Pull The Plug


By Aviel Rubin / Forbes Magazine / Sept 4, 2006 edition
Go to original.

You don't like hanging chads? Get ready for cheating chips and doctored drives.

I am a computer scientist. I own seven Macintosh computers, one Windows machine and a Palm Treo 700p with a GPS unit, and I chose my car (Infiniti M35x) because it had the most gadgets of any vehicle in its class. My 7-year-old daughter uses e-mail. So why am I advocating the use of 17th-century technology for voting in the 21st century--as one of my critics puts it?

The 2000 debacle in Florida spurred a rush to computerize voting. In 2002 Congress passed the Help America Vote Act, which handed out $2.6 billion to spend on voting machines. Most of that cash was used to acquire Direct Recording Electronic voting machines.

Yet while computers are very proficient at counting, displaying choices and producing records, we should not rely on computers alone to count votes in public elections. The people who program them make mistakes, and, safeguards aside, they are more vulnerable to manipulation than most people realize. Even an event as common as a power glitch could cause a hard disk to fail or a magnetic card that holds votes to permanently lose its data. The only remedy then: Ask voters to come back to the polls. In a 2003 election in Boone County, Ind., DREs recorded 144,000 votes in one precinct populated with fewer than 6,000 registered voters. Though election officials caught the error, it's easy to imagine a scenario where such mistakes would go undetected until after a victor has been declared.

Consider one simple mode of attack that has already proved effective on a widely used DRE, the Accuvote made by Diebold (nyse: DBD - news - people ). It's called overwriting the boot loader, the software that runs first when the machine is booted up. The boot loader controls which operating system loads, so it is the most security-critical piece of the machine. In overwriting it an attacker can, for example, make the machine count every fifth Republican vote as a Democratic vote, swap the vote outcome at the end of the election or produce a completely fabricated result. To stage this attack, a night janitor at the polling place would need only a few seconds' worth of access to the computer's memory card slot.

PA Lawsuit Seeks Paper Trail for Election Day


Paul Muschick / The Morning Call / August 15, 2006
Go to original.

PHILADELPHIA -- -- Twenty-five voters from across Pennsylvania sued the state today seeking to stop the use of electronic voting machines that do not provide back up paper records. The records are necessary for people to verify that their votes were accurately recorded, attorneys said at a news conference at the Philadelphia offices of Drinker Biddle & Reath, one of the law firms representing the plaintiffs in the suit. The suit aims to force counties to have systems in place for the November election that would have a paper record.

The lawyers pointed to flaws with machines in several counties, including Berks County, that showed the machines are not trustworthy. In the May 2005 primary, machines in four Berks precincts failed to record votes because of programming errors.
The suit, filed in Commonwealth Court, could affect voting systems in 57 counties, including Lehigh, Northampton, Berks, Bucks, Montgomery, Monroe, Carbon and Schuylkill. The voters filing the suit include two from the Lehigh Valley - Alan Brau, a physician from Hanover Township, Northampton County, and Cathy Reed of Allentown. Counties nationwide have been moving to computerized, or electronic, voting because of a federal mandate to avoid the kinds of vote-counting problems experienced in Florida in the 2000 presidential election.

Activists: Advisory Proves Blackwell Suppressing Vote


Ted Wendling / Plain Dealer Bureau Chief / August 4, 2006
Go to original.

Columbus -- Voting-rights activists on Thursday produced what they said is the most compelling evidence to date that Ohio Secretary of State Ken Blackwell is trying to suppress the vote in November. In an advisory that contradicts a provision in the voter-reform bill legislators passed last year, Blackwell's office informed county boards of election on June 5 that voters must present a photo ID "showing the voter's name and current address" to cast a regular ballot.

That conflicts with the new law, which permits a person to vote by regular ballot even if the ID -- typically a driver's license -- has the voter's former address. After ignoring the activists groups' entreaties since early June -- even after they threatened to go public -- Blackwell's office sent an e-mail to all 88 county elections boards Thursday. It reiterated instructions the office sent in May that voters who present an ID with a former address may cast a regular ballot if they provide the last four digits from their ID card.

"It's not satisfactory," said Suzanne Gravette, spokeswoman for the Coalition on Homelessness and Housing in Ohio, or COHHIO. "It's not a directive and it's not working," she added, citing a COHHIO survey that showed mass confusion among county elections officials. Among 27 elections boards that were surveyed, 11 said voters who show up with ID that doesn't match their address in the poll book will have to vote by provisional ballot. Michael Vu, director of the Cuyahoga County Board of Elections, said his poll workers have been instructed to allow such voters to cast a regular ballot.

