Sunday July 23rd 2017

STEALING THE VOTE

Hacking one of the new electronic voting machines is so simple, a monkey can do it.
Literally. So why isn't this threat to democracy front page news?


Nearly everyone remembers how the 2000 Presidential election hung literally by a chad. In the aftermath of that fiasco, Congress passed the Help America Vote Act (HAVA). It included $3.9 billion to upgrade the country’s voting infrastructure, with most of that aimed directly at converting lever machines and paper ballots to the new electronic or “e-voting” devices like “touch-screen” and “optical-scan” counters. States that wanted a piece of the pie were required to upgrade before 2006. But the machines have been problem-plagued. There are serious design flaws, security is lax and there is mounting evidence that partisan hackers can manipulate election results and thwart the democratic process. And, unbeknownst to the public and even most election officials, some of the companies that manufacture this equipment are run by convicted felons —including former narcotics traffickers, embezzlers, computer hackers and stock market manipulators. There are also questions about why major defense contractors have been promoting the move to e-voting and what benefits they expect to derive therefrom.

Imagine a Trojan Horse that unleashes thousands of illegitimate votes and disappears without a trace; votes picked up by exit polls that are never reflected in the official returns; election commissioners wined and dined by the manufacturers of the electronic voting equipment; uninvestigated computer glitches and easily picked locks in voting systems; no federal oversight holding e-voting vendors accountable; a conflict of interest on the part of those certifying the machines as being secure.

As incredible as it seems, this country maintains less oversight of our voting equipment and conduct of elections than it does to slot machines and the gaming industry. There are no uniform national standards, and no federal agency that has regulatory authority or oversight of the voting machine industry — not the Federal Election Commission (FEC), not the Department of Justice (DOJ), and not the Department of Homeland Security (DHS). The FEC admits it doesn’t even have a complete list of all the companies that count votes in U.S. elections. America’s voting system is a messy patchwork of polling rules run mostly by officials in 13,000 independent, quasi-sovereign counties and municipalities.
 
Doug Chapin, director of Election-Line.org, a nonpartisan research center in Washington, observes, “All of the things that make us nervous about doing something by computer are magnified in the voting context, because voting is the first decision which leads to all other decisions. If you believe that democracy is a process, and if there’s any question about the legitimacy of that process, then it strikes at the legitimacy of the government as a whole.”

A Zogby poll shows that voters are aware that flaws in computerized voting machines can change the outcome of elections. At a stunning rate of 92%, Americans insist on the right to watch their votes being counted. And 80%  strongly object to the use of secret computer software to tabulate votes without citizen access to that software. Yet our public officials are not listening. They’re buying more of the flawed equipment.
Unlike Europe, where citizens count the ballots, in the United States employees of highly secretive Republican-leaning electronic voting machine companies now manage most aspects of our elections. This includes registering voters, printing ballots, designing and programming voting machines, tabulating votes (often with armed guards keeping the media and members of the public who wish to witness the count at bay) and reporting the results for 60 million voters in 47 of the 50 states.

This privatization of the U.S.  voting process means the public lacks access to, or the ability to inspect, election software, or even to know who created it. But what is now coming to light is that criminals have been involved in the process. It appears that even though convicted felons can’t vote, they can count the vote.

In one case, a man named Jeffrey Dean — who admitted he had been blackmailed over killing someone — pleaded guilty to 23 counts of embezzlement through a sophisticated manipulation of computer accounting records. Yet he was  given the position of senior programmer of the (Diebold) gems central tabulator system that counted approximately 50% of the votes in the 2004 Bush-Kerry election, in 30 states, both paper ballot and touch-screen.

Says Barbara Simons of the Association for Computing Machinery and a retired IBM researcher, “I don’t want to malign ex-felons, but you want to know the names of the people who are programming the machines that will be recording and counting our votes.” As Joseph Stalin pointed out, “Voters decide nothing; people who count votes decide everything.” The Washington Post reports that “Conflicts of interest have crept like a weed into nearly every crevice of election administration.”

