Scoop Blogwatch: Hacking Your Vote
If you were hired to create some software to count votes in an election, how would you do it? What considerations would you have and how would you implement them. What would be your security considerations?
Think for a moment before reading on, and we'll compare your thoughts with what's actually out there. The results may surprise you.
Disclaimer: This is my personal blog and my opinions are my own and not necessarily that of my employer.
No, This Is
Not All About Touch Screens
There has been some major upset in the last few years about touch-screen voting systems and how easy they are to hack - but I don't want you to focus on that, for now. The interesting thing is when you bring up "voting software" most people think these systems are what you're talking about.
In this case I'm more interested in how you would implement vote-counting software - the thing used to count the votes when cards are passed through a reader and tallied. Take 10 minutes or so and specifically think about:
- Voting audit trails
- Counting accuracy
- Tampering prevention
You keep on musing while we take a break to describe the election process and how votes are counted today...
How Your Vote Is Counted
Every county has the jurisdiction to implement an election as it sees fit, under the guidelines of the Federal Elections Commission (FEC). This means that every county in the US can buy and use "certified" systems from companies such as Diebold, ES&S, and Sequoia.
One of the biggest sellers out there (the state of Maryland paid $50 Million US for this one) is the Diebold's Accu-vote. It consists of a battery of optical readers (one for each polling place) and memory cards for storing election results. It also comes with a license for GEMS, their vote-tallying and reporting software; one license per county for use by the Supervisor of Elections.
On the day that you vote, your ballot gets put into an officious looking black box with the other ballots. At the end of the day your ballot is pushed through one of these readers, and your vote is stored on one of these memory cards:
Once all of the ballots from a polling place are collected and read, a tape is printed by the optical reader that has the results on it, including a full count of the ballots read in. The election workers from that polling place sign the ticket and off it goes to the Department of Elections.
The next step in the voting chain is that the Election Supervisor (or one their appointees) takes the memory cards from each polling place and methodically plugs them into a computer running GEMS, the vote-counting software. GEMS reads the information from the cards and once all the cards are read, a final report is printed out and the Supervisor certifies the results and the election.
Seems simple enough right? Have an idea how you might implement this system?
In 2003, Bev Harris (the then-housewife and now-founder of BlackBoxVoting.org) wanted to know more about the election software that was being used in her home town near Seattle, WA. She got on the internet and ran Google search after Google search until suddenly...
... when I found that Diebold Election Systems had been storing 40,000 of its files on an open web site, an obscure site, never revealed to public interest groups, but generally known among election industry insiders, and available to any hacker with a laptop, I looked at the files. Having a so-called security-conscious voting machine manufacturer store sensitive files on an unprotected public web site, allowing anonymous access, was bad enough, but when I saw what was in the files my hair turned gray. Really. It did.
The contents of these files amounted to a virtual handbook for vote-tampering: They contained diagrams of remote communications setups, passwords, encryption keys, source code, user manuals, testing protocols, and simulators, as well as files loaded with votes and voting machine software
Turns out that Diebold kept their CVS system up on a public FTP site, with no security. Oops.
She downloaded every file she could find, which included requirements, diagrams, code, and binary files. Of particular interest to her was GEMS - the software that tallies the votes for the county.
Go to the full story