Hardware Hacking a Voting Machine in 4 Minutes 482
goombah99 writes "Bev Harris of BlackBoxVoting.org has acquired an actual Diebold Acu-vote ballot scanner. Rummaging through King County's trash, she managed to get her hands on some of their tags and seals. She has since demonstrated a successful penetration of the seals without breaking them ... all in under 4 minutes with no training or technical skills required. There's a nice how-to with photos over at Verified Voting New Mexico." More from goombah99 below.
"The demo is particularly relevant in light of the recent experience in Ohio in which there were large discrepancies between the electronic record and the paper trail, and also since many counties still permit the machines to be taken home by individuals before voting day (as a means of distributing them to precincts). These 'sleepover' machines were involved in the contentious narrow-margin San Diego Election, and are in continued practice in many states. Moreover, it's common practice for counties to contract out deliveries to third parties, such as in New Mexico where in one election, unlicensed delivery drivers took the machines on an unauthorized field trip and only got caught when they crashed the delivery truck after a stop at Hooters. The good news here is that the penetrated Diebold system in the photo essay is an optical scan system. It's not a touchscreen electronic voting system, so there is a paper trail. What hack really shows is that without mandatory random spot checks on the paper ballots, these may be as potentially vulnerable as the touchscreen direct recording electronic voting systems. It's perhaps worth noting that the open source voting system being developed by the Open Voting Consortium features a 100% reconciliation of every single paper ballot with an independent electronic record."
Format of the linked article (Score:3, Informative)
That now qualifies as the most atrocious use of JavaScript I've ever seen - Jesus, render this garbage on the server. Feeding some oddball marked up nonsense to the browser, yielding a circa-1997 page, seems a little...unnecessary.
Re:Cue law suit in three... two... (Score:1, Informative)
IANAL YMMV.
Re:why is it secured in the first place? (Score:4, Informative)
Logic being 'ease of updating', but the safeguards in place against inserting something other than an authorized, verified and certified update are close to nonexisting.
So, in essence, if you have access to the memory card slot, some time, and capability to reboot the machine, you can pwn the election. And it will most likely be untraceable.
Re:why is it secured in the first place? (Score:2, Informative)
Re:What about hacking paper ballots? (Score:3, Informative)
Not to mention that fact that these electronic systems are so expensive compared to the best voting method I've used, that is the "connect the arrow with a sharpie pen". No chads or punch systems, just thick paper and markers. If you can't connect a line with a marker, have someone assist you. If you can't do that, you probably don't need to vote.
I would prefer all states go to the marker system. It's easy to count electronically, super cheap, and everyone understands how it works. They can even add photos to the cards if need be. These complex, expensive, and opaque electronic systems are a solution looking for a problem, IMO.
Re:My Perception Has Changed Again (Score:2, Informative)
No, that would be far worse. The whole point of having secret ballots is to help prevent outright buying of votes. If ballots are not secret, then person A can offer person B (and persons C, D, E...) money for them to vote a particular way (or alternately, threaten them if they don't do so), then easily verify that they voted as they were told to. With secret ballots, person A can't tell how their bribed or threatened voters voted, so they can't verify that their coerced voters earned their bribes or dodged their beatings.
Making ballots public would only open up another way to subvert the system, and do so in a way that's even harder to detect than any shenanigans with the voting machines or ballots.
To Trust or Not To Trust (Score:4, Informative)
And that's bad.
Very few people trust the election system as it now stands on a national basis. There is NO national standard, NO overwatch that is politically independent and NO way to VERIFY the states that are using the electronic-only voting methods.
The gaps are obvious: we need a national standard for the voting process; one that allows verification of EVERY vote on a papertrail basis; we need an independent overwatch OF the voting process; and we need an electronic voting system that is far more secure than the one that is currently being used.
And the probability of that happening amounts to one Big FAT CHANCE.
The excuses? It costs too much, it will take too much time to put into place, it violates State's Rights, there is no way to keep the politics out of the system and no system is completely secure.
How much are we willing to spend to defend our shores from attack? Is
With regards to State's Rights, this is for a national election. Sorry kiddies, doesn't apply as far as standards of the systems themselves go. You still have control of WHO votes and that's where the REAL power resides, so STFU. Keeping the politics out of the system? Well, there's no easy fix for that, but making the election review board similar to the Supremes, but with a requirement of 4 and 4 from each party and only 1 being appointed by the LAST sitting Prez might work... subject to Congressional approval and all that, of course. And secure? Well, nothing is ever totally secure, but we should be able to do better than a four-minute, no-break-the-seal-non-techie-hack!
Lee Darrow,
Chicago, IL
Private Voting, Public Counting (Score:5, Informative)
I spoke briefly with Bev Harris recently. See below.
I'm at work, so I need to make this brief. Just four points.
First, the two pillars of our democracy (United States of America) are private voting and public counting. We adopted the Australian Ballot [wikipedia.org] (aka secret ballot [wikipedia.org]) a while back. Things like electronic voting and forced mail voting (e.g. 100% vote by mail) take away the secret ballot. Here in Washington State, our constitution says we need a secret ballot. Disagree if you want. There's lots of ideas. Like voting receipts and no more secret ballots. But please start by changing our laws. Meanwhile, any attempt to take away the secret ballot (private voting) is unconstitutional.
