from FREE ONLINE eNālāndā Research and Practice UNIVERSITY through http://sarvajan.ambedkar.org
Pl
Appeal to CEC vs.sampath@eci.gov.in & feedbackceokar@gmail.com to
publish d open source code of EVM & 2 train Rep. of
candidates.
http://votingmachines.procon.org/view.answers.php?questionID=000272
What is electronic voting machine source code?
Ellen Theisen, MA,
CEO of The Vote-PAD Company, in her 2005 report “Myth Breakers: Facts
About Electronic Elections,” included the following description:
“Source code is
the list of instructions that cause the computer to display screens,
record votes, tally votes, and perform all other functions both visible
and invisible. For example, when the voter presses the VOTE button, that
action triggers a list of instructions for the machine to follow
internally.
‘Open’ source code means the instructions would not be secret. Anyone would be able to look at them.”
The National Academy of Science’s 2005 report “Asking the Right Questions About Electronic Voting,” stated:
“The source code
of the [electronic voting] system is the software that defines its
behavior under all possible circumstances… [It is] a computer program
rendered in human-readable form that also clearly lays out the structure
of the program.”
Bev Harris,
proprietor of the website www.blackboxvoting.org, wrote an article
titled “Inside a U.S. Election Vote Counting Program” Scoop Independent
News, July 8, 2003, which included the following description of “source
code”:
“[Source code] is all the computer programs that tell electronic voting machines how to record and tally votes…”
I live in one of the most wired parts of the United States—the San
Francisco Bay Area—but for the presidential election, I’ve already voted
by mail. On a piece of paper. From the comfort of my living room.
Between folks like me who vote by mail and everyone else who votes by
marking paper in some way, we comprise about two-thirds of all American voters.
Approximately 25 percent of all Americans, however, will use paperless
and electronic voting machines to cast their ballots on November 6.
Around the world though, these percentages don’t hold. An increasing
number of countries are beginning to tackle e-voting with gusto.
Estonia, Switzerland, Spain, Brazil, Australia, India, Canada, and a
handful of other countries have all held elections through the use of
electronic voting machines in recent years.
E-voting was supposed to solve many of the problems inherent in
traditional paper voting: it’s difficult for illiterate people to vote,
it’s difficult to get physical paper out to all corners of a country
(voters abroad can submit their ballot much more easily), tabulating the
results takes too much time, physical ballot stuffing or ballot
swapping can occur with little or no verification. With an electronic
ballot, it’s also, of course, easier to tweak ballots in other languages
or to make them available to blind or deaf voters. As recently as
August 2012, advocates in Pakistan and the Philippines called for the expansion of e-voting in their respective countries.
Currently, there are four major types of e-voting around the world
that are worth keeping an eye on: Brazil’s homegrown direct recording
electronic (DRE) setup, Australia’s open-source software, Estonia’s
Internet voting, and a Spanish startup’s efforts to expand what’s been
called “crypto-voting.” Each of these approaches has its own unique set
of problems, but the primary obstacles they present for many voting
officials and computer scientists is their lack of ability to verify
source code and expense.
From dictatorship to e-voting in just over a decade
Enlarge/ This urna, as photographed in 2005, has been a workhorse of Brazilian elections for almost two decades.
Surprisingly, Brazil has one of the world’s oldest electronic voting
systems, dating way back to 1996. While Brazil certainly is a vibrant
(and huge, at 195 million people) democracy, it’s a rapidly developing
country—you do know it’s the B in BRIC,
right? Brazil has gone through significant economic and political
change in recent decades. It wasn’t until 1985 that the country was rid
of its military dictatorship, yet, just over a decade later, the country had implemented a locally designed and produced electronic voting system.
As recently as 1996, the country still had 15 percent of the country
that could not read or write. That meant a significant portion (over 23
million Brazilians at the time) of the country were effectively
disenfranchised from voting.
The DRE machine, known locally as an urna, is about the size
of two or three stacked hardback books, and it has a small screen on
one side with a keypad on the other side. The machine displays a list of
candidates, along with their pictures and the numbers associated with
them. Voters use the keypad to type in their preferred number—the device
only allows one number to be pressed at a time.
Voters then receive a printed stub confirming that he or she voted.
Each DRE device has two flash cards, which store a digital record of the
vote count. The cards are removed at the end of the election and the
vote totals are sent electronically to the Regional Electoral Office,
where national vote counts are tallied within just several hours.
“Nowadays we have 450,000 digital ballot boxes in Brazil,” Antonio
Esio from the Regional Electoral Office in Sao Paulo, told the BBC in 2008. “We are making more each year because the number of voters is increasing around six percent every election.”
Before the electronic system,
voters were required to hand-write the complete names of the candidates
and their parties—something many illiterate people were unable to do.
“By adopting it, you are enfranchising voters who might be
disenfranchised by complicated ballots,” Tiago Peixoto, a Brazilian
researcher with the ICT4Gov program at the World Bank, told Ars.
However, by 2002, some critics in Brazil countered that by relying on
an electronic device, there was little actual voter verification. To
use industry parlance, there was no way to verify that the vote was cast
as intended and counted as it was cast. So printers were added, which showed the vote on a piece of paper protected behind plastic. Two years later, Brazil eliminated the printers, as they were too costly. The printers were slated to be back (Google Translate) for the 2014 election, but they have since been suspended a second time.
By 2008, the entire software running on the DRE machines was
rewritten by developers contracted by the Brazilian Superior Electoral
Court. Six months prior to any election, people who have been accredited
by the Court are allowed to come in-person, “in an environment
controlled by the Superior Electoral Court,” where experts can examine the source code, under a nondisclosure agreement.
Diego Aranha, a
professor of computer science at the University of Brasilia, was one
such expert. But, he said, he and his team were only given five hours in
which to examine millions of lines of code—nowhere near adequate to
perform a proper audit.
