Hacking the vote

This article talks about some scary stuff about electronic voting machines.

Over the course of almost eight years of reporting for Ars Technica, I've followed the merging of the areas of election security and information security, a merging that was accelerated much too rapidly in the wake of the 2000 presidential election. In all this time, I've yet to find a good way to convey to the non-technical public how well and truly screwed up we presently are, six years after the Florida recount. So now it's time to hit the panic button: In this article, I'm going to show you how to steal an election.

Now, I won't be giving you the kind of "push this, pull here" instructions for cracking specific machines that you can find scattered all over the Internet, in alarmingly lengthy PDF reports that detail vulnerability after vulnerability and exploit after exploit. (See the bibliography at the end of this article for that kind of information.)

Hannibal quickly notes:
I'm not in any way encouraging anyone to actually go out and steal an election. This article is intended solely as a guide to the kinds of information and techniques that election thieves already have available, and not as an incitement to or an aid for committing crimes.

Basically, the current system involves aggregating votes from a lot of small computerized voting machines.
There's a lot of vulnerabilities at every step of the way. "Supervisor cards" allow people to alter the database of votes on an individual machine in arbitrary ways. The "Stanford virus" can travel from machine to machine silently, changing votes along the way. There is a PCMCIA slot on the machine which can be used to quickly upload arbitrary software to the machine (the PCMCIA slot is behind a physical lock, but the key is the same on every single machine produced, and the lock can be easily picked.)

At least for the Diebold system discussed in the article, there is a central server which accumulates all the votes, called a "GEMS server." Unfortunately it is a standard PC running a vanilla installation of Windows 2000 and connected to the internet. Oops.

One team of security consultants hired by the state of Maryland found the GEMS bank by wardialing, discovered that it was running an unpatched version of Windows, cracked the server, and stole the mock election. This great Daily Show segment, in which one of the team members describes the attack, states that they did this in under five minutes.

Overall, this looks like a terrible system for counting votes.

Hannibal concludes:
The stakes in stealing an election are much, much higher than they are in the kind of petty hacking that produces today's thriving ecosystem of PC viruses and trojans. I've outlined the way (already widely known) in this article, and I don't doubt that someone, somewhere, has the will to match that way. Unless security practices and electoral procedures are upgraded and standardized across the country, and unless meaningful auditability is mandated (preferably a voter-verified paper trail) nationwide, then the probability of a large-scale election theft taking place approaches certainty the longer we remain vulnerable.

On another note, cryptologist David Chaum's has come up with a system that he thinks could prevent some of these abuses. I haven't read the paper myself, but from my understanding, Chaum's system allows people to get a sort of digital receipt which allows them to check that they voted the way that they thought they did. However, it does not prevent ballot box stuffing.


At 4:09 PM, Anonymous Anonymous said...

and the followup:

At 4:11 PM, Anonymous Anonymous said...

Gah, the comment system ate my urls. So look at:
and then:

At 5:02 PM, Blogger RareCactus said...

Exit polls have been ignored in the past. See my earlier post in December 2005 about exit poll results showing almost certain fraud in the 2004 Florida elections. Was anything done about this? Nope.

It's good to have neutral observers at an election, but you have to remember that they have no legal authority. And if you don't trust the real voting mechanism, why would you trust the fake voting mechanism exactly? What is there to stop me from doing my own fake exit poll, and reporting that everyone voted for Stalin Q. Hitler? Absolutely nothing.

Even though I am a computer scientist, I do not think the fix for one broken system is another broken system layered on top. Exit polls can be helpful-- it's better to have them than to not have them-- but they won't stop fraud.


Post a Comment

<< Home