Guest Blogged by Gary Beckwith of Vermonters for Voting Integrity, The Election Justice Center and The Solar Bus…
Yet another independent study by computer security experts has concluded Diebold’s Optical-Scan election system is vulnerable to hacking and rigging. This time it’s the Voting Technology Research Center, at the Department of Computer Science at the University of Connecticut. Their conclusions will sadden anyone who values democracy. Here are a few quotations from the report titled, “A Case Study in Optical Scan E-Voting“:
…
[W]e demonstrate a “time bomb” attack in which the bytecode checks the date and time in order to decide whether the election has begun. [It can] retain proper behavior in pre-election testing, while behaving improperly during the actual election.
…
[I]f the Optical Scan printouts are the sole means of reporting the election results (as it is the case in fact in many jurisdictions)* then one can write quite complex malicious reporting functionalities that get triggered in specific cases (when e.g., the number of votes of a certain candidate are below a certain percentage) and perform arbitrary vote transfers between the candidates.
*including Vermont
Click here for the full report.
There are now at least 5 major independent studies like this. It’s becoming like “beating a dead horse.” But it’s not a horse, it’s the door of our election officials offices that are being pounded on, and they are simply ignoring the call. We know that our state’s election authorities are reading these reports. So the question is, why do they ignore the experts and leave our democracy at risk?
I’m from Vermont, a place you’d think the election officials would do the right thing. But the fact is, that many people have written to Secretary of State Deb Markowitz and Director of Elections Kathy DeWolfe about this. (click here for their contact info if you want to write to them yourself) Many people have asked them, “when are you going to institute random audits on the elections, like all of these studies recommend?”
Their answer is becoming more and more embarrassing…
They say simply that the experts are wrong and they are right. The system is safe, they tell us, and therefore we don’t need audits.
Deb and Kathy say there are tests on the machines that make sure there is no tampering, even if the academic studies prove the tests simply are not adequate. Deb and Kathy say no one could hack the system because they keep the memory cards safe. But the studies show how easily anyone could switch a memory card. And even worse, we all know that employees of Diebold and LHS have unfettered access to the memory cards before each election, as we recently saw in New Hampshire for example, so keeping the cards safe is moot.
Deb and Kathy’s answer to this is, that we should just trust them. What was that? Trust a company such as Diebold who has been prosecuted for fraud, is being investigated by both the SEC and DoJ, sued by its own shareholders, and has employed convicted felons to write their software code? Am I really hearing that correctly, Deb and Kathy? You want us to trust a company with a track record like that?
My question now is, how much longer can Deb and Kathy (and other Secretaries of State) stand there and say the experts are wrong and they are right? How long can they actually claim that they understand the system better than these people who have been studying and teaching about computer security for their entire careers? Because that’s exactly what they’re claiming – that they know more than the experts.
Every study makes recommendations. These recommendations are written specifically to the folks responsible for administering elections — people like Deb and Kathy. We know they have read these recommendations. And they all say the same thing: Conduct random audits on every election.
Every day that goes by as Deb and Kathy deny that audits are necessary, is another day they’re thumbing their noses at the computer security experts (and citizens who care about having accurate elections). Every day that goes by is another day that Deb and Kathy are claiming they understand computer security better than the reports fromUniverisity of Connecticut [PDF], Princeton University, University of California [PDF], and Lawrence Livermore Labs, and even the head of security for Microsoft [PDF]. All these studies agree — without random audits, the system is wholly vulnerable.
Deb claims that it would cost too much to have audits. But can you put a value on our Democracy? If we are using an inadequate system, we have to do something about it. And if cost is really the problem, she could even make Diebold pay for the audits, like California’s Secretary of State is doing. So what’s the problem? Why are they so vehemently against audits, which would only strengthen the integrity of our election system?
Several other states have heard the call of the experts and have begun to implement random audits. But Deb and Kathy evidently think all those other Secretaries of States are wrong for following the advice of the experts, and once again, only they are right.
How much longer can Deb and Kathy do this without looking foolish? Will Vermont be the last state in the country to have audits?
