How They Could Steal the Election This Time
R. A. Hettinga
rah at shipwright.com
Sat Jul 31 16:03:41 EDT 2004
<http://www.thenation.com/docprint.mhtml?i=20040816&s=dugger>
Click here to return to the browser-optimized version of this page.
This article can be found on the web at
http://www.thenation.com/doc.mhtml?i=20040816&s=dugger
How They Could Steal the Election This Time
by RONNIE DUGGER
[from the August 16, 2004 issue]
On November 2 millions of Americans will cast their votes for President in
computerized voting systems that can be rigged by corporate or
local-election insiders. Some 98 million citizens, five out of every six of
the roughly 115 million who will go to the polls, will consign their votes
into computers that unidentified computer programmers, working in the main
for four private corporations and the officials of 10,500 election
jurisdictions, could program to invisibly falsify the outcomes.
The result could be the failure of an American presidential election and
its collapse into suspicions, accusations and a civic fury that will make
Florida 2000 seem like a family spat in the kitchen. Robert Reich, Bill
Clinton's Labor Secretary, has written, "Automated voting machines will be
easily rigged, with no paper trails to document abuses." Senator John Kerry
told Florida Democrats last March, "I don't think we ought to have any vote
cast in America that cannot be traced and properly recounted." Pointing out
in a recent speech at the NAACP convention that "a million
African-Americans were disenfranchised in the last election," Kerry says
his campaign is readying 2,000 lawyers to "challenge any place in America
where you cannot trace the vote and count the votes" [see Greg Palast,
"Vanishing Votes," May 17].
The potential for fraud and error is daunting. About 61 million of the
votes in November, more than half the total, will be counted in the
computers of one company, the privately held Election Systems and Software
(ES&S) of Omaha, Nebraska. Altogether, nearly 100 million votes will be
counted in computers provided and programmed by ES&S and three other
private corporations: British-owned Sequoia Voting Systems of Oakland,
California, whose touch-screen voting equipment was rejected as insecure
against fraud by New York City in the 1990s; the Republican-identified
company Diebold Election Systems of McKinney, Texas, whose machines
malfunctioned this year in a California election; and Hart InterCivic of
Austin, one of whose principal investors is Tom Hicks, who helped make
George W. Bush a millionaire.
About a third of the votes, 36 million, will be tabulated completely
inside the new paperless, direct-recording-electronic (DRE) voting systems,
on which you vote directly on a touch-screen. Unlike receipted transactions
at the neighborhood ATM, however, you get no paper record of your vote.
Since, as a government expert says, "the ballot is embedded in the voting
equipment," there is no voter-marked paper ballot to be counted or
recounted. Voting on the DRE, you never know, despite what the touch-screen
says, whether the computer is counting your vote as you think you are
casting it or, either by error or fraud, it is giving it to another
candidate. No one can tell what a computer does inside itself by looking at
it; an election official "can't watch the bits inside," says Dr. Peter
Neumann, the principal scientist at the Computer Science Laboratory of SRI
International and a world authority on computer-based risks.
The four major election corporations count votes with voting-system source
codes. These are kept strictly secret by contract with the local
jurisdictions and states using the machines. That secrecy makes it next to
impossible for a candidate to examine the source code used to tabulate his
or her own contest. In computer jargon a "trapdoor" is an opening in the
code through which the program can be corrupted. David Stutsman, an Indiana
lawyer whose suits in the 1980s exposed a trapdoor that was being used by
the nation's largest election company at that time, puts it well: "The
secrecy of the ballot has been turned into the secrecy of the vote count."
According to Dr. David Dill, professor of computer science at Stanford,
all elections conducted on DREs "are open to question." Challenging those
who belittle the danger of fraud, Dill says that with trillions of dollars
at stake in the battle for control of Congress and the presidency,
potential attackers who might seek to fix elections include "hackers,
candidates, zealots, foreign governments and criminal organizations," and
"local officials can't stop it."
Last fall during a public talk on "The Voting Machine War" for advanced
computer-science students at Stanford, Dill asked, "Why am I always being
asked to prove these systems aren't secure? The burden of proof ought to be
on the vendor. You ask about the hardware. 'Secret.' The software?
