September 23, 2004

By Sheila Lennon / The Providence (R.I.) Journal

7:31 p.m. Wednesday (Blogroll)

Day off tomorrow, back Friday.

Hacking the Presidential Election -- A Bipartisan Problem, Anyone Can Do It. That's the title of the press release for today's press conference at Washington's National Press Club at which voting activist Bev Harris (Black Box Voting) and computer experts demonstrated how election results could be changed.

And now the reports are rolling in. More overnight, I'd expect, as reporters who were there file for print deadlines.

Reuters reports that spokesmen for voting software manufacturers Diebold and Sequoia "said people were unlikely to get access to make any changes, and any attempts to alter the vote would be caught by security procedures already in place."

Nevertheless, all the campaigning, the volunteering, the time, money and effort is meaningless if the totals are electronically altered on election night. Safeguards and paper trails now could prevent a passel of Floridas on Nov. 3.

(Politicians of all stripes should be concerned. Hackers come in all stripes, too.)

Hacking the Vote: A Real and Present Danger: A release from the Institute for Public Accuracy boils it down:

At the National Press Club this morning, Harris and others demonstrated methods of manipulating vote-counting programs. Harris said: "We are able to use a hidden program for vote manipulation, which resides on Diebold's election software. This is a hidden feature enabled by a two-digit trigger (not a 'bug' or an accidental oversight; it's there on purpose). Also participating is Dr. Herbert H. Thompson, computer security expert and editor/author of 12 books including How to Break Software Security. Thompson shows how easily an election can be rigged by implanting a virus. Also, Jeremiah Akin, an independent computer programmer from Riverside, Calif., shows how to manipulate Sequoia Voting Systems software just before an election by switching the labels on the names of candidates. Andy Stephenson, associate director of Black Box Voting, shows how an unscrupulous person with no computer skills whatsoever can sabotage an election."

Activists Find More E-Vote Flaws: The crux of it, at Wired:

The vulnerabilities involve the Global Election Management System, or GEMS, software that runs on a county's server and tallies votes after they come in from Diebold touch-screen and optical-scan machines in polling places. The GEMS program generates reports of preliminary and final election results that the media and states use to call the winners....

Harris said the problem lies in the fact that GEMS creates two tables of data that don't always match. One table consists of rows showing votes for each candidate that were recorded on voting machine memory cards at each precinct. The other table consists of summaries of that precinct data. Officials use the raw precinct data to spot-check accuracy. For example, if all of the machines at a precinct record a total of 620 votes for Arnold Schwarzenegger, then the data in GEMS should show 620 votes for Schwarzenegger for that precinct. The official results that go to the state are based on the vote summaries produced by GEMS.

When election officials run a report on GEMS on election night, it creates the vote summaries from the raw precinct data. Then as absentee and provisional ballots get counted after Election Day and added into GEMS, the raw data numbers increase, while the vote summaries remain the same until the next time officials run a summary report and it regenerates totals from the raw precinct data.

Harris said it's possible to alter the vote summaries while leaving the raw data alone. In doing so, the election results that go to state officials would be manipulated, while the canvas spot check performed on the raw data would show that the GEMS results were accurate. Officials would only know that the summary votes didn't match precinct results if they went back and manually counted results from each individual polling place and compared them to the vote summaries in GEMS.

Diebold said because the two sets of data are coupled in GEMS it would be impossible for someone to change the summaries without changing the precinct data that feeds the summaries. And if they did, the system would flag the change.

But Harris said it's possible to change the voting summaries without using GEMS by writing a script in Visual Basic -- a simple, common programming language for Windows-based machines -- that tricks the system into thinking the votes haven't been changed. GEMS runs on the Windows operating system.

The trick was uncovered by Herbert Thompson, director of security technology at Security Innovation and a teacher of computer security at the Florida Institute of Technology. Thompson has authored several nonfiction books on computer security and co-authored a new novel about hacking electronic voting systems called The Mezonic Agenda: Hacking the Presidency...

