Is Electronic Voting Secure? Princeton Scientists: NO

Discussion in 'Et Cetera, Et Cetera' started by rawbone8, Sep 13, 2006.

  1. rawbone8

    Gold Member

    Joined:
    Jun 30, 2004
    Messages:
    2,864
    Albums:
    1
    Likes Received:
    4
    Gender:
    Male
    Location:
    Toronto (ON, CA)
    Diebold voting machines (introduced already in some jurisdictions) have never been permitted to be tested by independent third parties — until now. A machine was provided to Princeton scientists by Velvet Revolution. (a lefty umbrella organization of groups devoted to voting integrity)

    It is very disturbing to see how easily they can be hacked. See the Princeton demonstration here

    Read the article in Salon magazine
    (you will be asked to watch a very short ad to get a day pass into Salon.com)

    All I can say is. WOW.

    Especially lame is this defense offered by Diebold spokeman David Bear in the past:

    "[Our critics are] throwing out a 'what if' that's premised on a basis of an evil, nefarious person breaking the law," Bear told Newsweek after the March Emery County study. "For there to be a problem here," he further explained to the New York Times, "you're basically assuming a premise where you have some evil and nefarious election officials who would sneak in and introduce a piece of software … I don't believe these evil elections people exist."

    Unh huh. Of course. They broke the mold after Gordon Liddy was hatched.
     
  2. tripod

    Gold Member

    Joined:
    Jan 17, 2006
    Messages:
    5,250
    Albums:
    3
    Likes Received:
    465
    Gender:
    Male
    Location:
    Statesville N.C.
    Rawbone you rule! Awesome Post.
     
  3. Pecker

    Pecker Retired Moderator
    Gold Member

    Joined:
    Mar 5, 2002
    Messages:
    83,922
    Likes Received:
    34
    The only 'secure' voting system is in a country that has only one candidate to vote for.
     
  4. rawbone8

    Gold Member

    Joined:
    Jun 30, 2004
    Messages:
    2,864
    Albums:
    1
    Likes Received:
    4
    Gender:
    Male
    Location:
    Toronto (ON, CA)
    Pecker, I think we can appreciate that there are degrees of security and trust, and no system is perfect. Given the whining of the losers in the 2000 and 2004 election that fraud occurred, it's understandable that some might roll their eyes at this story. There has always been a presumed degree of skullduggery in some election practices, whether it is a paper ballot or not. Here with electronic touch screen voting, the means to fairly do a recount or do forensic audits seems to be compromised, in that the hacked computer systems would not show much of a trace.

    I think the issue of trust is incredibly important to the voters in the democratic process.

    On the other hand, a cynic might say maybe "the powers that be" simply snicker at the plebes actually getting heated up over safeguarding their right to vote. As though voting ever meant anything important in the scheme of how things really get done. :rolleyes:


    here is the Salon story

    Hack the vote? No problem

    Diebold, the e-voting-machine maker, has long sworn its systems are secure. Not so, says a new Princeton study. Converting votes from one candidate to another is simple.

    By Brad Friedman

    Sept. 13, 2006 | Having reported extensively on the security concerns that surround the use of electronic voting machines, I anxiously awaited the results of a new study of a Diebold touch-screen voting system, conducted by Princeton University. The Princeton computer scientists obtained the Diebold system with cooperation from VelvetRevolution, an umbrella organization of more than 100 election integrity groups, which I co-founded a few months after the 2004 election. We acquired the Diebold system from an independent source and handed it over to university scientists so that, for the first time, they could analyze the hardware, software and firmware of the controversial voting system. Such an independent study had never been allowed by either Diebold or elections officials.

    The results of that study, released this morning, are troubling, to say the least. They confirm many of the concerns often expressed by computer scientists and security experts, as well as election integrity activists, that electronic voting -- and indeed our elections -- may now be exceedingly vulnerable to the malicious whims of a single individual.

    The study reveals that a computer virus can be implanted on an electronic voting machine that, in turn, could result in votes flipped for opposing candidates. According to the study, a vote for George Washington could be easily converted to a vote for Benedict Arnold, and neither the voter, nor the election officials administering the election, would ever know what happened. The virus could also be written to spread from one machine to the next and the malfeasance would likely never be discovered, the scientists said. The study was released along with a videotape demonstration.