'Secret.' What's the cryptography? 'Can't tell you because that'll
compromise the secrecy of the machines.'... Federal testing procedures?
'Secret'! Results of the tests? 'Secret'! Basically we are required to have
blind faith."
The integrity of the vote-counting inside DREs depends on audit logs and
reports they print out, but as Neumann says, these are "not real audit
trails" because they are themselves riggable. The DREs randomly store three
to seven complete sets of alleged duplicates of each voter's ballot, and
sets of these images can be printed out after the election and manually
counted. The companies claim that satisfies the requirement in the 2002
Help America Vote Act (HAVA) that "a manual audit capacity" must be
available. But as informed computer scientists unanimously agree, if the
first set of ballot images is corrupted, they all are. I asked Robert
Boram, the chief engineer who invented a DRE sold by the RF Shoup
voting-systems company, if he could rig his DRE's three sets of ballot
images. "Give me a month," he replied.
The United States therefore faces the likelihood that about three out of
ten of the votes in the national election this November will be
unverifiable, unauditable and unrecountable. The private election companies
and local and state election officials, when required to carry out recounts
of elections conducted inside the DREs, will order the computers to spit
out second printouts of the vote totals and the computers' wholly
electronic, fakable "audit trail." The companies and most of the election
officials will then tell the voters that the second printouts are
"recounts" that prove the vote-counting was "100 percent accurate," even
though a second printout is not a recount.
HAVA was supposed to solve election problems revealed in 2000; instead, it
has made the situation worse. Under the act the Election Assistance
Commission (EAC), appointed by President Bush, is supposed to set standards
for the vote-counting process, but four months before the election the new
agency had only seven full-time staff members. On June 17 the EAC sent $861
million to twenty-five states, mainly to buy computerized machines for
which no new technical standards have been set. Its just-appointed
fifteen-member technical standards committee does not include more than one
leading critic of computerized vote-counting.
Rather than completely testing the vote-counting codes, there is some
secretive testing of systems by three private companies that are chosen by
the pro-voting-business National Association of State Election Directors.
The companies consult obsolete pro-company and completely voluntary
standards promulgated by the Federal Election Commission and get paid by
the very companies whose equipment is being tested. The three private
companies, speciously called Independent Testing Authorities, together
constitute a Potemkin village to falsely assure the states and the voters
of the security of the systems. Often their work is misrepresented as
"federal testing." The states then test and "certify" the systems, and the
local jurisdictions put on dog-and-pony-show "logic and accuracy tests,"
which are not capable of discovering hidden codes that would change vote
totals.
"The system is much more out of control than anyone here may be willing to
admit," Dr. Michael Shamos, a computer scientist at Carnegie-Mellon
University and for many years an examiner of voting machines for Texas and
Pennsylvania, told a House panel on June 24. "There's virtually no control
over how software enters a voting machine." Shamos told another House panel
on July 20, "There are no adequate standards for voting machines, nor any
effective testing protocols."
Hackable computer codes control vote-counting in all three kinds of
computerized systems that will be used again in the 2004 elections: the
ballotless DREs, on which some 36 million will vote; optical-scan systems
that electronically tally paper ballots marked by the voters, on which 40
million people will vote; and punch-card ballots, also tabulated by
computerized card-readers, which gained notoriety in 2000 and are still
used by 22 million voters. (Another 16 million still vote on the old lever
machines, about a million on hand-counted paper ballots.)
Florida 2000 was universally misunderstood and mischaracterized in the
press as a crisis of hanging chads on the punch-card ballots. The serious
issue, then as now, was embodied in the explicit though all but unreported
position that James Baker, George W. Bush's field commander in Florida,
staked out to stop the recounting of votes. The computerized vote-counting
systems, Baker declared, are "precision machinery" that both count and
recount votes more accurately than people do. Now, with Senator Kerry
demanding recountability, an ominously intensifying partisan split has
developed in Washington over whether to have a voter-verified paper trail
and, when necessary, to conduct recounts with it.
