Electronic Voting Machines Blasted by Scientists, Hacked by Author
From: Scoop Media (Scoop.co.nz) and Bev Harris (Blackboxvoting.com)
SCOOP EDITOR'S NOTE: What follows is a set of discoveries, the result of the first-ever public examination of a secret, proprietary computer program used to count votes in 37 states. A hundred dollar item allows anyone to stuff the ballot box; remote access was left unprotected, encryption keys were made available to hackers, and passwords, audit logs and votes were easily compromised.
This report, and all information not attributed to others here, was provided by Bev Harris, author of "Black Box Voting: Ballot-Tampering in the 21st Century."
You can overwrite votes. You can vote more than once. The system is vulnerable to both inside and outside attacks. Intruders can overwrite audit logs. You can assign passwords to all your friends.
"Our analysis shows that this voting system is far below even the most minimal security standards applicable in other contexts." -- Researchers from Johns Hopkins and Rice Universities, in paper just released: "Analysis of an Electronic Voting System" http://avirubin.com/vote.pdf
"Computer Voting Is Open to Easy Fraud, Experts Say" (New York Times, July 24 2003) http://www.nytimes.com/2003/07/24/technology/24VOTE.html
These discoveries were made after examining Diebold voting system files left on an open web site, in a security breach somewhat stunning in magnitude. These files had been stored, unprotected, on a company web site for several years. The site appeared to be in continuous use, with new files added frequently, and its design invited visitors into an ftp page, which was available with anonymous access and no password. On January 29, 2003, shortly after Bev Harris found the site (which caused her to interview Diebold employees about it) the web site was removed from public access. By this time, its files had been downloaded by several people in various locations around the world.
On July 8, 2003 an Internet publication called Scoop Media released the location of a complete set of files. Alastair Thompson, the publisher and editor of Scoop Media, says he believed that the files were of critical importance in assessing whether Diebold officials and certifiers have been telling the truth about voting machine security.
Diebold machines are used in 37 states; Maryland just spent $55 million on 11,000 of these machines, and the state of Ohio is considering switching all counties to Diebold machines, a purchase estimated to be as high as $150 million. The state of Georgia bought Diebold machines in 2002, investing $55 million to purchase over 22,000 machines.
The files on the Diebold ftp site indicate that security flaws are not limited to touch screen machines; the problems with Diebold's GEMS software also exist in Diebold optical scan machines, like those used in King County Washington. For a complete list of locations using Diebold machines as of Feb. 2003, go to the list of Diebold locations found in: http://www.blackboxvoting.org/mfr.pdf, bearing in mind that many new purchases have been made since that time.
State laws typically allow only limited examination of the paper ballots, taking tallies directly from Diebold optical scan machines, even in recounts. Therefore, insecure optical scan software also poses a grave risk to voting security, since tampering is unlikely to be spotted. Under a previous company name (Global Election Systems) Diebold machines counted 40 percent of Florida in election 2000.
Diebold systems go by the name "AccuVote" and "AccuTouch," and the software program is called "GEMS."
[Electronic voting] "places our entire democracy at risk" say experts:
"We highlight several issues including unauthorized privilege escalation, incorrect use of cryptography, vulnerabilities to network threats, and poor software development processes. For example, common voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal."
"Furthermore, we show that even the most serious of our outsider attacks could have been discovered without the source code. In the face of such attacks, the usual worries about insider threats are not the only concerns; outsiders can do the damage. That said, we demonstrate that the insider threat is also quite considerable. We conclude that, as a society, we must carefully consider the risks inherent in electronic voting, as it places our very democracy at risk." More: http://avirubin.com/vote.pdf
Other security flaws:
- Bev Harris bypassed the Diebold voting system password in 10 minutes, using the officially certified version of the GEMS program. See illustration:
- Switched votes on the Diebold voting system. See illustration:
- Compromised the audit log on the Diebold voting system: See illustration:
The state of California, which is soon to have an election on the recall of Governor Gray Davis, has Diebold machines in many counties, including heavily populated Los Angeles and San Diego counties.
"I have called King County four times, trying to show the task force where the problems are, including problems that I have not yet published. They have yet to respond. They have not even asked me to send them a report," says Harris, who lives in King County and must vote on its Diebold machines.
Harris hopes to obtain a higher level of cooperation from Microsoft, upon whose operating system the Diebold voting program is based.
"One of my sources reported a problem in the Windows code, apparently a change made by the Diebold programmers that could affect security, and I explained the urgency of the situation. I told Microsoft that these machines are used in 37 states, and requested immediate help to identify whether the Windows code had indeed been rewritten, and an opinion from them as to whether it compromises security. I hope to obtain their assistance as soon as possible."
According to Professor Douglas Jones, at an official examination in Iowa, when asked about this, the representatives of Global [Global Election Systems, now Diebold Election Systems] stated, firmly, that the version of Windows they used was purely unmodified commercial off-the-shelf software, and therefore not subject to a source code audit under the FEC/NASED certification rules. He discussed potential problems with this in his testimony before the U.S. Congress (House Science Committee on May 22, 2001. See "Problems with Voting System Standards" http://www.cs.uiowa.edu/~jones/voting/congress.html)
- See also: Misleading statements by Diebold about remote communications in voting machines. If Diebold does not tell the truth about a simple thing like "do these voting machines have modems," can we believe the rest of what they have to say?
(contains photocopy of modem and internet communications with Wide Area Network and Web servers, from the Diebold sales presentation made to the State of Georgia); the touch screen machines also contain wireless communications devices and land line connectivity.
- See also: Technical questions to ask Diebold, and technical analysis of Diebold flaws, by Professor Doug Jones: http://www.cs.uiowa.edu/~jones/voting/dieboldftp.html
In the July 24 New York Times article, when asked about the unprotected web site, Diebold spokesman Joe Richardson states that "files were over a year old."
