Electronic Voting Machines Exposed

An independent team of computer experts has exposed how electronic voting machines are insecurely programmed and are vulnerable to hackers who can manipulate data and steal elections without leaving a trace.

 

Exclusive to American Free Press

By Christopher Bollyn

 

A team of computer security experts has examined the software that runs one of the leading touch-screen voting systems currently being used in the United States and discovered “significant security flaws.” The voting system examined fell “far below even the most minimal security standards.”

Three experts from the Information Security Institute (ISI) at Johns Hopkins University in Baltimore and a fourth from Rice University in Houston analyzed the source code—programming that makes up software which runs a computer system—found on a publicly avail able web site belonging to Ohio-based Diebold Election Systems Inc. (DESI).

Bob Urosevich heads DESI. His brother Todd is a vice president at a competing company, Omaha-based Election Systems & Software. These two companies count nearly 80 percent of the votes cast in the United States.

The Hopkins group and other experts believe the “source code” they examined is used in Diebold’s direct recording electronic (DRE) AccuVote-TS (touch screen) voting system. The AccuVote-TS system was first used on a statewide basis in Georgia on Nov. 5, 2002.

Aviel D. Rubin, an associate professor of computer science at Johns Hopkins and technical director of ISI, headed the study. The group’s 24-page report, “Analysis of an Electronic Voting System,” was released on July 23. It is available at: http://avirubin.com/vote.pdf.

“The most fundamental problem with such a voting system is that the entire election hinges on the correctness, robustness, and security of the software within the voting terminal,” the report said. “The model where individual vendors write proprietary code to run our elections appears to be unreliable, and if we do not change the process of designing our voting systems, we will have no confidence that our election results will reflect the will of the electorate.

“Electronic voting,” the report concluded, with its inherent risks, “places our very democracy at risk.

“The only known solution to this problem is to introduce a ‘voter-verifiable audit trail,’ ” the report says, in which “the tally of the paper ballots takes precedence over any electronic tallies.”

What the experts from Johns Hopkins reported verifies what AFP and The SPOTLIGHT have been saying since November 2000: Electronic voting systems are fundamentally insecure and have intrinsic flaws that can be exploited to commit massive vote fraud.

A truly verifiable voting system requires paper ballots that are openly counted by hand. When there is no observable vote count done at the local polling place, there is no “authentication” of the tally.

“We found some stunning flaws,” Rubin said.

Dan S. Wallach, assistant professor of computer science at Rice University, added: “We found a list of flaws, any one of which could ruin the integrity of the election.”

The “glaring weakness in the system is a lack of a verifiable audit trail to double-check voting results,” Rubin told Associated Press. “I think they need to have paper trails, and I don’t think these kinds of machines should be used for voting.”

Rubin told American Free Press that just as he was about to release the report on the Diebold voting system, he learned that election officials in Maryland had decided to spend $55.6 million to purchase nearly 11,000 of the Diebold machines.

The Diebold paperless touch-screen voting system was first deployed on a statewide basis in Georgia for the 2002 election. The outcome in Georgia was a “stunning” and “historical” upset in which Republican candidates won both the governor’s mansion and a seat in the U.S. Senate. The Republican challengers in Georgia had been trailing the Democratic incumbents in both races by 5 to 11 point margins the week before the race.

Although most Georgians expected incumbent Sen. Max Cleland to win, the Diebold voting system declared the dark horse Republican candidate Saxby Chambliss the winner. Chambliss won 53 percent of the vote, according to the Diebold-generated tally. A similar upset occurred in the gubernatorial race in which a Republican candidate won for the first time in 130 years. The upset in Georgia was of national significance. As Chambliss says on his web site: “With our win on Nov. 5, we returned control of the U.S. Senate to Republicans and gave President Bush the tools he needs to implement his agenda for America.”

Because the Diebold system is paperless and the “counting” of the votes is done out of sight, within a networked computer system, there is no way for any voter to know if his or her vote was counted correctly.

The experts’ “analysis of a voting machine” discovered a host of security flaws in the software and exposed how the system is virtually wide-open to vote fraud and manipulation of the results. The Diebold voting system is open to “insider” attacks at every point of contact on the network, including the voter, and from “outsider” attacks on the data as it is transmitted.

Obvious flaws in the code were left uncorrected. The report said, “There appears to have been little quality control in the process.”

Because the voting machines communicate in a network, anybody with access to the data, from the poll worker to a telephone company employee, could manipulate the data and the outcome.