Torment in Washington
Though no broad citizens' movement has formed against computerized
vote-counting, a nationwide backlash against unverifiable paperless voting
has. The paper ballots used in the op-scan and punch-card systems already
provide a voter-verified paper audit trail (VVPAT). The principal proposed
security safeguard for the DRE system was invented, but not patented, ten
years ago by computer scientist Rebecca Mercuri, now a research fellow at
Harvard. In her solution, after voters record their choices on the
touch-screen, they confirm them on a paper ballot that appears under glass
and then push a button to cast the vote, causing the machine to deposit the
paper ballot in a box that will hold it for recounting if that is ordered.
The printer for the paper ballots for each voting machine should cost about
$50; the total add-on could be $300-$600. Many jurisdictions also have the
alternative of expanding or acquiring the relatively inexpensive
optical-scan systems or other systems already in place that create paper
trails.
In the US Senate seven Democrats and the one Independent are co-sponsoring
a bill by Senators Bob Graham and Hillary Clinton to require paper trails
on DREs by November, with a loophole for jurisdictions whose officials deem
it to be technologically impossible. Clinton told the press that without a
voter-verified paper trail GOP-leaning corporations might program voting
machines to help Republicans steal elections [see sidebar, page 16]. In an
interview in his hideaway office in the Capitol, Graham told me that he
regards his and Clinton's bill as so obviously needed that it's "a
no-brainer." The absence of a paper trail on the DREs could endanger "the
legitimacy" of November's election, Graham said.
New Jersey Democrat Rush Holt introduced a House bill more than a year ago
requiring a paper trail on DREs. It has 149 co-sponsors, including a few
prominent Republicans. Holt says, "The verification has to be something
that the voter herself or himself has to do"; without that, "we will never
have a truly secure election." Holt's bill has opened up a partisan divide
in the House. The chairman of the committee to which his bill is assigned,
Ohio Republican Bob Ney, informed Holt that he is against the bill and
would not allow a hearing on it. A few days later Graham and Holt wrote
their fellow members of Congress that "without an independent,
voter-verified paper trail, we will be able only to guess whether votes are
accurately counted." Last month Ney relented and scheduled two hearings.
Holt plans to offer his bill as an amendment to the Treasury appropriation
after Congress returns from its August recess. Graham is still mulling his
strategy.
The principal stated objection to a DRE paper trail comes from some
spokespersons for the disabled, who characterize it as a step back from the
touch-screen's improved accessibility and privacy. Many election officials,
whose work paper ballots make both auditable and much more extensive,
object variously that the attachment will add costs, that the printers
might fail and that paper ballots can be stolen or counterfeited and
sometimes produce somewhat different totals.
Leading citizen organizations have been split. Initially the League of
Women Voters, concerned to minimize invalidly cast ballots, opposed the
paper trail, but there was a revolt in the chapters and a petition for the
paper trail was signed by 800 members. At the league's June convention,
after a fight led by Barbara Simons, past president of the Association of
Computer Machinery, the league switched sides, endorsing voting systems
that are "recountable." Common Cause, placing the highest value on insuring
that every vote is counted and can be recounted if necessary, has been
among the leaders of the fight for the paper trail.
Around the States
Not surprisingly, the starkest resistance to the voter-verified paper
trail comes from Florida, where more than half the citizens will have to
vote on touch-screen systems in November. The President's brother, Governor
Jeb Bush, and Jeb's Secretary of State, Glenda Hood, express unqualified
confidence in the trustworthiness of the DRE systems and militantly oppose
providing a paper-ballot trail for them. Hood has denied that the
electronic voting machines can be tampered with in the software, saying:
"The touch-screen machines are not computers. You'd have to go machine by
machine, all over the state." A spokeswoman for her says flatly that "a
manual recount is unnecessary."
This past spring a powerful state senator proposed to make it illegal to
recount votes in the DRE systems, but she backed down when called on it by
activists. Then Ed Kast, director of Hood's division of elections, who has
since resigned, sought to achieve the same purpose by diktat, issuing a
formal ruling that, despite the extant state law requiring recounts under
certain circumstances, supervisors of elections do not need to recount DRE
ballots. The ACLU and other groups have sued to invalidate that ruling; a
spokesperson for the state Republican Party excoriates the suit as a
left-wingers' "ploy to undermine voters' confidence."