One major flaw he found was that the digital votes are randomly
shuffled, as a way to provide extra security while in storage. However,
the algorithm to provide that randomness is given a non-random seed: the
timestamp.
“I made this assumption because I know how many times people have got
this wrong,” he told Ars. “They used a really, really bad pseudo-random
number generator available: the seed was a timestamp in seconds. This
is mission-critical software! This is our software for our democracy.”
Despite these problems, so far, Brazil has used its DRE system in its
various iterations for nearly two decades without any major political
dispute over their use.
In an academic paper published in a forthcoming book, Aranha
concluded: “The necessity of installing a scientifically sound and
continuous evaluation of the system, performed by independent
specialists from industry or academia becomes evident and should
contribute to the improvement of the security measures adopted by the
voting equipment.”
Looking inside the black box Down Under
Enlarge/ The ACT remains the only Australian territory or state to use the open-source e-voting model.
“It’s a black box.” So goes the common refrain from computer
scientists and cryptographers who work on electronic voting. In other
words, no one can be completely certain the computer code running on a
given device does exactly what it’s said to. Worse still, no one can
ever know the software running on the voter’s computer is precisely the
same version of the software that was initially certified.
But for over a decade, the Australian Capital Territory
has figured out a way to solve this problem (in use across a handful of
voting locations): just make the software open source. The software
runs on older PCs running Linux and offers ballots in 12 languages.
There are also ballots available for illiterate, blind, or deaf voters.
Each voter receives a barcode that is read by a scanner
attached to the computer. Once the code is scanned, it resets the
software to be ready to receive a vote. Once the ballot is complete, the
card is swiped a second time to cast that ballot. The barcodes are not
connected to an individual voter, but the software is designed to only
allow one vote per voter. The votes are counted electronically,
digitally signed, and sent to a server on a local network.
“We wanted to make it something that people would find trustworthy,”
said Phillip Green, the electoral commissioner for the territory, in a
recent interview with Ars.
“We’ve likened it to a normal election process where if you’re doing
it by hand, everything is available to scrutiny,” Green said. “We
shouldn’t have a black box, where you don’t know what it does. Open
source code was the way to solve the transparency issue. So we get the
code audited by a professional company and they’re looking for areas in
the code that what comes in doesn’t come out and that there’s nothing in
there that would allow someone to maliciously change votes.”
In addition, there’s a software keylogger making sure what’s typed in
actually matches the votes that were recorded, as a way to prevent
fraud. Green added the IT faculty at the Australian National University
in Canberra use the source code frequently as a security auditing
exercise for its students. This system has run more or less without any
problems since 2001.
But if it’s so great, why don’t other states and territories Down
Under use it? There’s no real reason, but like in the United States,
state and territory voting laws and regulations are set at the state
level. The ACT has chosen to go open-source, and there’s nothing
stopping the country’s bigger states, like Victoria or New South Wales,
from doing the same.
The decision largely has to do with size and expense. The ACT,
Australia’s smallest territory by population, is home to about 365,000
people. (My home city of Oakland, California is bigger!) Only about
two-thirds of the population are voters. Nationally, the country has
around 15 million voters—so ACT voters represent less than three percent
of all voters nationally.
“There’s no practical reason why it couldn’t work these, but it’s a hardware [question],” Green added.
“We’re getting out of our system cheaply by borrowing hardware. We’re
part of [the] ACT government computer system and we get monitors that
are coming off refresh cycles. We either get the new ones before they
get them or the old ones coming off; we’re borrowing monitors. We get
out of it pretty cheaply by trying to find cheap and innovative ways,
and because we’ve only got five voting locations, we can get away with
that. [Other states] might want 50 to 60 sites, and would have
difficulty borrowing equipment. It’s several thousand dollars per
machine by the time you get the hardware together.”
Still, despite the success of the open-source e-voting setup, Green
says its days may be numbered. Even though he has his doubts about the
security and openness of Internet-based setups, he believes that it, not
open-source e-voting, will “be the way of the future.” After all,
Internet-based systems can reduce the cost of hardware by allowing
people to just use their own computers.
“We’re looking at it for 2016,” he said in a resigned tone.
Internet voting in Estonia
Enlarge/ All Estonians can vote online using their digital ID card.
Perhaps the most famous example of Internet-based voting, though, comes from Estonia.
This tiny, post-Soviet country in the northeastern corner of Europe
reclaimed its independence in 1991. Within less than a decade, the
country was already making progress toward a digital ID card project.
The cards, which look very similar in size to other European Union ID
cards or American drivers licenses, possess a front-facing chip that can
be read by a small handheld device. By 1999, the Estonian parliament
passed an important amendment to the “Identity Documents Act” and
created the “Digital Signatures Act.” This legislature established that
such cards and corresponding signatures would be legal in the country.
The Digital ID card became available in 2002 and led to a number of
“e-services” that all Estonians could take advantage of. Through the use
of open-source public key-private keyencryption software (upgraded in 2011 to 2048-bit),
various government agencies have enabled citizens to not only engage in
digital contracts, but also to perform various secure functions
connected with their identity. These include financial transactions,
public transportation tickets, and student university admissions
records.
“What we have in Estonia and have had for eight years is that we have
universal notion of digitally signed files,” Tarvi Martens told Deutsche Welle,
Germany’s international broadcaster, in 2010. (Martens was one of the
leaders of the Estonian digital ID card project at the Estonian
Certification Center.)
“If you sign something digitally with your Estonian ID card, it
universally replaces a paper written signature and this can be applied
anywhere—terminating contracts, creating contracts—everywhere.
Everywhere you’d need a paper signature you can replace it with an
electronic signature,” he added.
