This is real, folks.
September 28, 2003 8:26 AM   Subscribe

How to hack an election 1.12: Diebold tries to silence incriminating evidence : Diebold, maker of proven-to-be hackable voting systems, plays global whack-a-mole, in effort to scare ISP's into taking down websites with incriminating material. They used the DCMA to shut down

But the incriminating data just keeps popping back up on the Net, and Gun-and-Voting rights activist Jim March calls the bluff and challenges Diebold “Diebold: You are cordially invited to bite me. Bring it on. Make my day.". March has created a legal strategy/toolkit for voting rights activists who want to fight Diebold, a company which has knowingly - for 10 years - sold security-compromised voting technology, and whose CEO, an aggressive Republican fundraiser, has said he is "he is "committed to helping Ohio deliver its electoral votes to the president next year." In internal memos published by Scoop, Diebold's officials admit that their voting records database is (and has been for a long time) hackable ( [anyone can] "access the GEMS Access database and alter the Audit log without entering a password" ) but that this isn't necessarily a problem because "It has a lot to do with perception. Of course everyone knows perception is reality." For background to this story, see my summary of Mefi posts on the Voting Fraud story, from this thread. Diebold's funky voting systems are in the process of being "Certified", in Maryland and elsewhere, by SAIC, a company convicted of major frauds within the last decade and which has extensive ties to the Bush Administration, the CIA, and which "proudly lists DARPA in its annual report as one of its prime clients.", and owns Network Solutions, Inc. SAIC has not, it seems, noticed the GEMS database story (see main link). If Diebold systems win certification, we can expect an awful lot of This sort of thing. Computer security expert Dr. Rebecca Mercuri has some pointed analysis on the subject.

You can join the effort to demand truly secure voting systems at VerifiedVoting.Org by David L. Dill, a Professor of Computer Science at Stanford University. Go team.
posted by troutfishing (35 comments total)
The fact that New Zealand's press has been moving this story along for months with nothing coming from the American media is confusing and appalling. If there is something fundamentally wrong with this story--or if Bev Harris is a communist or an axe-murderer or something--then they could, you know, tell people.

Am I missing something here, or is voting really important to democracy?

great post, troutfishing. linky, mmmm...
posted by Ignatius J. Reilly at 8:41 AM on September 28, 2003

I noticed on the first link the lawyer's letter claimed that there was copyright violations going on in the webpage, but didn't list details. I thought, under the DMCA, people alleging copyright violation had to specifically state WHAT the violating material was (e.g. "rolf_harris_stairway_to_heaven.mp3") rather than just nebulously saying "stuff". Anyone a lawyer who can comment?
(incidentally, I just clicked spellcheck. Why does the spellcheck suggest "webpage" should be changed to "embargoed"? Coincidence...? :) )
posted by kaemaril at 8:51 AM on September 28, 2003

Speaking as a citizen from an ally country of the US, I'm worried about this. It seems that it's actually a possibility that the last election was won by a man who has links to, not just fraudsters (bad enough), but fraudsters who make a living from stuffing ballot boxes with votes for him. He then led us to war on concocted evidence. Sheesh. It's all a little bit soviet for me.

The most telling thing is that they were too stupid to effectively cover their tracks. Which, when you read about what senior members of the Bush administration staff have been caught doing lately, seems to be a hallmark of their operation.

The dog still ain't barking very loudly, tho', is it?
posted by dash_slot- at 9:09 AM on September 28, 2003

There's a simple problem, folks. This story is complicated. And the US media doesn't report complicated things. We all understand 'hanging chad' now, but only because the problem is so easily visualized. Heck, all computers are insecure, and voting has always been corrupt, and what's a die bold anyway?

There's a wonderful analogy between Bush leading the US and the US leading the world. Ignorance is strength.
posted by Nelson at 9:17 AM on September 28, 2003

Y'all ought to contract the Aussie voting management company to do your elections. They're impeccable, have eons of successful experience, are cost-effective, and their vote calculation system means that truly the best candidate gets elected.
posted by five fresh fish at 9:23 AM on September 28, 2003

If anyone is especially appalled or troubled by this story, let me know, my email's in my profile.
posted by troutfishing at 9:29 AM on September 28, 2003

Granted this is an important story, but how about a simple "(more inside)" next time, instead of blowing your wad all over the entire front page?
posted by JollyWanker at 9:52 AM on September 28, 2003

Especially appalled? I guess I need to work out my echelons of appallment.