Representative Robert Wexler, a Democrat from the southern tier of the
three big counties on the Atlantic, which for election scandals is to
Florida what Cook County is to Illinois, sued state and county election
officials in state and federal court to require the VVPAT on DREs. He
argues that allowing some voters to have manual recounts but not others
violates the Supreme Court decision in Bush v. Gore compelling equal
treatment of voters (although the majority specified it was only for that
election). To date his suits, opposed at every step by the Bush
Administration in Tallahassee, have gotten nowhere. If he loses, half the
voters in Florida, those voting on DREs, will be denied the manual recounts
that the other half can have.
The Bush forces in Florida geared up for another purge of released felons
from the voter rolls. Ion Sancho, supervisor of elections for Leon County,
admits with shame that the state's felon purge in 2000 resulted in more
than 50,000 legal voters being disenfranchised. The state elections
division identified 47,000 more suspected felons, a list disproportionately
heavy with blacks, and asked that local election supervisors purge them.
The Bush people refused to make the list public, but were ordered to do so
by a judge. Only then was it discovered that the list excluded felons who
are Hispanic. In Florida Hispanics tend to vote Republican. This dandy
error was "absolutely unintentional," the Bush people said--while
abandoning the then indefensible list. Miami Herald columnist Jim Defede
wrote that Hood--an "amazing incompetent or the leader of a frightening
conspiracy"--must resign.
"What are we going to do if there's a close race?" Wexler asked in the
Orlando Sentinel. "The voting records of these machines will have
disappeared in cyberspace." He told me angrily: "Apparently their motives
are to suppress the vote in Florida in a number of different ways. They are
refusing a paper trail on a computerized voting machine. They are again
preparing on the felons--they've got a new and improved process. I don't
trust 'em to do the right thing." This summer, Representative Alcee
Hastings, whose district includes Fort Lauderdale and West Palm Beach,
exclaimed, "Any way we cut it, these people are going to try to steal this
election."
The Miami-Dade Reform Coalition asked Jeb Bush to audit the touch-screen
machines this summer. Bush's spokesperson rebuffed that as "an accusation
du jour." Undeterred, Democratic US Senator Bill Nelson of Florida
demanded, "Why not do an audit when so much is at stake?... The national
election for President could ride on the results coming out of Florida."
Senator Nelson even sent a letter to Attorney General John Ashcroft asking
that the federal government audit the machines.
This past spring in California, Diebold systems malfunctioned in two
counties, disenfranchising thousands of voters. Secretary of State Kevin
Shelley discovered that the voting systems in seventeen counties in the
state had not been certified, as required by law. After two days of
tumultuous hearings in Sacramento, during which high-level election
officials called the company's behavior "despicable" and accused its
officials of lying, Shelley prohibited the use of Diebold's systems in four
counties, the first time this has happened in the United States. Shelley,
who has said to the Los Angeles Times that he doesn't want to be "the
Katherine Harris of the West Coast," also made the certification of voting
systems in ten more counties dependent on their adoption of twenty-three
security improvements that he specified. One of these requires those
counties to let citizens vote on paper if they want to, but Shelley
flinched at requiring a DRE paper trail this year. Four counties and
advocates of the disabled sued Shelley to block his actions, but a federal
judge ruled he had the authority and had used it reasonably.
Two secretaries of state, Republicans Dean Heller in Nevada and Matt Blunt
in Missouri, have required that DREs in their states have a voter-verified
paper ballot for the November election. Sequoia is producing the Mercuri
VVPAT on demand for Nevada, and several small election companies, including
Avante and AccuPoll, have built Mercuri attachments, won their
certification and are ready to sell them to local jurisdictions now. Among
the thirty-one other states with DRE voting systems in some of their
jurisdictions, as of early summer legislatures in five had rejected
requiring the paper trail, another nine were considering such a requirement
and seventeen had no such proposal before them.