    "We've demonstrated that malicious code can spread like a virus from one voting machine to another, which means that a bad guy who can get access to a few machines -- or only one -- can infect one machine, which could infect another, stealing a few votes on each in order to steal an entire election," said the study's team leader, Edward W. Felten, professor of computer science and public affairs at Princeton.

    The Princeton study is the first extensive investigation of the Diebold AccuVote DRE (Direct Recording Electronic) system, which is employed in Maryland, Florida, Georgia and many other states. Such touch-screen voting systems made by Diebold will be in use in nearly 40 states in this November's elections.

    Felten and a small group of Princeton computer scientists implanted a nearly undetectable virus in a Diebold voting system. They managed to alter a voter's ballot -- after it had already been confirmed and cast -- and flip a vote to a candidate other than the one the voter had intended. As Felten explained, "We've also found how malicious code could also modify its own tracks [afterward] and remain virtually undetectable by elections officials. It wouldn't be found in the standard tests performed either before or after an election."

    The Princeton report shows that a virus could be inserted onto a Diebold voting system by a single individual "with just one or two minutes of unsupervised access to either the voting machine or the memory card," which is used with the system to store ballot definitions and vote tabulations.

    The question of unsupervised access to voting systems has long been at the core of the debate over the use and security of electronic voting machines. That debate reached a boiling point in California's June election, when programmed, election-ready Diebold voting machines were discovered to have been sent home overnight with poll workers on so-called sleepovers, in the days and weeks prior to the election, by San Diego County's registrar of voters. Poll workers in the county, and many others around the country, are given voting machines by elections directors to keep at home prior to the election. They are then deployed on election morning at polling sites. The vulnerabilities to hacking, however, in the newer electronic voting systems have made that practice a topic of great concern. Earlier this year the federal certification body for e-voting systems issued a memorandum requiring greater security for such systems.

    As a result of the security breaches via the voting machine "sleepovers" in San Diego County, the special election between Francine Busby and Brian Bilbray for the House seat of jailed Rep. Randy "Duke" Cunningham was contested by voting rights advocates. The legal suit charged that unrestricted access to the machines by poll workers compromised the election and violated both state and federal law.

    David Jefferson, a lead voting systems technology advisor for the California secretary of state and a computer scientist at Livermore National Laboratory, told "The PBS News Hour" just after California's primary election, "You can affect multiple machines from a single attack; that's what makes it so dangerous."

    Jefferson's comment was based on a report by independent computer scientist Harri Hursti and the firm Security Innovation after a recent test of the systems in Emery County, Utah. Last March, the experts gained access to a Diebold touch-screen system in the county. Their report revealed that a "feature" built into Diebold's touch-screen system could allow an individual to overwrite the election software, operating system and computer firmware with just a minute or two of unsupervised access to the machines -- no password necessary.

    Electronic voting systems such as those made by Diebold and a handful of other private corporations now dot the nation's electoral landscape. While virtually all of the systems currently set for use this November have been found to be vulnerable to hacking, tampering, inaccuracy and error, various elements of the Diebold voting systems have found their way into more independent hands-on investigations. A recent landmark report issued by New York University's Brennan Center for Justice detailed some 120 threats to e-voting security across all such systems.

    The computer scientists and security experts who issued the Emery County report have not been alone in pointing out vulnerabilities in the Diebold touch-screen system. Johns Hopkins computer scientist and elections-security expert Aviel Rubin was one of the original voices to declare the dangers of Diebold's systems. He analyzed source code from its voting machines that was left, by the company, unsecured on a public Internet site. He recently told Newsweek: "If Diebold had set out to build a system as insecure as they possibly could, this would be it."

    Diebold has repeatedly disputed the findings then as speculation. But the Princeton study appears to demonstrate conclusively that a single malicious person could insert a virus into a machine and flip votes. The study also reveals a number of other vulnerabilities, including that voter access cards used on Diebold systems could be created inexpensively on a personal laptop computer, allowing people to vote as many times as they wish.

    Diebold spokesman David Bear did not return Salon's calls for comment on the Princeton study. In the past, he has denied that such security concerns are notable.

    "[Our critics are] throwing out a 'what if' that's premised on a basis of an evil, nefarious person breaking the law," Bear told Newsweek after the March Emery County study. "For there to be a problem here," he further explained to the New York Times, "you're basically assuming a premise where you have some evil and nefarious election officials who would sneak in and introduce a piece of software … I don't believe these evil elections people exist."

