portland independent media center  
images audio video
newswire article reposts united states

election fraud | political theory | technology

the REAL Scoop on Diebold Computer Vote Fraud

Aviel Rubin called allegations by Bev Harris that the Diebold software may have been *designed* to facilitate fraud "ludicrous"--because his team NEVER EVEN EXAMINED the Diebold software in question. Incredibly, this software keeps not one, but two Microsoft Access data tables of voting results--like a business keeping two sets of account books. The two tables are notionally identical copies of the votes collated from all polling stations. The first table is for on-demand reports which might uncover alteration of the data--such as spot checks of results from individual polling stations. The second table is used to determine the election result--but it can be hacked and altered to produce fake election totals without affecting spot check reports derived from the first table.
vote Early and Often!
vote Early and Often!
THE REAL SCOOP ON DIEBOLD

25th July, 2003 by Fintan Dunne,
Editor www.GuluFuture.com


On 24th July, 2003 an important story  link to www.nytimes.com
broke. Johns Hopkins University researchers  http://avirubin.com/vote.pdf found that electronic voting machines are full of security flaws which can allow fraudulent election results. A scandal indeed.

But like many reported 'scandals' this is a pseudo-investigation. In truth, the news was two weeks old. Alternative media site Scoop.co.nz first broke the unabridged full story  http://www.scoop.co.nz/mason/stories/HL0307/S00065.htm
, by Bev Harris --back in early July, 2003.

The Johns Hopkins team only decided to commence their investigation precisely when the Scoop story hit the Internet. Now, in double-quick time they are in print in the New York Times (followed by Yahoo News and MSNBC) with what the NYT called "the first review of the software by recognized computer security experts." Author of the Scoop articles, Bev Harris, although a world leader in this field, is sadly unrecognized --by the NYT at least. So the NYT coyly ignores the explosive content of her prior Scoop story.

Why? Note this remark by Aviel Rubin, of Johns Hopkins University, who led the team which examined Diebold software used in voting machines across the USA. When asked to comment on allegations by Bev Harris that the Diebold software may have been designed to facilitate fraud, Rubin described the claim as "ludicrous."

Rubin could dismiss the allegation of deliberately fraudulent design in Diebold software, because his team never examined the Diebold software in question. They only looked at security flaws in the touchscreen terminals and smart cards used by voters. It's true, these are deeply flawed, but not criminally flawed.

The jaw-dropping revelations in the Scoop story did not relate to the touchscreens, but the Diebold software running on the servers  http://www.scoop.co.nz/mason/stories/HL0307/S00065.htm which collate the results from many individual touchscreens. It is here that the smoking gun was found.

Incredibly, this software keeps not one, but two Microsoft Access data tables of voting results  http://www.blackboxvoting.org/access-diebold.htm#votes It's like a business keeping two sets of account books. The two tables are notionally identical copies of the votes collated from all polling stations. The software uses the first table for on-demand reports which might uncover alteration of the data --such as spot checks of results from individual polling stations.

And here's where it got scary. The second of the two tables is the one used to determine the election result. But the second table can be hacked and altered to produce fake election totals without affecting spot check reports derived from the first table. These will still check out.

The election officials using menu-driven Diebold software are never aware there are two underlying data tables.

Finally, alterations to the second table can be accomplished by dialing into the Diebold server across the Internet through a maintenance port. Whew!

Is this software designed with criminal intent? Consider this: If the IRS called to a business and found two sets of books -one used for IRS spot checks and a second, alterable set used to make IRS returns, do you think they might be a little bit annoyed?

Yet even though the Johns Hopkins team sourced their data from Scoop and surely knew of the full implications of Bev Harris's discoveries, by only looking at touchscreen stations in their investigation, they can with straight faces dismiss the deliberate intent allegations as "ludicrous."

The real Diebold story may have been so hot, that some in US media and academia have co-opted the controversy and have masked it's full scope. It's not the first time this tactic has been used. For the straight dope on Diebold, go to the people who got the scoop!
 http://www.scoop.co.nz/mason/stories/HL0307/S00198.htm

homepage: homepage: http://www.gulufuture.com/diebold_scoop.htm
address: address: Editor, GuluFuture.com


Technical Response To The Johns Hopkins Study On Voting Systems 27.Jul.2003 19:34

Diebold

Technical Response To The Johns Hopkins Study On Voting Systems

Diebold is in the process of performing a complete review of the lengthy research article about one of Diebold's election products, dated Wednesday, July 23.

A prior version of Diebold's touch screen software was analyzed while it was running on a device on which it was never intended to run, on an operating system for which it was not designed, and with minimal knowledge of the overall structures and processes in which the terminal software is embedded. In addition, many of the weaknesses attributed to the operating system on which the software was tested are inapplicable to the embedded operating system actually used by Diebold. As a result, many of the conclusions drawn by the researchers are inaccurate or incomplete with respect to the security of this particular element of Diebold's voting system.