Goodbye Ney; HAVA Nice Day (Rep. Bob Ney Will Not Seek Reelection)


By Fred Barbash / Washington Post Staff Writer / August 7, 2006
Go to original.

Rep. Robert W. Ney, the six-term Republican congressman from central Ohio implicated in the Jack Abramoff influence-peddling scandal, announced this morning that that he will not seek re-election.

"After much consideration and thought I have decided today to no longer seek re-election in Ohio's 18th Congressional District," Ney said in a statement posted on his campaign Website. "I am extremely proud of my 25 years serving the people of Ohio. We've accomplished many things to make this state better and I will always be grateful for the trust my constituents put in me.

Potholes on the Iowa Paper Trail


Jerry Depew, Laurens, IA / http://iowavoters.org / Aug. 6, 2006

Several Iowa counties once planned to use paper trails as part of their touchscreen voting equipment even though not required to do so by Iowa law. But in the June primary they did not use the printers. A map at the SoS website shows nine counties that announced plans to use a paper trail. Now a survey of auditors by Iowans for Voting Integrity reveals that only Black Hawk (Waterloo) and Story (Ames) counties actually used the printers. (Linn county did not respond to the inquiry.)

Monona, Audubon, Boone, and Henry counties purchased Diebold printers but never used them. Des Moines county never purchased printers in spite of the map’s indication that they did. Johnson (Iowa City) county was unable to purchase the printers it wanted because vendor E S & S never presented its printer to Iowa for certification.

Strong-arming the Vote: Partisan Federal Intervention


August 3, 2006

Strong-Arming the Vote
A New York Times editorial

Go to the original

President Bush’s Justice Department has been criticized for letting partisanship guide its work on voting and elections. And party politics certainly appears to have been a driving force in a legal maneuver it just pulled off in Alabama, where it persuaded a federal judge to take important election powers away from the Democratic secretary of state and give them to a Republican governor. The Justice Department says it is trying to enforce the election law, but that is unconvincing. There are plenty of ways to enforce the law without creating the impression that it is tilting the electoral landscape in favor of Republicans.

Will Your Vote Count in 2006?


By Steven Hill / Special to washingtonpost.com's Think Tank Town / August 1, 2006
Go to original.

Heading into the 2006 election, fair election advocates need to remain vigilant. Almost bizarrely, vigilance will be aided by the noncompetitive nature of our winner-take-all elections. In the contest over control of Congress, the battleground has become extremely shrunken with only 30-35 out of 435 U.S. House seats and perhaps six to eight races in the Senate up for grabs. That means efforts to monitor elections can occur over a smaller playing field, allowing targeted vigilance.

In the longer term, activists must turn their efforts to a more visionary agenda that will ensure fair and secure elections. That agenda must include: 1) elections run by nonpartisan and unbiased election officials; 2) professionalization and training of election officials and poll workers, and 3) a national elections commission that can partner with states and counties to create national, uniform standards for running elections. Looking even further, the U.S. should consider following the lead of other nations and create "public interest voting equipment," where government contracts with the sharpest minds in the private sector to develop open source software and voting equipment that is owned and managed by the government instead of by shadowy corporations.

[Ed note: if you want to start work right now on these solutions, both short and long term, please join the Election Defense Alliance and help restore US elections to the people]

Watching Mexico live through a controversial presidential election was like holding up a mirror to our own election difficulties in recent years. As we round the corner and head toward the upcoming November elections -- with control of the Congress up for grabs -- what can Americans expect? Will our votes count? There is both cause for worry, as well as signs that effective voting reform advocacy is paying off.

The root cause of our troubled elections is that, unbelievably, the U.S. provides less security, testing, and oversight of our nation's voting equipment and election administration than it does to slot machines and the gaming industry. Our elections are administered by a hodgepodge of over 3000 counties scattered across the country with minimal national standards or uniformity. Widely differing practices on the testing and certification of voting equipment, the handling of provisional and absentee ballots, protocols for recounts, and training of election officials and poll workers makes for a bewildering terrain.

All you need is a screwdriver: Worst Ever Security Flaw Found in Diebold TS Voting Machine


By Alan Dechert / Open Voting Foundation / July 31, 2006
Go to original.

SACRAMENTO, CALIFORNIA -- “This may be the worst security flaw we have seen in touch screen voting machines,” says Open Voting Foundation president, Alan Dechert. Upon examining the inner workings of one of the most popular paperless touch screen voting machines used in public elections in the United States, it has been determined that with the flip of a single switch inside, the machine can behave in a completely different manner compared to the tested and certified version.

