Slashdot Mirror
Electronic Voting Machine Cracker Challenge
An anonymous reader writes "In the ongoing debate on the security of electronic voting, an Atlanta area programmer has confronted Georgia election officials on the potential for fraud in its statewide electronic voting system. She claims that she can be prepared to crack the system within a week, and officials have accepted the challenge." What makes this even more interesting is that the election officials are encouraging the woman, so that any possible exploit can be found and remedied.
The Diebold system does have major flaws. I was just at the Crypto2003 conference where one of the talks was on the faults in this system. Amongst other things, when they pointed out the major errors in code, the company replied back calling DES (or DSA, I forget) a compression scheme, and they implemented an algorithm from Handbook of Applied Crypto for purposes of encryption with a value listed in the book that says explicitly "Do not use this for cryptographic purposes"
Asked Williams, the computer security expert: "Are you saying there's no such thing as a secure and accurate computer? Do you fly on airplanes?"
Maybe no one has pointed this out to Williams, but pilots are still trained to fly by instrumentation for this very reason; the computers are not completely reliable and the plane has to be safe even if the computer crashes.
Even NASA have procedures for restarting flight computers for crying out loud!
I think it's Australia, especially the rural/outback areas, where if, in a bar, you empty your glass, turn it over, and thunk it down on the bar/your table, that's *exactly* what you're saying.
Vintage computer games and RPG books available. Email me if you're interested.
have destroyed the record of the 2002 election, in defiance of federal law. they have stated that the election went smoothly.
Right before the election, an uncertified patch was installed to all the voting machines in Georgia. There were some stunning upsets in the race. Saxby Chambliss and Sonny Perdue won in dramatic, come from behind fashion.
the Libertarian party candidate has issued a formal request for the voting records, the ones that have been destroyed.
photosMy Photostream
What they mean is that they would be able to look at the system after she has had it and then figure out whether or not every vote was a valid one. They gave her the equipment to work with so she will be able to add authorized votes and unauthorized ones. Only she will know which are the unathorized ones. The state will then examine the system to determine if they can detect whether any of the votes are unauthorized. Presumably each vote is digitally signed in such a way that the state feels that she will not be able to duplicate the signature. Then after the state determines which votes were unauthorized she'll turn around and tell them if they erroneously counted invalid votes as valid ones. Presumably because she figured out how to duplicate the digital signatures. Then she'll show them how she did it and why they weren't able to detect them.
While I agree that there are flaws with going to an electronic ballot, there are several advantages over paper ballots.
As an example I live in a voting district that Senetor Wellstone represented. As a result of his plane crash and death two weeks before the general election Voting involved suplementary ballots for the senate seat he had been running for. The paper ballots had already been printed as the normal date for candidates to declare had already passed. Suplementary ballots had to be printed when Mondale ran as the party candidate replacement for Wellstone.
An electronic voting system would have mearly required a change to the template each voting machine used for the election.
Other advantages include faster reporting of vote counts. Though this can normaly be handled by an electronic counter for paper ballots (using the filled oval method)
One method of making a paper count possible with an electronic ballot system would be to print a paper copy of the selections made by the voter, and have the voter initial that the copy is what they chose, which then gets filed. It could be as simple as a table of offices with the selected candidate. A large number of ballots with the same initials would be a flag for concern as it may show an election official is not following the accepted procedure. Initials would not be generally traceable back to the person who made that mark.
A series of numbers at the top or bottom of the page, or as an additional table entry would provide a machine readable version of the selection. I don't know of any election official who would relish the thought of going through 10,000 or 100,000 (or more) ballots and reading off each name.
Then again, that's just my view.
-Rusty
You never know...
But, but, but, ... how does that help GW or his brother next time, the Bush, Kennedy, or any other USA political dynasty [AKA: USA Aristocracy]. Politics in America has become "pomp & circumstance"..."Dog and Pony" shows for the media to market fools or criminals to an almost illiterate (the majority/51%) public. As in "Being There" I enjoy watching (it is funny ... a joke) not participating in politics, it just reminds me to much of rape ... nothing to enjoy and everything to object too.
OldHawk777
Reality is a self-induced hallucination.
Unaccountable leaders are masters, and unrepresented people are slaves. How do US and EU fare?
Here in germany, the votes are counted in small "wahlbezirken", each of them with a few 1000 votes. The results are transmitted to a central station, the papers are secured.
At the last election, 30+million people voted. After 3 hours, the results were aproximated +-2%, after 7hours the official end result was presented.
HI O WISE PRINCE. WHT TOOK U SO DAM LONG?
Then all I can say is, you're at the wrong school. My undergrad CS courses were nearly 50% female; in the grad courses it's more like 30%, but there's still plenty of eye candy. Hint: try an urban commuter campus that caters more to working adults.
The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
At least in a paper voting world, there needs to be some semblance of a paper trail record to be available for recounting.
While such systems can be manipulated, it takes quite a lot of people in the loop to do so. Voter early, vote often; run a steel rod through any Republican ballots in Democratic areas...
The move to scannable ballots using sharpie markers is a bit better but physical security of those are questionable as they allow thermal printouts and often have the covers open at the polling places.
Right now, if I want to steal an election, I probably have to bury my opponent in the places that I control the entire polling apparatus with my political party hacks. It looks crude and messy to anyone who watches.
Now if we have all the local precincts reporting frequently into a central computer system with two way back door communications; we can easily determine the number of manufactured ballots needed and allocate them over a greater number of precincts without drawing any attention at all.
