Inside A U.S. Election Vote Counting Program

[Guest guest]

http://www.scoop.co.nz/mason/stories/HL0307/S00065.htm

 

Scoop: Inside A U.S. Election Vote Counting Program

 

Inside A U.S. Election Vote Counting Program

 

By Bev Harris*

* Bev Harris is the Author of the soon to be published book " Black Box

Voting: Ballot Tampering In The 21st Century "

http://www.blackboxvoting.com

 

*** NEW *** FOLLOW UP STORY

Bald-Faced Lies About Black Box Voting Machines

and

The Truth About the Rob-Georgia File

IMPORTANT NOTE: Publication of this story marks a watershed in American

political history. It is offered freely for publication in full or part on any

and

all internet forums, blogs and noticeboards. All other media are also

encouraged to utilise material. Readers are encouraged to forward this to

friends and

acquaintances in the United States and elsewhere.

CONTENTS

Introduction

Part 1 - Can the votes be changed?

Part 2 - Can the password be bypassed?

Part 3 – Can the audit log be altered?

*************

Introduction

According to election industry officials, electronic voting systems are

absolutely secure, because they are protected by passwords and tamperproof audit

logs. But the passwords can easily be bypassed, and in fact the audit logs can

be altered. Worse, the votes can be changed without anyone knowing, even the

County Election Supervisor who runs the election system.

The computer programs that tell electronic voting machines how to record and

tally votes are allowed to be held as " trade secrets. " Can citizen's groups

examine them? No. The companies that make these machines insist that their

mechanisms are a proprietary secret. Can citizen's groups, or even election

officials, audit their accuracy? Not at all, with touch screens, and rarely,

with

optical scans, because most state laws mandate that optical scan paper ballots

be

run through the machine and then sealed into a box, never to be counted

unless there is a court order. Even in recounts, the ballots are just run

through

the machine again. Nowadays, all we look at is the machine tally.

Therefore, when I found that Diebold Election Systems had been storing 40,000

of its files on an open web site, an obscure site, never revealed to public

interest groups, but generally known among election industry insiders, and

available to any hacker with a laptop, I looked at the files. Having a so-called

security-conscious voting machine manufacturer store sensitive files on an

unprotected public web site, allowing anonymous access, was bad enough, but when

I

saw what was in the files my hair turned gray. Really. It did.

The contents of these files amounted to a virtual handbook for

vote-tampering: They contained diagrams of remote communications setups,

passwords,

encryption keys, source code, user manuals, testing protocols, and simulators,

as well

as files loaded with votes and voting machine software.

Diebold Elections Systems AccuVote systems use software called " GEMS, " and

this system is used in 37 states. The voting system works like this:

Voters vote at the precinct, running their ballot through an optical scan, or

entering their vote on a touch screen.

After the polls close, poll workers transmit the votes that have been

accumulated to the county office. They do this by modem.

At the county office, there is a " host computer " with a program on it called

GEMS. GEMS receives the incoming votes and stores them in a vote ledger. But

in the files we examined, which were created by Diebold employees and/or county

officials, we learned that the Diebold program used another set of books with

a copy of what is in vote ledger 1. And at the same time, it made yet a third

vote ledger with another copy.

Apparently, the Elections Supervisor never sees these three sets of books.

All she sees is the reports she can run: Election summary (totals, county wide)

or a detail report (totals for each precinct). She has no way of knowing that

her GEMS program is using multiple sets of books, because the GEMS interface

draws its data from an Access database, which is hidden. And here is what is

quite odd: On the programs we tested, the Election summary (totals, county wide)

come from the vote ledger 2 instead of vote ledger 1, and ledger 2 can be

altered so it may or may not match ledger 1.

Now, think of it like this: You want the report to add up only the actual

votes. But, unbeknownst to the election supervisor, votes can be added and

subtracted from vote ledger 2. Official reports come from vote ledger 2, which

has

been disengaged from vote ledger 1. If one asks for a detailed report for some

precincts, though, the report comes from vote ledger 1. Therefore, if you keep

the correct votes in vote ledger 1, a spot check of detailed precincts (even

if you compare voter-verified paper ballots) will always be correct.

And what is vote ledger 3 for? For now, we are calling it the " Lord Only

Knows " vote ledger.

*************

Detailed Examination Of Diebold GEMS Voting Machine Security ( Part 1)

CAN THE VOTES BE CHANGED?

