Most of the many news stories, e.g. Wired News or the New York Times, dealing with the hazards of electronic voting deal with problems of individual DRE machines. However, hacking individual voting machines, while commonly done, is far from the most efficient way to steal an electronic election.
In a recent story investigative reporter Bev Harris points out that:
"The central tabulator is far more vulnerable than the touch screen terminals. Think about it: If you were going to tamper with an election, would you rather tamper with 4,500 individual voting machines, or with just one machine, the central tabulator which receives votes from all the machines? Of course, the central tabulator is the most desirable target."
She then details the design vulnerabilities of the Diebold GEMS software used in the central tabulator from version 1.17.7 forward and willingly demonstrates how election results can be manipulated without detection (see press conference announcement below).
Ah, but election officials, virtually none of whom have one whit of training or background in computer security, claim that it is impossible to access their machines. Unfortunately, when RABA Technologies (PDF) tested that claim it proved to be utterly, and potentially disastrously, false. Their investigators found that with the correct phone number for the central computer, which is given to every election judge to transmit the precinct election results via modem, they could take control of the entire server from any phone in the world. And how many election officials even bother to change these phone numbers between elections? Lets see, China was willing to rent the LIncoln bedroom for something like $500,000 to help Clinton. Dialing in seems like a lot cheaper alternative. And other methods of intrusion are quite possible, as outlined by Bev Harris.
OK, so connecting to the Diebold GEMS servers presents no real problems. But, you think, how will a hacker know what to do when they get access? Aren't the vote totals protected and secure? Isn't the software secret?
Want to set up your own GEMS central tabulator for practice on your PC? You can get versions 1.17.15, 1.17.23, or 1.18.17 at this site together with rather comprehensive instructions. You will need Microsoft Access, which comes bundled with Office, as well.
Incidentally, the Colorado Sec. of State provides an inventory of voting equipment. The following Colorado counties use Diebold GEMS v. 1.17.23: Adams, Broomfield, Delta, Douglas, Eagle, El Paso, Larimer, Montezuma, Pitkin, and Weld. La Plata, Teller, and Yuma counties use GEMS v. 1.17.22 but that shouldn't be any real problem for the typical teenage hacker. Or you might want to see if the election IT person is for sale. Something like that happened in the November 2003 election in Denver. $44,000 is peanuts in an American election campaign.
It's likely you can obtain a similar inventory of voting equipment for your state with not much more effort. If you live in Georgia or Maryland simply assume your county uses Diebold GEMS software. And central tabulators from other vendors can be hacked as well. Diebold is simply the best publicized and documented, as well as one of the most widely used systems.
Bev Harris has provided a number of suggestions and solutions to the Diebold security issues that could be implemented by November. The Brennan Center for Justice has assembled an impressive group of voting experts and issued a very helpful report on improving election security. But Bev Harris suggests no election officials have, to her knowledge, implemented any of these ideas. Certainly our local county clerk and commissioners have responded to my security suggestions by burying their heads in the sand. However, the El Paso County Clerk did admit yesterday that voter registration fraud has become apparent and voter registration fraud has recently been reported in Denver metro areas.
It seems a virtual certainty that some hackers will be motivated to try their skills in the November election. And consider, how might we catch or punish a Chinese hacker? One can assume some of these hackers won't be Americans.
Conversely, the reaction of election officials and voting equipment manufacturers to these clear threats has been to universally deny the problems and claim hacking can't be done. That despite the fact that virtually every informed computer expert in the U.S. is saying voting machines can be easily invaded and manipulated.
For those seeking further information the press conference tomorrow may be of interest. A great deal more information on election fraud can be found at http://www.ejfi.org/Voting/Voting.htm.
Washington D.C., Wednesday, September 22, 2004. Two press events: 9:30 a.m. (National Press Club, by invitation only; features a surprise and a three-hour head start for TV news) and 12:30 p.m. EST (The Ballroom at Heldref Publications, open to all journalists, policymakers, and to the public)
Startling demonstrations using real election software proving that any teenager or terrorist with a laptop can create havoc with the election results in November. Or, more onerous -- Anyone with an agenda or a profit motive can help themselves to an election with a subtlety that defies detection.
1. 9:30 a.m., The National Press Club, 529 14th Street NW; Washington D.C.; Zenger Room (A small gathering by invitation. If you are a member of Congress or a network representative, call (206) 335-7747, (206) 778-0524, (512) 736-5802 or (512) 775-3737 to get on the invite list. Some contact lines are congested, please keep trying.)
Bev Harris, Executive Director, Black Box Voting (www.BlackBoxVoting.ORG) will demonstrate a hidden program for vote manipulation, which resides on Diebold's election software. This is a secret feature enabled by a two-digit trigger. (Not a "bug" or an accidental oversight; it's there on purpose.) The Diebold central tabulator system election software will count 50 million votes, approximately 50 percent of the votes in November's election.
Dr. Herbert H. Thompson, computer security expert and editor/author of 12 books including "The Mezonic Agenda: Hacking the Presidency." Thompson will demonstrate how easily an election can be rigged by implanting a virus.
Two emergency solutions will be presented by Bev Harris, Black Box Voting; and Sharona Merel and Joan Krawitz, Co-Founders of the National Ballot Integrity Project. These inexpensive and achievable emergency measures to ensure the integrity of the 2004 vote count can be implemented immediately.