In swing-state Ohio, under procedures approved by Republican Secretary of
State Kenneth Blackwell, thirty-one counties decided they would not use
paperless DREs in November, and three said they would. Blackwell then ruled
that because of unsolved security problems, none of them will. In Maryland,
which imposed Diebold DREs statewide in 2002, the Board of Elections ruled
that paper ballots cast in the March primary by citizens who did not want
to vote on the DREs would not be counted. That's now in the courts. The
Campaign for Verifiable Voting presented 13,000 signatures for a paper
trail and called for the resignation of the state elections chief, Linda
Lamone, who, sitting tight, said, "I think everything is going to be just
fine." In Texas, Representative Ciro Rodriguez, chair of the Congressional
Hispanic Caucus, was renominated by 150 votes until 419 "found votes" made
challenger Henry Cuellar the winner. Rodriguez is contesting the outcome,
but since the voting in Bexar County (San Antonio) was conducted on DREs,
the votes there can't be recounted. "There's no paper trail to verify what
was put in," Cuellar said.
A paper trail will not assure that elections won't be stolen in the DREs.
"The only thing the VVPAT will do is give us the ability to prove that it
happened," says Roxanne Jekot of Cumming, Georgia, a self-taught computer
specialist who has become one of the most effective activists against
paperless computerized voting. "There is nothing to deter that single
outsourced information-technology worker [from manipulating the machine].
Nobody can prove that he did it."
Many states require recounts if an outcome in a computer-counted race is
within a margin of less than 1 percent or a half or quarter percent, but
that invites crooked programmers, if any such be at work, to jimmy their
rigged outcomes to fall outside the recount-triggering spreads.
Furthermore, a paper trail isn't an audit unless the ballots are
recounted. Even before the advent of touch-screen systems, obtaining actual
recounts of elections was becoming more difficult. Election officials,
election companies and state laws have often combined to block recounts or
discourage narrowly losing candidates from getting them. Incredibly, in
2002 the legislature in Nebraska, the home state of Election Systems &
Software, outlawed recounts of the paper ballots in the ES&S optical-scan
computerized ballot-counting systems that tally 85 percent or so of the
votes in that state. Colorado requires that for elections conducted on DRE
machines, recounts must be conducted on the very same machines.
In Alabama two years ago, during a controversy over an election for
governor conducted mostly on op-scan machines, Attorney General Bill Pryor,
backing up the sheriff in one questioned county, ruled officially that
under state law anyone recounting the ballots would be subject to arrest.
This year President Bush, circumventing Senate hearings, elevated Pryor to
the Eleventh Circuit Court of Appeals in a recess appointment.
'It's Really a Matter of Trust'
Confident, friendly, but officious, Jesse Durazo, the registrar of voters
of Santa Clara County in the heart of the Silicon Valley, is typical of
hundreds of local election officials who berate "the academics." This past
spring, despite dire warnings from Professors Neumann of SRI and Dill of
Stanford, Durazo led his county into buying 5,500 of the Sequoia AVC Edge
DREs at $3,000 each ($20 million, figuring in everything). The anteroom of
his county election headquarters is festooned with cheery signs such as one
saying Voting Just Got Easier. He is delighted that DREs will facilitate
voting by those who speak a foreign language (including Spanish, Vietnamese
and Chinese).
Durazo said that the AVC had first been approved by the federal government
(which is not correct) and then certified by the California secretary of
state. He said that providing a voter-verified ballot would open the way to
"unlimited error," while computer error, in contrast, can be "quantified."
As for Trojan horses smuggling in corrupt instructions, he said in a
confident tone, "I don't have those fears." Stealing votes in the computers
is next to impossible, he insisted, because local ballots are set up at the
last minute, there are a large number of races and ballot initiatives in
any one election, and the order of the candidates' positions on the ballots
is rotated in different precincts.
The three sets of all the votes, kept in the computer, provide the
recount, he said. Are those not just copies of each other, automatically
made? Durazo exclaimed in high dudgeon: "It's a redundant perfection!... It
starts with the premise that the information in the system is correct."