With that infrastructure in place, the Estonian government began
testing Internet-based voting in local elections in 2005. Two years
later, it was expanded out to national elections. In the 2009 elections for the European Parliament, 15 percent of all votes cast were submitted online. That number grew to almost 25 percent for the 2011 domestic parliamentary elections.
As a security precaution, voters can submit their ballot as many
times as they like during the e-voting window open during the week
before election day.
“I-voting is possible only during seven days of advance
polls—from the tenth day until the fourth day prior to Election Day,”
the Estonian National Electoral Committee states on its website.
“This is necessary in order to guarantee that in the end only one vote
is counted for each voter. To ensure that the voter is expressing their
true will, they are allowed to change their electronic vote by voting
again electronically during advance polls or by voting at the polling
station during advance polls.”
Domestically, courts have upheld the use of Internet
voting. In 2011, the Estonian Supreme Court’s Constitutional Review
Chamber rejected
the petition of an Estonian student who alleged that the voting
software—which is not open-source—could be maliciously tampered with so
as not to count votes accurately.
Barbara Simons is a
computer scientist and former president of the Association of Computer
Machinery. She’s an outspoken activist against e-voting and told Ars
that because the Estonian government has never conducted post-election
auditing, it can’t be 100 percent sure it works as advertised.
“We don’t know how the Estonian system is working,” she said. “We do
know that the second largest party thinks that the voting was rigged in
2011. The reason they think it was rigged was that the ballot counts
online were different than the paper version. There are possible
explanations, but I couldn’t say that it was rigged—there’s no way that
anyone can prove anything. [The Estonian government] won’t let
independent security experts review it without signing a nondisclosure
agreement.”
Simons points out a common refrain by many people who are used to
Internet banking—that is, if we can bank online, why can’t we vote
online?
In short, it’s mostly because of responsibility and attribution. With
banking, you want to know—and have an extensive record—of what actions
were taken when, and you associate them with a certain person. Voting,
however, requires secrecy, and separation from a person and a specific
identity. Furthermore, with banking, there is insurance and other
precautions put into place to reassure customers against fraud.
“I do online banking because I know the bank will cover it,” she says. “You can’t do voting online—nobody can cover it.”
Or, as two UK-based computer scientists put it in a recent op-ed:
“This is like running your bank account without getting statements or
receipts, and trusting the bank to keep track of your balance
accurately.”
Crypto-voting abounds
Enlarge/ Scytl, a Spanish e-voting startup, has made inroads around the world.
Despite these different approaches, there’s one company that has been
getting a lot of attention, a Spanish company with a rather unique
name: Scytl.
The company was founded by a Barcelona-based computer science
professor, and partially funded initially by Spain’s Ministry of Science
and Technology. It’s now making significant inroads with various government agencies
around the world, including Norway, Mexico, India, Spain, and many
others. The company offers not only on-site DRE-style e-voting, but also
(most controversially) Internet-based voting. In fact, during the first
week of September, West Virginia
said it would provide “electronic ballot delivery” to overseas and
military voters in the state for the November 2012 election, joining
other jurisdictions in states of Alabama, Arkansas, Mississippi, New
York, and Dallas County, Texas.
It’s important to note that for the American market, Scytl does not
offer true, Estonia-style online voting. Rather, it provides a way for
the ballots to be securely sent to the individual.
“The ballot comes back to the local election jurisdiction and is
tabulated in the same way in the local jurisdiction,” explained Michelle
Shafer, a company spokesperson.
The company claims that for the locations where Internet-based voting
is offered, its systems are true end-to-end encrypted solutions. This,
for example, is currently being tested in local elections in Norway and
is scheduled for a nationwide deployment across the country in 2017.
But the company declines to reveal exactly how its setup works on its website.
“Votes are encrypted in the voters’ voting device before they are
cast,” the company’s FAQ states. “Only the Electoral Board can decrypt
the votes by reconstructing the private key. The decryption of the votes
is carried out in an isolated and physically secured computer by
applying a mixing technique that breaks the correlation between the
voters’ identity and the clear-text votes in order to guarantee voters’
privacy.”
In a set of slides dated 2011 that were presented at a cryptography
conference in Spain, the company alludes to the specific techniques that
it is using. The slides refer to various advanced cryptographic
techniques, including homomorphic tallying, which allows for encrypted values to be added, then have the end result decrypted without revealing each individual value.
Scytl’s setup appears to be similar to other cryptographic voting systems pioneered by Ron Rivest,Josh Benaloah, Olivier Pereira, and others with backgrounds in related research and e-voting systems.
“That slide set reads like a bunch of existing crypto voting
techniques thrown together with a Scytl logo on it,” e-mailed Ben Adida,
a cryptographer and co-creator of Helios. That’s another similar crypto-voting system that was tested in a Belgian university election in 2009.
“It’s not clear to me at all that this described technology is
actually used in their system, since from the little I’ve seen of folks
using Scytl, none of this end-to-end verifiability is visible.”
The company does say on its site, however, that “transparency is an integral part of security.”
It explains that election authorities and independent auditors
designated by those authorities are given access to the source code.
Authorities can verify this is digitally signed to make sure that the
same software that was audited is the same one that is actually used
during an election. So why isn’t the source code given to the public to
vet?
“[Voters] don’t have the ability to review the source code of their
[online] banking either,” Shafer, the company spokesperson, added.
The slow march of democracy
Despite much of the hoopla (and hundreds of millions of dollars
spent) surrounding e-voting over the last decade, there seems to be a
considerable amount of evidence against putting too much faith in a
system that can’t be verified. With the exceptions of Estonia (which
seems to have put domestic concerns to rest) and the Australian Capital
Territory (which goes the open-source route), there remain significant
concerns with the expansion of electronic voting systems worldwide.