The history of electronic voting

Punch cards, which are counted by computer programs just as buggy and tamper-friendly as the rest, came into play in the 1960s. Optical scans began being used in the 1980s, and “direct recording electronic devices,” or DREs (like touch-screens), came on the scene around 1996. By 1998, they were installed in locations that were heavily involved in gambling (such as Las Vegas, riverboat gambling areas of Louisiana, and some New Jersey locales). The first to hit with DREs was a company called Sequoia, which for many years was owned by DeLaRue, whose biggest investor was a die-hard Democrat who donated over $800,000 to Democrat causes and was once accused of trying to buy foreign policy in Britain. But Sequoia was hemhorraging money, so DeLaRue sold it to a Venezuelan company.

Next came ES&S and Global Election Systems, the latter of which morphed into the controversial North Canton, Ohio-based Diebold, which now dominates the market and has strong Republican ties.


Despite what is popularly assumed, the impetus for e-voting was not about correcting the problems with the 2000 election. That was just used as a marketing ploy by the 12-member Election Systems Task Force — an industry group of vendors and procurement agents.

A revealing tape has surfaced of a meeting held on August 21, 2003 by insiders in the election industry (who didn’t know the meeting had been infiltrated). A voice on the tape, presumably that of the director of The Election Center, r. Doug Lewis, said the goal of the Election Systems Task Force was to get the HAVA legislation enacted to create more business opportunities for themselves. Their agenda, he said, was, “How do we get Congress to fund a move to electronic voting?”

But what has really piqued the suspicions of election watchdogs is that it was acknowledged at the meeting that the major companies involved in the Election Systems Task Force are Northrop Grumman, Lockheed Martin, Accenture and EDS, which are defense contractors and procurement agencies.

Critics ask: what possible reason would there be for the defense industry to be promoting electronic voting machines unless they knew that this equipment can be manipulated to favor the candidates they think will pursue policies that will generate the most business for them (such as what has happened with the Iraq war)?
 
The implications of their involvement in the vote counting process evoke memories of President Eisenhower warning against the undue influence of the military/industrial complex.

When local officials turned to the federal government for guidance, they were met with bureaucratic buck-passing. Hava outlined no technical guidelines for the new machines, and without a formal process for vetting the new equipment, officials in nearly 30 states relied on presentations from top e-voting vendors. Most states have failed to involve outside technical experts in the buying process.

Enter the Election Center, of which R. Doug Lewis is the head. It arranges conferences, sponsored by the vendors, where the state and local elections officials who attend are inundated with propaganda from the manufacturers of e-voting machines. In August 2004, elections officials from all over the country met in Washington, D.C., where they were treated to a dinner cruise on the Potomac sponsored by Sequoia and a welcoming party underwritten by Diebold. The graduation and send-off party was sponsored by ES&S.

The Center seems to have a conflict of interest in helping select the certifiers of the electronic voting machines, and issuing strong statements supporting the security of the equipment even as it has taken donations from the manufacturers. It also quietly passed around a letter to the election industry advocating against a paper trail which could be used to verify the accuracy of the electronic vote count. Even an ATM money machine generates a paper receipt for every transaction, so you can reconcile any discrepancies with your bank. Ironically, most of these ATM machines are built by Diebold. So why not require every voting machine to generate a paper receipt?

John Gideon of Voters Unite complains that “The voting machine corporations are spending millions to influence the decisions that relate to the qualification and sales of voting systems. They are influencing the development of new voting system standards, whether those standards have to be followed, who buys what type of system, and every step in between. The vendors are in too much control.”

Mr. Lewis’ resumé is murky. He claims to have been “an assistant to a President in the White House” (but he doesn’t say which President). He says he was the head of the Kansas and Texas Democrat Party (but he doesn’t say which years).

