Posted on 07/31/2006 11:03:20 AM PDT by rit
"Those who cast the votes decide nothing. Those who count the votes decide everything" -- Josef Stalin
How to Hack the Vote
REQUIREMENTS:
Windows-based PC with 150megs free disk space and 128megs RAM (minimum)
A copy of MS Access
The GEMS software
A Sample Election Database
Ready? Now read! http://www.chuckherrin.com/hackthevotedemo.htm
Valid picture ID, confirming citizenship and eligibility to vote at that location.
Dip your finger in ink before voting.
Long prison term for individual voter fraud.
Death penalty for systemic fraud.
I agree.
"Is it as bad as the security flaws in the old ballot boxes that hold paper ballots?"
Pretty tough since they were counted in the precinct by 3 people and had to math and poll watchers were allowed.
The results were phoned in, posted outside the polling place, and the ballots returned to the Register of Voters.
As far as i'm concerned it was the most secure system and also the results were in earlier than any current system.
Of course it is. And that, like gun control laws, is adequate to make sure it never happens. ;-)
I like the idea of a voter verified paper trail, in fact I think electronic voting is a scam unless it has one. But the voter shouldn't leave the polling place with a receipt indicating how he voted.
I think the ideal solution would be to use the technology to eliminate the logistical risks of punch card voting (hanging, dimpled, pregnant, swinging door, etc., chads) but to then print a paper ballot which clearly shows the votes in human readable form. Once the voter verifies that the paper accurately reflect his vote, he then takes it and places it in a traditional ballot box. Then there aren't two tallies vying for acceptance and the vote is still auditable. This isn't rocket science. I can't imagine why this is so confusing to people.
Why? Because my union boss would love to see such a reciept from me.
Others would pay money to get such a reciept from me.
Other than that, how would you use voting reciepts? In a contested election, have everyone show up with their reciept for a show-of-hands count? Everybody who voted for Kerry on the left of the football field, Kucinich in the middle, and Bush on the right...
"and it could be done without leaving a trace"
But I thought everyone was saying that they voted for McKinney but the machine voted for the White Male Jew (SARCASM).
How come if it can be done without leaving a trace, everyone keeps catching them...
http://www.freerepublic.com/focus/f-news/1675203/posts?page=41#41
An analysis on Hacking the Vote from post 41 done by Johns Hopkins University
http://www.eff.org/Activism/E-voting/20030724_evote_research_report.pdf
Excerpt:
System overview
Although the Diebold code is designed to run on a DRE device (see pdf for Figure 1, A Diebold DRE Voting Machine), one can run it on a regular Microsoft Windows computer (during our experiments we compiled and ran the code on a Windows 2000 PC).
In the following we describe the process for setting up and running an election using the Diebold system.
Although we know exactly how the code works from our analysis, we must still make some assumptions about the external processes at election sites. In all such cases, our assumptions are based on the way the Diebold code works, and we believe that our assumptions are reasonable. There may, however, be additional administrative procedures in place that are not indicated by the source code. We first describe the architecture at a very high level, and then, in Section 2.1 we present an overview of the code. Since the Diebold code can be run both on DRE devices and PCs, we shall refer to a device running the vote collection software as a voting terminal.
SETTING UP
. Before an election takes place, one of the first things the election officials must do is specify the political offices and issues to be decided by the voters along with the candidates and their party affiliations.
Variations on the ballot can be presented to voters based on their party affiliations. We call this data a ballot
definition. In the Diebold system, a ballot definition is encoded as the file election.edb and stored on a
back-end server.
Shortly prior to the election, the voting terminals must be installed at each voting location. In common
usage, we believe the voting terminals will be distributed without a ballot definition pre-installed. Instead,
a governmental entity using Diebold voting terminals has a variety of choices in how to distribute the ballot
definitions. They may be distributed using removable media, such as floppy disks or storage cards. They may also be transmitted over the Internet or a dial-up connection. This provides additional flexibility to the election administrator in the event of last-minute changes to the ballot.
THE ELECTION
. Once the voting terminal is initialized with the ballot definitions, and the election begins, voters are allowed to cast their votes. To get started, however, the voter must have a voter card. The voter card is a memory card or smartcard; i.e., it is a credit-card sized plastic card with a computer chip on it that can store data and, in the case of the smartcard, perform computation. We do not know exactly how the voter gets his voter card. It could be sent in the mail with information about where to vote, or it could be given out at the voting site on the day of the election. To understand the voting software itself, however, we do not need to know what process is used to distribute the cards to voters.
The voter takes the voter card and inserts it into a smartcard reader attached to the voting terminal. The
terminal checks that the smartcard in its reader is a voter card and, if it is, presents a ballot to the voter on the
terminal screen. The actual ballot the voter sees may depend on the voter’s political party, which is encoded
on the voter card. If a ballot cannot be found for the voter’s party, the voter is given a nonpartisan ballot.
At this point, the voter interacts with the voting terminal, touching the appropriate boxes on the screen
for his or her desired candidates. Headphones are available for visually-impaired voters to privately interact
with the terminal. Before the ballots are committed to storage in the terminal, the voter is given a final
chance to review his or her selections. If the voter confirms this, the vote is recorded on the voting terminal
and the voter card is “canceled.” This latter step is intended to prevent the voter from voting again with the
same card. After the voter finishes voting, the terminal is ready for another voter to use.