In Australia, like the US, there’s also the large problem of a
mish-mash of federal and state voting laws. Not to mention, Australia is
a large territory that makes deploying computers expensive and, at
least for now, seemingly unfeasible. Here in the US, we would certainly
do better with a single, unified voting standard that would take power
away from state authorities to have differing voting standards—remember Bush v. Gore?
In short: e-voting is a tall order. It’s difficult to make such
systems verifiable (whether through open-source code, an auditable paper
trail, and/or cryptography), keep them inexpensive, and maintain the
legal backing of the local jurisdiction to support them. This may be why
some voting activists are pushing for “risk-limiting audits.”
These don’t even attempt to get involved with the actual procedures in
voting, but rather just making sure the votes were counted properly
using whatever system is on hand.
It’s a laudable goal to expand democracy as much as possible. Making
voting easier, particularly for those who speak different languages or
who are blind, deaf, or have other handicaps is certainly admirable.
However, without overcoming the multitude of problems that exist in
e-voting systems, it’s hard to see how they can move forward in a
trustworthy way.
http://www.bushstole04.com/hackingelections/Summary.htm The Truth will prevail,
but only if we demand it from Congress!
COMPUTER FRAUD SUMMARY
Condensed Version
How George Bush used computer fraud
to steal the election
1.No Paper Trail
The
Republicans passed the Voting Act in 2002 authorizing the use of
electronic voting machines with no requirement that they produce a paper
receipt (a “paper trail”), which would allow an ironclad, independent
assessment of whether the DATA IN THE voting machines accurately
reflected the votes cast.
The
Bush administration then insured that the majority of these electronic
voting machines were made by Diebold and ES&S. The President of one
of these companies and the VP of the other are brothers. Both are
staunch Republicans and Diebold contributed hundreds of thousands of
dollars to Republican campaigns. The CEO of Diebold was Chairman of the
Bush Reelection Campaign in Ohio , and promised to deliver the state of Ohio to George Bush in the 2004 election.
3. No Recounts Possible
Without the capability of generating a “paper trail”, there is no way of having a recount of the votes as required by law.
4. Diebold Voting Machines Can Be Hacked.
Dr. Avi Rubin (Professor of Computer Science, John Hopkins University )
evaluated Diebold’s source code, which runs their e-voting machines.
Diebold voting machines use “Digital Encryption Standard”, whose code
was broken in 1997 and is NO LONGER USED by anyone seriously interested
in insuring that a computer is secure from tampering and hacking.
Moreover, the KEY was IN the source code, such that all Diebold machines
respond to the same key.Unlock one, and you have then ALL unlocked.
5. According to an analysis of the 2004 Presidential election by Dr. Steven Freeman of the University of Pennsylvania
“…In
ten of eleven consensus battleground states, the tallied margin
differed from the predicted (exit poll) margin, and in every one, the
shift favored Bush.” (See: “The Unexplained Exit Poll Discrepancy”
in “Scholarly Analyses” at shadowbox.i8.com/stolen.htm). The discrepancy
favored Bush in Ohio (6.7%), Pennsylvania (6.5%) and Florida (4.9%), and, according to Dr. Freeman, the odds of this being due to random errors are 250 million-to-one.
6.No Government Oversight of Voting Machine Industry
Interestingly, no one in the U.S. federal government seems to be paying attention . . . as usual. There is no federal agency that has regulatory authority or oversight of the voting machine industry—not the Federal Election Commission (FEC), not the Department of Justice (DOJ), and
not the Department of Homeland Security (DHS). The FEC doesn’t even
have a complete list of all the companies that count votes in U.S. elections.
Once again we are witness to an “eyes closed, hands off” approach to protecting America . The 2004 election rests in the private hands of the Urosevich brothers, who are financed by the far-out right wing and top donors to the Republican Party. The Democrats are either sitting ducks or co-conspirators. I don’t know which.
7. None or Criminally Negligent Government Oversight of Voting Machines
Your
local elections officials trusted a group called NASED – the National
Association of State Election Directors — to certify that your voting
system is safe. This trust was breached. NASED certified the
systems based on the recommendation of an”Independent Testing Authority”
(ITA). What no one told local officials was that the ITA did not test
for security (and NASED didn’t seem to mind). The most important test on
the ITA report is called the “penetration analysis.” This test is
supposed to tell us whether anyone can break into the system to tamper
with the votes. “Not applicable,” wrote Shawn Southworth, of Ciber Labs,
the ITA that tested the Diebold GEMS central tabulator software. “Did not test.”
8. Criminal Records of Diebold’s Senior Executives
Check this out - No less than 5 of Diebold’s developers areconvicted felons, including
Senior Vice President Jeff Dean, and topping the list are his
twenty-three counts of felony Theft in theFirst
Degree. To sum up, he was convicted of 23 felony counts of theft by -
get this - planting back doors in his software and using a “high degree
of sophistication” to evade detection. Do you trust computer systems
designed by this man? Is trust important in electronic voting systems?
9. How Easy It Is to Change the Vote
On the other hand, the Central Vote Tabulation systems are a veryinviting target – by simply compromising one
Windows desktop, you could potentially influence tens or hundreds of
thousands of votes, with only one attack to execute and only one attack
to erase your tracks after. This makes for an extremely attractive
target, particularly when one realizes that by compromising these
machines you can affect the votes that people cast not only by the new
touch screen systems, but also voters using traditional methods, such as
optical scanning systems since the tallies from all of these systems
are brought together for Centralized Tabulation.
10. Why Votes Do Not Match Exit Poll
There are numerous examples in Florida and Ohio where the votes
do not match the exit polls but only in those precincts where
electronic voting machines with no paper trail were being used. All
of these discrepancies are in favor of George Bush by five to 15%
despite many of the precincts having a strong Democratic majority.
In those precincts where there was a machine with a “paper trail”,
the exit polls matched almost exactly the actual vote.