Prior to running The Election Center, he owned a used computer parts store for about eight years. It went out of business and he then took over training and organization of the u.s. election industry, the most powerful position in the nation when it comes to election security.

Problems With Performance
  
In a series of  research  papers  for the Voting Technology Project, a joint venture of the prestigious Massachusetts and California Institutes of Technology, DREs were found to be among the worst performing systems. No method, the study conceded, worked more reliably than hand-counting paper ballots — an option that u.s. electoral officials seem to consider hopelessly antiquated.

The contentious events of election night 2000 turned on the errors in the Volusia and Brevard county Florida vote counts, both of which occurred on Global Election Systems (now Diebold) equipment.

Election investigator Bev Harris recalled in an interview with Midwest Today, “In Volusia County, Florida during the 2000 Presidential election, a memory card (the ballot box, for computerized voting machines) produced correct results. Strangely, the correct electronic ballot box was then replaced with another [memory card], which then produced different results: Minus 16,022 votes for Al Gore. In a remarkable coincidence, this happened to be just the margin that was needed to call the election for George W. Bush.”

Harris says that “Nine minutes after the Volusia County electronic ballot box was replaced, television networks began erroneously calling the election for Bush. The call was made specifically because of the 16,000 vote spread that suddenly opened up in Volusia County. Pressure was put on Gore to concede, and he finally did, privately, to Bush. He was on his way to concede to the nation when he learned of the bogus results and withdrew his concession. Had he conceded to the nation, the 2000 election would have ended on Election Night.”

Dana Milbank of the Washington Post attributed the suspicious Volushia vote count to a “faulty memory chip.” But internal memoranda establish that the technical managers at Global considered it a reasonable possibility that the second card was part of deliberate conspiracy to rig the election results.*

Surprises in 2002

There were other surprising upsets in 2002, in Georgia, Colorado, Minnesota, Illinois and New Hampshire — all in races that had been flagged as key partisan battlegrounds, and all of which were “won” by the GOP in defiance of the exit polls. Interestingly, the pollsters made no comparable mistakes in predicting the outcomes of lower-key races.

Suspicious of the Georgia results, and similar upsets elsewhere, two computer scientists — Avi Rubin of Johns Hopkins University and Dan Wallach of Rice University — began investigating the proprietary software code that runs Diebold’s best-selling AccuVote-TS touch-screen machine. This, in the aftermath of Bev Harris having discovered that Diebold had foolishly posted top-secret code on the company’s insecure ftp site, which was subsequently disseminated on the Web and thus available to hackers.
 
Rubin and Wallach found that there were no safety mechanisms in the software to prevent people from casting unlimited votes. Shocked, they wrote that the e-voting machine was “far below the most minimal security standards.”

A group of researchers from the Information Security Institute at Johns Hopkins University in Baltimore also discovered what they called “stunning flaws” in the Diebold programming. These included putting the password in the source code, a basic security no-no; manipulating the voter smart-card function so one person could cast more than one vote; and other loopholes that could theoretically allow voters’ ballot choices to be altered without their knowledge, either on the spot or by remote access.

Diebold issued a detailed response, saying that the Johns Hopkins report was riddled with false assumptions, inadequate information and “a multitude of false conclusions.” Substantially similar findings, however, were made in a follow-up study on behalf of the state of Mary-land, in which a group of computer security experts catalogued 328 software flaws, 26 of them critical, putting the whole system “at high risk of compromise.” “If these vulnerabilities are exploited, significant impact could occur on the accuracy, integrity, and availability of election results,” their report says.

More Anomalies in 2004

More controversy began to swirl when then-CEO of Diebold, Wally O’Dell, pledged millions to the Bush campaign ahead of the 2004 election and told the President that he was “committed to helping Ohio deliver its electoral votes” to George W. just as the company was pushing its paperless voting system on the state of Ohio — a crucial swing state.