REPORTING THE RESULTS
. A poll worker ends the election process by inserting an administrator card or an ender card (a special card that can only be used to end the election) into the voting terminal.
Upon detecting the presence of such a card (and, in the case of the administrator card, checking a PIN entered by
the card user), the poll worker is asked to confirm that the election is finished. If the poll worker agrees, then
the voting terminal enters the post-election stage and can transmit its results to the back-end server.
As we have only analyzed the code for the Diebold voting terminal, we do not know exactly how the back-end server tabulates the final results it gathers from the individual terminals. Obviously, it collects all the votes from the various voting terminals. We are unable to verify that there are checks to ensure, for example, that there are no more votes collected than people who are registered at or have entered any given polling location.
More more at PDF file
I've solved this stupid problem 50 times and they've yet to implement my coding suggestions.
The head of Diebold is a serious Bush supporter.
Another reason the dims do not like the touch screens and leaving fingerprints, is one day they will tie the touchscreens into the national database looking for criminals.
I remember a few years ago, the mayor of Atlanta, a democrat, used to throw parties at his house. His security force outside would routinely check the license tags of his guests. And guess what, they found some who had problems with the law. Guess what, the mayor ordered a stop to the license tag checks of his guests. Guess what, the mayor is now in jail for corruption.
"Oooohhhh, pretty light, I'm going to press THIS button!"
Helpful Dem Poll Worker:"Did you vote for the Democrat?"
"Pretty light!" (clapping)
Yes it is. You're a Dim election worker in there with all the machines before the polls open up. All you need is a few minutes alone with the machines to corrupt thousands of votes.
Diebold is really pathetic with this. The technology definitely exists to easily make an electronic voting system that no voter or precinct worker could mess with, yet Diebold comes out with this crap. There's far better security technology protecting your last iTunes purchase.
So they have produced a manual on how to throw elections, Huh?
The Diebold Bombshell
(Originally appeared on OpEdNews.com. Authors David Dill, Doug Jones and Barbara Simons have given permission for reposting.)
Most computer scientists have long viewed Diebold as the poster child for all that is wrong with touch screen voting machines. But we never imagined that Diebold would be as irresponsible and incompetent as they have turned out to be.
Recently, computer security expert Harri Hursti revealed serious security vulnerabilities in Diebold's software. According to Michael Shamos, a computer scientist and voting system examiner in Pennsylvania, "It's the most severe security flaw ever discovered in a voting system."
Even more shockingly, we learned recently that Diebold and the State of Maryland had been aware of these vulnerabilities for at least two years. They were documented in analysis, commissioned by Maryland and conducted by RABA Technologies, published in January 2004. For over two years, Diebold has chosen not to fix the security holes, and Maryland has chosen not to alert other states or national officials about these problems.
Basically, Diebold included a "back door" in its software, allowing anyone to change or modify the software. There are no technical safeguards in place to ensure that only authorized people can make changes.
A malicious individual with access to a voting machine could rig the software without being detected. Worse yet, if the attacker rigged the machine used to compute the totals for some precinct, he or she could alter the results of that precinct. The only fix the RABA authors suggested was to warn people that manipulating an election is against the law.
Typically, modern voting machines are delivered several days before an election and stored in people's homes or in insecure polling stations. A wide variety of poll workers, shippers, technicians, and others who have access to these voting machines could rig the software. Such software alterations could be difficult to impossible to detect.
Diebold spokesman David Bear admitted to the New York Times that the back door was inserted intentionally so that election officials would be able to update their systems easily. Bear justified Diebold's actions by saying, "For there to be a problem here, you're basically assuming a premise where you have some evil and nefarious election officials who would sneak in and introduce a piece of software... I don't believe these evil elections people exist."
While Diebold's confidence in election officials is heartwarming, Diebold has placed election officials in an awkward position, with no defense against disgruntled candidates or voters questioning the results of an election. The situation is even worse for those states and localities using Diebold touch-screen machines that have no voter-verified paper records to recount.
Diebold voting machines have been certified to be in compliance with 2002 Voting System Standards, as required by the Help America Vote Act. These standards prohibit software features that raise any doubt "that the software tested during the qualification process remains unchanged and retains its integrity." We must ask, how did software containing such an outrageous violation come to be certified, and what other flaws, yet to be uncovered, lurk in other certified systems?
There have been many significant problems - some resulting in lost votes - involving paperless voting machines produced by other vendors. Recognizing the intrinsic risks of paperless voting machines, the Association for Computing Machinery issued a statement saying that each voter should be able "to inspect a physical (e.g., paper) record to verify that his or her vote has been accurately cast and to serve as an independent check on the result." Without voter-verified paper records of all the votes, and without routine spot audits of these records, no currently available voting system can be trusted. With such records, even when machines do not function correctly, each voter can make sure that his or her vote has been correctly recorded on paper.
Our democracy depends on our having secure, reliable, and accurate elections.
David L. Dill is a Professor of Computer Science at Stanford University and the founder of VerifiedVoting.org. Doug Jones is an Associate Professor of Computer Science at the University of Iowa.
Barbara Simons is retired from IBM Research and a former ACM President. Jones and Simons are writing a book on voting machines to be published by PoliPoint Press.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.