11. Conclusion
The above are some of the lines that connect the dots of the Bush Conspiracy to steal
this election. As Fox News’ “fair and balanced” Bill O’Reilly says repeatedly “we report,
It could be one of the most disturbing e-voting machine hacks to date.
Voting
machines used by as many as a quarter of American voters heading to the
polls in 2012 can be hacked with just $10.50 in parts and an 8th grade
science education, according to computer science and security experts at
the Vulnerability Assessment Team at Argonne National Laboratory
in Illinois. The experts say the newly developed hack could change
voting results while leaving absolutely no trace of the manipulation
behind.
“We believe these man-in-the-middle attacks are
potentially possible on a wide variety of electronic voting machines,”
said Roger Johnston, leader of the assessment team “We think we can do
similar things on pretty much every electronic voting machine.”
The
Argonne Lab, run by the Department of Energy, has the mission of
conducting scientific research to meet national needs. The Diebold
Accuvote voting system used in the study was loaned to the lab’s
scientists by VelvetRevolution.us, of which the Brad Blog is a co-founder. Velvet Revolution received the machine from a former Diebold contractor
Previous
lab demonstrations of e-voting system hacks, such as Princeton’s
demonstration of a viral cyber attack on a Diebold touch-screen system —
as I wrote for Salon back in 2006
— relied on cyber attacks to change the results of elections. Such
attacks, according to the team at Argonne, require more coding skills
and knowledge of the voting system software than is needed for the
attack on the Diebold system.
Indeed, the Argonne team’s attack
required no modification, reprogramming, or even knowledge, of the
voting machine’s proprietary source code. It was carried out by
inserting a piece of inexpensive “alien electronics” into the machine.
The
Argonne team’s demonstration of the attack on a Diebold Accuvote
machine is seen in a short new video shared exclusively with the Brad
Blog [posted below]. The team successfully demonstrated a similar attack
on a touch-screen system made by Sequoia Voting Systems in 2009.
“This is a national security issue,” says Johnston. “It should really be handled by the Department of Homeland Security.”
The
use of touch-screen Direct Recording Electronic (DRE) voting systems of
the type Argonne demonstrated to be vulnerable to manipulation has
declined in recent years due to security concerns, and the high cost of
programming and maintenance. Nonetheless, the same type of DRE systems,
or ones very similar, will once again be used by a significant part of
the electorate on Election Day in 2012. According to Sean Flaherty, a
policy analyst for VerifiedVoting.org,
a nonpartisan e-voting watchdog group, “About one-third of registered
voters live where the only way to vote on Election Day is to use a DRE.”
Almost
all voters in states like Georgia, Maryland, Utah and Nevada, and the
majority of voters in New Jersey, Pennsylvania, Indiana and Texas, will
vote on DREs on Election Day in 2012, says Flaherty. Voters in major
municipalities such as Houston, Atlanta, Chicago and Pittsburgh will
also line up in next year’s election to use DREs of the type hacked by
the Argonne National Lab.
Voting machine companies and election
officials have long sought to protect source code and the memory cards
that store ballot programming and election results for each machine as a
way to guard against potential outside manipulation of election
results. But critics like California Secretary of State Debra Bowen have
pointed out that attempts at “security by obscurity” largely ignore the
most immediate threat, which comes from election insiders who have
regular access to the e-voting systems, as well as those who may gain
physical access to machines that were not designed with security
safeguards in mind.
“This is a fundamentally very powerful attack
and we believe that voting officials should become aware of this and
stop focusing strictly on cyber [attacks],” says Vulnerability
Assessment Team member John Warner. “There’s a very large physical
protection component of the voting machine that needs to be addressed.”
The
team’s video demonstrates how inserting the inexpensive electronic
device into the voting machine can offer a “bad guy” virtually complete
control over the machine. A cheap remote control unit can enable access
to the voting machine from up to half a mile away.
“The
cost of the attack that you’re going to see was $10.50 in retail
quantities,” explains Warner in the video. “If you want to use the RF
[radio frequency] remote control to stop and start the attacks, that’s
another $15. So the total cost would be $26.”
The video shows
three different types of attack, each demonstrating how the intrusion
developed by the team allows them to take complete control of the
Diebold touch-screen voting machine. They were able to demonstrate a
similar attack on a DRE system made by Sequoia Voting Systems as well.
In
what Warner describes as “probably the most relevant attack for vote
tampering,” the intruder would allow the voter to make his or her
selections. But when the voter actually attempts to push the Vote Now
button, which records the voter’s final selections to the system’s
memory card, he says, “we will simply intercept that attempt … change a
few of the votes,” and the changed votes would then be registered in
the machine.
“In order to do this,” Warner explains, “we blank the
screen temporarily so that the voter doesn’t see that there’s some
revoting going on prior to the final registration of the votes.”
This type of attack is particularly troubling because the manipulation would occur after
the voter has approved as “correct” the on-screen summaries of his or
her intended selections. Team leader Johnson says that while such an
attack could be mounted on Election Day, there would be “a high
probability of being detected.” But he explained that the machines could
also be tampered with during so-called voting machine “sleepovers” when
e-voting systems are kept by poll workers at their houses, often days and weeks prior to the election or at other times when the systems are unguarded.
“The
more realistic way to insert these alien electronics is to do it while
the voting machines are waiting in the polling place a week or two prior
to the election,” Johnston said. “Often the polling places are in
elementary schools or a church basement or some place that doesn’t
really have a great deal of security. Or the voting machines can be
tampered while they’re in transit to the polling place. Or while they’re
in storage in the warehouse between elections,” says Johnston. He notes
that the Argonne team had no owner’s manual or circuit diagrams for
either the Diebold or Sequoia voting systems they were able to access in
these attacks.