Truth to tell, I'm heartened by the variety of links nicely posted above. And here I thought people were taking this completely lying down. Still, time is pressing, and damned if the star aren't lining up to make this Bush reelected. Right after reelection, guards will drop a bit, the bombshells will leak, and the administration may fall apart as Bush is forced to fire everyone around him to retain his position of plausible deniability.

Five fresh fish, you're right, we should outsource the goddamn system to someone removed from our election process. Whatever happened to the appearance of impropriety being a factor?

dash slot, yeah. I think it is a little too soviet block-like for my tastes. No doubt this is behind all the orwellian comparisons that people are complaining about.
posted by Busithoth at 9:53 AM on September 28, 2003

Metatalk. Dammit.
posted by ZachsMind at 10:18 AM on September 28, 2003

posted by badstone at 11:03 AM on September 28, 2003

According to EFF, the black box diebold system has already been vanquished, as IEEE is going back to the drawing board to put a paper trail into its draft for a voting standard. See their statement here.
posted by condour75 at 11:06 AM on September 28, 2003

MS Access passwords are stored as a block of bytes at the beginning of an .mdb file. Prior to Access 2000, these bytes were simply the result of XORing the password characters entered by the user with the bytes in a constant string. A couple of minutes with Google will reveal the specific value, and will probably give you some simple VB that will enable you to get in to any Office 97 file.

Apparantly a better encryption scheme is now in use; even so, it's easily defeated by commercial Office 'lost password' cracking programs. So, even without the tricks that are mentioned in some of the above links, password 'security' is quite weak in Access.
posted by crunchburger at 11:46 AM on September 28, 2003

I should also mention that, whether or not the issue is resolved, the people of diebold should be strung up by their privates for even attempting something like this. Hopefully I'm not misled on the ramifications of the IEEE decision -- can anyone shed light on this?
posted by condour75 at 12:50 PM on September 28, 2003

this really is important--our only recourse, especially when legislative and executive branches are controlled by the same party, is voting when we want change. If we can't even trust that our votes will go to who we want them to, we're sunk.
(and that's ignoring what went on in Florida.)

Why can't we have a nationwide, uniform, secure voting system? (especially for national elections) Even hanging chads and butterfly ballots look pretty good, compared to this horrendous shit.

Is the IEEE thing legally binding? will it require all districts in the country to have a verifiable paper trail?
posted by amberglow at 12:58 PM on September 28, 2003

So does this mean that the nerds will pick our elected officials from now on? I should probably give back some of that lunch money.
posted by fatbobsmith at 1:03 PM on September 28, 2003

Is this "voting" something I'd need a democracy to know about?
posted by nicwolff at 2:04 PM on September 28, 2003

I would demand:
1) plain old trusty paper ballot
2) one pc , one automatic document feeder scanner
3) one modem line
4) some open source voting scanning program

The fact that there may be a better technology doesn't imply that there's a mandatory need to replace old technology.
posted by elpapacito at 2:54 PM on September 28, 2003

amberglow: Cory Doctorow at Boing Boing made it sound like a done deal:
Electronic voting machines: WE WON!
Remember last week when EFF asked IEEE members to write to their organization to get it to rein in a broken standards process that was threatening to unleash corruptable voting-machines onto unsuspecting democracies?

Well, we won! After all the hue and cry over the problems with the proposed standard, the committee has voted no-confidence in the proposal, sending electronic voting-machines back to the drawing board.

But I'm really not sure how the process works. IEEE isn't legally binding as it's just a standard, but I believe most states would want to be compliant with their decision. If anyone knows more about this, I'd love to see some commentary on the issue.
posted by condour75 at 3:18 PM on September 28, 2003

The IEEE is an international organization of professional engineers that, among other things, releases standards. They are entirely non-governmental, and as such have no ability to enforce their standards. The standards generally apply to commercial products to ensure interoperability. 802.11b is one of their standards that might be most familiar to people.