Up until 11 p.m. Eastern time on election night in November 2004, exit polls showed John Kerry comfortably leading George Bush in Florida, Ohio, Pennsylvania and New Mexico, giving him a clear victory in the Electoral College, and a projected national margin of at least 1.5 million popular votes.

Yet President Bush ended up officially winning the election by 2.5% nationwide, even though exit polls showed Kerry winning by 3%. According to a report released by a group of university statisticians, the odds of a discrepancy this large between the national exit poll and election results happening by accident are close to one in a million.

Professor Steve Freeman of the University of Pennsylvania, who studied the election results, claims that a third of the Kerry voters who showed up in exit polls in rural Republican-dominated areas simply don’t turn up in the actual vote tally. Not just in Ohio, but throughout the nation.

It’s extraordinary for a candidate to get a vote total that exceeds his party’s registration in any voting jurisdiction — because of non-voters — but Bush racked up more votes than registered Republicans in 47 out of 67 counties in Florida, the state where Jeb Bush is Governor. In 15 of those counties, his vote total more than doubled the number of registered Republicans and in four counties, Bush more than tripled the number.

Bush achieved these totals even though exit polls showed him winning only about 14% of the Democratic vote statewide — statistically the same as in 2000 when he won 13% of the Democratic vote – and losing Florida’s independent voters to Kerry by a 57% to 41% margin.
Republican pollster Dick Morris said the Election Night pattern of mistaken exit polls favoring Kerry in six battleground states — Florida, Ohio, New Mexico, Colorado, Nevada and Iowa —was virtually inconceivable.

“Exit polls are almost never wrong,” Morris wrote. “So reliable are the surveys that actually tap voters as they leave the polling places that they are used as guides to the relative honesty of elections in Third World countries. To screw up one exit poll is unheard of. To miss six of them is incredible. It boggles the imagination how pollsters could be that incompetent and invites speculation that more than honest error was at play here.”

Sam Parry of Consortium News says that “While it’s conceivable Bush might have achieved these and other gains through his hardball campaign strategies and strong get-out-the-vote effort, many Americans, looking at these and other statistically incredible Bush vote counts, are likely to continue to suspect that the Republicans put a thumb on the electoral scales, somehow exaggerating Bush’s tallies through manipulation of computer tabulations.”
 
In 47 Florida counties, the number of Presidential votes exceeded the number of registered voters. Palm Beach County recorded 90,774 more votes than voters and Miami-Dade had 51,979 more. Overall, Florida reported 237,522 more Presidential votes (7.59 million) than citizens who turned out to cast ballots (7.35 million).

Nationwide in 2004, Voters Unite! detailed 303 specific election problems, including 84 complaints of machine malfunctions in 22 states. In various elections around the country in 2004, Republicans who were trailing their Democratic opponents, staged upset victories, sometimes by wide margins, with statistical anomalies and inexplicable reversals of voting trends proliferating.

Questions about these matters are typically dismissed by rightwing commentators, FOX news and even some members of the mainstream media as paranoid speculation and/or an inability to accept political defeat. But is it really plausible that, after a half century of fine tuning exit polling to a science, it has suddenly become inaccurate in the u.s. in the last few elections? Is it really just a coincidence that the sudden rise of so-called inaccurate exit polls happened around the same time corporate-programmed, computer-controlled, modem-connected voting machines began recording and tabulating ballots? Why is it that only in precincts that used old-fashioned, hand-counted paper ballots did the official count and the exit polls dovetail closely, but in those places where computers were used to count the vote, exit polls had Kerry winning but the electronic voting machines claimed that Bush won? Why is it that when errors are discovered, they invariably tend to have a bias in favor of the Republican candidates? Could it be significant that all of the three major electronic voting machine manufacturers are headed by activist Republicans who have given generously to the GOPgop and worked for the election of the party’s candidates?

