http://www.opednews.com/Kall_computervoting2.htmThe Techno-Voting Nightmare; Digital Vote Corruption-- First California-- then the 2004 Elections. by Rob Kall, OpEdNews.COM
Imagine that a rogue programmer gets access to a few networks of computers in the California special gubernatorial election. The programmer manipulates the software to count wrong, making sure that Darrell Issa or whoever is running on the Republican ticket gets 10% more votes than the voters really gave him. This software "fix" will do it's work then delete itself. The program can be made to randomize the bogus numbers so they are a little different percentage at each voting location. Now imagine that this is not some independently acting rogue programmer. What if he works for the company and the company is currying favor for or selling power to the candidate or even to unidentified backers-- like some of the wealthy oil people who have funded attack ads for George Bush in the past. This is no far-fetched scenario. There are a lot of us who believe it has already happened.
As a businessman with experience with software design, creation and support, I know how easy it is to change the numbers a program supplies-- the results-- by manipulating underlying aspects of the software. It's easy to do it so no end user would realize it. It's easy to do it so the evidence of manipulations, like the old Mission Impossible tape recorder, destroy themselves and disappear. Of course there are other ways to fix elections, Jeb Bush and Katherine Harris showed us that in Florida, with Greg Palast's and Michael Moore's books spelling out the details of their vote corruption. So we need to be careful about a plethora of means the far right can and probably will use to corrupt future elections. <snip>
http://www.scoop.co.nz/mason/stories/HL0307/S00198.htmVoting Machines Blasted by Scientists
Friday, 25 July 2003, 1:05 am
Article: The Scoop Editor
BREAKING NEWS BULLETIN FOR MEDIA AND PUBLIC:
Electronic Voting Machines Blasted by Scientists, Hacked by Author
From: Scoop Media (Scoop.co.nz) and Bev Harris (Blackboxvoting.com)
http://www.blackboxvoting.comSCOOP EDITOR'S NOTE: What follows is a set of discoveries, the result of the first-ever public examination of a secret, proprietary computer program used to count votes in 37 states. A hundred dollar item allows anyone to stuff the ballot box; remote access was left unprotected, encryption keys were made available to hackers, and passwords, audit logs and votes were easily compromised.
This report, and all information not attributed to others here, was provided by Bev Harris, author of "Black Box Voting: Ballot-Tampering in the 21st Century."
CONTENTS
WHY THE BIG DEAL?
WHO TESTS AND CERTIFIES THESE SYSTEMS?
WHO RUNS DIEBOLD ELECTION SYSTEMS? WHO WROTE THE PROGRAMS?
WHO ELSE WRITES PROGRAMS FOR DIEBOLD?
IS THERE MORE TO COME?
ENDNOTES
WHY THE BIG DEAL?
You can overwrite votes. You can vote more than once. The system is vulnerable to both inside and outside attacks. Intruders can overwrite audit logs. You can assign passwords to all your friends.
"Our analysis shows that this voting system is far below even the most minimal security standards applicable in other contexts." -- Researchers from Johns Hopkins and Rice Universities, in paper just released: "Analysis of an Electronic Voting System"
http://avirubin.com/vote.pdf "Computer Voting Is Open to Easy Fraud, Experts Say" (New York Times, July 24 2003)
http://www.nytimes.com/2003/07/24/technology/24VOTE.html These discoveries were made after examining Diebold voting system files left on an open web site, in a security breach somewhat stunning in magnitude. These files had been stored, unprotected, on a company web site for several years. The site appeared to be in continuous use, with new files added frequently, and its design invited visitors into an ftp page, which was available with anonymous access and no password. On January 29, 2003, shortly after Bev Harris found the site (which caused her to interview Diebold employees about it) the web site was removed from public access. By this time, its files had been downloaded by several people in various locations around the world.
On July 8, 2003 an Internet publication called Scoop Media released the location of a complete set of files. Alastair Thompson, the publisher and editor of Scoop Media, says he believed that the files were of critical importance in assessing whether Diebold officials and certifiers have been telling the truth about voting machine security.
Diebold machines are used in 37 states; Maryland just spent $55 million on 11,000 of these machines, and the state of Ohio is considering switching all counties to Diebold machines, a purchase estimated to be as high as $150 million. The state of Georgia bought Diebold machines in 2002, investing $55 million to purchase over 22,000 machines.
The files on the Diebold ftp site indicate that security flaws are not limited to touch screen machines; the problems with Diebold's GEMS software also exist in Diebold optical scan machines, like those used in King County Washington. For a complete list of locations using Diebold machines as of Feb. 2003, go to the list of Diebold locations found in:
http://www.blackboxvoting.org/mfr.pdf, bearing in mind that many new purchases have been made since that time.
State laws typically allow only limited examination of the paper ballots, taking tallies directly from Diebold optical scan machines, even in recounts. Therefore, insecure optical scan software also poses a grave risk to voting security, since tampering is unlikely to be spotted. Under a previous company name (Global Election Systems) Diebold machines counted 40 percent of Florida in election 2000.
Diebold systems go by the name "AccuVote" and "AccuTouch," and the software program is called "GEMS."
"places our entire democracy at risk" say experts:
"We highlight several issues including unauthorized privilege escalation, incorrect use of cryptography, vulnerabilities to network threats, and poor software development processes. For example, common voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal."
