Monday, January 28, 2008

Electronic Voting/Invitation to Fraud

Quote From Article Below: "I got a call from one of our more brilliant computer programmers -- he's got quite a few advanced degrees -- and he called me on a weekend and he said, "I want you to go to your computer." And he walked me through it just like a support tech does -- open this panel, click this, do this, do that. And as I'm doing this it was appalling how easy it was. Once you know the steps, a 10-year-old can rig an election. In fact it's so easy that one of our activists, Jim March in California, put together a "rig-a-vote" CD. He's been going around showing it to elections officials, and now this CD has been making its way to Congress members."

(This article describes how the country's leading touch-screen voting system is so badly designed that votes can be easily changed and how the company has illustrated signs of corruption. The company's machines are being used in 37 states) Below is an interview that explains the problem. Be sure to go to You Tube at the link at the end of this article and watch another testimony of a computer programmer who basically says that any software program can be compromised and used to steal an election.

Below are excerpts from an interview that explains the problem. See this link for full interview. http://dir.salon.com/story/tech/feature/2003/09/23/bev_harris/index.html
- - - - - - - - - - - -
Tell me about the flaw you uncovered in the Diebold system.

(Harris is a literary publicist and author whose investigations into the secret world of voting equipment firms have led some to call her the Erin Brockovich of elections, and who is now writing a book called "Black Box Voting." She spoke to Salon about her findings, by telephone, from her home in Seattle. )

Well, we uncovered a few problems in the memos, but the first one that we published specifically supported the flaw that I wrote about in July of 2003. And to my surprise these memos admitted they were aware of the flaw, and it was actually brought to their attention by Ciber labs -- which is a certifier -- in October 2001, and they made a decision not to fix it.

So it was brought to their attention two years ago?
Right. "

So what was the flaw?

Specifically the flaw was that you can get at the central vote-counting database through Microsoft Access. They have the security disabled. And when you get in that way, you are able to overwrite the audit log, which is supposed to log the transactions, and this [audit log] is one of the key things they cite as a security measure when they sell the system.

So you can break in and then hide your tracks.

You don't even need to break in. It will open right up and in you go. You can change the votes and you can overwrite the audit trail. It doesn't keep any record of anything in the audit trail when you're in this back door, but let's say you went in the front door and you didn't want to have anything you did there appear anywhere -- you can then go in the backdoor and erase what you did.

For rest of excerpts from article click Monday below or if sent here, just scroll down.

1 Comments:

Blogger Debbie Pelley said...

Who would have access to this? Are we talking about elections officials?

A couple situations. Obviously anybody who has access to the computer, whether that's the election supervisor, their assistants, the IT people, the janitor -- anybody who has access to the computer can get into it.

Where is this computer -- is there one per county?

Yes, there's one per county.
The other situation would be supposing someone gets in by either hacking the telephone system or by going backwards in through the Internet, because the Internet does connect to these GEMS computers, even though they deny it. A lot of the press watches election results come in on the Web and what they're watching is actually being uploaded directly off the GEMS computer.

These computers in the counties are connected to the Internet, and someone can go through the Internet --

-- and just go into it, correct. It would be as the results are uploading. You see, they make a big point of the fact that there's no Internet connection to the voting machine, but that's sort of parsing the issue. That's true, in the polling places there's no Internet connection, but the voting machines connect into the GEMS machine through modem. And the GEMS machine then connects to the Internet, and that's what the press watches.

And somebody who knows about this can go to each one of those GEMS machines and have access to the vote and change the results?

Yes, as they're coming in.
What led you to believe that there might be this flaw in the first place?

Well I work with about 22 computer programmers who have been looking at this stuff -- I'm not that brilliant. Immediately when they began looking at the GEMS program they began commenting on the fact that it has no -- it's something called referential integrity. And what that means is that there are many different ways that it can become vulnerable to hacking. It has to do with how one part of the database is hooked into the next part.