Earlier this year, in primaries in Illinois and Texas, all-too-familiar problems included more votes being counted than there were registered voters, and thousands of votes missing from a recount.

New Flaws Discovered in Diebold
Now comes word that Diebold apparently included a “back door” in its software, allowing anyone to change or modify it. There are no technical safeguards in place to ensure that only authorized people can make those changes.

Diebold spokesman David Bear admitted to The New York Times that the back door was inserted intentionally so that election officials would be able to update their systems easily. Bear justified Diebold’s actions by saying, “For there to be a problem here, you’re basically assuming a premise where you have some evil and nefarious election officials who would sneak in and introduce a piece of software... I don’t believe these evil elections people exist.”

Typically, modern voting machines are stored in warehouses used by county or state governments that lack surveillance and which are accessible by a variety of employees like janitors. They are delivered several days before an election by truckers who have easy access, and stored in people’s homes or in insecure polling stations. Thus a wide variety of people could rig these machines.

Open Voting recently found that a simple flick of a switch makes Diebold’s AccuVote TS touch-screen machine easily hackable. The equipment can be accessed within seconds using only a Phillips head screwdriver. Since this model does not produce a verified paper trail, there is no way to check if the votes were accurately recorded.

For anyone looking to hack into its voting machines, the company has conveniently printed instructions right onto the Diebold TS’s system board. The Boot Area Configuration table shows how to make the system boot from an external Flash memory unit instead of the internal memory chip with the Diebold software. A Flash is a very small and thin, easily concealable device that can be bought for $100-$200 on the internet and uses widely available software.

Finnish security expert Harri Hursti, together with Black Box Voting, demonstrated that hacking can even occur at the polling place by a voter who goes into a voting booth and then quickly alters the machine. Hursti proved that this can be accomplished without being given any password and with the same level of access given thousands of poll workers across the U.S. Most alarmingly, it changes votes in a one-step process that will not be detected in any normal canvassing procedure, it requires only a single credit-card sized “Flash” memory card, and almost anybody can do it.

Computer experts claim there are also problems with the security features of Diebold’s optical-scan equipment. They have shown that the memory can be easily tampered with.

As an experiment, election officials in Leon County, Florida, hired computer experts to successfully hack an optical-scan voting machine manufactured by Diebold, and they did so on four occasions. Finnish security expert Harri Hursti and Herbert Thompson, (a computer security expert who teaches at the Florida Institute of Technology), were able to affect the outcome of a mock “election” by altering the software on a removable memory card central to the machine’s operation.

Memory cards are held in a compartment protected by a small plastic seal. However, these simple seals can be defeated, and Hursti has demonstrated how the memory card can be reprogrammed without disturbing the seal by using a telephone modem port on the back of the machine.

According to Thompson, data on the cards isn’t encrypted or secured with passwords. Anyone with access to the cards can alter the data using a laptop.

Thompson said in a real race between candidates someone could pre-load 50 votes for Candidate A and minus 50 votes for Candidate B, for example. Candidate B would need to receive 100 votes before equaling Candidate A’s level at the start of the race. The total number of votes on the machine would equal the number of voters, so election officials wouldn’t become suspicious.

“It’s self-destroying evidence,” Thompson explained. “Once the machine gets past zero and starts counting forward for Candidate B, there’s no record that at one point there were negative votes for Candidate B.”
 
The Diebold machine could be modified not only to change election results, but on detecting the end of the election, to restore the original software, and erase itself otherwise, thus requiring extremely advanced forensics to determine that the machine had previously been compromised. Thompson said a second vulnerability in the cards makes it easy to program the voting machine so that it thinks the card is blank at the start of the race. This is important because before voting begins on Election Day, poll workers print a report of vote totals from each machine to show voters that the machines contain no votes.

“The logic to print that zero report is contained on the memory card itself,” Thompson said. “So all you do is alter that code ... to always print out a zero report (in the morning).”

