Tampering with democracy
July 9, 2003 8:08 AM   Subscribe

Are our elections fixed? Diebold Election Systems makes electronic voting machines being installed throughout the US. The problem? The systems contain serious security flaws that could possibly have been the reason for major swings in vote counts and discrepancies with exit polling. Also, a step-by-step guide to manipulating Diebold results -- and covering your tracks.
posted by dogmatic (40 comments total)

 
So...all I have to do is find a Republican state that uses Diebold, and change the world for the better. :)
posted by graventy at 8:14 AM on July 9, 2003


Gosh, I'm glad we still have punch cards in Illinois.
posted by Durwood at 8:17 AM on July 9, 2003


This is amazing and complicated. I had to reread a couple of the articles to start to understand it.

Translation: The American public won't be told (via mainstream media) or won't care or both.
posted by bas67 at 8:35 AM on July 9, 2003


I think I'll wait for confirmation by someone besides a single left-wing New Zealand website (that in the previous 24 hours published at least one other false story) before panicking.
posted by Slithy_Tove at 8:52 AM on July 9, 2003


Well, actually Slithy_Tove, there's something that inspires confidence in a website or news source that is prepared to recant, correct & apologise to me. That retraction does not in any way throw a shadow on this story.

I would say, having discovered this yesterday, that it reads credibly. The Democrats are playing a role that's something like the 'the dog that didn't bark': like in the redistricting row, there must be an advantage to them when they are in power, and can do the same.

Even so, it could never happen here... could it?
posted by dash_slot- at 9:01 AM on July 9, 2003


From a technical perspective this seems very believable, and having quite a bit of experience with hardware that must be secure, I have very little trouble believing that the security was as flawed as it is.

It's kind of funny... I've always thought of these very complicated methods of vote rigging, based on altering the very innards of the windows GUI libraries, and these people manage to make a way to cheat that can be done by anybody with a copy of Access For Dummies.
posted by mosch at 9:11 AM on July 9, 2003


Why does the orientation of the website friggin' matter? The facts are simple:
- The system is highly unsecure
- The system is designed for easy manipulation - why else would multiple vote ledgers and timestamp adjustment toys be supplied?
- The system has obviously not been reviewed by anyone with a modicum of security training.

Access databases are, by definition, not secure. Password encryption for Access databases can be easily cracked using any number of freely-available tools, and there's no internal audit mechanism - the GEMS audit mechanism is external in nature, managed by the application itself.

If the Diebold system doesn't provide some form of external corroboration, such as a printout or other hard copy that can be independently verified by the voter, it's useless.

In short, Diebold's system sucks - the question is, why hasn't anyone noticed before now?
posted by FormlessOne at 9:11 AM on July 9, 2003


Tampering issues aside, they're using Microsoft Access for voting machines?

I can't think of any competent computer professional who'd think that's a good idea.
posted by alan at 9:18 AM on July 9, 2003


In short, Diebold's system sucks - the question is, why hasn't anyone noticed before now?

People like Greg Palast have, but I really like the formality and structure of this article. The conclusions and methods in the piece are hard to refute, and the whole approach seems very sound.
posted by Ignatius J. Reilly at 9:22 AM on July 9, 2003


I can't understand the aversion you people have to marking and counting ballots. Why use complicated machinery when pencil and paper works so well?
posted by timeistight at 9:38 AM on July 9, 2003


Gosh, I'm glad we still have punch cards in Illinois.

Sorry, no protection there, either. Back in my high school days, I worked for a radio station that wanted to post live election results on their web site. The county elections department gave us access to their voting system's data collection computer to extract the data for publication. After spending about 15 minutes with the program, I discovered that it stores the election results and "security" data in plain text files on a floppy disk. There didn't appear to be any sort of file validation process.

Here's the process:
1. Voters mark their punchcard ballots and give them to the election officials.
2. The election officials run them through the scanning device.
3. The scanning device stores the votes on an EPROM cartridge.
4. The cartridges are driven to the central office when the polls close.
5. The cartridge is plugged in to the EPROM reader and downloaded into the data collection program.
6. The data collection program (written in COBOL) stores the data in a plain text file on the "A:" drive.
7. The summary data is sent to some other collection point via a dial-up connection.

What's frightening is how little the process has changed in 8 years. In my opinion, an Access database is no more or less secure than a plain text file. To make things just a little more frightening, think of the people that tend to staff elections.
posted by idlemind at 9:44 AM on July 9, 2003


Tampering issues aside, they're using Microsoft Access for voting machines?

