Black Box Voting - Finds More ( second set) E-Voting Flaws !!

[Guest guest]

When you consider who the players are and how they are involved, what

statements they have made about delivering partisan results and a

recent history of fraudulent results in some recent elections it

should be pretty obvious that the " flaws " are by design and not flaws

at all but methods to subvert elections and the electorate. But, if

you control the process of govt. and can control the media you can

sell the people anything. F.

 

 

 

r

Wed, 22 Sep 2004 19:17:07 -0400

Black Box Voting - Finds More E-Voting Flaws !!

 

Black Box Voting - Finds More E-Voting Flaws !!

 

Activists Find More E-Vote Flaws

By Kim Zetter

Wired News

9-22-4

 

Activists Find More E-Vote Flaws

Address:http://www.rense.com/general57/evote.htm

 

Voting activist Bev Harris and a computer scientist say they found

more vulnerabilities in an electronic voting system made by Diebold

Election Systems, weaknesses that could allow someone to alter votes

in the election this November.

 

Diebold said Harris' claims are without merit and that if anyone did

manage to change votes, a series of checks and balances that election

officials perform at the end of an election would detect the changes.

 

Harris demonstrated the vulnerabilities to officials in the California

secretary of state's office several weeks ago and will be showing them

to federal legislative staff and journalists Wednesday in Washington,

D.C. Harris and another activist have filed a lawsuit against Diebold

in California, which the state has joined, maintaining that Diebold

engaged in aggressive marketing to sell millions of dollars worth of

equipment that it knew was insecure. Harris and the activist stand to

make millions from the suit if they and the state win their case.

 

The vulnerabilities involve the Global Election Management System, or

GEMS, software that runs on a county's server and tallies votes after

they come in from Diebold touch-screen and optical-scan machines in

polling places. The GEMS program generates reports of preliminary and

final election results that the media and states use to call the

winners.

 

David Jefferson, a computer scientist at Lawrence Livermore National

Laboratory and a member of the California secretary of state's voting

systems panel, agreed with Diebold that election procedures could help

prevent or detect changes in votes, but said that election officials

and poll workers do not always follow procedures. Therefore, election

observers need to know about the vulnerabilities so they can help

reduce the risk that someone could use them to rig an election.

 

Jefferson added that he doesn't believe that the vulnerabilities show

deliberate malice on Diebold's part to aid fraud, as Harris has

sometimes contended in public statements. But the vulnerabilities do

show incompetence and indicate that Diebold programmers simply don't

know how to design a secure system.

 

Harris said the problem lies in the fact that GEMS creates two tables

of data that don't always match. One table consists of rows showing

votes for each candidate that were recorded on voting machine memory

cards at each precinct. The other table consists of summaries of that

precinct data. Officials use the raw precinct data to spot-check

accuracy. For example, if all of the machines at a precinct record a

total of 620 votes for Arnold Schwarzenegger, then the data in GEMS

should show 620 votes for Schwarzenegger for that precinct. The

official results that go to the state are based on the vote summaries

produced by GEMS.

 

When election officials run a report on GEMS on election night, it

creates the vote summaries from the raw precinct data. Then as

absentee and provisional ballots get counted after Election Day and

added into GEMS, the raw data numbers increase, while the vote

summaries remain the same until the next time officials run a summary

report and it regenerates totals from the raw precinct data.

 

Harris said it's possible to alter the vote summaries while leaving

the raw data alone. In doing so, the election results that go to state

officials would be manipulated, while the canvas spot check performed

on the raw data would show that the GEMS results were accurate.

Officials would only know that the summary votes didn't match precinct

results if they went back and manually counted results from each

individual polling place and compared them to the vote summaries in GEMS.

 

Diebold said because the two sets of data are coupled in GEMS it would

be impossible for someone to change the summaries without changing the

precinct data that feeds the summaries. And if they did, the system

would flag the change.

 

But Harris said it's possible to change the voting summaries without

using GEMS by writing a script in Visual Basic -- a simple, common

programming language for Windows-based machines -- that tricks the

system into thinking the votes haven't been changed. GEMS runs on the

Windows operating system.

 

The trick was uncovered by Herbert Thompson, director of security

technology at Security Innovation and a teacher of computer security

at the Florida Institute of Technology. Thompson has authored several

nonfiction books on computer security and co-authored a new novel

about hacking electronic voting systems called The Mezonic Agenda:

Hacking the Presidency.

 

After Harris met Thompson at the Defcon hacker conference this year,

she asked him to examine the GEMS program. He found he could write a

five-line script in the Notepad text editor that would change the vote

summaries in GEMS without changing the raw precinct data. The auditing

log in GEMS wouldn't record the change because it only tracks changes

that occur within GEMS, not changes that occur on the computer outside

of GEMS.

 

After writing the script, Thompson saved it as a Visual Basic file

(.vbs) and double-clicked it to execute it.

 

The command happens in the background where no one can see it. To

verify that the changes occurred, Thompson could write another script

to display the vote data in a message box after the change. Once the

scripts finished their work, they would go into the Recycle Bin, where

Thompson could delete them.