Alfred Gonzales, Durazo's Filipino outreach specialist for voters who
speak Tagalog, demonstrated the AVC, a sign on the top of which said Try It
Out Today. No More Punchcards! I voted on it and asked Gonzales how I knew
for sure that my vote would be counted. "Because it will be registered in
the machine, saved in the hard drive, and put on a cartridge," he said. "At
the end of the day it will be in the printout of the total." How did he
know the machine would do that? "Because it has been federally certified!"
he said. "There is fool-proof security." Well, one more thing, I asked.
There's no ballot--what if you need a recount? "It's really a matter of
trusting the machine," Gonzales said. Patting the AVC gently, he intoned
with pride, "It's really a matter of trust."
"These companies are basically saying 'trust us,'" Rebecca Mercuri told
the New York Times. "Why should anybody trust them? That's not the way
democracy is supposed to work." Douglas Kellner, a leader on the New York
City Board of Elections, exclaimed at a meeting of computer specialists in
Berkeley this past spring, "I think the word 'trust' ought to be banned
from election administration!" Dr. Avi Rubin, computer science professor
and technical director of the Information Security Institute at Johns
Hopkins University, recently testified before the federal Election
Assistance Commission, "The vendors, and many election officials, such as
those in Maryland and Georgia, continue to insist that the machines are
perfectly secure. I cannot fathom the basis for their claims. I do not know
of a single computer security expert who would testify that these machines
are secure."
Mercuri wrote in her dissertation on vote-counting in 2001 that "security
flaws (such as Trojan horse attacks)...are possible in all of the
computer-based voting systems" and that providing thorough examinations of
source code and other circuits for DREs that vary from municipality to
municipality "is a Herculean task--one that is likely not to be affordable,
even if it were accomplishable."
Not all the scientists agree. Michael Shamos of Carnegie-Mellon, who once
warned that computerized vote-counting is highly vulnerable to fraud, now
takes the position that "the issue is not whether voting systems are
absolutely secure, but whether they present barriers sufficiently
formidable to give us confidence in the integrity of our elections."
Voting Machines Stolen in Georgia
In 2000 five out of six Georgians cast a paper ballot that could be
recounted on ES&S systems. In January 2001, in a speech to the
Democratic-controlled legislature, Georgia Secretary of State Cathy Cox, a
Democrat who is expected to run for governor in 2006, declared that
considering all the recent problems down in Florida, Georgia should adopt
one "uniform electronic voting system by November 2004." Upon Cox's fervent
recommendation of the just-born Diebold Election Systems, in May 2002
Georgia agreed to pay Diebold $54 million for 19,000 DRE voting systems.
The counties and cities of Georgia had chosen their own voting machines for
the last time, and, less obviously, Georgians had lost their ability to
recount their votes in contested elections.
At once Diebold set to manufacturing 282 of its AccuVote TS voting systems
a day. Some of the earliest ones arriving in Georgia, sent out for use in
the training of election workers, were left in a hotel conference room
overnight, stolen and never recovered. Late that June the secret
vote-counting codes inside nine to fourteen more of the Diebold machines
were stolen. Diebold made an uncounted number of apparently illegal changes
in the election-conducting code between June and November. The memory cards
on which the votes on each of the computers were recorded on election day
all over Georgia had no encryption. According to Rob Behler, who served as
Diebold's production deployment manager in Georgia during the first half of
that summer, those cards could be used to change the results manually,
precinct by precinct.
Incumbent US Senator Max Cleland and incumbent Governor Roy Barnes, both
Democrats, were odds-on favorites to win re-election. A week before the
voting an Atlanta Journal-Constitution poll showed Cleland ahead by five
points, 49-44, but on election day he lost to his Republican opponent,
Saxby Chambliss, by seven points, 53-46, a twelve-point swing. The loss of
Governor Barnes to Sonny Perdue was even more remarkable: a one-week switch
of fourteen percentage points. These were suspicious anomalies, and
subsequently in a Peach State Poll one in eight Georgia voters were "not
very confident" or "not at all confident" that the DREs had produced
accurate results; another 32 percent were only "somewhat confident."
In his front parlor at home in Georgia, Rob Behler told me that just
before or just as he took over the Atlanta warehouse for Diebold, some of
the voting machines had been sent out to "do demos," and in one southern
county "somebody broke in and stole...[nine or] fourteen of the machines
and, I think, one of the servers." He says the vote-counting programs in
the stolen computers could have been completely reconstructed by reverse
engineering and employed to jimmy the election.
"Quality-checking" the AccuVote machines as they arrived from Diebold at a
warehouse in Atlanta, Behler and his crew found problems, he says, with
"every single one" of them and about a fifth of them were shoved aside as
unusable. When Diebold's programmers wanted "patches," that is, changes,
inserted into the voting-system software, Behler says, they sent them to
him via the company's open, insecure File Transfer Protocol (FTP) site in
cyberspace. On his own unsecured laptop (resting on his desk as he spoke),
Behler made twenty-two or twenty-three of the cards that were used to
change the programs in the machines.
The night of the November 2002 election, sixty-seven of the memory cards
used in Fulton County (Atlanta) disappeared. Running his laptop with a dual
battery, Behler says, in six or seven hours he could have changed the
totals on those sixty-seven cards. "There's no technical problem. There was
absolutely zero protection on the card itself. You throw the card in, you
just drill down into its files."
Brit Williams, a computer consultant at Kennesaw State University who runs
Georgia's testing of voting systems, confirmed to me that the memory cards
were not encrypted and all had the same password (1111), but each one, he
contended, was "unique to its machine." He snapped, "We had 22,000 voting
stations. How would you like to be in charge of 22,000 passwords?" Williams
said the sixty-seven missing memory cards in Atlanta had been left in the
machines by forgetful workers and were recovered.
The Georgia election of 2002 illustrates how serious risks of technical
malfunctions and malicious tampering can occur without anyone outside the
voting business finding out about them. No doubt in part because of the
hasty start-up, Diebold's "security," though approved by the independent
testing authorities and the state, was in fact farcical. Both of the losing
Democrats had backed installation of the DRE systems statewide, so they
could hardly call for recounts that their own state party had made
literally impossible.
The Kids Prick Open a Scandal
Some kids who are "really interested in computers" were playing around
last year, spidering through the links on various websites, when they
discovered that Diebold had an unsecured FTP site (the same one Behler had
used). One of the boys noted the fact on his website. Some other material
on that site--not the stuff about Diebold--attracted a lot of hits, and
that automatically led Google, the cyberspace search engine, to position it
among the early-listed sites for many searches. One day Bev Harris, a
literary publicist in Washington who was doing research for a book on
vote-counting in computers, fed Google the right search words and the FTP
site itself popped up. Knowing little about computers, she turned to David
Allen, who was publishing her book, and he recognized the openly posted
source codes and much other data concerning Diebold voting machines.
A small group of activists in Georgia worked with Harris. One of them,
Roxanne Jekot, who runs a software consulting firm, analyzed "almost every
line" of the Diebold source code and found many ways to change vote totals
there and also in the Microsoft operating code. "The software is totally
junk," she says. "They sold vaporware." Determined to get peer review of
what she was finding, Jekot approached David Dill, the Stanford computer
science professor.
"Both Roxanne and Bev were very courageous and determined to lift the veil
of secrecy on the code," Dill says. "I think most academics would be much
more cautious, especially about publishing the fact that they looked at the
code. I certainly was, and I wasn't about to get other people in trouble by
asking them to help me. A number of us would be inclined to talk to lawyers
before doing anything too bold. So it made a huge difference that Bev
posted the code in New Zealand for everyone to download. That reduced but
didn't eliminate the legal risks of the Johns Hopkins/Rice University
people looking at the code. If Bev and whoever else was involved in
releasing this code had not been so brave, people [with strong professional
reputations] might not have been able to speak out so freely."
After some agreements on a division of roles, Avi Rubin of Johns Hopkins
and three other scientists produced a devastating twenty-three-page
exposure of the Diebold software. That was followed by two more damaging
technical studies in Ohio. Then a "Red Team" exercise to break the Diebold
code was staged at RABA Technologies' headquarters in Maryland. Four of the
eight computer scientists on the team had worked at the National Security
Agency, and the team director had been the senior technical director for
the NSA. The team concluded, "A voter can be deceived into thinking he is
voting for one candidate when, in fact, the software is recording the vote
for another candidate." A security vulnerability "allows a remote attacker
to get complete control of the machine." And one can "automatically upload
malicious software" that will "modify or delete elections." Some kids
sniffing around in cyberspace had led, step by step, to the dawning
national realization that computerized vote-counting puts democracy in
grave danger.
What You Can Do
Public interest groups are mobilizing to head off another Florida.
Petitions calling for a paper trail for DREs have attracted something
approaching half a million signatures. Lou Dobbs's quick poll on CNN on
"paper receipts of electronic votes" was running 5,735 to 85 for them on
July 20. Greg Palast and Martin Luther King III have more than 80,000
signatures on their petition against paperless touch-screens and the
purging of voter rolls. Global Exchange, the San Francisco-based
organization, is inviting twenty-eight nonpartisan foreign observers to
monitor the US election. Eleven members of Congress asked Kofi Annan to
send UN monitors. Cindy Cohn of the Electronic Frontier Foundation is
organizing attorneys for litigation against paperless electronic voting.
In mid-June the California secretary of state approved the nation's first
set of standards for a verified paper trail for touch-screen machines. A
recent "Voting, Vote Capture and Vote Counting" symposium at Harvard's
Kennedy School of Government has produced an "Annotated Best Practices,"
available at www.ljean.com/files/ABPractices.pdf. On June 29 the Leadership
Conference on Civil Rights and the Brennan Center for Justice, with the
endorsement of Common Cause, the NAACP, People for the American Way and
most of the leading scientific critics of paperless touch-screen voting,
sent the nation's local election officials a "call for new security
measures for electronic voting machines," including local retention of
independent security experts; the full report is available at
www.civilrights.org/issues/voting/lccr_brennan_report.pdf.
Douglas Kellner, the New York City election expert, believes the best
practical remedy for the dangers of computerized vote-counting is voting on
optical-scan systems, posting the election results in the precincts and
keeping the ballots with the machines in which they were counted. In all
computerized vote-counting situations the precinct results should be
publicly distributed and posted in the precincts before they are
transmitted to the center for final counting, Kellner says. Once they are
sent from the precinct the audit trail is lost.
Citizens can stay current on election developments via several websites:
electionline.org, a reliable and up-to-date source; VerifiedVoting.org,
Dill's group; notablesoftware.com, Mercuri's site; blackboxvoting.org, Bev
Harris's site; countthevote.org, the site of the Georgia group led by
Jekot; and these will key into many others. For a steady flow of news
stories on this subject (and a few others) from around the country, get on
the e-mail list of resist at best.com. Official information concerning each
state is available online at each state's website for its secretary of
state.
People should go down to their local election departments and ask their
supervisor of elections how they are going to know that their votes are
counted--and refuse to take "Trust us," or "Trust the machines," for an
answer. They can be poll watchers. Many organizations are fostering poll
watching, including People for the American Way's Election Protection 2004
project. Common Cause "has made election monitoring a major project," a
spokesperson says. VerifiedVoting.org is concentrating on having people
watch election technology, including pre-election testing as well as the
procedures on election day. Bev Harris is organizing people to do such work
(see her website).
Rebecca Mercuri says that if you believe an election has been corrupted
through voting equipment, you should collect affidavits from voters; get
the results from every voting machine for all precincts; get the names and
titles of everyone involved; inventory the equipment, including the
software, and try to have it impounded; demand a recount; and go to the
press. Noting that all counties that have rushed to purchase DRE voting
systems also have paper-ballot systems in place to handle absentee voters,
motor-voters and emergency ballots for when the system breaks down, she
suggests mothballing the DREs and using paper ballots. "Counties are saying
there's nothing they can do but use the DREs in November, and that is
simply untrue," Mercuri declares.
Much of this would be unnecessary if Congress enacted either the
Graham-Clinton or the Holt bill, which would empower voters to verify their
own votes and create a paper trail.
The computerized voting companies have precipitated a crisis for the
integrity of democracy. Three months to go.
--
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list