Here's what we're going to do: We'll go in and run a totals report, so you

can see what the Election Supervisor sees. Then we'll tamper with the votes.

I'll show you that our tampering appears in Table 2, but not Table 1. Then we'll

go back and run another totals report, and you'll see that it contains the

tampered votes from Table 2. Remember that there are two programs: The GEMS

program, which the Election Supervisor sees, and the Microsoft Access database

that

stores the votes, which she cannot see.

Let's run a report on the Max Cleland/Saxby Chambliss race. (This is an

example, and does not contain the real data.) Here is what the Totals Report

will

look like in GEMS:

 

CLICK FOR BIG VERSION

http://www.scoop.co.nz/stories/images/gems/CLEL3.jpg

As it stands, Cleland is stomping Chambliss. Let's make it more exciting.

The GEMS election file contains more than one " set of books. " They are hidden

from the person running the GEMS program, but you can see them if you go into

Microsoft Access. You might look at it like this: Suppose you have votes on

paper ballots, and you pile all the paper ballots in room one. Then, you make a

copy of all the ballots and put the stack of copies in room 2.

You then leave the door open to room 2, so that people can come in and out,

replacing some of the votes in the stack with their own.

You could have some sort of security device that would tell you if any of the

copies of votes in room 2 have been changed, but you opt not to.

Now, suppose you want to count the votes. Should you count them from room 1

(original votes)? Or should you count them from room 2, where they may or may

not be the same as room 1? What Diebold chose to do in the files we examined

was to count the votes from " room2. " Illustration:

If an intruder opens the GEMS program in Microsoft Access, they will find

that each candidate has an assigned number:

 

http://www.scoop.co.nz/stories/images/gems/CANDNUM.jpg

One can then go see how many votes a candidate has by visiting " room 1 " which

is called the CandidateCounter:

 

http://www.scoop.co.nz/stories/images/gems/ROOM1.jpg

In the above example, " 454 " represents Max Cleland and " 455 " represents Saxby

Chambliss. Now let's visit Room2, which has copies of Room1. You can find it

in an Access table called SumCandidateCounter:

 

http://www.scoop.co.nz/stories/images/gems/ROOM2.jpg

Now let's put our own votes in Room2. We'll put Chambliss ahead by a nose, by

subtracting 100 from Cleland and adding 100 to Chambliss. Always add and

delete the same number of votes, so the number of voters won't change.

 

Notice that we have only tampered with the votes in " Room 2. " In Room 1, they

remain the same. Room 1, after tampering with Room 2:

 

http://www.scoop.co.nz/stories/images/gems/ROOM1.jpg

Now let's run a report again. Go into GEMS and run the totals report. Here's

what it looks like now:

 

CLICK FOR BIG VERSION

http://www.scoop.co.nz/stories/images/gems/CLEL4.jpg

Now, the above example is for a simple race using just one precinct. If you

run a detail report, you'll see that the precinct report pulls the untampered

data, while the totals report pulls the tampered data. This would allow a

precinct to pass a spot check.

*************

Detailed Examination Of Diebold GEMS Voting Machine Security ( Part 2)

CAN THE PASSWORD BE BYPASSED?

At least a dozen full installation versions of the GEMS program were

available on the Diebold ftp site. The manual, also available on the ftp site,

tells

that the default password in a new installation is " GEMSUSER. " Anyone who

downloaded and installed GEMS can bypass the passwords in elections. In this

examination, we installed GEMS, clicked " new " and made a test election, then

closed

it and opened the same file in Microsoft Access.

One finds where they store the passwords by clicking the " Operator " table.

 

http://www.scoop.co.nz/stories/images/gems/PW-1.jpg

Anyone can copy an encrypted password from there, go to an election database,

and paste it into that.

Example: Cobb County Election file

One can overwrite the " admin " password with another, copied from another GEMS

installation. It will appear encrypted; no worries, just cut and paste. In

this example, we saved the old " admin " password so we could replace it later and

delete the evidence that we'd been there. An intruder can grant himself

administrative privileges by putting zeros in the other boxes, following the

example in " admin. "

 

CLICK FOR BIG VERSION

http://www.scoop.co.nz/stories/images/gems/PW-3.jpg

How many people can gain access? A sociable election hacker can give all his

friends access to the database too! In this case, they were added in a test

GEMS installation and copied into the Cobb County Microsoft Access file. It

encrypted each password as a different character string, however, all the

passwords are the same word: " password. " Password replacement can also be done

directly in Access. To assess how tightly controlled the election files really

are,

we added 50 of our friends; so far, we haven't found a limit to how many people

can be granted access to the election database.

