October 7, 2006

Results from any Diebold machine now suspect for midterm elections

The Associated Press reported yesterday that several memory cards were “lost or stolen” during Cuyahoga County’s May 2006 primary, jeopardizing the November vote count of 48 of Ohio’s 88 counties that use Diebold electronic voting systems or central tabulators.

“Anyone who has physical access to a voting machine, or to a memory card that will later be inserted into a machine, can install malicious software using a simple method that takes as little as one minute,” computer scientists from Princeton University reported last month. http://itpolicy.princeton.edu/voting 

Nationwide, the election results from any Diebold machine are now suspect, with these stolen memory cards in circulation. In 2003, the Congressional Research Service (CRS) warned that altered memory cards could allow someone with physical access “to falsify election results without leaving any record.”

Forty-eight counties in Ohio use Diebold technology, representing more than half of Ohio’s registered voters. In May, the Secretary of State’s office released confirmation of which counties purchased which voting systems for use in November’s midterm election. (A map showing which Ohio counties are using which technology will be posted shortly at http://www.GuvWurld.org, key word search “Rady,” scroll list of articles for “2006 Map Ohio County by e-Vendor”) 

The Center for Information Technology Policy and Dept. of Computer Science at Princeton University reported that, “Even careful forensic examination of these records will find nothing amiss.” (supra) 

Election Science Institute (ESI) observed Cuyahoga’s election system and practices during May, and released a scathing report in August finding that, “the election system, in its entirety, exhibits shortcoming with extremely serious consequences…” (Emphasis in original) http://www.electionscience.org for August, 2006 Cuyahoga County report.

ESI also reported, “A lack of inventory controls and gaps in the chain of custody of mission critical assets, such as DRE memory cards, DRE units, and VVPAT cartridges, resulted in a significant amount of missing data.” Michael Vu, Cuyahoga County’s Board of Elections Director, is directly responsible for this lack of oversight that allowed memory cards to go missing. 

All electronic voting systems are suspect, regardless of which vendor manufactured or maintains them. “Anomalies” and “glitches” have been reported in every state since the introduction of these machines into our election system. A slew of lawsuits have been filed to remove the machines from use, to force a hand count of voter-prepared paper ballots, and to force the use of voter-prepared paper ballots in the upcoming elections. 

Electronic voting systems strain scarce public funds with their exorbitant cost to purchase, upgrade, maintain and provide training for poll workers and election officials. Maryland’s Governor Bob Ehrlich called the systems a “1000 percent increase in cost” from hand counted paper ballots, and recently restored paper ballots, cutting the state’s losses for the e-voting purchase. 

Emergency legislation has been introduced to require all states to provide paper ballots for any voter in the U.S. who refuses to vote on electronic voting systems in the midterm elections. See http://www.BradBlog.com for updated status on this pending legislation. For 2008, Rep. Dennis Kucinich introduced HR 6200, which will replace e-Voting nationwide with a hand-counted paper ballot system.

Prior Knowledge, Failure to Warn the Public

Important agencies and institutions warned public officials and corporate media of “severe,” and “extreme” problems with electronic warning. 

In September of 2004 the Dept. of Homeland Security issued Cyber Security Bulletin SB04-252 announcing that the Diebold GEMS central tabulator was built with “an undocumented backdoor that allows a local or remote user to modify votes.” 

The 2003 CRS report (supra) concluded, “DREs (touch screen voting systems) do not adhere to currently accepted security principles for computer systems.” 

Compuware provided a security analysis of the four major vendors, Diebold, ES&S, Sequoia and Hart InterCivic, for Ohio Secretary of State, J. Kenneth Blackwell, in November of 2003. Compuware did not consider physical security requirements, or political ramifications of electronic votes being counted by private corporations that refuse public oversight, and that are owned by key figures in the military.

Just regarding the software, firmware and hardware, Compuware found all systems vulnerable to electronic hacking. Key components are not encrypted, and memory cards can be altered without detection.

After reading these reports, Blackwell advised all Ohio counties to purchase these machines. He is running for Governor on the November ballot, as well as administering Ohio’s election. (He also owned stock in Diebold until he was publicly embarrassed into selling it.) 