I got a call from one of our more brilliant computer programmers -- he's got quite a few advanced degrees -- and he called me on a weekend and he said, "I want you to go to your computer." And he walked me through it just like a support tech does -- open this panel, click this, do this, do that. And as I'm doing this it was appalling how easy it was. Once you know the steps, a 10-year-old can rig an election. In fact it's so easy that one of our activists, Jim March in California, put together a "rig-a-vote" CD. He's been going around showing it to elections officials, and now this CD has been making its way to Congress members.

It's shocking. All you do is double-click the icon. You go backwards through the Internet to that county computer, and if you have Microsoft Access on your machine you can walk right into that election database while it's open. It's configured for multiple access at the same time. You can be in there changing things and you can change anything you want.

There's nothing -- no security in this?

No, in fact in the memo, [Ken Clark, an engineer at Diebold] says specifically that they decided not to put a password on it because it was proving useful. They were using the back door to do end runs around the voting program. And he named two places where they were doing this, Gaston County, N.C., and King County, Wash.

Right, in the memo he says, "King county is famous for it. That's why we've never put a password on the file before." What does that mean? Why would the counties find this useful?

I have no idea what they were doing. [But] because you can change anything on the database, they could have been doing anything, whether it was nefarious or just fixing a stupid thing that they had done. The problem is this: You should set up the program so that anything you do is going to be recorded and watched and audited -- it's official. There's nothing you can do that's legitimate by going into a back door that never records anything. If you need to go change some vote total because they came out wrong, that needs to be done publicly and the candidates should be aware of it. You don't do that by going into a back door.

What do officials in these counties say?

Well in Gaston County it was done by a Diebold employee. [In the memo, Clark says this employee, identified only as "Jane," "did some fancy footwork on the .mdb file in Gaston recently."] I would assume that someone would need to contact Diebold. For King County, it doesn't say whether an election official did it or whether [Diebold] did it.

But it is curious wording -- King County is famous for it.

I know! Dave Ross, who has a radio show in Seattle, called King County and asked if they would like to explain it and they said no. [In an interview with Salon on Thursday, Dean Logan, King County's elections director, could not immediately say what the reference to his county in the Diebold memo could mean. Logan, who said he has just been on the job two weeks, said he would check with members of his staff and call back.]

And these counties are still using Diebold systems?

They still are.

Where else are Diebold systems being used?

They're in 37 states. And, by the way, this flaw that we're discussing right now affects optical-scan and touch-screen machines equally. They both come into the GEMS program.

Diebold is actually the fastest-growing voting company in the United States right now. The reason they're the fastest-growing is they tend to sell a whole state at a time. They sold to the state of Georgia, the state of Maryland, the state of Arizona. They're trying to sell the state of Ohio. They also picked very large metro areas.

Georgia used Diebold's touch-screen machines in 2002, right?

Yes.

And Georgia also had some wacky results, right?

They did. They had six upsets. The most famous one is Max Cleland [the Democratic senator and the incumbent]. That's because he was quite far ahead in the polls and an 11-point shift happened overnight and [Republican] Saxby Chambliss won instead. And the other upset that surprised people was Sonny Purdue, who was the first Republican governor elected in 134 years.

Do you think those elections were legitimate elections?

Well, I think that it was an illegal election in that they had no idea what software was on the machines at the time. Georgia was a situation where they had changed the software not once or twice but seven or eight times so it went through so many permutations without even being examined by anyone, and nobody has any idea what the machines did. [Harris says she confirmed these preelection changes to Diebold's software in conversations with Georgia voting officials, but Diebold denies that any changes were made. In February, Joseph Richardson, a spokesman for the company, told Salon: "We have analyzed that situation and have no indication of that happening at all."]

I do find this suspicious -- they have since scrubbed clean the flash memory and gotten rid of the small cards that store the results from each touch-screen machine. They've overwritten it with a whole new thing. What's amazing is you keep paper ballots for 22 months, and they're an awful lot bulkier than these credit card-size memory cards, but for some reason they felt compelled to get rid of them all. They have also overwritten all of the GEMS programs in the counting machines. They've gone through and overwritten everything in the state.

10:55 AM, January 28, 2008  

Post a Comment

Links to this post:

Create a Link

<< Home