Second, there is no technical way to have an electronic voting system which both preserves the secret ballot and the public vote count. If the ballots are secret, then there's no verifiability, meaning no public count. If the system is verifiable, then there's no secret ballot. You can have one or the other, but not both. Electronic counting, as with the precinct-based optical scanners, can be done constitutionally.
Third, currently the most reliable way to vote in the USA is to use a voter-correctable precinct-based optical scanner (PBOS). Sorry, I don't have the cites handy (my bad), but dig a little and you can find the research on this. Brennan Center, GAO reports, MIT Voter Project, etc. The basic idea is that you mark a ballot and feed it into a machine. If there's a problem, the machine spits the ballot back out, giving the voter a chance to correct the problem. Yes, these machines need to be better designed, open source, yadda, yadda. But before anyone proposes a better system, please work to understand the best system currently available. (Thank you for your patience.)
Many juridictions have wisely moved away from touchscreens and other DREs and adopted PBOS systems with a low-cost, verifiable solution for disabled voting. TrueVoteCT.org just had a huge win. And Voter Action [voteraction.org] sued and got the touchscreens in New Mexico replaced with PBOS systems. (Please visit both orgs and give them cash. Activism is not cheap!)
Fourth, and lastly, Bev Harris made an incredibly important point: Our elections have to be understandable for all the voters. Blackbox Voting has spents years digging and researching. I've personally spent 2 years learning all that I can about elections, voting, and these systems. I'm a computer geek and I readily admit that I had to work pretty hard to understand stuff. Bev has a lot of contact with experts, computer scientists, security dudes, etc. Her point is that we cannot rely on those sage gurus to weigh in on our election systems. We all need to understand how our democracy works. Not just the wonks. That means our election and voting systems must be simple and straightforward.
(PS- I saw Bev during King County Washington's "logic and accuracy testing" of our new Diebold AccuVote TSx touchscreens last Tuesday. You can read "Report: Testing of Diebold AccuVote TSx" on my blog [blogspot.com], on WashBlog [washblog.com], or on dailyKos [dailykos.com]. Please holler if anyone has questions. I'll do my best to reply in a timely fashion.)
Re:Kind of goofy article (Score:3, Informative)
Re:What about hacking paper ballots? (Score:3, Informative)
Your comments could be applied to the Ukrainian Presidential runoff of 2004 [wikipedia.org] where massive vote fraud was done despite the presence of international election monitors. I was in Ukraine the day after the election and I remember seeing the election "results" on TV. Imagine if you will a US state in a Presidental election that reports 98% of eligible voters voted and 94% of them voted for one candidate and you have an idea of the bald faced fraud that going on. When the people counting the votes and the people working the precincts are in on the fix, paper ballots can be forged/replaced. The election was re-run basically because the police and military backed the "loser", Viktor Yushchenko, and refused to kill protesters like the outgoing president is alleged to have secretly ordered. It also helped that the Supreme Court shocked everyone and decided that even though the outgoing president had appointed them, they were going to do what was right, not what he wanted them to do, so they ordered a re-vote and a fair result was obtained. So whenever I hear people act like paper ballots can't be rigged, I think of this election.
Re:Private Voting, Public Counting (Score:2, Informative)
Damned good question.
The reason is because the VVPAT (voter verified paper audit trail) is a placebo.
What reason would anyone have to believe that the tally recorded in the memory card (and uploaded to the central tabulator) is the same as what is printed? Two different data paths. Enables two different results.
Voter Action determined that in New Mexico [voteraction.org] that Spanish language ballots were printed corrected but not recorded in memory. (Sorry, I couldn't quickly find the specific cite.)
The report from the recent botched election in Cuyahoga County Ohio [votetrustusa.org] had all sorts of problems related to the VVPAT. Sure, hypothetically one could design and build a VVPAT system that wasn't likely to break down, rip the paper, had good ergonomics, etc. But I prefer to talk about the actual systems we're actually using. And these actual systems actually suck.
The one attempt to audit the VVPAT that I know of resulted in the election officials quickly choosing to use PBOS over electronic voting systems with VVPAT. You can read the testimony [eac.gov] Jill LaVine, Sacramento County's Registrar of Voters, gave to the Election Assistance Commission this last April. Brief summary: The manual recount took 1 hour and 15 minutes per ballot cast.
Lastly, your mileage may vary state to state. Some states treat the VVPAT as the legal ballot of record. Some treat the memory card as the legal record. Some don't use the VVPAT for recounts. Etc. Honestly, I don't keep close track of such things. The proponents of Holt's HR 550, like Verified Voting [verifiedvoting.org] do a good job on that issue, if you want to know more.
Again, great question. Keep 'em coming.
Re:So... (Score:3, Informative)
Anyway, it appears that the three big "electronic voting" companies are Republican shills, just going by the 2004 election data (exit poll discrepancies were bigger in districts using electronic voting, and all discrepencies were in the favor of the Republicans, they weren't random).