 

When Harris demonstrated the vulnerability to officials in California,

she opened the GEMS program to show that the votes changed as the

script commanded them to.

 

" You have to know in advance what you want to change, " Thompson said,

" but it's pretty easy to write a script to find the data that you want

to change. If you want Stan Smith to have more votes than he currently

has, you write a line of your script that says select everything in

the table where candidate equals Stan Smith, and increment the votes.

Then you delete the votes from another candidate by the same amount. "

 

Thompson acknowledged that the hack would take an insider with

knowledge of the voting system and election procedures and access to

GEMS. But this could include technical people working for a county or

Diebold employees who sometimes assist technically challenged election

officials on election night. It's unlikely that unsavvy election

officials or observers would notice or understand the significance of

someone writing five lines of code in Notepad.

 

Thompson was pretty stunned to find that some of the same

vulnerabilities that appear in the Diebold system appear in the

fictional voting system he and his co-author created in their recent

novel.

 

" When we wrote the book, we thought the election system it described

was a bit far-fetched, " Thompson said. " We thought it's impossible

that any real voting system would have these problems. Then we saw the

GEMS software, and it had four of the vulnerabilities that we wrote

about in the book. "

 

Thompson said Diebold could easily have designed the system to use

cryptographic hashes to detect if vote summaries changed when they

weren't supposed to change. But he said the company probably never

imagined a scenario in which someone would change the vote data

through Windows, bypassing the audit logs.

 

There is one way in which changing vote totals in GEMS might not work.

If someone changed the summary totals before all precinct votes came

in, the altered summary votes would be written over with the new

precinct data once election officials ran another summary report. But

Harris said that " a hidden program for vote manipulation " exists in

GEMS that could allow " any teenager or terrorist with a laptop " or

" anyone with an agenda or a profit motive " to trick the system into

thinking the votes haven't changed by using what Harris calls a

" two-digit code " or trigger

in GEMS.

 

Thompson said the " hidden program " is more of a feature in GEMS that

is put there for a good reason, but is easily abused. GEMS has a

method for flagging whether vote data is old or up-to-date by marking

it with a 0 or a -1. Thompson said it's likely that when election

officials run a new summary report, the 0 and -1 tell the program

which data is old and which is new or updated. But someone could trick

the system into thinking that old data is updated data by switching

the numbers. Harris was able to do this easily in demonstrations.

 

When asked to comment on this, Diebold sent Wired News an excerpt from

a seven-page rebuttal that it distributed to election officials to

counter Harris' claims. The excerpt said that the flagging feature is

" typically used (for example) to reset any test results that were

uploaded as part of any pre-election testing. " No further explanation

of this feature was forthcoming.

 

But speaking generally on the vulnerabilities Harris mentions, Diebold

spokesman David Bear said by phone that no one would risk manipulating

votes in an election because it's against the law and carries a heavy

penalty. He also said that election " policies and procedures dictate

that no (single) person has access or is in control of a (voting)

system, " so it would be impossible for anyone to change votes on a

machine without others noticing it. And even if someone managed to

change the votes, auditing procedures would detect it.

 

Diebold spokesman Mark Radke said that after an election, counties are

supposed to go back to the memory cards taken from voting machines and

manually add vote totals stored on the cards as well as vote totals on

a paper printout that poll workers take from each machine at the close

of the polls. Officials compare these totals to the GEMS summary

totals and if there is a discrepancy, Radke said, the totals from the

memory cards take precedence over the GEMS totals.

 

Jefferson, the Lawrence Livermore computer scientist, agreed that

election procedures usually indicate that there should not be one

person operating the counting software. He also agreed with Bear that

officials could catch discrepancies in vote totals if they went back

and manually added up the results from every individual polling place

and compared the totals with the tallies in the summary report. But

Jefferson said that election officials and poll workers don't always

follow procedures.

In the California March primary, he pointed out, several counties

refused to follow procedures that were requested by the secretary of

state's office and others failed to follow procedures that are

mandated under California election law.

 

Rather than creating a system that relies on the " perfect execution of

(poll worker) procedures, " Jefferson said, Diebold should have

designed the system to better prevent fraud.

 

" You don't want to make up for poor design by adding more burden to

beleaguered poll workers and election officials who don't understand

the reasons for all of the rules that they have to obey and (are

therefore) likely to cut corners, " Jefferson said.

 

As for why Diebold would have designed such a poor system, Jefferson

thinks the company simply didn't know how to do it any better.

 

" There are a lot of reasons why you might want parallel tables of vote

totals, " Jefferson said. " But there are better designs that avoid

(these vulnerabilities) entirely. If you are not a world-class

designer, if you're making it up as you go along and not deeply

educated in data management, this is the kind of design you might come

up with.

 

" I think the designers of the Diebold system never seriously

understood what it would take to prevent vote manipulation by

insiders, " Jefferson said. " I consider that to be inexcusable. "

 

 

© Copyright 2004, Lycos, Inc. .

http://wired.com/news/evote/0,2645,65031,00.html?tw=wn_tophead_1