Slashdot Mirror
Hardware Hacking a Voting Machine in 4 Minutes
goombah99 writes "Bev Harris of BlackBoxVoting.org has acquired an actual Diebold Acu-vote ballot scanner. Rummaging through King County's trash, she managed to get her hands on some of their tags and seals. She has since demonstrated a successful penetration of the seals without breaking them ... all in under 4 minutes with no training or technical skills required. There's a nice how-to with photos over at Verified Voting New Mexico." More from goombah99 below.
"The demo is particularly relevant in light of the recent experience in Ohio in which there were large discrepancies between the electronic record and the paper trail, and also since many counties still permit the machines to be taken home by individuals before voting day (as a means of distributing them to precincts). These 'sleepover' machines were involved in the contentious narrow-margin San Diego Election, and are in continued practice in many states. Moreover, it's common practice for counties to contract out deliveries to third parties, such as in New Mexico where in one election, unlicensed delivery drivers took the machines on an unauthorized field trip and only got caught when they crashed the delivery truck after a stop at Hooters. The good news here is that the penetrated Diebold system in the photo essay is an optical scan system. It's not a touchscreen electronic voting system, so there is a paper trail. What hack really shows is that without mandatory random spot checks on the paper ballots, these may be as potentially vulnerable as the touchscreen direct recording electronic voting systems. It's perhaps worth noting that the open source voting system being developed by the Open Voting Consortium features a 100% reconciliation of every single paper ballot with an independent electronic record."
no really, if thats your idea of democracy you can keep it
signed
191 Non US countries
My initial concerns about these voting machines was someone obtaining one through other means than stealing one from the government and then creating trojan software for it. I mean, if other people can buy these ... then they can study them and learn how to hack them. On the converse, if we can't study them, how do we know the government isn't rigging them?
... but instead my opinion is now that we may be trying to use something that shouldn't be used at all.
So there was this interesting catch-22 where you couldn't let them into the general population for fear of a trojan being created and inserted into a group of normal ones on election day. But you also can't trust your government. Especially not the current one in the United States and considering the voluntary resignation of the Diebold CEO, I think we should at least ask for third party verification of these machines. In fact, I for one consider Black Box Voting to be a champion protector of my right to vote for publishing this information. You might not feel as strongly about them but had I not read two articles from them, I would still be ready to use a voting machine in the next presidential election.
Black Box Voting had me convinced these machines were at least a liability and at best a luddite's fear. After reading this quick "how-to" about these machines, my perception is no longer that we need to define how these machines are bought, sold & handled
Product created with shoddy security features. Get rid of Diebold and hope the market brings a new contestant into the ring for the much sought after prize of the American public's voting machine contract!
The Diebold Acu-vote has failed as a product that requires the utmost security. I am a dissatisfied consumer and I sincerely hope every citizen of the United States agrees with me.
My work here is dung.
It is not needed.
We geeks love to bitch about solutions in search of a problem; is there a clearer example?
Quantum materiae materietur marmota monax si marmota monax materiam possit materiari?
Seriously, it seems like the voting system is just shoddy, not specifically corrupt. But the shoddyness sure does help the corruption.
If only people thought their vote mattered, they might be concerned about this.
I don't have an anger problem, I have an idiot problem
How did you know they were illegal?
If Democrats win in the fall elections, and these machines are still being used, will there still be an uproar?
I'm doubtful.
What I wonder is: why is it secured in the first place?
No really, why should a memory card containing results need to be secured with a coverplate? It's the contents of the card that matters. Can't the authenticity of the card's content be ascertained without needing it NOT to fall in wrong hands? Is there no encryption used, no message authentication? Is there no protocol whereby officials at least sign off on a print-out containing the count, and some checksums? Wouldn't there need to be no need to secure the card itself? I mean, the machine (and it's RAM), obviously, but the card should only contain a copy of the results - a copy that will be in tomorrows papers anyway.
The fact that someone (at Diebold even!) saw the need to put a coverplate in front of the memory card speaks volumes as to the system's design assumptions. That the machines are left with people overnight only makes things much, much worse.
And that website's "web 2.0" ajaxy slidey photo thingy makes me dizzy and kinda nauseuous..
SCO employee? Check out the bounty
Even worse. Let's say that you're in a district where your candidate is in the minority, but that's not the case overall. You can reasonably expect most of the votes on whatever machine you're given to vote on are for her opponent. Well, simply rip the tag! Worst case, nothing happens. Best case (for you, although not for the rest of us) all of the votes on that machine get tossed out.