 

CLICK FOR BIG VERSION

http://www.scoop.co.nz/stories/images/gems/PW-FRND.JPG

Using this simple way to bypass password security, an intruder, or an

insider, can enter GEMS programs and play with election databases to their

heart's

content.

*************

Detailed Examination Of Diebold GEMS Voting Machine Security ( Part 3)

CAN THE AUDIT TRAIL BE ALTERED?

Britain J. Williams, Ph.D., is the official voting machine certifier for the

state of Georgia, and he sits on the committee that decides how voting

machines will be tested and evaluated. Here's what he had to say about the

security

of Diebold voting machines, in a letter dated April 23, 2003:

" Computer System Security Features: The computer portion of the election

system contains features that facilitate overall security of the election

system.

Primary among these features is a comprehensive set of audit data. For

transactions that occur on the system, a record is made of the nature of the

transaction, the time of the transaction, and the person that initiated the

transaction. This record is written to the audit log. If an incident occurs on

the

system, this audit log allows an investigator to reconstruct the sequence of

events

that occurred surrounding the incident.

In addition, passwords are used to limit access to the system to authorized

personnel. " Since Dr. Williams listed the audit data as the primary security

feature, we decided to find out how hard it is to alter the audit log.

Here is a copy of a GEMS audit report.

 

CLICK FOR BIG VERSION

http://www.scoop.co.nz/stories/images/gems/AUDIT-1.JPG

Note that a user by the name of " Evildoer " was added. Evildoer performed

various functions, including running reports to check his vote-rigging work, but

only some of his activities showed up on the audit log.

It was a simple matter to eliminate Evildoer. First, we opened the election

database in Access, where we opened the audit table:

 

CLICK FOR BIG VERSION

http://www.scoop.co.nz/stories/images/gems/AUDIT-2.JPG

Then, we deleted all the references to Evildoer and, because we noticed that

the audit log never noticed when the admin closed the GEMS program before, we

tidily added an entry for that.

 

CLICK FOR BIG VERSION

http://www.scoop.co.nz/stories/images/gems/AUDIT-3.JPG

Access encourages those who create audit logs to use auto-numbering, so that

every logged entry has an uneditable log number. Then, if one deletes audit

entries, a gap in the numbering sequence will appear. However, we found that

this feature was disabled, allowing us to write in our own log numbers. We were

able to add and delete from the audit without leaving a trace. Going back into

GEMS, we ran another audit log to see if Evildoer had been purged:

 

CLICK FOR BIG VERSION

http://www.scoop.co.nz/stories/images/gems/AUDIT-4.JPG

As you can see, the audit log appears pristine.

In fact, when using Access to adjust the vote tallies we found that tampering

never made it to the audit log at all.

Although we interviewed election officials and also the technicians who set

up the Diebold system in Georgia, and they confirmed that the GEMS system does

use Microsoft Access, is designed for remote access, and does receive " data

corrections " from time to time from support personnel, we have not yet had the

opportunity to test the above tampering methods in the County Election

Supervisor's office.

From a programming standpoint, there might be reasons to have a special vote

ledger that disengages from the real one. For example, election officials

might say they need to be able to alter the votes to add provisional ballots or

absentee ballots. If so, this calls into question the training of these

officials, which appears to be done by The Election Center, under the direction

of R.

Doug Lewis. If election officials are taught to deal with changes by

overwriting votes, regardless of whether they do this in vote ledger 1 or vote

ledger

2, this is improper.

If changing election data is required, the corrective entry must be made not

by overwriting vote totals, but by making a corrective entry. When adding

provisional ballots, for example, the proper procedure is to add a line item

" provisional ballots, " and this should be added into the original vote table

(Table

1). It is never acceptable to make changes by overwriting vote totals. Data

corrections should not be prohibited, but must always be done by indicating

changes through a clearly marked line item that preserves each transaction.

Proper bookkeeping never allows an extra ledger that can be used to just

erase the original information and add your own. And certainly, it is improper

to

have the official reports come from the second ledger, which may or may not

have information erased or added.