All of the nation’s Chief Election Officers are duty-bound to have read these reports when they were issued, and to take steps to inform and protect the public whom they serve. At least, that is how a democracy is run.

Media Iron Curtain

Corporate media obscured publication of past and current scientific reports that reject the use of electronic voting technology from public view until recently, and continues to ignore (or only occasionally mentions) the urgency facing the integrity of US democracy in the month prior to the November 7th election. Citations to the dozens of reports condemning electronic voting can only be found on the internet, and is limited to those with the time to search for them. 

Of print media, Rolling Stones is an exception in that it listed its sources for the June 2006, 11,000-word article by Robert F. Kennedy, Jr. “But if you were looking in the five or six days afterward for follow-up stories, investigations or even a mention in the P-I, its cross-town competitor or just about any other major U.S. newspaper, you were almost certainly disappointed,” opined Kenneth F. Bunting of The Seattle Post-Intelligencer. 

“To his credit, CNN’s Wolf Blitzer aired a brief and not-very-illuminating interview with Kennedy late the next day after the Rolling Stone issue hit the newsstands. There was a brief mention on the Lou Dobbs report later that same evening and MSNBC got around to mentioning the article’s assertions several days later.” http://www.truthout.org/docs_2006/061106C.shtml00

Television’s Comedy Central has a better track record of exposing e-voting weaknesses, partisan election administration, and the court cases that uphold both. Several episodes are clipped into the film, “Stealing America” by producer Dorothy Fadiman. http://www.stealingamerica.org 

All e-Voting Technology is Suspect

Optical scan systems, as well as DREs, are subject to tampering by switching memory cards. National Science Foundation Director of ACCURATE, Avi Rubin, reported to Forbes Magazine in August of 2006. He wrote:

“Why am I advocating the use of 17th-century technology for voting in the 21st century?

The boot loader controls which operating system, so it is the most security-critical piece of the machine. To (install overwriting software), a night janitor at the polling place would need only a few seconds’ worth of access to the computer’s memory card slot.

If the defense against the attack is not built into the voting system, the attack will work, and there are virtually limitless ways to attack a(n electronic) system.” Forbes article.

There are five ways to hack a hand-counted (HCPB) system. Party hacks can 1) drive voters around to vote more than once, 2) pay or threaten voters to vote a certain way, and 3) counterfeit the ballot and have voters stuff more than one ballot into the ballot box. Election Officials can 4) give false results (variety of methods, based on local conditions) and 5) prevent people from voting (variety of methods, based on local conditions). 

Appropriate security measures exist for each HCPB attack vector, and are beyond the scope of this article. Several current authorities have written on these issues, including the Inter-Parliamentary Union, an organization comprised of 219 nations, which published its 200-page “Free and Fair Elections” manual in Geneva this year. 

Campaign strategists have 06 sewn up, with the theft and dissemination of Diebold election system memory cards. 

Resources:

Black Box Report SECURITY ALERT: July 4, 2005 Critical Security Issues with Diebold Optical Scan Design (1.94w) http://www.blackboxvoting.org/BBVtsxstudy.pdf

Brennan Center final report.

Congressional Research Service, Election Reform and Electronic Voting Systems (DREs): Analysis of Security Issues. November 4, 2003.

Compuware Corp. DRE Technical Security Assessment Report for Ohio, November 2003. 

Dept. of Homeland Security issued Cyber Security Bulletin SB04-252, September 2004.

Election Science Institute, August 2006 Cuyahoga County Final Report; click on Cuyahoga County report tab.

OSCE Report on US elections March 2005.

RABA Technologies LLC. Trusted Agent Report: Diebold AccuVote-TS Voting System (report prepared for Department of Legislative Services, Maryland General Assembly, Annapolis, Md., January 2004). 

Princeton University, Center for Information Technology Policy and Dept. of Computer Science and Woodrow Wilson School of Public and International Affairs, “Security Analysis of the Diebold AccuVote-TS Voting Machine” 

Rubin, Avi, National Science Foundation Director of ACCURATE, “On My Mind: Pull The Plug,” Forbes Magazine, August 2006.
Also see http://www.avirubin.com.

Advertisements