Hardware Hacking a Voting Machine in 4 Minutes

goombah99 writes "Bev Harris of BlackBoxVoting.org has acquired an actual Diebold Acu-vote ballot scanner. Rummaging through King County's trash, she managed to get her hands on some of their tags and seals. She has since demonstrated a successful penetration of the seals without breaking them ... all in under 4 minutes with no training or technical skills required. There's a nice how-to with photos over at Verified Voting New Mexico." More from goombah99 below. "The demo is particularly relevant in light of the recent experience in Ohio in which there were large discrepancies between the electronic record and the paper trail, and also since many counties still permit the machines to be taken home by individuals before voting day (as a means of distributing them to precincts). These 'sleepover' machines were involved in the contentious narrow-margin San Diego Election, and are in continued practice in many states. Moreover, it's common practice for counties to contract out deliveries to third parties, such as in New Mexico where in one election, unlicensed delivery drivers took the machines on an unauthorized field trip and only got caught when they crashed the delivery truck after a stop at Hooters. The good news here is that the penetrated Diebold system in the photo essay is an optical scan system. It's not a touchscreen electronic voting system, so there is a paper trail. What hack really shows is that without mandatory random spot checks on the paper ballots, these may be as potentially vulnerable as the touchscreen direct recording electronic voting systems. It's perhaps worth noting that the open source voting system being developed by the Open Voting Consortium features a 100% reconciliation of every single paper ballot with an independent electronic record."

Good Enough for Government Work

[stealie72]

Seriously, it seems like the voting system is just shoddy, not specifically corrupt. But the shoddyness sure does help the corruption.

If only people thought their vote mattered, they might be concerned about this.

Re:Good Enough for Government Work

[monoqlith]

Exactly. It's a vicious cycle. People are convinced that their vote doesn't matter; therefore, our election administrators can get away with an opaque, shoddy, and potentially corrupt election system. Then, stories like this come out which confirms people's mistrust, cynicism, and resulting apathy, entrenching the popular opinion that the individual vote doesn't matter. Instead of being galvanized, most people(including myself, but not anymore) just sit back and declare that the ideal of popular representation has been dead for many years already or they wait for other people(the government?) to take care of the problem. Or they declare that there is no difference between the platforms; that all politicians are the same nihilistic creatures. Or they just don't feel like worrying about it. Or they don't understand why having a privatized election system administered by political appointees and elected officials, entails a conflict of interest. There are failures of curiosity at every level of public life.

This is not at all to say that stories like this are bad at all. They are very very good. They bring attention to probably the most important issue of our time; if we have no say in our government, then every other political issue is quite literally irrelevant. I applaud black box voting for taking this seriously, and hope that I can justify their efforts by helping to galvanize people to demand transparent voting. It is absurd that our election process is subject to error at all.

  As I've said before, it's just counting

Why can't we get it unequivocally right? It is so easy that there has to be some interest behind not making it as transparent and rigorously accurate as humanly possible. We need to draw out these interests and cancel out any undue influence they have over our system.

Re:My Perception Has Changed Again

"The Diebold Acu-vote has failed as a product that requires the utmost security. I am a dissatisfied consumer and I sincerely hope every citizen of the United States agrees with me."

Unfortunately, you're not Diebold's customer. The elected officials who in turn buy the machines responsible for reelecting themselves are Diebold's customers.

Re:My Perception Has Changed Again

If again, you are willing to make voting a matter of public record.

My boss is a hardcore Republican. I am probably a moderate Democrat. I avoid political issues with him even though he repeatedly brings them up and complains about "typical Democrats."

He's not a nice guy and I could easily see him overlooking a raise if he knew I voted Democrat in the last two presidential elections. He could, of course, claim it was something else even if it wasn't. Do you want me to suffer for my political views? Do you want your family, friends & coworkers to know who you vote for? Some of the people I spend my life with have different opinions than I do. This is fine but I don't want the situation exacerbated.

Re:What about hacking paper ballots?

[Zenaku]

Depends on what you mean by "rigging." If you wanted to say, register in 5 different precincts, then vote at each one, you might get away with it. But that's 4 extra votes. If you wanted to say, change every 5th vote from a district, or just plain "lose" the results of the district entirely, you'd have a hard time doing it on paper.

In general, I'd say that any kind of large-scale vote rigging done by paper ballots would require a conspiricy involving multiple staffers and observers at the polling places. You'd need to physically replace thousands of paper ballots with fake ones. Good luck doing that by yourself. And afterwards, if the results look fishy, there is a good chance that the fraud could be discovered on a recount.

With these Diebold machines, on the other hand, any one person, even one without any special access given to election workers, could modify as many votes as they want, while arousing no suspicion, leaving no physical evidence in the form of discarded ballots, and leaving no trace of the original results should a recount or investigation be ordered.

