Guest blogged by Ernest A. Canning
Neither the recent claim made by anonymous hacker, Abhaxas, that he/she had hacked into Florida’s e-voting database nor the efforts by FL election officials to minimize the breach of its system comes as a surprise to The BRAD BLOG.
In fact, minimization of the vulnerability following the reported hack calls to mind what Roger G. Johnston, Ph.D of the Argonne National Laboratory describes as the Arrogance Maxim:
One would think that Abhaxas had Johnson’s Arrogance Maxim in mind. As reported by Doug Chapin of the University of MN, the anonymous hacktivist responded to the official denials by hacking into the FL voting system a second time; posting “a directory listing of the Florida database with the (sarcastic) observation ‘Glad you cleaned up, pretty secure now guys’.”
As an encore, Abhaxas then hacked into Montana’s government website, where he/she exposed 16 databases.
While Chapin acknowledges the vulnerability exposed by the hack, once again, as is his habit over the years, Chapin draws the entirely wrong lessons in pointing to the need for better training and security procedures…
‘Canary in the electronic coal mine’
This is not the first time that the vulnerability of a FL electronic voting system has been exposed.
As reported by Brad Friedman, first at Computer World, and then here at The BRAD BLOG, on the first day of early voting for the November 2006 general election, an SQL slammer worm breached the firewall of the Sarasota, FL database system, halted voting, and rewrote administrative passwords.
This just happened to have taken place in relation to the hotly contested FL-13 special Congressional election between Christine Jennings (D) and Vern Buchanan (R) that had been conducted on the 100% unverifiable ES&S iVotronic touch-screen Direct Recording Electronic (DRE) voting systems.
Ironically, that special election was to find a replacement for former 2000 FL Sec. of State Katherine Harris who had, by then, become a Congresswoman. Harris gave up her seat in favor of a futile run for the U.S. Senate. Yet, according to the iVotronics, 15% of Sarasota voters (17,846) failed to cast a vote in the race to fill the infamous Harris’ vacated seat. That was nearly six times greater than the undervote rate in each of the other counties participating in the District 13 race. At the same time, the undervote rate in Sarasota on paper absentee ballots for the Buchanan/Jennings race was just 2.5%.
Jennings carried Sarasota 53% – 47%, even with all of the “lost” votes, but, according to the machines, she was narrowly defeated by Buchanan in the race’s final unverifiable tally by 369 votes.
In April 2007, nearly a month before the slammer worm attack was disclosed, The BRAD BLOG covered a Florida State University study that revealed that a single malicious user could introduce a virus into the iVotronic system which “could potentially steal all the votes in that county, without being detected.”
Jennings’ protracted Congressional challenge was denied after the Government Accountability Office (GAO), which had been tasked to investigate the matter, employed a backwards burden of proof. While no reasonable alternative explanation was ever advanced to explain the bizarre numbers, the GAO said it couldn’t conclusively state the machines caused the undervote because there is a “lack of assurance whether the source code…if compiled, would correspond to the iVotronic firmware that was used in Sarasota County for the 2006 election.”
Why was the burden not placed upon the manufacturer, or even the county, to prove that its e-voting system accurately recorded the vote?
The bizarre numbers prompted E. J. Dionne of the Washington Post to refer to Sarasota as “the canary in the electronic coal mine.”
That 2006 failure was ultimately the straw that broke Florida e-voting’s back (again), and led to the incoming Governor at the time, Republican Charlie Crist, finally joining with Democrats to ban touch-screen electronic voting in the state once and for all.
It’s the machines transparency, stupid!
“I follow the vote,” CIA cyber-security expert Steven Stigall explained to the U.S. Election Assistance Commission (EAC) in 2009. “And wherever the vote becomes an electron and touches a computer, that’s an opportunity for a malicious actor potentially to…make bad things happen.”
As initially reported by Greg Gordon at McClatchy, “Stigall said that voting equipment connected to the Internet could be hacked, and machines that weren’t connected could be compromised wirelessly. Eleven U.S. states have banned or limited wireless capability in voting equipment, but Stigall said that election officials didn’t always know it when wireless cards were embedded in their machines.”
The insanity of Internet voting was demonstrated when a team of white hat hackers led by University of MI Computer Science Prof. J. Alex Halderman not only hacked into the D.C. Internet Voting System, taking over the entirety of the system, but then successfully prevented potentially malicious hackers from Iran and China — who Halderman and his team had noticed were also attempting to access the same system — from being able to access it. Good guy hackers changed the password on the vulnerable system, during a live experiment, in order to keep the bad guy hackers out.
As revealed in study-after-study, systemic vulnerability is not limited to Internet hacks. The principle threat comes from insiders, including election employees, officials and e-voting vendors. It is a vulnerability that exists not only with respect to the computers upon which we vote but the computers that store voter eligibility rolls — a point poignantly demonstrated nearly a decade ago by Greg Palast in The Best Democracy Money Can Buy.
Palast described an illegal purge in the run-up to the 2000 election from Florida’s computerized voter rolls by then FL Sec. of State Katherine Harris and ChoicePoint’s DBT unit. Tens of thousands of innocents, who were guilty of nothing more than having registered to vote while being Black, a Democrat, or both, were disenfranchised when they were falsely labeled as felons and then illegally prevented from casting votes that could well have changed the course of history.
Florida’s switch from 100% unverifiable DREs to optical scanners did not eliminate vulnerability — a point underscored when malicious software was discovered in the Pinellas County, FL vote tabulation system.