The IEEE voting standards committee's website is here. The site has a great deal of information (drafts, emails, other communications). The full draft appears to only be available for purchase, but the draft of the "Security and Confidentiality" section is available here.

The problem is that, as I mentioned, the standard is not at all binding. This isn't a problem with standards like 802.11b, because wireless network cards that do conform to any of the popular IEEE standards don't generally sell well. But if Diebold decides they don't care for the IEEE standard (and from what I've read of their system and what I've read of the IEEE draft, they won't), it won't have the same effect.

However, Diebold has many competitors. I believe that the IEEE has enough recognition to cause standards-compliant systems to be more desirable than not. If other companies actually put some effort into making systems that follow the standard, then the free market might take care of things.
posted by whatnotever at 3:29 PM on September 28, 2003

On a somewhat lighter note: We've been working on this for a while...

[from Douglas W. Jones on Voting and Elections, with information about the current Diebold problems, the IEEE standard, and more!]
posted by whatnotever at 3:44 PM on September 28, 2003

thanks folks...we're supposed to be getting electronic machines here in nyc soon, but i doubt in time for the next presidential election. Our current ones are ancient pull-lever, and have their own problems, but at least couldn't be tampered with the way electronic ones can. Breakdowns are the usual problem, and people say that the creakiest, most prone-to-breakdown machines are always sent to the poorest neighborhoods.
posted by amberglow at 5:16 PM on September 28, 2003

Y'all ought to contract the Aussie voting management company to do your elections. They're impeccable, have eons of successful experience, are cost-effective, and their vote calculation system means that truly the best candidate gets elected.

Huh? What company is that? Voting in Aus is a clusterfuck of mindbending proportions, and no one understands the preference system.
posted by sennoma at 6:25 PM on September 28, 2003

I simply don't understand what's the matter with pencil and paper. You fill in box, you slap it on a scanner, it records the vote as it stuffs the paper into a lockbox.

Immediately after the election, the result is known. That night or the next day, the paper ballots are counted by humans. The results should correlate with the vote machine record. Easy-peasy.

sennoma: AFAIK, Aussie votes are run by a single non-profit organization. They're well-respected 'nuff that they also tend to be hired to run state, city, and even corporate votes.

As for preference system, it's the only sensible system. You simply mark down your votes in order of preference. The most-preferred candidate wins.

And there's a fine for not voting. Brilliant idea. You've got great incentive for showing up, and while you're there you might as well actually vote. If you're a hardcore non-voter, you can always spoil your ballot.
posted by five fresh fish at 6:39 PM on September 28, 2003

condour75 - I don't think BoingBoing has the time to go deeply into every story. Diebold machines - and other "no paper trail" voting machines are already widely used in the US. These machines are already purchased and in use, or purchased and due to be in use soon.

So "we" haven't won any definitive battles at all, as BoingBoing suggests.

In fact, "we" are losing the battles due to the fact that state officials have spent and are spending scarce state funds on these expensive, questionable systems. States are becoming financially committed to their use, and political careers may be at stake if these machines have to be scrapped. Hence the incentive to assure the public that they are perfectly secure, immune to tampering and hacking.

Diebold, Seqouia, and E & S Machines (three companies voting improprieties allegations have been made against) are heavily used in California already, and will be used in the Oct. 8 recall election, Maryland plans to use Diebold's systems in March of next year
even though "Independent study says Md.'s touch-screen device is vulnerable to tampering ; State believes flaws can be fixed; Work to ensure security starts; plan proceeds to use machines in March" This otherwise decent Baltimore Sun article neglects to mention that SAIC's "independence" is a bit questionable and that the company has been convicted of several different types of fraud within the last decade. (read about it here.

