"Definitive Proof" of Election Fraud?

The proprietor of the X-Ray Oscar Poppa Lima blog has found, what he considers "definitive proof" of election fraud in 2000, 2004, and probably 2002:



Computer professionals will realize what has probably happened; a signed integer field has gone negative. In a signed integer field, the leftmost bit controls the sign, positive or negative. So, if you try to enter a humongous value - say 4 billion / 4,000,000,000, actually anything more than 2,147,483,647, that leftmost bit gets turned on. The arithmetic chip in the machine is just an electronic adding machine; positive or negative only gets noticed at the software level.

What the XOPL blogger thinks happend is:



At least, that's what he would do:



Okay, let's hear from the other computer professionals out there: Is this credible? Do you think it's what really happened?

Any White Hat hackers out there?:eyes:

Bu itself, this isn't "definitive proof" of anything. Taken with everything else, (exit polls, "Dieb Throat:, Clint Curtis, etc) it's one more link in the chain - like, maybe, an ankle chain for an eventual perp walk. :bounce: :bounce: :bounce: :bounce:

KICK-N-RECOMMENDED.............:think:

:hi:

Recommended :D

just a thought.

from his original article:

In many computer programming languages, integers are by default signed... positive or negative. This is the case in the C language, which was most likely used for the voting machine. If the programmer is unskilled enough to write a hackable machine, then it is also quite likely they used the default for the integers rather than realising that votes would never be negative, and explicitly using unsigned integers. (Actually... totally regardless of whether the programmer used signed ints or unsigned ints, the actual mistake the programmer probably made was not using %u, and using %i or the very commonly used %d in their sprintf statements instead... which would have caused +4 billion to be logged as -25 million.)

Combine that with the KNOWN information that %d (or signed integers) are required in the systems because of MANUAL ENTRY, and it's a done deal. Using Manual Entry, negative numbers are REQUIRED:

http://www.countthevote.org/manual_entry/manual_entry.htm

Your link is to an article about Diebold's GEMS system. The OP is about something that happened with an ES&S system. They're two different systems from two different companies.

they both started from the same software.

Any freshman computer science major could tell you all about it. Why? Because it's one of the first things pounded into them by the professors, TA's, etc. to avoid. There's never a valid reason to allow it to happen.

There have been other cases of negative vote totals (one was something like -4187 from a precinct in NC). Just my personal opinion, but these seem to be examples of crappy programming skills more than anything else. I'd think there'd be many ways that the vote totals could be changed behind the scenes that would be less detectable. And if a "white hat" wanted to send a message about the dangers of e-voting, why not simply crash large parts of the entire system, or make the numeric patterns more obvious on a large scale? (DEAD BEEF, anyone? :) )

The voting machines in this county (Franklin)were Shooptronics made by Danaher Controls. The polling location was a fundie church where Kerry got only 13 votes.

This DUer White Knight attempted to backwards program such a mistake.

http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=203x48519

About me:
I have a graduate degree in computer science, and more than 15 years of experience as a software engineer working with highly reliable systems.I have a knack for looking at the results of software failures and figuring out what's wrong with the code. For now, I prefer to remain anonymous and will go by the handle: WhiteKnight
(email: whiteknightfordemocracy@yahoo.com ).


About the bizzare vote counts in one Ohio Precinct:

After seeing the Associated Press story titled "Machine Error Gives Bush Extra Ohio Votes", I started thinking about the numbers reported in the story, whichare:

Votes for Bush: 4258
Votes for Kerry: 260
Total number of voters: 638

It also says that Bush "actually received 365 votes". That means there must have been 13 votes for other candidates (638-260-365 = 13).


I wondered how this result could have been produced. They called it a "failure", but I know a lot about how systems can fail, and this sounded fishy. Why were Kerry's vote totals recorded properly, but not Bush's? It's much more likely that a system failure would cause either no vote totals to be recorded at all, or that both totals would be corrupted.

I suppose it could have been a hardware failure that occurred right after Kerry's vote total had been written to storage, and just as Bush's was being written. But that's likely to be a very narrow time window. It's possible, but sounds like a very rare failure mode. It just seems odd that out of the whole universe of possible failures, we get a failure that records Kerry's votes correctly, and corrupts Bush's total.

Think of it this way: In basketball you know there are many ways a shot can fail to go in. It can go off the glass and miss, it can bounce off the front of the rim, rattle out, airball etc... etc... But there is one particular failed shot that's very rare: when the ball comes in at just the right trajectory with just the right speed, and it lodges between the rim and the backboard - just sticks there. I've seen it happen maybe a couple of times in years of watching the NBA.