There will always be some dishonest people who see democracy as a game they can "cheat" at to win. But if a voting machine doesn't produce a solid meat-space record that can be guarded, stored, and re-examined, the effects of those cheaters on the outcome is greater by orders of magnitude.

Re:Just my guess

[Osty]

But I think there is an assumption that the people running the polls will not allow a team of hackers to sit there at the Diebold machine prodding and prying at it, soldering logic boards onto it, and all the other funky stuff they've been doing to Diebold machines to make them mess up. I could just drive a truck into it, that would be even easier than hacking it!

It's not people at the polling place that they're concerned with. Its the corrupt officials who get to take the machine home with them, who could replace valid vote data with a trumped up memory card showing a clear majority win for whoever is paying them the most. The "tag" on the metal cover is supposed to prove that the machine has not been tampered with. This article proves that you can tamper with the data all you like without breaking that tag.

In a sense, this is even worse than a hacker attacking the machine right at the polling place. In this scenario, you feel like you've excercised your right to vote and contributed to the process of making things better, but in reality your vote never got counted at all. It was replaced by a dummy vote.

Most gratuitous use of Javascript yet!

[darien]

Impressive. They hacked a Diebold voting machine in less time than it took me to work out how to navigate their photo-story!

Re:What about hacking paper ballots?

Here's how it goes (I've experienced it firsthand):

The various parties have a representative sit in each room and oversee that proper pratices are taken by all the officials and voters, and that no tampering takes place. At all times they are privy to the process, EXCEPT WHILE BALLOTS ARE MARKED (obviously). When I was one of these people I even had to follow the box around when the election officers helped people in wheelchairs by bringing the box outside (the building was not wheelchair accessible).

Proper practices are this:

Prior to the booth being opened the total number of ballots are accounted for, and their serial numbers recorded. The cardboard ballot box is built (from the provided cutout) and taped with security tape.

Each person has a voter card or is eligible to vote. They are provided one ballot and their name is stroked from the list. They mark their ballot and fold it in private. They present the folded ballot to the elections officer. The officer then removes the "receipt" portion, which only has a serial number on it, stores it aside, and then they hand the ballot to the voter. The voter places the ballot into the ballot box. Repeat as necessary.

At the end of the election, the ballot box is opened. The ballots are counted in front of the party representatives, and any ballots anyone isn't happy with are contested. Contested ballots are recorded as contested. Damaged/misused ballots are accounted for. Serial strips are checked against the number of voters and the amount of votes in the box to ensure there are none missing / too many. All information is recorded. The box is resealed with new (different) security tape, this time also sealing the section one drops the ballots into, all documents are sealed, EVERYONE involved (including the representatives) signs all the envelopes and the tally sheet. Once everyone is happy (if there is much to contest, this may take HOURS) the ballot box is driven to the head office for the city and held for a period (I believe this period is YEARS).

Should there be enough contested votes that it would throw the election, there are recounts, recounts, and more recounts.

The nice part of this process is it provides third party verification at all times. Since all parties are assumed they may have their own interests in throwing the election, by allowing all parties on the ballot to sit there and watch EVERYTHING, no one party has the opportunity to throw the election. They only have the opportunity to delay it and whine a whole bunch.

It takes a bit more work, but by golly, find me a "crack" for that system and I'd be happy to see it work.

Oh, and yes, if someone contests all the ballots, recounts can be held indefinitely until someone gives. Did I mention during this entire time nobody is allowed to leave the election room, even if it is for the facilities or for food/water? And, of course, nobody else is allowed in. Permission is usually given if all the parties co-operate, but serious filibusters are nigh impossible.

Re:There is only one problem with electronic votin

[thePig]

Not always.
In India, the introduction of EVMs reduced the election expences by a magnitude of 10.
Also, since there is a huge potential number of votes (upto 500 Million), it can reduce the time taken for the counting by a huge amount.
Another point to be taken to consideration is that there was a lot of invalid votes (when people unknowingly pressed the marker between two candidates in the ballot) esp in places where illetracy is abound. In some places, the invalid votes was more than the difference of votes beween the winning and second candidates. The EVMs meant that invalid votes are no longer an issue.
Also, there was an issue wherein a group of people will barge in a polling booth, and stuff some hundreds or thousands of ballots to the ballot box and run out. This invariably caused either
(a) wrong counts or
(b) re-voting in that booth.
Now this is no longer an issue since there is a time limit between votes and if too many votes come in, it goes in to lock mode(i dont know whether the second option is used now, but the first one is still there - time limit is around 20 seconds or so).

So I guess, it is needed, in many enviornments.

It's like television.

[Grendel+Drago]

It's kind of like television. You are not the networks' customer. The ad companies are the customer; you are the product that is sold to them. Everything else is just flim-flam designed to keep you in front of the tube.

Re:What about hacking paper ballots?