"Furthermore, we show that even the most serious of our outsider attacks could have been discovered without the source code. In the face of such attacks, the usual worries about insider threats are not the only concerns; outsiders can do the damage. That said, we demonstrate that the insider threat is also quite considerable. We conclude that, as a society, we must carefully consider the risks inherent in electronic voting, as it places our very democracy at risk." More: http://avirubin.com/vote.pdf
Other security flaws:
- Bev Harris bypassed the Diebold voting system password in 10 minutes, using the officially certified version of the GEMS program. See illustration:
http://www.scoop.co.nz/mason/stories/HL0307/S00065.htm#password.
…OR…
http://www.blackboxvoting.org/access-diebold.htm#password.
Harris also:
- Switched votes on the Diebold voting system. See illustration:
http://www.scoop.co.nz/mason/stories/HL0307/S00065.htm#votes
…OR…
http://www.blackboxvoting.org/access-diebold.htm#votes
- Compromised the audit log on the Diebold voting system: See illustration:
http://www.scoop.co.nz/mason/stories/HL0307/S00065.htm#audit
…OR…
http://www.blackboxvoting.org/access-diebold.htm#audit
The state of California, which is soon to have an election on the recall of Governor Gray Davis, has Diebold machines in many counties, including heavily populated Los Angeles and San Diego counties.
"I have called King County four times, trying to show the task force where the problems are, including problems that I have not yet published. They have yet to respond. They have not even asked me to send them a report," says Harris, who lives in King County and must vote on its Diebold machines. <snip>
the U.S. Congress (House Science Committee on May 22, 2001. See "Problems with Voting System Standards" http://www.cs.uiowa.edu/~jones/voting/congress.html)
http://www.blackboxvoting.org/lies.htm
by Professor Doug Jones: http://www.cs.uiowa.edu/~jones/voting/dieboldftp.html
an interview with the technician in charge of the Diebold site: http://www.blackboxvoting.org/lies.htm#lancaster
Here is an interview with a technician who describes how the site was used:
http://www.blackboxvoting.org/robgeorgia.htm
…Or…
http://www.scoop.co.nz/mason/stories/HL0307/S00078.htm
Here is a GEMS User's Manual that encourages election workers to download from the unprotected Diebold web site:
http://www.blackboxvoting.org/GEMSmanual.pdf
(see page 221)
"This is a program that will have been set up by your Diebold Support Specialist to connect directly into the Diebold FTP site. It is easy to use and fun as well. Connect to the Internet the normal way…"
Note that Diebold officials have insisted that the machines do not connect to the Internet, "for obvious security reasons." (See statements at
• http://www.blackboxvoting.org/lies.htm
..OR..
http://www.scoop.co.nz/mason/stories/HL0307/S00078.htm )
WHO TESTS AND CERTIFIES THESE SYSTEMS?
The story gets a bit odder here. An unelected person named R. Doug Lewis runs a private non-profit organization called "The Election Center." Lewis is possibly the most powerful man in the U.S., influencing election procedures and voting systems, yet he is vague about his credentials and no one seems to be quite sure who hired him or how he came to oversee such vast electoral functions. Lewis organized the National Association of Secretaries of State (NASS, now heavily funded by voting machine vendors); he also organized the National Association of State Election Directors (NASED) and, through them, Lewis told Harris he helps certify the certifiers.
Wyle Laboratories is the most talked-about voting machine certifier, probably because it is the biggest, but in fact, Wyle quit certifying voting machine software in 1996. It does test hardware: Can you drop it off a truck? Does it stand up to rain?
Software testing and certification is done by Shawn Southworth. When Ciber quit certifying in 1996, it was taken over by Nichols Research, and Southworth was in charge of testing. Nichols Research stopped doing the testing, and it was taken over by PSInet, where Southworth did the testing. PSInet went under, and testing functions were taken over by Metamore, where Southworth did the testing. Metamore dumped it, and it was taken over by Ciber, where Southworth does the testing.
What are Shawn Southworth's credentials? We are not allowed to ask. The rules are set by R. Doug Lewis of The Election Center, which states that the certifiers will not answer questions from the media, or from anyone else.
http://www.verifiedvoting.org/index.asp
WHO RUNS DIEBOLD ELECTION SYSTEMS? WHO WROTE THE PROGRAMS?
Bob Urosevich is the CEO of Diebold Election Systems. Urosevich created the original software architecture for Diebold Election Systems, and his original company, called I-Mark Systems, can be found in the source code signatures. Prior to programming for and taking over Diebold Election Systems, Urosevich programmed for and was CEO of Election Systems & Software (ES&S), which counts 56 percent of the votes in the United States. When Urosevich left ES&S, Chuck Hagel took his position. (Hagel then ran for the U.S. Senate, with ES&S machines counting his own votes, but failed to disclose that he had been both CEO and Chairman of ES&S on his disclosure documents). Bob Urosevich, together with his brother Todd, founded ES&S. Bob then went to run Diebold, while Todd still is a Vice President at ES&S. Diebold and ES&S, together, count about 80 percent of the votes in the United States.
WHO ELSE WRITES PROGRAMS FOR DIEBOLD?
<snip>
All 22,000 machines in Georgia received an unexamined, uncertified program change immediately before the Nov. 2002 general election, and some of those "updates" were on the Diebold web site, including a file called "rob-georgia.zip" and an unusual file dated six days after the election which refers to "repairing" some kind of database, in the same format as the vote databases.
# # # # #
ENDNOTE: This is a multifaceted story that will unfold continuously over the next year, but the urgent concern of many U.S. voters is that their next votes will be secure. Already some citizens are demanding an immediate moratorium on all electronic voting, until all systems can be examined, voter-verified paper trails are in place, remote access mechanisms are removed, and robust audits are required.
Printer-friendly format
Email this thread to a friend
Bookmark this thread
(1000+ posts)
Send PM |
Profile |
Ignore