The team members are critical of election
security procedures, which rarely, if ever, include physical inspection
of the machines, especially their internal electronics. Even if such
inspections were carried out, however, the Argonne scientists say the
type of attack they’ve developed leaves behind no physical or
programming evidence, if properly executed.
“The really nice thing
about this attack, the man-in-the-middle, is that there’s no soldering
or destruction of the circuit board of any kind,” Warner says. “You can
remove this attack and leave no forensic evidence that we’ve been
there.”
Gaining access to the inside of the Diebold touch-screen is as simple as picking the rudimentary lock, or using a standard hotel minibar key, as all of the machines use the same easily copied key, available at most office supply stores.
“I
think our main message is, let’s not get overly transfixed on the
cyber,” team leader Johnston says. Since he believes they “can do
similar things on pretty much every electronic voting machine,” he
recommends a number of improvements for future e-voting systems.
“The
machines themselves need to be designed better, with the idea that
people may be trying to get into them,” he says. ” If you’re just
thinking about the fact that someone can try to get in, you can design
the seals better, for example.”
“Don’t do things like use a
standard blank key for every machine,” he warns. “Spend an extra four
bucks and get a better lock. You don’t have to have state of the art
security, but you can do some things where it takes at least a little
bit of skill to get in.”
————
The video demonstration
and explanation of the Diebold “Man-in-the-Middle” attack, as developed
by Argonne National Lab’s Vulnerability Assessment Team, follows below.
Their related attack on a Sequoia voting system can be viewed here.
* * *
Investigative journalist and broadcaster Brad Friedman is the creator and publisher of The BRAD Blog.
He has contributed to Mother Jones, The Guardian, Truthout, Huffington
Post, The Trial Lawyer magazine and Editor & Publisher.
More Brad Friedman.
Sequouia, a company that makes many of the electronic voting machines
used in the US and elsewhere, has inadvertently leaked much of the
secret source-code that powers its systems. The first cut at analysis
shows what looks like illegal election-rigging code (”code that appears
to control or at least influence the logical flow of the election”) in
the source.
Sequoia blew it on a public records response. We (basically EDA) have
election databases from Riverside County that Sequoia insisted on
“redacting” first, for which we paid cold cash. They appear instead to
have just vandalized the data as valid databases by stripping the MS-SQL
header data off, assuming that would stop us cold.
They were wrong.
The Linux “strings” command was able to peel it apart. Nedit was able
to digest 800meg text files. What was revealed was thousands of lines
of MS-SQL source code that appears to control or at least influence the
logical flow of the election, in violation of a bunch of clauses in the
FEC voting system rulebook banning interpreted code, machine modified
code and mandating hash checks of voting system code.
Hackable Irish E-Voting Machines That Cost 54 Million Euros Sold For Scrap: 9 Euros A Piece
from the buy-high,-sell-low dept
For
years, we’ve been pointing out the massive problems of e-voting, and
governments’ general blindness to the security risks. Of course, beyond
the basic fear of fraud, there should have also been concerns about
wasting taxpayer money. Apparently those concerns didn’t amount to much
in Ireland. As Slashdot
highlights, Ireland spent €54 million on 7,500 e-voting machines.
However, after realizing that there was no way to secure them from being
hacked, the government has sold them off for scrap for a grand total of €70,000, or approximately €9 per machine. On the bright side, at least they weren’t completely worthless…
CA Releases Source Code Review of Voting Machines — New Security Flaws Revealed; Old Ones Were Never Fixed
A team of computer scientists tasked with examining the source code of
voting machines used in California (and elsewhere across the country)
finally released their much-anticipated report on Thursday and it
contains significant information that could lead the secretary of state
to decertify the machines on Friday (the last day by which Secretary of
State Debra Bowen can make decisions that affect voting machines that
will be used in 2008).
The team, led by UC Berkeley computer scientist David Wagner,
conducted the most thorough security examination of e-voting machines
that has been done to date and examined both touch-screen and
optical-scan systems (a separate Red Team conducted hacking tests on the
machines and released their report last week).
Wagner’s source code team found that the Diebold system still had
many of the most serious security flaws that computer scientists had
uncovered in the system years ago, despite Diebold’s claims that
problems had been fixed. These include vulnerabilities that would allow
an attacker to install malicious software to record votes incorrectly or
miscount them or that would allow an attacker with access to only one
machine and its memory card to launch a vote-stealing virus that could
spread to every machine in a county.
They also found that the Diebold system lacked administrative
safeguards to prevent county election workers from escalating their
privileges on the election management software that counts the votes.
Essentially, the researchers found that the Diebold software was so
“fragile” that it would require an entire re-engineering of the system
to make it secure. From the Diebold report (PDF):
Since many of the vulnerabilities in the Diebold system
result from deep architectural flaws, fixing individual defects
piecemeal without addressing their underlying causes is unlikely to
render the system secure. Systems that are architecturally unsound tend
to exhibit “weakness-
in-depth” — even as known flaws in them are fixed, new ones tend to be
discovered. In this sense, the Diebold software is fragile.
Here’s just a sample of what the researchers found in the Diebold system:
Data on the memory cards for the optical-scan machines is unauthenticated
The connection between the voting machines and the server that contains the vote-counting software is unauthenticated
The memory card checksums do not adequately detect malicious tampering
The audit log does not adequately detect malicious tampering
The memory card “signature” does not adequately detect malicious tampering
Buffer overflows in unchecked string operations allow arbitrary code execution
Integer overflows in the vote counters are unchecked
Votes can be swapped or neutralized by modifying the defined candidate voting coordinates stored on the memory card
Multiple vulnerabilities in the AccuBasic interpreter allow arbitrary code execution
A malicious AccuBasic script can be used to hide attacks against the
optical-scan machine and defeat the integrity of zero and summary tapes
printed on the optical-scan machine
The touch-screen machine automatically installs bootloader and operating
system updates from the memory card without verifying the authenticity
of the updates
The touch-screen machine automatically installs application updates from
the memory card without verifying the authenticity of the updates
Multiple buffer overflows in .ins file handling allow arbitrary code execution on startup
The list goes on. The researchers also describe an interesting
scenario for hacking the voter-verified paper audit trail that gets
printed out from touch-screen machines (see p. 15 of the report).