    While previous reports on security in electronic voting systems examined a limited set of vulnerabilities, the Princeton study looked at the entire voting machine system over an extended period. "These are, by far, the most serious electronic vulnerabilities that have been published to date," Felten said.
     
  5. Mr. Snakey

    Gold Member

    Joined:
    Apr 9, 2006
    Messages:
    24,702
    Likes Received:
    25
    Yes Fraud on left Fraud on right! Do our votes really count?:cool:
     
  6. jeff black

    jeff black <img border="0" src="/images/badges/gold_member.gi

    Joined:
    Mar 2, 2006
    Messages:
    11,866
    Albums:
    1
    Likes Received:
    14
    Location:
    CANADA
    We are living in a world where you can hack anyone's Computer with a few selected key strokes.

    I would be highly doubtful of a result from an electronic vote. At least with paperwork, you can recount and verify.
     
  7. Pecker

    Pecker Retired Moderator
    Gold Member

    Joined:
    Mar 5, 2002
    Messages:
    83,922
    Likes Received:
    34
    James T. Kirk will still be distrustful of the computer on Stardate 2269-04-21 but that won't prevent him from using it.
     
  8. madame_zora

    Gold Member

    Joined:
    May 5, 2004
    Messages:
    10,252
    Likes Received:
    2
    Location:
    Ohio
    I posted this before here, but I was one of those unfortunate bastards in Ohio who had to vote on a paper ballot. I had moved that year, and when I called two months in advance to see if I had to re-register since I had moved within the state, I was told that that wouldn't be necessary and that I could do a change of address when I got there- no problem. Ohio actually changed that policy only a few days before the election, and made no announcement at all about it, so that's why I was on a (uncounted :mad: ) paper ballot.

    I had to go to a different building, and the line was long. One of the ladies working there, late, was bitching her head off to anyone around that the voting machines were garbage anyway, because they arrived registering votes for bush, and they had to be recalibrated. What she was fuming about was that they could only be recalibrated by Diebold employees! For that reason, they had been down for hours, and many people had chosen to vote on paper rather than waiting, making her job harder than it was supposed to be (clearly she was not expecting to do much that day). I wrote it off to whining until I heard other similar stories about the machines from other counties and other states as the weeks unfolded. Diebold was a MAJOR contributor to the bush campaign. Conspiracy theory? Suck my asshole.

    Tell me that when YOUR vote doesn't get counted because of a "mishap". Bull-fucking-shit. I'm a goddamned natural-born American, I have the right to expect MY government to count my vote. If they didn't have anything to hide, WHY WOULDN'T THEY COUNT THE FUCKING VOTES?
     
  9. Mr. Snakey

    Gold Member

    Joined:
    Apr 9, 2006
    Messages:
    24,702
    Likes Received:
    25
    This has been going on a long time. Look at the dead people who voted for J.F.K in 1963 in Chigago alone. I think its fair to say right and left have been doing this for some time now Its sad.
     
  10. dolf250

    dolf250 New Member

    Joined:
    Feb 2, 2005
    Messages:
    784
    Likes Received:
    0
    Gender:
    Male
    Location:
    The Great White North
    We have the husband of a candidate being charged under the elections act for trying to rig a municipal election. If anybody thinks that there is not some vote buying and attempts at fraud on a federal level they need to wake up.
     
  11. Pecker

    Pecker Retired Moderator
    Gold Member

    Joined:
    Mar 5, 2002
    Messages:
    83,922
    Likes Received:
    34
    I would like to see a permanent citizens' panel that could check up on these things but the problem with that is that they'd be appointed by politicos.

    Or they'd have to be voted in by other citizens who'd need a citizens' panel to keep an eye on the citizens' panel.
     
  12. SpeedoGuy

    Gold Member

    Joined:
    May 18, 2004
    Messages:
    4,229
    Albums:
    1
    Likes Received:
    10
    Gender:
    Male
    Location:
    Pacific Northwest, USA
    Perhaps some good news on this front. For whatever its worth, HR 550 "The Voter Confidence Act" (with 212 sponsors) is working its way through committee in the House. Among other safeguards, it calls for mandatory written paper records of votes cast. I think its worth supporting and have written my congressional representative to that effect.

    http://thomas.loc.gov/cgi-bin/query/F?c109:1:./temp/~c109qgbW3M:e1626:
     
Draft saved Draft deleted