So think of the odds of a failure that records Kerry's votes correctly, but corrupts Bush's as analogous to the ball jamming there between the rim and backboard. Pretty rare failure huh? Well, it gets even worse:

Why was the number off by only several thousand?

If the votes are added up using a 4 byte unsigned integer, then the possible values range from 0 to 4,294,967,296 (over 4 Billion). If a random bit error or hardware storage error occurred, then why didn't Bush get say 3,239,568 extra votes in this particular "failure"? Most true failures would result in some wild number that you would immediately recognize as garbage.

The analogy here is: not only did the basketball lodge between rim and glass, but the Spalding logo ended up perfectly horizontal, aligned front and center.

Given all of this, I decided to explore ways that vote counting software could end up with these particular results. Was someone adding a percentage to the Bush votes? Was there some multiplier involved?

After thinking about it for an hour or so, I decided to take a different tack: think like the person who is trying to rig the election. What would you do? You wouldn't really want to change the total number of voters. That might be too easy to detect given people being checked off on voter roles. Instead you would want to shift votes from one candidate to another. Maybe every 10th vote for kerry, you'd instead give to Bush.

OK, that's pretty easy to program, but it wouldn't expain the bizzare results in this one precinct in Ohio. But... what if the evil programmer made a mistake? Maybe one line of code had an error they didn't catch.

I decided to write a small vote counting program, and add in a function to steal every 10th vote. Once that was working I'd introduce a small error and see if the results came close the Ohio results reported by AP.

The program below is the result.

As you will see, there is one line of code that is supposed to add a stolen vote to Bush's total, and should be written as:

b = b + 1;

but (I theorize) it was mis-typed as:

b = b + k;

So instead of adding one stolen vote to Bush's total, it adds the running total of Kerry votes to Bush's total. Whoops!

The output from the program with the typo in place is:

starting election
Election results: b: 4258 k: 260 o: 13
(the actual votes: b: 336 k: 288 o: 14)

The output from the program with the typo corrected is:

starting election
Election results: b: 365 k: 260 o: 13
(the actual votes: b: 336 k: 288 o: 14)

So the intent was to shift 29 votes from other candidates to Bush, but the one-line programming mistake gives him an extra 3922 votes.

I'm not saying this proves that this is what happened, but it does indeed prove that a small, one-line programming error by an evildoer programmer could produce the results seen in this one Ohio precinct.

-WhiteKnight

p.s. Please circulate this as far and wide as possible. Thanks!

*/
#include <stdio.h>
#include <string.h>

// Vote totals for b=Bush k=Kery o=Other
int b=0, k=0, o=0;
// The set of "real" books:
int breal=0, kreal=0, oreal=0;

//
// Here's the hypothetical "patch" that the evildoer programmer
// might have written:
//
void robOhio(int creal, int* c) {
// Look for every 10th vote from this candidate:
if ((creal % 10)==0) {
// OK, here's the bug. Should have been
// b = b + 1;
// Give the vote to b
b = b + k;
// Take it away from other candidate:
*c = *c - 1;
}
}


int main() {
char votes<1000>;
//
// Here are the votes in a hypothetical order that I made up.
// So in this example, the first two votes went to Kerry, the
// next two to Bush, then one for Kery, one for Bush, one for
// Other, and so on.
//
// The order of the votes does affect the final numbers but,
// even if you change the order, the rough order of magnetude
// of the bogus results stays about the same.
//
//0 1 2 3 4 5
//12345678901234567890123456789012345678901234567890
strcpy(votes,"KKBBKBOKBBKKBBKBBKBBKKBBKBBKBBKKBBKBBKBBKKBBKBBKBB"); // 50
strcat(votes,"KKBBKBKKOBKKBBKBBKBBKKBBKBBKOBKKBKKBKKBBKKBBKBBKBB"); // 100
strcat(votes,"KKBBKBBKBKKKBBKBBKBBKKBOKBBKBBKKBKKBBKBBKKBBKBBKBB"); // 150
strcat(votes,"KKBKKBBKKBKKBKKBBKBBKKBBKBBKBOKKBKKKBKBBKKBBKBBKBB"); // 200
strcat(votes,"KKBKBBBKBBKKBKKBBKBBKKKBKBBKBOKKKBKBBKBBKKBBKBBKBB"); // 250
strcat(votes,"KKBBKBBKBBKKBKKBBKBBKKBBKBOKBBKKBKKBBKBBKKBBKBBKBB"); // 300
strcat(votes,"KKKBKBBKBBKKKBKBKKBBKKBKKOKKBKKKBBKBBKBBKKBBKBBKBB"); // 350
strcat(votes,"KKBKKBBKBBKKBBKKBKBOKKBKKBBKBBKKBBKBBKBBKKBBKBBKBB"); // 400
strcat(votes,"KKBKKBBKBBKKBBKBBKBBKBBKKBBKBBKKBBKBBKBBKKBBKBBKBB"); // 450
strcat(votes,"BKKBKBBKBBKKBBKBBKBBKKBKKBBKBBKKBKKBBKBBKKBBKBBKBB"); // 500
strcat(votes,"KKKBKBBKBBKKBBKBBKBBKKBBKBBKBBKKBKKBBKBBKKBBKBBKBB"); // 550
strcat(votes,"KKBBKBBKBBKKBBKBBKBBKKKKKBBKBKKKBOKBBKBBKKBBKBBKBB"); // 600
strcat(votes,"KKBBKBBKBBKKBBKBBKOBKOBKKBOKBOKKBBKBBK"); // 638