Both the 100% unverifiable DREs and the optical scan systems entail reliance upon computer counts which can be undetectably rigged by a single malicious insider, or simply fail due to mis-programming or physical failure. An example of such rigging was dramatically captured on film and shown in the climactic final scene of the Emmy-nominated 2006 HBO documentary Hacking Democracy.
As our recent series of articles pertaining to the hotly contested WI Supreme Court Election underscored, while paper ballots are used in optical scan systems, they provide no assurance of accuracy unless they are publicly hand-counted by human beings — and even that recourse can prove ephemeral absent strict, secure, transparent post-election chain-of-custody procedures. Those articles also underscored that the MSM can be counted on to ignore the problem, no matter how blatantly obvious, well-documented, and independently verifiable the concerns.
Over the past decade, most Americans have engaged in faith-based voting, conducted on exorbitantly-priced, and utterly insecure e-voting systems. We have turned to complex security concerns while ignoring the elegantly simple, inexpensive and transparent solution that is to be found in “Democracy’s Gold Standard” — hand-marked, paper ballots, publicly hand-counted at the precinct level on Election Night.
You can watch that remarkable landmark hack described above, as it happened in real time in Leon County, Florida, in the climactic scene from Hacking Democracy, as posted below [appx 9 mins]…
Beautiful, elegant, accurate. Read up, people!
Lora
I concur – big time! One of Brad’s best
Thank you Ernest A. Canning for guest-blogging and doing such a great job that many of us here just assumed it was written by Brad himself. And @Brad, way to go getting this guy to cover for you. He knows his stuff.
for the love of truth,
LTG
Thanks, Fusion. However, while I owe a great deal of what I’ve learned about election integrity to Brad Friedman, he is not me.
We own much of what we know about elections to Josef Stalin, he is not me.
If you REALLY want to know when the Democracy Gold Standard will be implemented, it will be when a group like Anonymous hacks into the voting system and flips the results so either the Green or Communist Party candidates win ALL the elections. THEN you’ll see the howls of the Dems and Reps go through the roof.
The best thing that could happen is if Mickey Mouse and Donald Duck started winning elections because that could never happen on hand-marked, hand-counted ballots in full public view. It would, in fact, force a fair election – that is , unless people in America want Mickey Mouse to run the government.
Get on it, hackers!
Damn, I hate telling others to risk their freedom by hacking into voting computers, but I’m almost 60 years old, and I just don’t know how. I DO use my real name though.
I don’t know, Larry. Perhaps Mickey Mouse would be an improvement over the Tea Party and corporate Dems.
How ever much people worry about an uninformed public voting, I have often tried to remind to them that the majority of Americans voted for the smart guy in 2000. The powerful have never even tried to refute that.
Al Gore fought a lot harder against his stolen election then John Kerry did, even though Gore didn’t have the retrospect that four years of completely exposed folly could have given him.
Now we’re left with John, (what election fraud?), Kerry to save us from the “Super Congress”.
Sorry, but if Jesus doesn’t come back now, he ain’t commin’ back!
I am reminded of two brilliant videos submitted to Brad Blog which go under the category of, “how did they do that!”
Ishmael said @ 6
Right! Or if they gamed the voting machines to elect some nearly-homeless, mentally-unbalanced, unemployed guy who nobody has ever heard of, who never campaigned, who has no campaign staff or website or cell phone or money, and no chance of winning for Dog Catcher, much less as the U.S. Senate nominee for the Democratic Party of South Carolina!
Oh, wait. That already happened. Nobody cared. Business as usual. The voters must have purposely chosen that guy. Anybody who says otherwise has no proof…cause neither do the voting machines used in South Carolina.
If only Brad would tell the whole story of Sarasota. Her name is Clare Ward-Jenkins, Brad. You can find her on Facebook. Maybe you could tell the story on the 25th anniversary. Kind of like Roswell and George Noory.
I’m not sure what your point is, Mike Ridgway.
Clare Ward-Jenkins was one of many voters who attempted to vote for Jennings on the iVotronic, only to see their vote disappear by the time they got to the final screen to review their choices.
The issue of touch-screen vote flipping has been repeatedly examined by The BRAD BLOG.
The specific problem that Ms. Ward-Jenkins and others experienced became a part of Dan Rather’s “The Problem with Touch-Screens”. The video was embedded by The BRAD BLOG along with an article which covered Rather’s findings.
But, what Brad also covers, repeatedly, is the fact that regardless of whether a voter sees their vote disappear on-screen, there is no way to know whether a vote is internally counted. Any “counting” takes place inside the computer where no one can see or verify its accuracy, or even that a “count” as such has taken place.
So no, Mike, the Ward-Jenkins story is not a hidden story. In fact, it is not even an unusual story.
Roswell does not provide an apt analogy.
I notice the V mask image on the post announcement. Curiously, I also saw that on a screenshot of a website of a hacker who is somehow involved with the San Francisco BART (buses I think) system. Is this something bloggers have begun to use to represent the hackers or is it the symbol the hackers have chosen? Or, is it just ONE hacker?
Is it possible there are very very few of these hackers here in America?
If Iranian and Chinese hackers are trying to make their vote count, then it’s almost an act of war.
Wireless cards in a voting machine? WTF?
Wow, nice story. As a Florida native, I totally agree with your K.I.S.S. philosophy on this one. What’s so bad about counting paper ballots? It will create a few JOBS, after all…