[k98sven]

Here here! All the old fogys are afraid of the "darned electric voting boxs" when it was and still is easier to "acidentally" destroy all the black voters paper ballets or not count "pregnant chads". I'm not even taking into account thinks done by non-government forces.

Bullshit. How exactly is it easy to destroy ANY ballot when you have multiple election workers with their eyes on them at every moment? Plus any number of election observers, which may be representatives of all parties involved, plus any number of federal or foreign observers.

The ONLY way you can destroy a paper ballot is if there are no observers, and all present voting administrators are corrupt. (And observers are usually deployed to exactly the places where there are suspicions of corruption).

Now let's consider an "e-voting" machine that leaves no verifiable paper trail, shall we? The officials and observers at the polling station have no way of knowing that the vote the machine actually registered was accurate, and neither do you. Nor can they tell if the machine is malfunctioning. All you need is ONE person to tamper with the machine, and do so at ANY time.

If the machine is compromised it can still display "Zero votes registered" when the poll opens. But I'd sure like to see you do the same trick stuffing paper slips in a ballot box and still having it look empty.

To ensure a fair election with paper ballots you need: At least one honest election official. And/or at least one impartial observer. To ensure a fair election with an electronic voting machine you need: All people who've ever had the opportunity to tamper with the machine to be honest. You need the software to be correct and bug-free (yeah, right). You need to be able to verify the correctness of the software.

It's true that it's impossible to guarantee fair elections. All you can do is reduce the risk of cheating, and the possible magnitude of cheating. Electronic voting machines do neither. All they do is cost less money.

Private Voting, Public Counting

[mrosgood]

There's lots of good posts. I'm glad we geeks are talking about this important issue.

I spoke briefly with Bev Harris recently. See below.

I'm at work, so I need to make this brief. Just four points.

First, the two pillars of our democracy (United States of America) are private voting and public counting. We adopted the Australian Ballot (aka secret ballot) a while back. Things like electronic voting and forced mail voting (e.g. 100% vote by mail) take away the secret ballot. Here in Washington State, our constitution says we need a secret ballot. Disagree if you want. There's lots of ideas. Like voting receipts and no more secret ballots. But please start by changing our laws. Meanwhile, any attempt to take away the secret ballot (private voting) is unconstitutional.

Second, there is no technical way to have an electronic voting system which both preserves the secret ballot and the public vote count. If the ballots are secret, then there's no verifiability, meaning no public count. If the system is verifiable, then there's no secret ballot. You can have one or the other, but not both. Electronic counting, as with the precinct-based optical scanners, can be done constitutionally.

Third, currently the most reliable way to vote in the USA is to use a voter-correctable precinct-based optical scanner (PBOS). Sorry, I don't have the cites handy (my bad), but dig a little and you can find the research on this. Brennan Center, GAO reports, MIT Voter Project, etc. The basic idea is that you mark a ballot and feed it into a machine. If there's a problem, the machine spits the ballot back out, giving the voter a chance to correct the problem. Yes, these machines need to be better designed, open source, yadda, yadda. But before anyone proposes a better system, please work to understand the best system currently available. (Thank you for your patience.)

Many juridictions have wisely moved away from touchscreens and other DREs and adopted PBOS systems with a low-cost, verifiable solution for disabled voting. TrueVoteCT.org just had a huge win. And Voter Action sued and got the touchscreens in New Mexico replaced with PBOS systems. (Please visit both orgs and give them cash. Activism is not cheap!)

Fourth, and lastly, Bev Harris made an incredibly important point: Our elections have to be understandable for all the voters. Blackbox Voting has spents years digging and researching. I've personally spent 2 years learning all that I can about elections, voting, and these systems. I'm a computer geek and I readily admit that I had to work pretty hard to understand stuff. Bev has a lot of contact with experts, computer scientists, security dudes, etc. Her point is that we cannot rely on those sage gurus to weigh in on our election systems. We all need to understand how our democracy works. Not just the wonks. That means our election and voting systems must be simple and straightforward.

(PS- I saw Bev during King County Washington's "logic and accuracy testing" of our new Diebold AccuVote TSx touchscreens last Tuesday. You can read "Report: Testing of Diebold AccuVote TSx" on my blog, on WashBlog, or on dailyKos. Please holler if anyone has questions. I'll do my best to reply in a timely fashion.)

Re:My Perception Has Changed Again

[aplusjimages]

My brother-in-law was working for this insurance company during the 2004 election and he sported a John Kerry sticker on his personal car. Well a customer saw him walking to his car during work and confronted him about it and asked him to remove it, but he refused since he owned the car and it had nothing to do with the company he worked for.

The next day at work they held a company meeting and asked all employees to remove any political stickers from his car. He thought it was total crap until he saw that a majority of the employees were Bush supporters.

I know the feeling of having to hide your political beliefs. I live in Bush Country and everywhere you go its anti-liberal this and stupid dems that.

The terrorist don't have to work too hard to take away are freedoms because we will do it to ourselves just fine.