That would explain all those random "Invalid Argument" errors the last time I voted. I just thought my views were untenable...
posted by PinkStainlessTail at 9:49 AM on July 9, 2003


What timeistight said. Pencil and paper. Intent of the voter and all.

There needs to be an auditable paper trail which cannot be easily altered to verify each and every vote cast. Period.

This security professional doesn't trust even good security. Diebold has no security at all to speak of.
posted by nofundy at 9:51 AM on July 9, 2003


Great post, Dogmatic! I especially liked this (from the lead post):

"November 2002, Comal County, Texas - A Texas-sized lack of curiosity about discrepancies: The uncanny coincidence of three winning Republican candidates in a row tallying up exactly 18,181 votes each was called weird, but apparently no one thought it was weird enough to audit. Conversion to alphabet: 18181 18181 18181 ahaha ahaha ahaha

November 2002, Baldwin County, Alabama - No one at the voting machine company can explain the mystery votes that changed after polling places had closed, flipping the election from the Democratic winner to a Republican in the Alabama governor’s race. “Something happened. I don’t have enough intelligence to say exactly what,” said Mark Kelley of ES&S. Baldwin County results showed that Democrat Don Siegelman earned enough votes to win the state of Alabama. All the observers went home. The next morning, however, 6,300 of Siegelman’s votes inexplicably had disappeared, and the election was handed to Republican Bob Riley. A recount was requested, but denied.
"

The Vote rigging and the 2000 Florida Election fraud (now admitted to by The State of Florida) have been covered in several Mefi discussions "If you want to win the election," he finally said, "just control the machines.", The Chuck Hagel Voting Machine Story Gets Even Scarier, Are Elections Fixed?, Who Counts You Votes? This Book, published in 1992..., Florida Lost 100,000 votes, Florida Machine Records Votes For Wrong candidate, Come out to vote on Nov. 6th, Another Election Debacle in Florida, Florida to Settle 2000 Election Lawsuit, Katherine Harris has Missed 2 election deadlines in the last month, When in doubt, blame the software, Voter News Service has abandoned its state and national exit polls. VNS, "Making Renquist Proud", Was Jeb Bush fed the Florida Grubernatorial debate? , Florida just might screw up again

Furthermore, Greg Palast, of BBC's NewsNight, and the journalist Lynn Landes have covered the vote fraud/vote rigging stories in considerable depth. Lynn Landes Links, Greg Palast Columns

Here's bit more: Chuck Hagel story, A Buzzflash commentary, Quietly Florida Admits 2000 Election Fraud
(By The Associated Press
April 26, 2002).

It's quite a cesspool, this emerging story.
posted by troutfishing at 9:56 AM on July 9, 2003


troutfishing:
Thanks (as always) for the collection of links.

Why does it take a website in New Zealand to cover this? That is as sad as it is fucking absurd. Maybe one day the US can get media outlets, like newspapers and TV stationd and such, and then we can have our own investigative reporting, just like New Zealand.
posted by Ignatius J. Reilly at 10:13 AM on July 9, 2003


In Wisconsin (as least here in Milwaukee county) we use paper ballots that are ScanTron-like. What idlemind has said maybe true, but at least there is a physical copy that is proof.
posted by Steve_at_Linnwood at 10:28 AM on July 9, 2003


so, if this is true.. is anything going to actually happen? From my perspective, [up here in Caaaa-na-da], one scandal after another just seems to roll of the back of the Bush administration. Can people give me a general sense of what the attitude in America is right now? Is there a wide spread sense of outrage? Or is it marginal?
posted by slipperywhenwet at 10:30 AM on July 9, 2003


Wow. It's a magic fish that grants wishes. Awesome supply of evidence, troutfishing.
posted by XQUZYPHYR at 10:33 AM on July 9, 2003


Some of us have been following this story with headshaking wonder for some time.

Here's the best resource for information I've found.
posted by frykitty at 10:38 AM on July 9, 2003


slipperywhenwet:
As a US citizen, I can only say that I have no idea what in the hell the general sense of what the attitude in America is right now. My TV keeps telling me that I live in a nation of mindless boob-lovers (as opposed to erudite, classy boob-lovers like myself) who would rather watch the latest episode of Who Wants to Fuck for Money than ever get around to questioning their leader, who was appointed by providence, of course.