More Diebold E-Voting Vulnerabilities: At Slashdot Politics, pointing to the Wired story above,

...it looks like Diebold has more to worry about now that it is possible to change votes with a 5 line VB script. 'The vulnerabilities involve the Global Election Management System, or GEMS, software that runs on a county's server and tallies votes after they come in from Diebold touch-screen and optical-scan machines in polling places.'"

This is followed by hundreds of comments from the programmers who call this site home.

Electronic-Vote Critics Urge Changes to System: Reuters,

...While it is too late to fix such flaws, officials should ensure that they have a paper backup of vote counts on every level, Harris and other activists said.

Officials should print up paper ballots rather than relying on touch-screen systems, and print out vote totals in each precinct and deliver them by hand to make sure centralized vote-counting computers are working properly, they said.

Congress has authority to force local officials to improve their procedures if they are reluctant to do so, they said.

But it has so far shown little interest in voting security, and bills that would require touch-screen systems to print out votes have failed to make it out of the committee level.

E-voting critics report new flaws: News.com covers the demonstration and adds,

Also on Wednesday, the San Francisco-based Electronic Frontier Foundation released a kind of election guide for geeks. Complete with photographs of the most popular models of e-voting machines, it lists their known flaws and problems that people have had with them in the past.

More background: VerifiedVoting.org.

Seen in the East Bay:

It's outside a veterinary clinic.

Cuba: Pictures from the Revolution. Last night we watched this beautifully photographed Discovery Channel documentary about Cuban-American photographer Roberto Salas, who in turn documented Fidel Castro for more than 40 years. It was on the Discovery Times cable channel, a collaboration of Discovery Network and The New York Times.

There's a video clip of the film here, 1:58 in high- and low-bandwidth Real Video.

Here are the times this will be shown again. On our local Cox Cable, DTimes is Channel 102.

Cat Stevens? Yusuf Islam, CatStevens.com.

British F.M. Rejects U.S. Reason For Deporting Cat Stevens: AFP,

British Foreign Secretary Jack Straw has complained to his US counterpart Colin Powell about the deportation from the United States of former pop star Cat Stevens as a possible terrorist risk, a report said Wednesday.

Straw, in New York for United Nations meetings, had spoken to Secretary of State Powell about the imminent removal of the British musician, his spokesman was quoted as saying by Britain's domestic Press Association (PA) news agency.

"He (Straw) heard the reports of the incident involving Cat Stevens," the spokesman was cited as saying by PA. "He did say to the Secretary of State that this action should not have been taken". ...

ABC reports,

Islam has made a number of trips to the United States in recent years, including one in May for a charity event and to promote a DVD of his 1976 MajiKat tour. He donated half the royalties from his most recent boxed set to the Sept. 11 Fund to help victims of the attacks.

His 21-year-old daughter, Maymanah,with whom he was traveling, was allowed to enter the U.S.

Foolish geek tricks: Geekpress suggests the photo of the 1954 RAND model of the 2004 computer, blogged here yesterday, is a hoax:

Update on the "Home Computer" picture: The photograph is apparently a Photoshopped hoax. Reader Mike Jaeger pointed out,

That is the control panel from an old naval nuclear reactor. On the far right is the EPCP (electric plant control panel) where the electrical operator on watch ("EO") controls power flows and breaker positions (notice the schematic laid out with switches for breakers). In the middle section is where the reactor operator ("RO") sits. He shims the control rods up and down in the reactor core with the lever (the L shaped lever just in front of the horizontal bar) and on the left is the throttleman station (usually manned by electricians). The large wheel is used to open/close ahead steam valves to the propusion shaft, while the smaller wheel is used to open/close back steam (astern throttles). The two wheels would be used in conjunction with each other to get the shaft to stop from a forward rotation, and then go in reverse (ahead steam is removed and astern steam applied to stop the shaft). The different gauges are specific to each station, with the throttleman concerned about power to steam flow ratios, steam pressures, etc. The RO cares about primary water avg. (coolant) temp, pressures, etc. The EO is watching vital bus voltages, and charging the battery with a trickle charge.

Thought you may like to know that (I used to sit on the far right, but on a newer version of that same panel).

Thanks for the correction, Mike!