The researchers found that although some vulnerabilities could be
mitigated by making changes to election procedures, poll workers and
election officials likely wouldn’t be able to implement them adequately
(see this story
on last year’s primary in Cuyahoga County, Ohio, to see why relying on
poll workers and election officials to make voting systems secure can be
problematic.)
Two other systems (Sequoia and Hart InterCivic) were also examined,
with similar results. Regarding the Sequoia system, the researchers
write that “virtually every important software security mechanism is
vulnerable to circumvention.” You can see the Sequoia report here and the Hart InterCivic report here.
Democracy becomes stronger through fair, transparent
elections and legitimate results recognized by all. The will of the
citizens is the only factor that should determine the outcome of an
election. To make this premise a reality, Smartmatic offers a turnkey
solution with technology of the latest generation. The company’s
experience is its best letter of presentation.
Proven by the most rigorous tests and fully
complying with the highest quality standards, Smartmatic’s electoral
technology includes:
-Multiple audits at every stage, including audits of the source code
-A printed receipt of the vote
-Secure transmission (direct or consolidated)
-Redundant storage
-Advanced data recovery mechanisms
-The latest standards in digital security
-100% accuracy
Proven Benefits
1. Security:Multiple security mechanisms that
come from the novel combination of internationally recognized
algorithms based on accepted standards, which constitute a totally
bulletproof architecture.
2. Agility: With the Smartmatic voting
machines, the voter casts his vote quickly and results are obtained just
minutes after the election day is over, guaranteeing zero numerical
inconsistencies or null votes caused by the technology. It is possible
to produce partial results bulletins and to post them automatically on
the Internet.
3. Auditability: One of the key advantages of Smartmatic’s technology is allowing for multiple audits before, during and after the event.
4. Veracity: For every vote that is cast a
written receipt is printed that allows the voter to ratify his choice
before casting it into the ballot box, also permitting later audits.
Smartmatic was the first company in the world to incorporate this
function in a national election.
5. Economy: Every well-designed automated
voting system ought to be capable of reducing election costs. The
printing and transfer of ballots, precinct counts and printed ballots
(involving up to thousands tons of paper) are eliminated.
6. Flexibility: Smartmatic takes into account
that every jurisdiction has its own rules and laws for the tallying of
votes, and the company’s technology can be configured independently for
different elections under different methodologies, such as: D’Hondt,
relative majority, simple majority, etc.
7. Accessibility: Through special devices and
accessories, Smartmatic’s technology makes voting easier for voters
having disabilities and guarantees the equality and independence of all
voters.
8. Versatility: The solution allows the incorporation of voter and civil registry identification systems, on the same Smartmatic platform.
9. Autonomy: Smartmatic contemplates, should
the electoral authority consider it necessary, the transfer of electoral
technology and the sale of perpetual licenses. This transfer allows the
autonomy of the electoral organism in the mid- and long term.
Technology strengthens the electoral process and automated elections will become the natural way to exercise democracy.
VOICE OF SARVAJAN
Next-Generation Voting Technology solution may also be a mobile system where it could be taken door to door along with representatives of various candidates contesting the election. This will save large number of polling booths required in large democracies which may not require and ID card and as people are happy that electricity, water bills etc are delivered door to door. Same system may be for Electronic Voting Machines as well.
I think that all-paper vote is still the most reliable and safe
procedure. Even the paper+scanning machine is dubiously useful. It is
more costly than simple paper, and if you want to check that the machine
counted right you still have to review the ballots by hand (with all
the problems that this might create when the ballot were originally
designed for being machine-readable, witness Florida 2000). That some
voters are illiterate does not say anything in favour of e-voting, on
the one hand they still have to be able to read on the screen, on the
other hand there is no need at all to have a system that requires people
writing full names of parties and candidates. Pre-printed paper ballots
where the voter only have to mark an X are the way to go. Much simpler
and much safer than e-voting, and just as illiterate friendly as it can
be.
Most DRE (direct recording electronic) voting machines are touch
screen (the machine records the voter’s selections when the voter
presses “buttons” on the machine’s screen) or Selection Wheel (the
machine utilizes a wheel similar to an iPod to allow voters to make
selections). Some machines, including touch screen and Selection Wheel,
require voters to insert an access card to initiate the voting process,
while others require an electronic ballot or access code.
Below is a step-by-step guide to using a popular model of
electronic voting machine from each of the top four manufacturers as
well as links to instruction manuals for each machine. Instructions for
the use of optional features such as a voter verified paper audit trail
have been included when applicable, although particular features may not
be used in every polling location.
The
Accuvote TS is a touchscreen DRE (direct recording electronic) voting
machine with VVPAT (voter-verified paper audit trail) capability. In the
2012 elections, the Accuvote TS was used statewide in four states (AL,
GA, MD, and UT) and in some jurisdictions in 18 states (AZ, CA, CO, FL,
IL, IN, KS, KY, MS, MO, OH, PA, TN, TX, VA, WA, WI, and WY).
1. Insert Card
Insert the voter access card into the slot to the right of
the screen. The card should be face up with the arrow pointing left and
should be pushed firmly into the slot until it clicks.
2. Read Instructions Screen
Before you begin the voting process, you can magnify or change
the contrast of the ballot to help increase readability. To begin
voting, touch the “Next” button on the screen. You will use the “Next”
button to see each ballot page until you have reached the end of the
ballot.