David Jefferson, a computer scientist at Lawrence Livermore National Laboratory and chair of California’s Voting Systems Technical Assessment and Advisory Board, said that programming software on a removable memory card raises grave concerns.

“The instant anyone with security sensibility hears this, red flags and clanging alarms happen,” Jefferson said. “Because this software that is inserted from the memory module is not part of the code base that goes through the qualification process, so it’s code that escapes federal scrutiny.”

Another concern is the vulnerability of the central tabulator, which is the “mother ship” that all the polling place voting machines send their results into. A central tabulating computer counts the votes on outdated Windows software. So anyone who knows how to operate an Excel spreadsheet and who is given access to the central tabulation machine can, in theory, change election totals.

Black Box Voting recently demonstrated two quick ways that “an unscrupulous person with no computer skills whatsoever” could sabotage vote totals.

The entire voting record can be deleted by choosing “reset the election” on a drop-down menu, or a hacker can destroy a tabulator’s ability to recognize ballots by un-selecting three checkboxes on a program control panel.

Once those changes are made, a hacker could cover his tracks by deleting the audit log. The procedure is so simple, Black Box had a monkey do it within one minute on a videotape it produced.

What about poll tapes, which wouldn’t match if you tamper with the mother ship? Replies Bev Harris, “In practice, most counties never compare those. Voters found in 2004 that the poll tapes weren’t posted, so they couldn’t get a comparison reliably. And the absentee votes have no poll tape.”

Also, as Lynn Landes points out,  “Don’t count on recounts to save the day. In most states, recounts of paper ballots only occur if election results are close. The message to those who want to rig elections is, ‘rig them by a lot.’”

Paper Ballots Were Better

The transition to e-voting needs to be seen in context. Bev Harris comments that “You’ll often hear from elections officials that no matter what the system, insiders can always manipulate elections so you have to trust those with inside access.” But, she insists, “that’s false. In the old hand counted paper ballot system, it was not, in fact, very feasible for the insiders to tamper.” She explains, “Standard accounting procedures with checks and balances made inside tampering findable by ordinary citizens, in most cases. Also, we need to do the math here. The average elections office has from two to five people with access to the central tabulator. The hack takes less than 60 seconds to do, and can be done in the background with no telltale signs on the machine. All you need is access to the keyboard for a few seconds. Now, take that two to five people times several thousand jurisdictions. We’re being told we need to trust 10,000 people, any one of whom can control a county election!”

Manufacturers insist there are safeguards. But Bev Harris complains “we’ve now got an electronic highway, and none of it can be overseen by citizens at all. You could register and vote whole graveyards full of dead people this way. They’ll say you can’t, citing various supposed checks and balances, but I say those can be circumvented.”

 Although Diebold is the most embattled voting equipment company, computer scientists say paperless systems made by Sequoia Voting Systems Inc. and other competitors also expose elections to malicious attack, software glitches and mechanical errors that could delete or alter millions of ballots.

Sequoia’s touch-screen voting machines are currently involved in highly improbable election results, including Chicago, Illinois; ES&S voting machine memory cards have been recalled in Ohio and North Carolina; and Hart Intercivic touchscreen machines are involved in improbable election results in Texas and other locales.

The accusations against Diebold are not being made merely by political partisans, but by various respected and independent entities, among them computer experts hired by California and even — surprisingly — election officials in Florida.
 
Election security advocates have filed lawsuits in at least a dozen states as a way to block state and election officials’ efforts to use touch-screen machines that lack a “voter verified paper audit trail.” Twenty-six states have also taken action to implement paper trails. But the u.s. Congress has yet to pass legislation that would extend this protection nationwide.  Copyright 2006 by Midwest Today


click here to: SUBSCRIBE NOW!
.

    

Home | Contact Us | About Us | Advertise | Privacy Statement | Writer's Guidelines
 ©copyright 2005 Midwest Today Inc.
site design by Melt Media