Diebold's systems have been in use in Georgia for about a year - since their initial use in the 2002 elections (an unexpected upset victory for incumbent Max Clellan's little known Republican challenger).
MSNBC extends the list: "Diebold is a major supplier of electronic voting equipment in the United States, with more than 50,000 of its voting stations installed in Georgia, California, Kansas and other states."
posted by troutfishing at 8:35 PM on September 28, 2003

It is sometimes as if the US is deliberately choosing to send itself straight to hell. You guys know the machines are no good, but you keep on using them?! Arrrgh!
posted by five fresh fish at 9:39 PM on September 28, 2003

this was interesting:
Representative Rush Holt of New Jersey introduced HR 2239, the"Voter Confidence and Increased Accessibility Act of 2003". If enacted, this would require all voting machines to produce a voter verified paper trail by 2004.--from here
posted by amberglow at 9:46 PM on September 28, 2003

amberglow - I should have mentioned that. It's up against a lot of opposition - re my previous comment - and will require a lot of help to pass.
posted by troutfishing at 4:21 AM on September 29, 2003

excellent work collecting all this information troutfishing. thanks.
posted by nofundy at 6:04 AM on September 29, 2003

Let's hold a referendum. Then we can all vote against using these machines.
posted by Mars Saxman at 9:00 AM on September 29, 2003

Here's what I learned from Ren Bucholz, from EFF:

IEEE standard will be adopted nationwide as specified in the Help America Vote Act of 2002. Therefore, the IEEE standard is binding. HOWEVER: States have several years to come into compliance, until 2006. There may be quite a few legal messes, as states that already have non-compliant diebold machines have not all specified in their contracts that diebold should update to any new standard.

Also, no new IEEE has been finalized. The first lousy one was defeated. So a good IEEE standard will get the ball rolling and force changes, but it's by no means a done deal. Figuratively speaking, we blew up the death star but Darth Vader is still spinning around in his Tie fighter, free to pursue a life of religious fulfillment. That's my analogy, not Ren's.

The wording of HAVA is available here.
posted by condour75 at 12:34 PM on September 29, 2003

condour75 - What was the Death Star? Was it the lousy IEEE standard which was canned? Or it it the whole situation - the HAVA deadlines and thus the need to purchase machines (under a currently unclear IEEE standard) together with the push - by makers of lousy voting machines (with questionable motives) run by shaky and insecure software - to sell substandard products ?

Did you run across any mention of the need for a physical paper trail? That's considered a sine qua non by some voting security experts. I'm curious and don't have the time at the moment to slog through all that text (thanks for the link).

One final thought for now - I was chatting with some Canadians (about this recently) who drolly observed: "We use paper ballots filled out by hand in Canada - no computer driven voting machines at all but just good old paper and pencil (or maybe ink). And guess what? - we get the national vote counted the same night and there's never controversy over the accuracy of the results."

That could be a wee bit boastful but still - what's wrong with that system? Wouldn't it be more effective to just bring in international observers to monitor and verify elections? (the handicapped could use computer driven technology, OK. Maybe it could be available (closely supervised) for those who fill the need. But I'd say that the highest possible barrier to large scale election fraud lies in millions of paper ballots filled out by millions of voters - and: it's far easier to deprive people of their right to vote, and it can be done an a much vaster scale - through software manipulation than by any other of the countless sleazy methods and tricks which criminally inventive political partisans have devised.

Boss Tweed and Jim Crow can't be killed - only driven under a rock - and the light of day of public transparency accomplishes this wonderfully.

paper! paper paper paper! paper paper! paper paper papapay pa pa pa per paper paper paper
posted by troutfishing at 2:46 PM on September 29, 2003

The death star was black box computer voting -- yes, the lousy IEEE standard-to-be was canned, mainly for not producing a paper trail. A new IEEE standard will include a paper trail, as that's the primary reason the old one was scrapped. Ergo, by 2006, according to the laws set forth by congress, provided that IEEE does what it says it's going to do, every electronic voting system will be required to have a paper trail.

Why not just have paper? You're probably right, but you know, people like these computer things.
posted by condour75 at 3:35 PM on September 29, 2003

condour75 - Thanks
posted by troutfishing at 6:59 PM on September 29, 2003

and thanks for a great fpp -- also, Ren sent me a wee correction: technically HAVA doesn't specify IEEE as being the standard provider, although it has a seat on the Committee defined in HAVA, and no one else on that committee has drafted anything to his knowledge.
posted by condour75 at 7:35 PM on September 29, 2003

condour75 - Oh no. The Devil (always lurking in the details) again creeps in! MetaTalk
posted by troutfishing at 9:28 PM on September 29, 2003

« Older Grippes, quincy & ague - presidential medical...   |   British find WMDs, evidence of gruesome... Newer »

This thread has been archived and is closed to new comments