In Vermont — and every state that uses unverifiable DRE/touchscreen machines and optical scanners without audits — we must continue asking questions, and applying pressure to such election officials. In Vermont we have a petition, a flyer [PDF] we pass around, and a website to promote awareness. We must pressure our elected officials to stop denying the advice of the experts and start random audits on our state’s election system, starting this November!
Hey, if Copperfield can hide a train or something like that right before your eyes, it should be pretty easy to flip a few hundred thousand computerized votes around…no?
Especially when you have good assistants aRound to help pull it off…cough press 😛
Vermont should require a full hand count of all ballots entered into their optical scan machines regardless of the cost and the amount of time it may take. It seems to me that Vermont is a relatively small state with fewer ballots to be counted. As long as there are no unique numbers on the ballots,this would be the only way to compare what is on the machines with the ballots.
This should be the case for all other states which use these machines and LHS and that includes Connecticut,Massachusetts,and New Hampshire even though they claim that random audits will be sufficient.
LHS, of course,will inform these states with random audits which of their machines are permissible to audit.
Hi Gary, and welcome,
You know, one of these daze people are going to remember that experts decide nothing, but in fact it is the people on the jury who decide everything.
Those who have conducted trials know that in any case where experts battle, as in computer “it was this way” cases, one expert says one thing and another expert says yet another opposite thing.
That is the meat and potatoes of jury trials.
The hog farmer that got up before dawn, the computer programmer who just got there on time, the housewife who left the kids with grandma, the retired artist who just barely got there, and the other eight citizens, show up at the local courthouse to decide which rocket scientist expert was telling the truth and which one was not. Guess who is the real expert, then!!!
America, land that I love.
But now daze we are getting into MSM Amurka, a place where the decider is composed of “computer experts” and the common folk who have traditionally been the deciders are now beginning to be nothing but trailer trash.
And that place we are getting into, Amurka, is a rotten piece of shit.
Remember Dredd, the experts mentioned in the story have been hired by the state of Connecticut, by the SoS (who arguably would have a stake in showing that machines she’s using work just great).
So while yes, in court, it’s possible to find an expert to testify to just about anything, the ones of note here didn’t necessarily have a dog in the hunt. Or if they did, it would be to hunt for a different dog than the one they ended up sniffing out.
That is not an insignificant point to take note of here.
You make the point that we are also trying to make.
We are also frustrated by lack of action. We know also that optical scan, DRE and other technologies are subject to serious fraud.
We hope to get attention by writing a (hopefully) entertaining novel about it. Cold hard facts don’t seem to be working.
Brad #4
It is possible to find an expert to say anything anywhere, not just in court. I swear on my mama’s grave. 😉
My definition of an expert is “someone who gets paid more than the average person to give their opinion”.
I cannot be unpersuaded from my staunch American support and trust for the jury system over the other system.
Support the expert troops.
Trust the jury, they know that Amurkan elections are trash. Way before the experts do (including the kos expert and the EI expert).
BTW, as far as software is concerned, which is what “runs” electronic voting machines, I am certainly an expert.
But trust the jury. Always!!! Never falter!!!
BTW, I fully believe this story (the software running the machines is corrupt in one way or another, in one degree or another) …
I fully reject any and ALL electronic voting machines …
I fully support paper ballots in each and every election, counted by citizens, and backed up by and very rigorous chain of custody system …
But above all, I support the jury system over the judge system. Now, tomorrow, and on anyone’s birthday!
Definition: Expert: an ex is a has been.
A spurt is a drip under pressure
In response to Steve’s comment #2. That is not how random audits work. LHS would not be able to decide which machines to audit. The selection is done randomly. Alternatively there is another audit method, in which 10% of every machine is hand counted. I think if you look a little more into audits, you will find they can be effective. Nothing is perfect – not even hand counts. In Vermont we had an election last year where the hand counted ballots gave the victory to the wrong candidate, due to manual errors.
Gary — sarcasm alert —
There is a memory card reader that can be bought on the web for about $280 which can scan the memory cards to be used for malicious code. I suggest each Vermont county using the Diebold OS buy these and check the cards they get from LHS. Make sure all machines have fresh batteries.
Jackson – any more info on those memory card testers would be greatly appreciated. where do I get one? does it have to be configured to look for the right things on the cards? Who would be qualified to configure the testers? thanks