3a. Select Candidates or Issues OR Select Write-In if Desired
Touch the box on the screen next to your choice. An “X” will
appear, designating your selection. To change or cancel your selection,
touch the box again and make another selection. If there are write-in
candidates for whom you wish to vote, select “Write-In” and a keyboard
will appear on the screen.
3b. Select Write-In Candidate
Separately type the name of each person you want to write-in,
then select “Record Write-In.” The normal voting screen will return and
the name you entered will appear as the choice for that particular race.
touch “Back” to review previous pages.
4. Review Your Ballot
On the Summary Page review your choices. Items in red are
races that were left fully blank or not fully voted. If you want to vote
for a race that was left blank or not fully voted, or change your vote
for any race, just touch that race on the screen and you will be taken
back to the proper page to make or change your selection.
5. Print Ballot for Verification
If the AccuVote is fitted with a voter-verified paper audit
trail, touch “Print Ballot” and you will see an enclosed printed copy of
your choices to the right of the machine. After reviewing the ballot
printout, you can either cast or reject your ballot.
6. Cast the Ballot
Touch “Cast Ballot” when you are ready to record your vote.
Once your ballot has been cast, the printer will scroll to hide your
selections.
7. Finish: Remove Card
You have completed the electronic touch screen voting process.
Remove your voter access card and return it to a poll worker.
II. Election Systems and Software (ES&S) iVotronic
The
ES&S iVotronic is a DRE machine with a touch screen interface and
VVPAT capability. In the 2012 elections, the iVotronic was used
statewide in SC and in some districts in 17 states and DC (AR, CO, FL,
IN, KS, KY, MO, MS, NC, NJ, OH, PA, TN, TX, VA, WV, and WI).
1. Activate Ballot
You or a pollworker will activate your electronic ballot by
inserting it into the appropriate slot. Next, touch language of choice
with your finger.
2. Select Candidate
To select your candidate, touch the box next to the name. To
de-select, touch the box again. the iVotronic will not allow you to vote
for more people than may be elected to any one office.
3. Review Ballot
After completing last ballot page, touch “review” and
carefully review the selection review screen. To change or make a new
choice, touch the box next to candidate or office name, and then touch
box next to new selection.
4.
When finished, press the flashing red “vote” button to cast your ballot.
“Thank You For Voting” screen means you have properly cast your ballot.
The
eSlate voting machine is a DRE machine with a select wheel, push button
interface, and VVPAT capability. In the 2012 elections, the Hart eSlate
was used statewide in Hawaii and in some jurisdictions in 11 states
(CA, CO, IL, IN, KY, OH, PA, TN, TX, and WA).
1. How the eSlate Works
The eSlate is not a touch screen voting device. Voters
navigate through the ballot with the SELECT wheel and make their choices
by pressing the ENTER button.
2. Getting Started
Using the SELECT wheel, the voter selects a language. Next,
the voter enters the randomly generated four-digit access code they
receive at check-in at the polling place. The code tells the system
which ballot to produce for the voter’s precinct. The access code does
not identify the voter in any way and can not be linked to the voter.
3. Making Ballot Choices
The ballot then appears on the color screen and the voter
uses the SELECT wheel to move a blue highlight bar through the ballot.
Once the voter moves the highlight bar onto their desired choice, they
simply press the large button marked ENTER and the selection is marked.
The box beside that choice is marked in red and the voter’s selection
becomes bold while all of the other choices fade into the background so
the voter has a strong visual signal of their vote.
4. Reviewing the Ballot Choices
After the voter has voted in the last contest on the ballot, a
Ballot Summary screen will appear listing all the choices made and lets
the voter know if they have missed voting in any race. If the voter
makes a mistake or changes their mind they can make corrections from the
Ballot Summary screen.
5. Final Cast Ballot
After reviewing and confirming the Ballot Summary screen, the
voter can press the CAST BALLOT to finish voting. The screen informs
the voter that they cannot go back after CAST BALLOT has been pressed.
Voters will know they have finished voting when they see the waving
American flag or hear “Your vote has been recorded” on the audio
headset.
The
Sequoia AVC Edge is a DRE touch screen machine with multilingual and
VVPAT capability. In the 2012 election, the AVC Edge was used statewide
in Nevada and in some jurisdictions in 11 states (AZ, CA, CO, FL, IL,
MS, NJ, PA, VA, WA, and WI).
1. Activate Your Ballot
A poll worker will give you a single-use “Voter Card.” Insert
the card into the yellow slot on the Sequoia voting machine to activate
your ballot. The card will remain in the machine until you have
completed voting.
2. Vote
When the list of choices appears on the screen, simply touch
the box containing your preference. To change your selection, touch the
box again. Touch the “Next” or “Back” arrows at the bottom of the screen
to turn pages in your ballot.
3. Verify and Print
After marking your ballot, a review screen allows you to see
all of your selections. To make a change, touch the box you would like
to revise and you will be returned to the corresponding page of the
ballot. If the machine is fitted with a voter-verified paper audit
trail, you will be asked to print and review a paper record of your
ballot. The paper record will appear in the window on the left of the
screen.
4. Cast Ballot
After verifying the paper record, you may either touch the
“Make Changes” or “Ballot” button on the screen. If you choose to make
changes, a new paper record incorporating your revisions will be
printed. When you select “Cast Ballot,” the printer will indicate the
paper record was accepted by the voter. The paper and electronic record
will remain securely stored inside the machine.
Presided by Venerable Kassapa Mahathera Vice-President, Naha Bodhi Society, Bangalore (Transportation will be arranged from Maha Bodhi Society, Gandhinagar, Departure exactly at 8 AM. Return reaching Maha Bodhi Society at 5 pm. Please inform Mr.Athgalo Tel:08892029628 if you need transportation on or before 22-3-2013
and 