But there is more evidence that these extra sets of books are illicit: If

election officials were using Table 2 to add votes, for provisional ballots, or

absentee voters, that would be in their GEMS program. It makes no sense, if

that's what Diebold claims the extra set of books is for, to make vote

corrections by sneaking in through the back door and using Access, which

according to

the manual is not even installed on the election official's computer.

Furthermore, if changing Table 2 was an acceptable way to adjust for

provisional ballots and absentee votes, we would see the option in GEMS to print

a

report of both Table 1 totals and Table 2 so that we can compare them.

Certainly,

if that were the case, that would be in the manual along with instructions

that say to compare Table 1 to Table 2, and, if there is any difference, to make

sure it exactly matches the number of absentee ballots, or whatever, were

added.

Using Microsoft Access was inappropriate for security reasons. Using multiple

sets of books, and/or altering vote totals to include new data, is improper

for accounting reasons. And, as a member of slashdot.org commented, " This is

not a bug, it's a feature. "

*** ENDS ***

 

 

Home Page | Headlines | Previous Story | Next Story

Copyright © Scoop Media

Scoop For: - NZ Business News - NZ Science And Technology News - NZ Arts News

- NZ Politics News - NZ Parliament News - NZ Education News - NZ Health News

Positive Energy For: - Positive Energy - NZ Positive Energy - New Zealand

Energy Policy - NZ Power Policy

 

Scoop The Internet

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

My Scoop/NewsAgent

Sign in here

email

password

 

 

 

Scoops

 

Dogbitingmen Digest –12 November 2004

3:04 pm Dog Biting Men

Pics: Tanks Used Against Anti-War Protestors In LA

12:01 pm Indymedia

Public Address 11 & 12/11/04 - Madness And Drama

11:50 am HARD NEWS from Russell Brown

O'Rourke: Now Is The Winner Of Our Discontent

11:44 am Douglas O'Rourke

Steve Weissman: Who Counts in Ohio?

11:40 am Steve Weissman

Michael C. Ruppert: Snap Out Of It!

11:35 am From The Wilderness Publications

Vincent Guarisco: Democracy is Unequivocally Dead

11:25 am Vincent L. Guarisco

Mary Pitt: What We Have Here........

11:22 am Mary Pitt

Israel-Palestine Conflict after the U.S. Elections

11:20 am Sonia Nettnin

Why Did John Kerry Abandon His Crew In Battle?

11:18 am Harvey Wasserman

No Right Turn: Eleven Eleven

11:15 am No Right Turn

And So The Sorting And Discarding Of Votes Begins

11:13 am Bob Fitrakis

Simon Pound: Papers Short Of Content To Pad Ads

10:58 am Simon Pound

Dave Taggart: A Letter To An American Friend

10:52 am Scoop Reader Opinion

Dog Skin Report: Bush's 'Incredible' Vote Tallies

10:50 am Dog Skin Report

Scoop Image: Our Unknown Soldier's Final Journey

7:23 am Kevin List

Scoop: Top Scoops + Just Politics

7:06 am Alastair Thompson

Steven Gray DVD Review: Goodfellas - Special Ed.

6:30 am Steven Gray DVD Review

Intel Sources Say SIS Investigating Maori Party

10:22 pm Selwyn Manning - Scoop Auckland

Zaoui Supreme Court Detention Hearing Newsflash

6:33 pm Kevin List

47 State Exit Poll Analysis Confirms Swing Anomaly

1:45 pm Alastair Thompson

95bFM’s Thursday WIRE With Simon Pound: 12 - 2pm

10:27 am 95bfm

Insight: Biology Of A Meningococcal Vax Company

9:42 am Barbara Sumner Burstyn

Scoop: Top Scoops + Just Politics

2:50 am Alastair Thompson

Supreme Court To Decide If Zaoui Rots In Jail

7:23 pm Kevin List

Ernest Partridge: Do We Still Have A Democracy?

6:44 pm Ernest Partridge

The Dog Skin Report: That Distance Thing

6:38 pm Dog Skin Report

Jim Shultz: After Election 2004 - What Now?

6:32 pm Jim Shultz

Sam Smith: Watching The Count - Recovered History

6:29 pm Sam Smith

Kamala Sarup: Can a Poor Country Become Rich?

6:27 pm Kamala Sarup

 

More...