But I don't ever actually meet these people when I go outside. I don't know if they are real, a characterization, or a self-fulfilling prophecy.
posted by Ignatius J. Reilly at 10:42 AM on July 9, 2003


Why is this in New Zealand media? Perhaps because in the USA it would run afoul of DCMA, what with critical dissection of the innards of copyrighted software.
posted by yesster at 10:58 AM on July 9, 2003


Why does it take a website in New Zealand to cover this?

Umm, cuz the American news media is in bed with the gov't.

The news media has been served a big piece of the financial pie since Washington watched in shock and awe what happened when they weren't in the game together (aka Watergate)

So now they're bed fellows, and all sorts of stuff gets done unreported, in this country anyway.

Its the same basic set of motives for the FCC giving the entire media away to the same 3 companies. Soon also to be the case for the internet.
posted by BentPenguin at 11:18 AM on July 9, 2003


Personally I'm pretty content with the system I've used at times in michigan. Basically a paper form that you draw a line between two arrows to indicate your vote. Relatively idiot proof (although people have been known not to flip the ballot to do the back), easily machine readable, and if you have to go back and count the things by hand, you don't have to worry about whether the idiots handling the ballots are doing so in a way that covers the floor with suspiciously extra punched out chads.
posted by piper28 at 11:53 AM on July 9, 2003


How about this high-tech solution? Ballot papers + pencil + cross in box, counted by humans.

Delivers 99% of British general election results (20-odd million voters) with in under 12 hours; delivers Canadian general election results (smaller electorate, larger landmass) in the same timeframe. Paper trail, low fraud rate if properly supervised, etc etc.

Really, it's simple. Perhaps it's not sexy enough for the TV networks that want running totals and instant results, but who gives a flying fuck? Reminds me of the apocryphal story about writing in space.
posted by riviera at 11:55 AM on July 9, 2003


Lalalala... I've been saying this for months, but nobody listens..

Without a paper record of an electronic vote, electronic voting cannot be considered 'safe'.
posted by eas98 at 1:09 PM on July 9, 2003


I know just how you feel eas98. I've been saying the same thing since last October. Nobody believed it or wanted to hear it or wanted to even think about it. Even with this coming out I still don't think anyone will care. There's a new "Big Brother" on CBS. It's much more fun to watch stupid people make asses of themselves for money, than to realize your country has been hijacked and realize you might have to do something about it.
posted by bas67 at 1:16 PM on July 9, 2003


They stole the last election. What makes you think they won't steal the next one too?
posted by Hogshead at 1:45 PM on July 9, 2003


Ignatius, XQUZYPHYR - Thanks. I just wanted to sum up all the great material posted on Mefi (this year, anyway) on vote fraud in the US - a rich load of smelly poo.

BentPenguin - I guess Metafilter is now Samizdat to a public which largely doesn't give a shit. Is it something in the water supply? Fatty fast diets that clog circulation to the brain?

"Wow. It's a magic fish that grants wishes." Except my own....*sigh*
posted by troutfishing at 3:17 PM on July 9, 2003


The Miami-Dade Election Reform Coalition is working with our Miami area county commission to try to get a better system in place, now that electronic voting is mandated by federal law (HAVA). The system proposed would use an electronic tally system (probably touch-screen) to provide quick unofficial returns to satisfy the media and the law, but would also print out human-readable paper ballots for voter verification. You cast your ballot, review it on-screen, hit the PRINT button, review the paper ballot, and if it looks copacetic to you, drop it in the traditional locked steel box. Only the paper ballot could used for certification of results, auditing, and recounts.

I admit it's kind of a "belt and suspenders" approach, but it's the best way of balancing the needs of budget-conscious elections departments against the need to preserve democracy.
posted by mkhall at 3:44 PM on July 9, 2003


You cast your ballot, review it on-screen, hit the PRINT button, review the paper ballot, and if it looks copacetic to you, drop it in the traditional locked steel box. Only the paper ballot could used for certification of results, auditing, and recounts.

Then, er, why not just stick with the paper?
posted by dash_slot- at 4:43 PM on July 9, 2003


This is crap written by people with just enough technical knowledge to be dangerous. Probably out-of-work web designers.

They found a "security hole" in the copy of the software they downloaded from the company's FTP site, not in the software as installed on real systems. This hole is predicated on having complete access to the Access DB. I bet if you download Moveable Type or MySQL, it has the same "security holes", but that don't mean crap. It means you have to set a password.

Also, this is not on the voting machines.
posted by smackfu at 7:47 PM on July 9, 2003


smackfu - I know enough about web design to know that you might be speaking from an orifice which is not your mouth......how do you know? Do you have a specific technical critique which you are willing to make in public here on mMetafilter?