“Diebold has made the testing and certification process practically irrelevant,” according to Dechert. “If you have access to these machines and you want to rig an election, anything is possible with the Diebold TS -- and it could be done without leaving a trace. All you need is a screwdriver.” This model does not produce a voter verified paper trail so there is no way to check if the voter’s choices are accurately reflected in the tabulation.

Open Voting Foundation is releasing 22 high-resolution close up pictures of the system. (Click the image for a larger view) This picture, in particular, shows a “BOOT AREA CONFIGURATION” chart painted on the system board.

The most serious issue is the ability to choose between "EPROM" and "FLASH" boot configurations. Both of these memory sources are present. All of the switches in question (JP2, JP3, JP8, SW2 and SW4) are physically present on the board. It is clear that this system can ship with live boot profiles in two locations, and switching back and forth could change literally everything regarding how the machine works and counts votes. This could be done before or after the so-called "Logic And Accuracy Tests".

A third possible profile could be field-added in minutes and selected in the "external flash" memory location, the interface for which is present on the motherboard.

This is not a minor variation from the previously documented attack point on the newer Diebold TSx. To its credit, the TSx can only contain one boot profile at a time. Diebold has ensured that it is extremely difficult to confirm what code is in a TSx (or TS) at any one time but it is at least theoretically possible to do so. But in the TS, a completely legal and certified set of files can be instantly overridden and illegal uncertified code be made dominant in the system, and then this situation can be reversed leaving the legal code dominant again in a matter of minutes.

“These findings underscore the need for open testing and certification. There is no way such a security vulnerability should be allowed. These systems should be recalled”

OPEN VOTING FOUNDATION is a nonprofit non stock California corporation dedicated to demonstrating the need for and benefits of voting technology that can be publicly scrutinized.

Lipstick on a Pig: Holt Bill gives "get out of jail free" card for deplorable, unsafe DRE systems


by Michael Collins / www.ElectionFraudNews.com / July 28, 2006
Go to original.

So here you have it. Local officials looking at optical scan, touch screen or paper ballots, all of which are commonly thought to be allowed under HAVA, can take a valuable "get out of jail free card" indemnifying them from law suits from either federal authorities or advocates for the handicapped if they simply order DREs. As attorney and clean election advocate Paul Lehto points out, this type of advantage is one that a local counsel would find irresistible. The extra cost for machines is a good investment in protection from lawsuits.

DRE's take votes, cause ballots to disappear, and provide no reliable means of determining what actually happens to votes. On the basis of this shaky foundation, the results of elections are aggregated and winners declared. H.R. 550 simply adds a cosmetic touch by giving us a variety of paper receipts which may or may not be the "ballots of record" (probably not) and that can certainly not be used to overturn an election unless counted in whole when questions arise. Were there a count of the entirety of receipts, there would be no need for the machines to produce them in the first place; we would have hand counted paper ballots.

The Diebold Bombshell


by David Dill, Doug Jones & Barbara Simons / Opednews.com / 7/23/06
Diebold spokesman David Bear admitted to the New York Times that the back door was inserted intentionally so that election officials would be able to update their systems easily. Bear justified Diebold's actions by saying, "For there to be a problem here, you're basically assuming a premise where you have some evil and nefarious election officials who would sneak in and introduce a piece of software... I don't believe these evil elections people exist."

Most computer scientists have long viewed Diebold as the poster child for all that is wrong with touch screen voting machines. But we never imagined that Diebold would be as irresponsible and incompetent as they have turned out to be.

Recently, computer security expert Harri Hursti revealed serious security vulnerabilities in Diebold's software. According to Michael Shamos, a computer scientist and voting system examiner in Pennsylvania, "It's the most severe security flaw ever discovered in a voting system."

Even more shockingly, we learned recently that Diebold and the State of Maryland had been aware of these vulnerabilities for at least two years. They were documented in analysis, commissioned by Maryland and conducted by RABA Technologies, published in January 2004. For over two years, Diebold has chosen not to fix the security holes, and Maryland has chosen not to alert other states or national officials about these problems.

Basically, Diebold included a "back door" in its software, allowing anyone to change or modify the software. There are no technical safeguards in place to ensure that only authorized people can make changes.

A malicious individual with access to a voting machine could rig the software without being detected. Worse yet, if the attacker rigged the machine used to compute the totals for some precinct, he or she could alter the results of that precinct. The only fix the RABA authors suggested was to warn people that manipulating an election is against the law.

Typically, modern voting machines are delivered several days before an election and stored in people's homes or in insecure polling stations. A wide variety of poll workers, shippers, technicians, and others who have access to these voting machines could rig the software. Such software alterations could be difficult to impossible to detect.

Syndicate content