In fact, the files were being uploaded to the web site almost daily, until it was taken down on Jan. 29, 2003. Experts indicate that rewriting or correcting problems will not be a simple task, since the problems are built into the architecture of the system itself, and any revisions will require recertification before the machines can be used.
Here is an interview with the technician in charge of the Diebold site: http://www.blackboxvoting.org/lies.htm#lancaster
Here is an interview with a technician who
describes how the site was used:
Here is a GEMS User's Manual that encourages
election workers to download from the unprotected Diebold
(see page 221)
"This is a program that will have been set up by your Diebold Support Specialist to connect directly into the Diebold FTP site. It is easy to use and fun as well. Connect to the Internet the normal way…"
Diebold officials have insisted that the machines do not
connect to the Internet, "for obvious security reasons."
(See statements at
The story gets a bit odder here. An unelected person named R. Doug Lewis runs a private non-profit organization called "The Election Center." Lewis is possibly the most powerful man in the U.S., influencing election procedures and voting systems, yet he is vague about his credentials and no one seems to be quite sure who hired him or how he came to oversee such vast electoral functions. Lewis organized the National Association of Secretaries of State (NASS, now heavily funded by voting machine vendors); he also organized the National Association of State Election Directors (NASED) and, through them, Lewis told Harris he helps certify the certifiers.
Wyle Laboratories is the most talked-about voting machine certifier, probably because it is the biggest, but in fact, Wyle quit certifying voting machine software in 1996. It does test hardware: Can you drop it off a truck? Does it stand up to rain?
Software testing and certification is done by Shawn Southworth. When Ciber quit certifying in 1996, it was taken over by Nichols Research, and Southworth was in charge of testing. Nichols Research stopped doing the testing, and it was taken over by PSInet, where Southworth did the testing. PSInet went under, and testing functions were taken over by Metamore, where Southworth did the testing. Metamore dumped it, and it was taken over by Ciber, where Southworth does the testing.
Here is a photo of Shawn Southworth:
What are Shawn Southworth's credentials? We are not allowed to ask. The rules are set by R. Doug Lewis of The Election Center, which states that the certifiers will not answer questions from the media, or from anyone else.
According to Dr. David Dill of Stanford, formal questions were posed to Wyle and Ciber about what is done to test these machines, but both declined to answer.
Dr. Dill's statement on electronic voting has gained the endorsement of several hundred computer scientists who agreed, even before the problems were found in the Diebold system, that electronic voting is inherently unsafe.
"Computerized voting equipment is inherently subject to programming error, equipment malfunction, and malicious tampering. It is therefore crucial that voting equipment provide a voter-verifiable audit trail, by which we mean a permanent record of each vote that can be checked for accuracy by the voter before the vote is submitted, and is difficult or impossible to alter after it has been checked. Many of the electronic voting machines being purchased do not satisfy this requirement. Voting machines should not be purchased or used unless they provide a voter-verifiable audit trail; when such machines are already in use, they should be replaced or modified to provide a voter-verifiable audit trail. Providing a voter-verifiable audit trail should be one of the essential requirements for certification of new voting systems."
Bob Urosevich is the CEO of Diebold Election Systems. Urosevich created the original software architecture for Diebold Election Systems, and his original company, called I-Mark Systems, can be found in the source code signatures.
Prior to programming for and taking over Diebold Election Systems, Urosevich programmed for and was CEO of Election Systems & Software (ES&S), which counts 56 percent of the votes in the United States. When Urosevich left ES&S, Chuck Hagel took his position. (Hagel then ran for the U.S. Senate, with ES&S machines counting his own votes, but failed to disclose that he had been both CEO and Chairman of ES&S on his disclosure documents).
Bob Urosevich, together with his brother Todd, founded ES&S. Bob then went to run Diebold, while Todd still is a Vice President at ES&S. Diebold and ES&S, together, count about 80 percent of the votes in the United States.
Many of the Diebold code-writers are not in the United States, and some are outside contractors, not employees. Talbot R. Iredale, who has been a stockholder in the election company, is one of the key programmers. The Windows files, which appear to have been changed, are found in a file that is referenced to Iredale's own computer hard drive. Another key programmer is Dmitry Papushin. Some of the optical scan software was written by Guy Lancaster. Both Iredale and Lancaster live in Vancouver, Canada.
Bev Harris is developing a follow-up story about Windows files used in the Diebold voting machines. These files were reportedly changed frequently prior to the 2002 general election, and sources say they came out of Diebold's office, not from Microsoft. Programmers do make small changes in Windows files sometimes, but in the case of voting machines, any such changes must be reviewed, since only "off the shelf" software that is identical to the standard version can go unexamined.
All 22,000 machines in Georgia received an unexamined, uncertified program change immediately before the Nov. 2002 general election, and some of those "updates" were on the Diebold web site, including a file called "rob-georgia.zip" and an unusual file dated six days after the election which refers to "repairing" some kind of database, in the same format as the vote databases.
ENDNOTE: This is a multifaceted story that will unfold continuously over the next year, but the urgent concern of many U.S. voters is that their next votes will be secure. Already some citizens are demanding an immediate moratorium on all electronic voting, until all systems can be examined, voter-verified paper trails are in place, remote access mechanisms are removed, and robust audits are required.
If you or your organisation want to help in coordinating the communications drive on this issue the best place to start is:
The publisher for Bev Harris's new book: "Black Box Voting – Ballot Tampering In The 21st Century" is taking pre-publication orders now.
Or Click On The Image Below:
Read The Book…Support The Cause
Pre-Order Your Copy Today