Your comment suggests that you have not read the linked story in it's entirety - one of it's several points was that the actual source data of voting records was stored at an unsecured location, freely available to be altered by anonymous FTP.
posted by troutfishing at 9:46 PM on July 9, 2003


Well, as others have said, marking on paper seems to work well enough in my part of the world. Whats more, we have preferential voting, where you number candidates rather than just tick one - and we still manage to get the federal election result within 6 hours of the booths closing.

It's really not that hard to figure out. The more complicated and artificial you make the system, with punch cards and computers to do a job that pen and paper does nicely, the more opportunity there is for something to go wrong. By their very nature, voting should be kept as basic and idiot-proof as possible.
posted by Jimbob at 10:03 PM on July 9, 2003


Perhaps the point in my preivous post was muddled. It doesn't matter how you register your vote; if it is at any point computerized and stored in one of these unsecure systems, it's open to tampering. Paper ballots aren't any more hack-proof than computerized ones if the results are aggregated on an unsecure system before being reported.
posted by idlemind at 6:01 AM on July 10, 2003


Just to clarify, electronic voting is now required by law in Florida, per some post-2000 lawmaking, so going back to a plain old paper ballot isn't really an option. Fortunately, the law is slack enough to only require that the equipment be used, but doesn't mandate that it be used as the official count.

Why use electronics at all? There's a good argument that they can make elections more accessible. In Miami-Dade county we deal with three languages for all elections: English, Spanish, and Haitian creole. (We'll leave the ADA requirements out of the discussion for now.) Previously they just threw some Creole voting machines in "those" neighborhoods, and if a Creole-speaker wasn't fortunately enough to live in a Haitian neighborhood, well, they just didn't get to vote. Using electronic systems means that there is (RAM permitting) no limit to the number of languages which can be covered in all 800 precincts.

The best discussion I've found of an acceptable electronic voting system (and the model for what we're trying to get implemented in Miami) comes from an IEEE Spectrum article by Dr. Rebecca Mercuri. Forgive me if it's been mentioned previously, but I haven't seen it in this thread.
posted by mkhall at 10:31 AM on July 10, 2003


You know...I'm sure there are contingency plans for stuff like this, but what happens if the power is out at the voting location and all they have are touch screen voting booths. (For example, Georgia.)

Wouldn't you be able to disenfranchise a fairly large segment of the voting population if you just "lost" power at certain polling locations during peak voting hours? (Before work, lunch hour and evening.) Most working stiffs only get one opportunity to vote, as they usually don't work in the same precinct where they live...so getting away 4 or 5 times to see if they power is on, is unlikely.
posted by dejah420 at 11:31 AM on July 10, 2003


um, dejah420, nice point and all, but you are fogetting one thing: He gassed his own people!
posted by Ignatius J. Reilly at 12:19 PM on July 10, 2003


I can't speak for anywhere else, but in Miami the contingency plans are (a) to have a small supply of paper ballots on hand, and (b) to call the governor and beg for an extension of voting hours. Oh, and hope the governor/president's brother wasn't the one who authorized cutting the power in the first place.
posted by mkhall at 9:20 AM on July 11, 2003


Paper ballots aren't any more hack-proof than computerized ones if the results are aggregated on an unsecure system before being reported.

But they are manually auditable.
posted by timeistight at 9:47 AM on July 11, 2003


In the interests of democracy, I'm copying over a thread that just got deleted as a Double Post on the subject:

How to Rig an Election - The Source Code Revealed
blackboxvoting.com has exposed a system integrity flaw at Diebold Election Systems. As late as January 2003, Diebold's customers uploaded their election results to an open FTP site, where anyone could download the files, alter them, then upload them again.
posted by metameme at 7:56 PM PST [trackback] (4 comments total)

Call me naive, but why not just go to the New York Times?
posted by the fire you left me at 8:15 PM PST on July 27

i'm glad the voting system my county uses isn't part of that. then again, it might have its own issues.
posted by birdherder at 8:21 PM PST on July 27

Call me naive, but why not just go to the New York Times?

can you say valerie plame? well, they apparently can't.
posted by quonsar at 8:36 PM PST on July 27

heh. looks like they did go to the times.
posted by quonsar at 9:01 PM PST on July 27


This is an issue I consider one of the most important today, and one that is just beginning to develop some legs. I just hope somebody notices the new interest in a two-week-old thread...
posted by wendell at 2:27 AM on July 28, 2003


« Older America in the 1930s...  |  Mile High Dating:... Newer »


This thread has been archived and is closed to new comments