SCOOP EDITOR'S NOTE:
What follows is a set of discoveries, the result
of the first-ever public examination of a secret, proprietary computer program
used to count votes in 37 states. A hundred dollar item allows anyone to stuff
the ballot box; remote access was left unprotected, encryption keys were made
available to hackers, and passwords, audit logs and votes were easily
This report, and all information not attributed to others here, was provided by Bev Harris, author of "Black Box Voting: Ballot-Tampering in the 21st Century."
WHY THE BIG DEAL?
You can overwrite votes. You can vote more than once. The system is vulnerable to both inside and outside attacks. Intruders can overwrite audit logs. You can assign passwords to all your friends.
"Our analysis shows that this voting system is far below even the most minimal security standards applicable in other contexts." -- Researchers from Johns Hopkins and Rice Universities, in paper just released: "Analysis of an Electronic Voting System" http://avirubin.com/vote.pdf
"Computer Voting Is Open to Easy Fraud, Experts Say" (New York Times, July 24 2003) http://www.nytimes.com/2003/07/24/technology/24VOTE.html
These discoveries were made after examining Diebold voting system files left on an open web site, in a security breach somewhat stunning in magnitude. These files had been stored, unprotected, on a company web site for several years. The site appeared to be in continuous use, with new files added frequently, and its design invited visitors into an ftp page, which was available with anonymous access and no password. On
Diebold machines are used in 37 states;
The files on the Diebold ftp site indicate that security flaws are not limited to touch screen machines; the problems with Diebold's GEMS software also exist in Diebold optical scan machines, like those used in King County Washington. For a complete list of locations using Diebold machines as of Feb. 2003, go to the list of Diebold locations found in: http://www.blackboxvoting.org/mfr.pdf, bearing in mind that many new purchases have been made since that time.
State laws typically allow only limited examination of the paper ballots, taking tallies directly from Diebold optical scan machines, even in recounts. Therefore, insecure optical scan software also poses a grave risk to voting security, since tampering is unlikely to be spotted. Under a previous company name (Global Election Systems) Diebold machines counted 40 percent of
Diebold systems go by the name "AccuVote" and "AccuTouch," and the software program is called "GEMS."
[Electronic voting] "places our entire democracy at risk" say experts:
"We highlight several issues including
unauthorized privilege escalation, incorrect use of cryptography,
vulnerabilities to network threats, and poor software development processes.
For example, common voters, without any insider privileges, can cast unlimited
votes without being detected by any mechanisms within the voting
"Furthermore, we show that even the most serious of our outsider attacks could have been discovered without the source code. In the face of such attacks, the usual worries about insider threats are not the only concerns; outsiders can do the damage. That said, we demonstrate that the insider threat is also quite considerable. We conclude that, as a society, we must carefully consider the risks inherent in electronic voting, as it places our very democracy at risk." More:
Other security flaws:
- Bev Harris bypassed the Diebold voting system password in 10 minutes, using the officially certified version of the GEMS program. See illustration:
- Switched votes on the Diebold voting system. See illustration:
- Compromised the audit log on the Diebold voting system: See illustration:
The state of California, which is soon to have an election on the recall of Governor Gray Davis, has Diebold machines in many counties, including heavily populated Los Angeles and San Diego counties.
"I have called
Harris hopes to obtain a higher level of cooperation from Microsoft, upon whose operating system the Diebold voting program is based.
"One of my sources reported a problem in the Windows code, apparently a change made by the Diebold programmers that could affect security, and I explained the urgency of the situation. I told Microsoft that these machines are used in 37 states, and requested immediate help to identify whether the Windows code had indeed been rewritten, and an opinion from them as to whether it compromises security. I hope to obtain their assistance as soon as possible."
According to Professor Douglas Jones, at an official examination in Iowa, when asked about this, the representatives of Global [Global Election Systems, now Diebold Election Systems] stated, firmly, that the version of Windows they used was purely unmodified commercial off-the-shelf software, and therefore not subject to a source code audit under the FEC/NASED certification rules. He discussed potential problems with this in his testimony before the U.S. Congress (House Science Committee on
- See also: Misleading statements by Diebold about remote communications in voting machines. If Diebold does not tell the truth about a simple thing like "do these voting machines have modems," can we believe the rest of what they have to say?
(contains photocopy of modem and internet communications with Wide Area Network and Web servers, from the Diebold sales presentation made to the State of
- See also: Technical questions to ask Diebold, and technical analysis of Diebold flaws, by Professor Doug Jones: http://www.cs.uiowa.edu/~jones/voting/dieboldftp.html
In the July 24 New York Times article, when asked about the unprotected web site, Diebold spokesman Joe Richardson states that "files were over a year old."
In fact, the files were being uploaded to the web site almost daily, until it was taken down on
Here is an interview with the technician in charge of the Diebold site: http://www.blackboxvoting.org/lies.htm#lancaster
Here is an interview with a technician who describes how the site was used:
Here is a GEMS User's Manual that encourages election workers to download from the unprotected Diebold web site:
(see page 221)
"This is a program that will have been set up by your Diebold Support Specialist to connect directly into the Diebold FTP site. It is easy to use and fun as well. Connect to the Internet the normal way…"
Note that Diebold officials have insisted that the machines do not connect to the Internet, "for obvious security reasons." (See statements at
WHO TESTS AND CERTIFIES THESE SYSTEMS?
The story gets a bit odder here. An unelected person named R. Doug Lewis runs a private non-profit organization called "The Election Center." Lewis is possibly the most powerful man in the
Wyle Laboratories is the most talked-about voting machine certifier, probably because it is the biggest, but in fact, Wyle quit certifying voting machine software in 1996. It does test hardware: Can you drop it off a truck? Does it stand up to rain?
Software testing and certification is done by Shawn Southworth. When Ciber quit certifying in 1996, it was taken over by Nichols Research, and Southworth was in charge of testing. Nichols Research stopped doing the testing, and it was taken over by PSInet, where Southworth did the testing. PSInet went under, and testing functions were taken over by Metamore, where Southworth did the testing. Metamore dumped it, and it was taken over by Ciber, where Southworth does the testing.
WHO RUNS DIEBOLD ELECTION SYSTEMS? WHO WROTE THE
Urosevich is the CEO of Diebold Election Systems. Urosevich created the
original software architecture for Diebold Election Systems, and his original
company, called I-Mark Systems, can be found in the source code
signatures.Prior to programming for and taking over Diebold Election Systems,
Urosevich programmed for and was CEO of Election Systems & Software
(ES&S), which counts 56 percent of the votes in the
# # # # #
ENDNOTE: This is a multifaceted story
that will unfold continuously over the next year, but the urgent concern of