An example of this is a weighted average cost bid, I have personal experience with this. If we know that there are two items on the list; one says it will buy a million of an item and the other says it will buy 3 of the item but the quantities are reversed. I can make my evaluated bid much lower and rape the buyer by biddin no cost for the first item and $10,000 for the second item (assuming both are worth $1000); however the bid will look really, really abnormal compared to the other bidders and they are going to smell a rat even if they don't know the real quantities to be bought.
However, were I to just shade the bid a bit by lowering the cost on one and raising on the other I could win the bid, have higher margins and no one be any the wiser. OK, the example of a million vs 3 is too extreme but so is the ballot count for Democrats in these key urban areas coming in higher than the total number of living and dead there.
If the election comes in as the controlling power wishes, there is no need to do anything. If it is off track, they can certainly round up people on buses to vote but they can also create some new ballots that will be totally untraceable.
All electronic balloting is not to be trusted.
Computers do many wonderful things, counting elections is not one of them.
D
Curious for more about this story, the best background I found was here.. Also, this bill seems to be starting down a better path toward a publicly viewable system. Not sure about the paper trail part though.
I tried posting a story about the EVM2003 project a couple weeks ago, but unfortunately it was rejected. I'll try again soon, I suppose. So this note is a little less complete (not all the background URLs and the like). The project comes out of several years of background work by some well known computer scientists, political scientists, lawyers, elections officials, and political activists. But the demo (to be written in Python, btw), is just starting development.
Anyway, the short story is that I am involved in a project to create an open source voting system, with the extra twist that the machines also produce printed ballots. That is, the electronic part makes selection more clear, and prevent overvotes and other errors, but after using the touchscreen (or mouse, or blind accomodation), voters can visually verify their ballot for accuracy before submitting it to the ballot box.
Read an announcement of the project at http://gnosis.cx/voting-project/announce.html.
Check out the sourceforge page for EVM2003. We also have a mailing list archive.
Buy Text Processing in Python
We also use this system, except we complete an arrow with a black marker instead of filling in an oval. An additional good feature of the system (your system may have this as well) is that if you have voted incorrectly (two choices made for prez, or whatever) the scanner machine spits it back at you, uncounted, as invalid. You can fix it and submit a valid vote. No invalid votes ever make it into the counting box
I don't think our machines actually tally the cards, they just validate them, I think the cards are all taken back to a central counter. It's a good flexible system, with a paper record that makes it tougher to cheat. It's much less expensive than a row of PC's too.
Avi Ruben was probably a fool for not divesting or disclosing his interest in a pseudo-competitor, but why isn't anyone screaming about Senator Chuck Hagel's ownership of Diebold? here's a version of the story. But where are the mainstream media accounts of this in relation to Hagel's unprecedented win in Nebraska using election machines his own company sold! And then he apparently failed to disclose this for years.
Frankly, if voting is going to be electronic and this insecure, I'd prefer to vote via the web. Better yet, I'll go vote via Taco Bell.
But web site design is in no way the same thing as C++ coding and database design.
The Diebold system uses the Windows operating system. It has a customized and never-examined Windows CE interface on the touch screens. They send their results in to the county server, which is on Windows NT 2k. At the touch screen level, they appear to have taken out many of the security features in order to make information transmission backward-compatible with Windows 95 and 98 machines, so they could sell the system to counties that had their old systems.
The county machine uses Microsoft Access and, in the program I ran, which was GEMS 1.17.17, the the only version listed as currently certified for use, the security features are disabled, including disabling the autonumbering feature on the audit log.
The MS Access database is constructed without referential integrity.
The newest Diebold touch screen system, the TSx, substitutes wireless communications for land line modems.
It is these issues that will be explored, not how to design a web site.
But thank you for playing. Bev Harris Black Box Voting
Here is a link to my comments on a bug I found in the Palm County butterfly ballot tabulation.
s sa ge/95?source=1
Looking closely at actual results can be revealing.
http://groups.yahoo.com/group/NotMyPresident/me
From: "Bob Spence"
Wed Jan 03 23:21:20 2001
Subject: A bug in the Palm County tabulation software
The undervotes in Florida are now being examined by the media. I
believe there is strong evidence that the overvotes must also be
examined to understand what happened in Palm County. There is
evidence that the tabulating software used there was faulty.
An examination of the publicly available overpunch data reported by
the Palm County election board the night of November 11 shows that
there were some legal votes rejected by the computer tabulation. Two
of the rejected votes, one with the combination of holes 2 + 3 and
another with holes 2 + 4 punched, are worth special consideration.
Hole 2 on the ballot was not assigned to any candidate. The voting
machine did not allow the voter physical access to punch hole 2. Only
holes 3 through 11 and hole 13 were exposed. How the voter managed to
punch out hole 2 on the ballot might be a mystery, by having a hole
there should have no legal significance. This hole was not assigned to
anyone in any race, so should not have been considered in evaluating
the ballot. These ballots must be counted as legal votes for Bush
(hole 3) and Buchanan (hole 4). The fact that some ballots contain a
selection in hole 2 is an indication of voter confusion, but it also
exposes a bug in the tabulation software.
A complete count of overpunch combinations will reveal even more about
what happened in Palm County.
A complete count of the overvotes reported by Palm County is at:
or
My web page analyzing the known overpunch data may be found at:
The only Florida law I can find in this area is Title IX Electors and
Elections, Chapter 101, Voting Methods And Procedures, 101.011 Voting
by paper ballot.
"4) If the elector marks more names than there are persons to be
elected to an office, or if it is impossible to determine the
elector's choice, his or her ballot shall not be counted for the
office; but this shall not vitiate the ballot as to those names which
are properly marked, and nothing in this code shall be construed to
prevent any elector, at any general election, from voting for any
qualified candidate other than one whose name is printed on the
ballot."
Bob Spence