The AccuVote-TS voting machine requires a voter to insert a “smartcard,” bearing a computer chip, before voting. However, the study found that Diebold’s “use of smartcards provides very little (if any) additional security and, in fact, opens the system to several attacks.”

By forging or altering a smartcard, a voter can vote multiple times, access administrative functions, and even close the polling station by shutting down the machine, according to the study.

The system could be tricked by anyone with $100 worth of computer equipment, Adam Stubblefield, one of the experts from Johns Hopkins, said.

If a voter were to cast multiple ballots, there is “no way for the tabulating system to count the true number of voters or distinguish the real votes from the counterfeit votes,” the report said.

A poll worker could access the data in the system and change the ballot so that votes cast for one candidate would be counted for another. In this way an underdog candidate would win in an upset. Voters in Georgia reported that when they touched one candidate’s name on the screen another candidate’s name appeared.

As James and Kenneth Collier wrote in 1992 in their book, VoteScam: “The concept is clear, simple, and it works. Computerized voting gives the power of selection, without fear of discovery, to whomever controls the computer.”

“The bottom line is that all of the existing electronic voting machines are fundamentally flawed,” Peter G. Neumann, principal scientist at Stanford Research Institute’s International’s Computer Science Laboratory in Palo Alto, California, said. “The real problem is that the federal election system standards stink. They allow totally insecure voting systems to be certified.”

The problems with the Diebold software represent “just the tip of the iceberg,” Neumann told American Free Press. “This is a weak link problem in a system in which there is nothing but weak links—this is an end-to-end problem.”

“We believe the software code they evaluated, while sharing similarities to the current code, is outdated and never used in an actual election,” Diebold said in a statement.

AFP asked Diebold spokesman Joe Richardson if the software code in question had been used in Diebold machines during the Georgia 2002 election. “We are still looking into that,” Richardson said.

Neumann said: “Its very likely this code was used in Georgia.”

Georgia spent $54 million to buy 19,000 voting terminals to create the first “uniform, state-wide” electronic voting system from Diebold in 2002. Michael Barnes, Georgia’s assistant director of elections, oversaw the conversion to the new machines.

Former Georgia Gov. Roy E. Barnes appointed Larry J. Singer to serve as the state’s first Chief Information Officer (CIO) and Executive Director of the Georgia Technology Authority (GTA) in July 2000. Singer served as a “policy and budget advisor to the executive and legislative branches on technology-related issues” and played a key role in bringing the Diebold machines to Georgia. After the election, Singer suddenly resigned on Nov. 25, 2002.

AFP asked Barnes if the state of Georgia had inspected the Diebold code before buying the machines.

Barnes said, “It went through two levels of testing, first at the Federal Election Commission (FEC), who went through the code line-by-line, and then at Wyle Laboratories in Huntsville, Ala.” Finally a professor at Kennesaw State University, Brit Williams, put the voting equipment through a “mock election,” Barnes said.

Williams has served in senior positions advising the FEC on voting equipment. He was unavailable for comment.

“No we did not,” said FEC spokesman Brian Hancock, when asked if the federal agency had inspected the Diebold code “line-by-line” as the Georgia official said. “He [Barnes] has a fundamental misunderstanding. We don’t test anything.”

AFP asked Dan Reeder, spokesman for Wyle Labs if they examined the computer code for voting machines. “No,” Reeder said, “we only do the hardware tests. We check the machines for shaking and vibration. We don’t check the software.”

Bev Harris, author of Black Box Voting: Ballot-Tampering in the 21st Century, asked Williams whether he had looked at the code. “We don’t look at the source code, that’s the federal certification labs that do that,” Williams said.

Harris asked Williams about the Diebold web site where the source code had been located. The site also contained “lots of files,” Harris said. One file “was called ‘rob-Georgia’ which contained files with instructions to ‘replace GEMS files with these’ and ‘replace Windows files with these and run program.’ Does this concern you?” she asked Williams.

He was not familiar with the site, he said.

Diebold voting systems use a software program called “GEMS,” Global Election Management System, which carries the name of the company Diebold acquired in 2001, Global Elections Systems.

“Since no one at the state level looks at the source code, if the federal lab doesn’t examine the source code line by line, we have a problem, wouldn’t you agree?” Harris asked.

“Yes. But wait a minute,” Williams said, “I feel you are going to write a conspiracy article.”