The researchers installed and analyzed a prior version of the AccuVote-TS software on a typical personal computer, on which a generally available Microsoft® operating system was installed. This personal computer on which the software was analyzed also had an internet or continuous modem connection, a keyboard, and disk drives. The exploitation of many weaknesses attributed to Diebold's software resulted from this configuration, which does not exist when the software is used in a Diebold voting terminal.

A continuous or unmonitored internet or modem connection would be necessary in order for last minute or stealth changes to be downloaded to a voting terminal. As installed by Diebold, this voting terminal contains neither. Diebold does not connect its voting terminals to the internet. All downloads to the terminals for purposes of programming take place over a secure connection to an isolated server, to which the voting terminal is generally only briefly connected. Once the changes have been made, the terminal is disconnected, the software tested, the terminal is locked and a tamper-indicating device affixed.

Unlike the personal computer on which the analysis was performed, the voting terminal does not have a standard keyboard or disk drives, and the redundant memory is physically locked into the machine. This makes unavailable the easy access required to accomplish some of the other security breaches that have been suggested.

Similarly, unlike the personal computer on which the analysis was performed, the card reader is an integrated portion of the terminal. This prevents the signal monitoring which, it was suggested, could easily be used to capture the data needed to create a "homebrew" voting card. Further, because the actual voting booths are not the enclosed structures the researchers may be used to, it was inaccurately suggested that it would be easy to use a readily available device to capture the data without detection. The data which would be needed to create voting cards varies from election to election, so creating voting cards would be difficult without access to such captured data.

Similarly, the suggestion that election results would be intercepted and modified during uploading is unrealistic. First, any results transmitted via modem are always considered unofficial results; the official results are transported solely by means of a memory card, which is locked into the system during voting. Any modified unofficial results would not match the official results and would immediately be rejected. In addition, it is very unlikely that any individual would have all the information required to implement such an attack.

Beyond the code analysis, the researchers suggested that Diebold lacked an adequate change control process. Systemic control is in place, both internally and externally. Diebold's extensive change control process is not embedded in its source code, nor would it be expected to be. In addition to the internal programming group and quality control, the software is tested externally by independent testing authorities. Once delivered to the customer, the software is tested for logic and accuracy both before and after each election. An individual intent on inserting malevolent code, would require the cooperation of the programmers, the quality assurance group, the independent testing authorities, the multiparty observers, and poll workers.

In addition, programmers draft code to deal with party IDs, candidate IDs, precinct IDs, and other generic object identifiers, not individual identified candidates or parties. The actual information associated with these identifiers is entered by individuals in a particular election jurisdiction. Because the specific association between a generic identifier and a particular candidate is not predictable in advance, it would be nearly impossible for a programmer to craft programming to favor a particular candidate or political party without the active cooperation of the individual in the election jurisdiction who formats the ballots. It is extremely unlikely that this kind of cooperation would occur in the first place or, if it did occur, would go unnoticed by the quality assurance group, the independent testing authority, the multiparty observers, and poll workers.

The democratic process is a fiercely held right in the United States, and election officials have long been on guard against mishap and fraud. They have implemented a comprehensive list of safeguards, which protect the integrity of the election process. These safeguards did not end when electronic voting entered the picture, and in fact have been increased. Electronic voting offers an opportunity to make voting more accessible and independent than ever before, particularly to individuals who are sight impaired or who speak another language. To require that each portion of the system be impervious to security breaches ignores security features in place in each other element of the physical system, and the systemic protections in place that extend far beyond the devices on which the votes are cast and tallied.


 http://www.diebold.com/technical.htm

best Quote from Diebold Corporation's 'technical response' 27.Jul.2003 21:52

LOL

"The democratic process is a fiercely held right in the United States, and election officials have long been on guard against mishap and fraud."

sorry, wrong, bzzzt. 28.Jul.2003 07:10

this thing here

mr. diebold, the correct response to these proven accusations and problems with your software is to acknowledge them and say that because you value america's right to vote, you will do all that you can to correct the problem and regain your credibility.

the INCORRECT response to these problems is to deny them and orchestrate public relations.

we are not dealing with a just another .99 cent plastic product that is defective here. this is not a time for public relations and "letters to consumers". this is about something really essential, called voting and democracy.

Not credible, Diebolt 28.Apr.2013 12:11

NobodyYouKnow

As a software engineer, I can testify that the OS only exposes methods to accomplish specific tasks. The software design is NOT affected, so if it establishes two databases for keeping 'crooked books' when running under one OS, it will do the exact same under a different OS. Diebolt does NOT address the design of the software but instead adds a smoke screen that may fool some fools.