Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

Originally posted in the lounge last night, sorry for the cross post

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread
This topic is archived.
Home » Discuss » Archives » General Discussion (Through 2005) Donate to DU
 
NamVetsWeeLass Donating Member (1000+ posts) Send PM | Profile | Ignore Sun Nov-14-04 10:23 AM
Original message
Originally posted in the lounge last night, sorry for the cross post
Edited on Sun Nov-14-04 10:24 AM by NamVetsWeeLass
I originally put this in the lounge last night, Droopy told me it needed a more serious forum, so I am moving it here and I am editing it to show the link I followed.

http://www.leanleft.com/archives/003587.html

God Save us From Journalists | Main | Five Things to Make You Smile
September 23, 2004
Diebold Machines Easily Changed
by Kevin
This does not make me feel confidant:



The trick was uncovered by Herbert Thompson, director of security technology at Security Innovation and a teacher of computer security at the Florida Institute of Technology. Thompson has authored several nonfiction books on computer security and co-authored a new novel about hacking electronic voting systems called The Mezonic Agenda: Hacking the Presidency.

After Harris met Thompson at the Defcon hacker conference this year, she asked him to examine the GEMS program. He found he could write a five-line script in the Notepad text editor that would change the vote summaries in GEMS without changing the raw precinct data. The auditing log in GEMS wouldn't record the change because it only tracks changes that occur within GEMS, not changes that occur on the computer outside of GEMS.

After writing the script, Thompson saved it as a Visual Basic file (.vbs) and double-clicked it to execute it.

The command happens in the background where no one can see it. To verify that the changes occurred, Thompson could write another script to display the vote data in a message box after the change. Once the scripts finished their work, they would go into the Recycle Bin, where Thompson could delete them.

When Harris demonstrated the vulnerability to officials in California, she opened the GEMS program to show that the votes changed as the script commanded them to.



Frankly, based on the bits of code and the discussion around the system, I am surprised it took this long to find this kind of vulnerability. These systems are simply not secure in any meaningful way. They are poorly designed and poorly coded, and should not inspire confidence. Diebold claims that there are procedures in place to prevent that kind of manipulation, and that no one has ever broken the law. Seriously:



But speaking generally on the vulnerabilities Harris mentions, Diebold spokesman David Bear said by phone that no one would risk manipulating votes in an election because it's against the law and carries a heavy penalty. He also said that election "policies and procedures dictate that no (single) person has access or is in control of a (voting) system," so it would be impossible for anyone to change votes on a machine without others noticing it. And even if someone managed to change the votes, auditing procedures would detect it.


The problem, of course, is that people do break the law, and procedures are not always followed:



Jefferson, the Lawrence Livermore computer scientist, agreed that election procedures usually indicate that there should not be one person operating the counting software. He also agreed with Bear that officials could catch discrepancies in vote totals if they went back and manually added up the results from every individual polling place and compared the totals with the tallies in the summary report. But Jefferson said that election officials and poll workers don't always follow procedures. In the California March primary, he pointed out, several counties refused to follow procedures that were requested by the secretary of state's office and others failed to follow procedures that are mandated under California election law.


Now, there is always the matter of access. But it is common for Diebold employees to assist poll workers with the machines, and poll workers themselves have access to the machines. I cannot stress how simple this change would be, and how easily it could affect the vote. There are simply no real safeguards for preventing people with access to the machines from changing the results of the elections, and no real ability to tell that it has been done. It is simply inconceivable to me that these machines would be allowed anywhere near an election. Their design and implementation -- speaking as someone who codes and designs for a living -- is incredibly poor. I am literally struggling to find words to convey just how awful this design really is. "Inexcusable" and "bug-stupid" just don't do it justice. I cannot believe anyone approved this design -- literally, cannot believe that anyone with a day's worth of experience or an ounce of common sense thought this was an appropriate design. If these machines were toasters, they would not only set your house on fire the first time they were used, they would set your neighbors' houses on fire and disable all the phones so that no one could call the fire department.

Steve Gilliard is constantly pounding on the fact that no one needs to mess with the voting machines because voter intimidation tactics work so well. He is partly correct -- it is already obvious that voter suppression is beginning to stir. But voter suppression is hard, dirty work that leaves finger prints and trails of evidence. The kind of manipulation that is possible with these machines is almost undetectable. In a close election with poor polling models -- such as this one -- there will be very few outside clues to point fraud. If I wanted to steal an election, and I had a choice, I would prefer fixing these Diebold machines to trying to keep people away from the polls. It is quicker, more reliable, and less likely to be discovered.

Steve is right that the old-fashioned methods work well. But we cannot afford to ignore the more modern, high-tech fraud now possible. This vulnerability is a perfect example of the potential for fraud waiting at polling places all over the country.

TrackBack
| Other weblogs commenting on this post
Comments
I really love the 'nobody would do it because it's against the law' defense; apparently all those prisons are just figments of our imagination!

Posted by: Garnet on September 23, 2004 02:21 PM
Yeah, those "prisons of the mind", they're everywhere...

I think the Repubs are covering all their bases, too. In which state were they encouraging their own to vote absentee? Ohio, maybe? I think the idea is that, if there's a giant mess, THEY'LL have paper trails to prove how they voted -- "your side got no paper trail, well cry me a river, get over it, you lost...!"

Posted by: Jeff on September 24, 2004 11:52 AM
Post a comment

Imagine all the People Living Life in Peace. You may say I'm a dreamer, well I'm not the only one In fact there are at least 55 Million of us.

Printer Friendly | Permalink |  | Top
tk2kewl Donating Member (1000+ posts) Send PM | Profile | Ignore Sun Nov-14-04 10:30 AM
Response to Original message
1. seems to be a no-brainer
that law should dictate that all election software be open source and that no person or company that sells election software may donate to any political candidate, party or 527.

:shrug:
Printer Friendly | Permalink |  | Top
 
NamVetsWeeLass Donating Member (1000+ posts) Send PM | Profile | Ignore Sun Nov-14-04 12:18 PM
Response to Original message
2. I kicked this for attention to the thread
I cross posted it from the lounge cause it was too important for the lounge, but it at least got 2 reads in there LOL
Printer Friendly | Permalink |  | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view 
this author's profile Click to add 
this author to your buddy list Click to add 
this author to your Ignore list Mon Oct 20th 2014, 09:17 AM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » Archives » General Discussion (Through 2005) Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators


Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC