TigerLilly will love this
In mid-February, Black Box Voting, together with computer experts and
videographers, under the supervision of appropriate officials, proved
that a real Diebold system can be hacked.
This was not theoretical or a "potential" vulnerability. Votes were
hacked on a real system in a real location using the actual setup used
on Election Day, Nov. 2, 2004.
In October, Black Box Voting published an article on this Web site about
remote access into the Diebold system. After examining the Diebold
software and related internal e-mails, local security professionals were
able to demonstrate a hack into a simulated system.
In February, we were allowed to try various hacking techniques into a
real election system. To our surprise, the method used in our October
simulation did not work.
However, another method did work. The hack that did work was
unsophisticated enough that many high school students would be able to
achieve it. This hack altered the election by 100,000 votes, leaving no
trace at all in the central tabulator program. It did not appear in any
audit log. The hack could have been executed in the November 2004
election by just one person.
This hack stunned the officials who were observing the test. It calls
into question the results of as many as 40 million votes in 30 states.
We are awaiting the response of the House Judiciary Committee to this
new development for their investigation.
In another real-world example, Black Box Voting obtained the actual
files used in the Nov. 2 election in a specific county. In this
situation, the local officials did not know how to run their Diebold
system, so a Diebold tech ran the election in that county. Election
officials remembered the Diebold tech's first name, but not his last name.
The Diebold tech had gone home after the election, and no one in the
county was able to access their own voting system, leading to some
consternation because they could not provide our public records request.
Because local officials could not access their logs, we were given
permission to sit down and copy files. (We have since found that this is
not an isolated problem -- many local officials are painfully unfamiliar
with their own voting systems.)
Local officials did not know their password, so Bev Harris asked if they
would like her to hack the password. They said "yes" (!)
Later, to our even greater surprise, Bev Harris found that the password
set by the Diebold tech on this real election file, used in the Nov.
2004 election was ... drum roll please ... the diabolically clever
password: "diebold." (This took only two tries to guess.)
The significance of these two reports is this: By hacking into the
central tabulator so easily, we showed that Diebold has not told the
truth about the security of its system. Indeed, the software being used
in BOTH examples is still extremely vulnerable, with little or no effort
made to correct its security flaws.
Re: TigerLilly will love this
Yeah.... could be.... simulated...flaws....blah blah.... The fact is no electronic system has ever been proven to actually have been hacked in a real election.... yet regular paper voting systems have been fraudulantly manipulated (i.e. hacked) thousands of times. Multiple voting, voter inelligibility (non-citizens, felons, dead people, pets voting), invalid/multiple registrations, ballots sent out too late (especially to military voters), provisional ballots erroneously counted, etc. are all far worse real problems than something that's never happened. Let's worry about things that have really happened in elections, not something that could have happened (but didn't). Reform real problems, not fake ones. There are so many holes in the paper system. Any holes in the electronic systems can easily be plugged. It really isn't rocket science. A simple parallel audit trail held in protected non-volatile memory would make any fraud easily detectable. But stolen or destroyed paper ballots may be hard to detect. We rely on electronic systems for all our banking and billing, for medical systems, for innumerable critical requirements and complex processes. Surely with a little effort voting systems can be secured as easily as an other. It sounds like most of the described "flaws" are really human failures (people not knowing their passwords, etc.).
Re: TigerLilly will love this
I agree Missi that the major objections being directed towards electronic voting systems seem to originate in areas that have a blatant history of dead people rising from their graves on election day, absentee military ballots being 'lost', and a host of other time tested techniques.
As far as I understand it, all approved electronic voting systems must have either a paper audit trail or operate with parallel online systems (i.e. one server in each precinct plus another server at a more central remote location, with each voting machine sending data to both servers simultaneously plus keeping its own third record internally). Thus, while it's always possible to 'hack' something given enough unrestricted physical access, programming skill and motivation, successfully 'hacking' a voting precinct's electronic voting system is much more complex than doctoring paper ballots or making a 'transcription error' when writing down mechanical voting machine counter settings, or flex-folding punch cards on their way into the card reader.