You're special forces then? That's great! I just love your olympics!
in England it would be, here it blongs to the person who originally owned it until it is collected by the bin men, then it is owned by the council. I've seen on CSI them saying that the cops can take it... something about being discraded - it might work the same way for any citizen. Although CSI is about the depth of my knowledge on your laws (perfect for /.)
*''I can't believe it's not a hyperlink.''
A pile of electrons is a little easier to hide than a pile of election ballots.
I hate printers.
In general, I'd say that any kind of large-scale vote rigging done by paper ballots would require a conspiricy involving multiple staffers and observers at the polling places. You'd need to physically replace thousands of paper ballots with fake ones. Good luck doing that by yourself. And afterwards, if the results look fishy, there is a good chance that the fraud could be discovered on a recount.
With these Diebold machines, on the other hand, any one person, even one without any special access given to election workers, could modify as many votes as they want, while arousing no suspicion, leaving no physical evidence in the form of discarded ballots, and leaving no trace of the original results should a recount or investigation be ordered.
There will always be some dishonest people who see democracy as a game they can "cheat" at to win. But if a voting machine doesn't produce a solid meat-space record that can be guarded, stored, and re-examined, the effects of those cheaters on the outcome is greater by orders of magnitude.
If fate makes you a motorcycle, you become a motorcycle.
This just goes to show that there are a great number of things that should not be computerized/network connected etc. /.ers (particularly those of us in the states). Do you ever feel like you're strapped to a chair with a wet towel over your head surrounded by people who can't tie their own shoes without managing to injure themselves?
Just as one should not have an internet accessible refrigerator "mom! someone hacked the fridge again and turned the cooling off! Oh god the smell!!"
One should not have electronic voting machines. Seriously, why the hell do we need electronic voting other than that a great deal of people were, excuse my honesty, too goddamn stupid to understand how to use a paper ballot.
Another case of the ignorant masses rising up, bitching about how things are "too hard" and overcoming those of us who can follow simply printed instructions with their sheer moronic numbers.
Fellow
Happiness does not come from having much, but from being attached to little.
It's not people at the polling place that they're concerned with. Its the corrupt officials who get to take the machine home with them, who could replace valid vote data with a trumped up memory card showing a clear majority win for whoever is paying them the most. The "tag" on the metal cover is supposed to prove that the machine has not been tampered with. This article proves that you can tamper with the data all you like without breaking that tag.
In a sense, this is even worse than a hacker attacking the machine right at the polling place. In this scenario, you feel like you've excercised your right to vote and contributed to the process of making things better, but in reality your vote never got counted at all. It was replaced by a dummy vote.
You really shouldn't stalk people like that. It's illegal.
Anyway point is that if you can't very that the paper count comes close to the e-vote (even if there is not enough paper) the election result should be voided on the grounds of gross and immoral mediocrity.
Not only that but now it is clear that your country allows the swapping in and out of memory cards on voting machines. It's very difficult to see this as anything other that deliberate implementation of poor security, but who knows?
Reasonable suspicion...over Reasonable doubt? You chose. although you have already chosen unfortunately..
The elections not only have to be fool-proof, but fool-accountable too, so that the common voter can clearly understand, and verify the process of voting. That alone means no electronic voting, because 99% of the voters don't understand it, and even if they do, they can't verify the process.
The paper ballot is the only way, since that is the only voting process every voter understands, and every voter can verify (correct me if I'm wrong, I'm not from the USA, but isn't it so that anyone can be present while votes are being counted either helping or just observing? That is the way we do it in my country and I'd be horrified to learn if this weren't the case in the USA).
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
It's kind of like television. You are not the networks' customer. The ad companies are the customer; you are the product that is sold to them. Everything else is just flim-flam designed to keep you in front of the tube.
Laws do not persuade just because they threaten. --Seneca
Paper ballots are certaintly not perfect. They can easily be altered, lost or destroyed... but so can electronic records and the physical media they are stored on.
However, changing one vote on a paper ballot requires modifying or replacing a sheet of paper. Changing 100,000 votes requires changing or modifying 100,000 sheets of paper. Changing one electronic vote requires a few keystrokes. Changing 100,000 electronic votes requries... a kew keystrokes.
Even better, to alter a paper ballot you need physical access to the ballot. To change an electronic vote you do not necessarily need physical access to the computer on which is resides.
100,000 paper ballots also takes up a bit of volume, os it is not something that can be easily concealed without having a lot of people in on the plot, and would take some time to prepare, swap and dispose of the evidence. A memory card holding 100,000 electronic votes can be slipped into a shirt pocket, can be prepared in minutes, and all traces of the original data can be destroyed almost instantly.
Lastly, anyone can read and verify a paper ballot. Only people with the proper equipment, software, and technical knowledge (and cryptographic keys, if any are used) will be able to look at and verify the electronic votes.
=Smidge=
Owning a home is hardly a reliable test for citizenship.
On the other hand, if someone is not a native English speaker then it is likely that they didn't grow up in the United States and that makes it likely that they were not born with US citizenship (although it is by no means an absolute proof). Furthermore, if they are too poor to own more than one set of clothes it is unlikely that they would be able to get US citizenship if they didn't already have it.
This would make it likely that they are illegal but is by no means a definitive proof.
Note that I am merely commenting on the logic here. For the record I don't think there should be any restrictions at all on where anyone in the world can live and work and travel. I think these are individual decisions and the government has no right to interefere with these decisions.
What if I break a tamper evident seal on a machine when I cast my ballot? Are all the ballots on that machine discarded? Are all the voters who used that machine called up and asked to vote again? Wha?
I'm not a lawyer, but I think these instructions should immediately be posted to sites hosted outside the U.S., so that Diebold can't get an injunction to shut the site down under the DMCA, and so they'll have less reason to take legal action against the poster, since doing so won't erase the evidence.
Step into a huge movement. Don't Tread In Me.
If the SSN, home address, home phone, etc. of all the legislators who voted for the machines were placed on the memory card (and the officers of the companies that made them), then you can be damn sure the machines would be tamper proof and there would be a well documented chain of custody of each machine as well.
Better, yet put all their pension money in an Swiss bank escrow account and place the number in the memory card. Then things get serious.
Good security is possible. My guess is that the Diebold machines, rather than being some diabolical plot, are just a sloppy product designed for the government feeding trough. The whole e-voting thing is a windfall for these companies. It is mandated business.
HPC for Primates. Read Cluster Monkey
Here here! All the old fogys are afraid of the "darned electric voting boxs" when it was and still is easier to "acidentally" destroy all the black voters paper ballets or not count "pregnant chads". I'm not even taking into account thinks done by non-government forces.
Bullshit. How exactly is it easy to destroy ANY ballot when you have multiple election workers with their eyes on them at every moment? Plus any number of election observers, which may be representatives of all parties involved, plus any number of federal or foreign observers.
The ONLY way you can destroy a paper ballot is if there are no observers, and all present voting administrators are corrupt. (And observers are usually deployed to exactly the places where there are suspicions of corruption).
Now let's consider an "e-voting" machine that leaves no verifiable paper trail, shall we? The officials and observers at the polling station have no way of knowing that the vote the machine actually registered was accurate, and neither do you. Nor can they tell if the machine is malfunctioning. All you need is ONE person to tamper with the machine, and do so at ANY time.
If the machine is compromised it can still display "Zero votes registered" when the poll opens. But I'd sure like to see you do the same trick stuffing paper slips in a ballot box and still having it look empty.
To ensure a fair election with paper ballots you need: At least one honest election official. And/or at least one impartial observer. To ensure a fair election with an electronic voting machine you need: All people who've ever had the opportunity to tamper with the machine to be honest. You need the software to be correct and bug-free (yeah, right). You need to be able to verify the correctness of the software.
It's true that it's impossible to guarantee fair elections. All you can do is reduce the risk of cheating, and the possible magnitude of cheating. Electronic voting machines do neither. All they do is cost less money.
It's wrong to compare the security of a computer voting machine to other computers. It's better to compare the voting machine's security to the paper ballots they replace.
If any granny can hack the box while supposedly voting, using $12 worth of tools bought at a grocery store, then it's not as secure as paper.
Yes, any computer that you have physical access to you can hack, but can you hack a payphone to cough up its coins in 4 minutes??
Security of a voting machine must be at least as solid as security of a vending machine. Modern vending machines prove it can be done; fitting the same security into and onto a voting machine is just a matter of engineering.
Pavlov wouldn't be so famous if he'd used a can opener instead of a bell.
No, I'm saying that the suggested device for combating insitutional corruption -- public voting records -- has huge problems of its own. Those problems outweight the benefits, especially where there are other oversight mechanisms that may be equally effective in addressing the problem of vote-rigging on a large scale. There are reasons for having secret ballots that shouldn't be whimsically dismissed just because public ballots might seem useful in one particular context.
And for the record as a dyed-in-the-wool geek, I just find the idea of electronic voting questionable for the same reasons: it solves one problem while ignoring the larger problems it creates. Large Western countries have adequate resource to fund counting votes. And everyone who can understand the concept of voting can grasp the notion of marking a piece of paper to indicate preference, followed by the tallying of those pieces of paper. The same can't be said for non-volatile storage, networks, SQL, SSL, hashing functions, revocability and authentication etc. etc.
It saves money!? Great!
Democracy isn't worth the price of paper ballots anyway.
Spoon not. Fork, or fork not. There is no spoon.
Well, the "solution" to everything from this administration has been to "privatize" it...that is, to contract it out for fraudulent overbilling, embezzling, and plain not getting the job done -- but receiving the taxpayer's funds in payment anyway. The clear solution is to quit "privatizing" everything
The weaknesses of paper have less to do with hacking as with other failures. In 2000 paper ballots caused all sorts of problems. Some marks were ambiguous. Ballot designs were confusing, and some people either checked the wrong boxes or missed some votes entirely. There's no way to have a "is this who you meant to vote for?" checksum step at the end.
So again, the real answer seems to be having a nice, easy to use electronic voting machine (with references to all referendums, lots of scrollable space for names, et cetera) that summarizes and confirms your choices for you. It then, upon your approval, prints out an unambiguous paper ballot. You then read the paper ballot (which is either OCRable or barcoded but either way can be trivially spot-checked by humans against the eventual electronic counting machine that reads it). After printing, the voting machine wipes its short-term memory and waits for the next valid vote code to be entered.
If you approve of what it says, you fold it up and place it into the ballot box. If you don't, for whatever reason, you can trade it in (shred it in front of the poll worker perhaps) and get another go on the machine. You leave without any kind of a paper trace following you, but leaving behind damn near uncontestable evidence of your political preferences. After the polls are closed, the boxes are opened and the paper ballots are fed into a scanner, which tabulates the votes. At will, any box may be hand-counted and the results compared to the electronic tallies: any significant variance is proof of tampering.
Simple, easy, relatively inexpensive, and above all understandable to the voting public. What's not to love?
You're special forces then? That's great! I just love your olympics!
The Diebolds and the Mexico's of the world are just now starting to understand this: It doesn't matter if the voting machine actually rigs the vote or not, if there's a possibility that the voting machine could have allowed the vote to be rigged, people with an axe to grind are going to grind it.
Diebold (and digital voting advovcates like them) will always hide behind the shield of "no one has ever proven that the election was rigged" while ignoring the damage that "no one has ever proven that the election wasn't rigged" does to the entire election process.
Digital voting is an assault on democracy. It really is as simple as that.
The thing about things we don't know is we often don't know we don't know them.
I really wonder why the states can put together lottery systems that is secure, fast, flexiable, and can not make a voting system? The lottery system has terminal all over place. It uses secure paper to print your selections on, and instance feedback that your entry has be received.
I believe the whole thing is disinformation to keep the random public guessing and/or to make the elections rigable.
Of course this is an easy task. You point out lottery. I point out banks. Banks have used Diebold for years with AFAIK no known compromise and billions of dollars moved all over the place. And money deals with floating point precision!
Now if a simple machine cant count between one of two possible choices? Something is amiss.
Strongly agree. Paper voting is easily understood, and the voting, security arrangements and counting can be observed in plain sight by representatives of the candidates. Fraud is very difficult indeed. I'm not sure how, even in principle, you could obtain equivalent security and transparency with an electronic system.
As far as practicality goes, with sufficient manpower, counting tens of thousands of ballots in a voting district can be accomplished surprisingly speedily, and to a very high degree of accuracy. Most countries do this without a problem. It perhaps gets more difficult if you have Californian-style ballots which include dozens of separate items (e.g. citizens' referenda). Not sure how practicable it is to count all this by hand, but perhaps the Presidential ballot could be treated differently?
Has anyone found any independently verified evidence of any of these digital voting devices used in an election won by a Democrat?
--
make install -not war
Which means you have 10x the amount of people available to count them. So it makes no real difference.
Until someone does this in an actual election, and then announces that they've skewed the results (and they'd better do it anonymously, or jail awaits them), no on in power is going to pay any attention. Reform only happens after actual problems get the public upset.
I keep reading about how these machines are insanely easy to hack. Surely the next election will be determined by the patriotic hackers of america? Apply yourself people.
"Physics is to math as sex is to masturbation." -R. Feynman
Not so.
Is so so! You just have to redefine what people think when they think electronic voting. Instead of a monolithic device that displays the ballot, accepts the input, records the vote, and tallies the votes, by establishing a standard for the paper ballot, you enable companies to compete to sell a device that displays the ballot and accepts the input, that then prints out the standardized ballot. Then companies can compete to sell a device that sorts a stack of ballots based on their vote in a particular race. Finally companies can compete to sell the device that counts all the ballots in a stack.
If the first company is corrupt, the user will hopefully observe that they voted for the company's CEO for every position and the machine will get tossed out. If the second company is corrupt, the overseers just need to thumb through the stacks of sorted ballots like a flipbook and watch the line for that particular race to make sure they're all the same. As for the ballot counting machine, that company can be as corrupt as it wants to be, since unless it has some kind of +100000 button, it has no idea whose ballot it's currently counting, and the worst it can do is be inaccurate. And if mechanical bill counters are good enough for banks, they're good enough for my vote.
If I have been able to see further than others, it is because I bought a pair of binoculars.
Here is San Diego, the people counting the votes try and make the system
not only count correctly but appear to count correctly.
They use an optical system to read ballots marked by the voter.
Random batches (about 5% the last time I checked) are selected
for hand verification. In other words, the hand count the votes
and then check what the machine came up with.
Also for a small number of randomly selected precents, they hand
count every vote. (All batches for all machines.)
All ballots are kept for a certain amount of time. If you want to
question the count, there is a procedure where you can get a
recount of just about anything you want to.
The ballot is the piece of paper. The machine helps count the ballots,
but it's the paper that counts.
Now it is possible to tamper with a machine. If you don't change the vote
too much you have a small chance of getting caught. Tamper with many machines
and the chance of discovery increases.
So the counting process is fairly secure. Maybe not the best, but there are enough
checks in the system to convince me that it's working.
The real problem is that there are no validation process perfomed on the voter.
You can signup to vote in 50 different voting locations if you want. You could
even sign up to vote usign 50 different names in the same location and the poll workers
could not question your ablity to vote.
I could even get my three year old daughter a voter registeration and take her down
to the polls. As long as I say that she's eighteen the poll workers can't question it.
And if she votes absentee, they won't even get to see her, so she can learn to vote early.
A real problem here has been with people signing up large groups of people who cannot legally
vote (illegal aliens for example) and getting them to turn out on election day.
Also there is the problem with corrupt election's officials "finding" enough absentee ballots
to throw the election to their party. (See Washington State's governers race for example.)
Technology is not the problem. Checks and balances can be build into the system to detect
any tampering with the machines. There are much bigger problems with other parts of the system.
So yeah, you're right - electronic voting really isn't buying us anything, and in fact is probably selling out quite a bit more than we bargained for.
Sigh.. this is how democracies end. When confidence in the voting process dies, that is the beginning of the end of a nation's freedom.
We are the fire that lights our world.. and we are the fire that consumes it.
A real paper voting system would not require anything but a paper ballot and, gasp, a pencil. Yes, this is possible! These ballots are then counted by hand. With close to 300 million Americans, you can probably find some people to count the votes? The reliance on easily corruptable machinery for mundane tasks such as ballot counting has backfired so enormously that it's time to get back to the basics. One man, one piece of paper, one pencil, one vote.
Bush must have shares in Diebold or something.
Diebold have been the butt-end of so many serious security failures its not funny any more. Its obvious they don't have a clue about security and aren't likely to get a clue anytime soon judging from their ongoing record.
Why are we still using this company's products? How many more times are the government going to allow Diebold to screw up?? Is there no-one else that makes a better system?
Where convicted felons can't vote but they can be involved in the development and production of voting machines! If you wan't a kleptocracy just keep on going down that path.
Which is better? You may NOT pick a third option:
(1) Computer "voting" systems that can produce a total vote in five minutes but be rigged by one party to produce a false result.
(2) Paper ballots marked with an "X" and counted by hand, which take days or weeks to count but are recountable verifiable.
Why is it Americans would willingly accept and incorrect and fraudulent vote count than an accurate paper count simply because it's faster?
*Two* months will pass before the "elected" president takes office after voting day. Why, then, is it such a rush to reach a final and incorrect total? Paper ballots may take days or even weeks, but they can be recounted and checked for fraud.
Once the person is sworn in, you have to live with that decision for four years. Do you really want to give up your entire democracy just because you're too lazy to spend a few hours counting paper ballots?