printf("starting election\n");

// Start counting votes:
for (int i=0; i<strlen(votes); i++) {
char v = votes;
if (v=='B') {
b = b + 1;
breal = breal + 1;
} else if (v=='K') {
k = k + 1;
kreal = kreal + 1;
// This is not a vote for b, so steal some votes:
robOhio(kreal, &k);
} else if (v=='O') {
o = o + 1;
oreal = oreal + 1;
// This is not a vote for b, so steal some votes:
robOhio(oreal, &o);
}
}
printf("Election results: b: %d k: %d o: %d\n",b,k,o);
printf("(the actual votes: b: %d k: %d o: %d)\n",breal,kreal,oreal);
}

Hi, rosebud57! :hi:

Interesting. Something like what White Knight played around with could have happened. Or any number of other "mistakes" that could be created just as easily. I suspect that there were a wide variety of such frauds committed in the last election. The only limitations are the imagination and ethics of the programmers, testers, etc. No doubt, Diebold only hired the "best"... :eyes:

We're aware of some of the flaws (for example, wide open wireless modems, unpatched operating systems, etc.), some we can only speculate about (such as programming "mistakes"), and some we probably haven't even dreamed of. This is why that, as someone who works with software for a living, I will never support any form of electronic voting, no matter what safeguards, verification mechanisms, etc. are in place. All it takes is one weasel to make an end run around those protections. I don't think electronic voting can be safely implemented.

Unfortunately, we'll never know the specifics of the computer fraud used in 2004 without whistleblowers and supporting documentation. Diebold, ES&S, Sequoia, etc. could open their doors tomorrow morning, show us all their software, let us look over their shoulder every step of the way as they write and test the next generation of their software systems, and that still wouldn't be enough. And we still wouldn't be able to guarantee that computer fraud wouldn't be systematically committed in the next election just like in the 2004 election.

As long as we have electronic voting, there's no way anyone should have any confidence in any election.

How sad we are still fighting for this. LINKS here http://vvlobbydays.blogspot.com/

sometimes I think posting something just in the activist thread is the kiss of death- rather just slip it in in related discussions-and hope those that care will notice-of course, many of us, I'm sure are aware of these things and do what we can.

It should be a given that our votes WILL be counted as cast, but that is not so.

Great blog, jarnocan. I hope you get a million hits. Oh, the time is right. If anyone needs to plan on being in DC in early April, now is the time to tell them. First I'd heard of it. Good work!

A suspect election is an invalid election. The following is from http://january6th.org/files/stop_stolen_elections_now.html

I wish it were definitive proof, but I'm not convinced that it is. This could be some kind of bug, like an uninitialized variable somewhere in the code. This could even conceivably be some kind of hardware error, although I've never in my whole life seen a hardware error that occasionally changed a number but otherwise appeared to operate correctly. I wish we had the exact number available, rather than the round figure of 25,000,000 reported by the press.

According to this article this happened in more than one race.



What I'd really love to know is, if in fact this did happen in more than one race, was it the exact same negative number in each of those races? Unfortunately we'll probably never know.

the L&A (Logic and Accuracy) test before the election would have caught it. (Or so the theory goes!) :)

Steven P. :kick:

Don't get me wrong, I think this probably is the result of some kind of attempt at wrongdoing. I just don't think that it is the absolute ironclad proof that other's think it is. Like I said, it would be very interesting to know the exact negative number in each race in which this occurred rather than the round 25,000,000. That could potentially tell us a lot.