-voting machines, it lists their known flaws and problems that people have had with them in the past.