WHO'LL STOP THE TRAIN (WRECK)? Reject Theft-Enabling Voting Computers

Who is going to implement New York's law, which requires that the state's machines be capable of demonstrating their "integrity and security" by being able to "demonstrate an accurate tally"3. None of the machines New York is considering purchasing can do that. Secretary Bowen has already told us of all of these machines' "inadequa[cy] to ensure accuracy and integrity of the election results". New York could choose to disregard her findings- in which case I bet I know where we could pick up some equipment at fire sale prices. Or is someone in a position of responsibility in New York going to step up and ensure New Yorkers that they will not be trading in their lever machines for these electronic voting systems now publicly revealed to be not merely snake oil, but the antithesis of what is required for a secure, transparent, reliable electoral system?

Computerized Voting Machines Are Vulnerable to Viruses and Other Attacks Which Can Spread Between Voting Machines and Steal Votes on the Infected Machines Regardless of New York's Ban on Wireless Devices

Malware (software that performs a malicious function) can be spread from voting machine to voting machine - like deliberately-crafted viruses that not only change election results, but spread form machine to machine via memory cards, and delete themselves at the end of the election (see the Princeton report for an example).

But that's just one way to subvert the voting software. Here are more ways I can think of:- hardware exploits; the manufacturer of a circuit board substitutes components which contain hardware with covert functionality; this was exploited by the CIA against the Soviet Union in the 1980s, when they discovered a company smuggling computer hardware into Russia form the West; among the consequences was the largest non-nuclear explosion ever recorded, as the compromised equipment was installed to regulate the Soviet natural gas system. This is described in the attached document, (which is among the best short introductions to computer security that is accessible to the general reader). And of course, there is simply no way to know for sure if a wireless receiver has been built into any piece of voting equipment. The feasibility and consequences of that particular class of exploit are described in Section 3.1.1 and 3.1.2 of www.verifiedvoting.org/downloads/shamos-rebuttal.pdf

- Rootkit and virtualization technology. Both the Brennan Center and Princeton reports mention rootkit or virtualization attacks on voting equipment. A rootkit is a type of software exploit which specifically replaces and/or bypasses portions of the operating system that are used to detect the presence of malicious software. (Google "rootkit" - Wikipedia has a reasonably accurate overview). With sufficiently sophisticated virtualization technology, the voting software and operating system itself could be perfectly fine; it would just be interrupted during elections to enable the malicious code to execute. There would be no way for the non-rootkit code to know this had happened. This kind of exploit is ideally suited to be introduced by malicious insiders at the vendor or manufacturer, but anyone with hands-on access to central tabulators or memory cards or precinct equipment, or direct or indirect access to the networks connected to central tabulators, could introduce a self-replicating rootkit.

- Device driver and privileged code. Every other software component might be legitimate, but compromising device drivers or privileged operating system code enables malicious code to take complete control of the device. One or a few malicious insiders at the manufacturer, vendor - or anyone with hands-on access to central tabulators or precinct equipment, or direct or indirect access to the networks connected to central tabulators, could compromise thousands of machines. This code can be distributed under the guise of a software patch if you believe Chris Hood (the whistleblower who reported undocumented patch distribution in Diebold equipment in Georgia in 2002). [For more about this whistleblower and the theft of Georgia's elections, see RFK Jr.'s http://www.rollingstone.com/politics/story/11717105/robert_f_kennedy_jr__will_the_next_election_be_hacked].

- Malicious application logic. Ideally suited for exploit by malicious insiders at the vendor, with potential exploitation by malicious insiders at the state or county election office (anyone with hands-on access to central tabulators, memory cards or precinct equipment, or direct or indirect access to the networks connected to central tabulators), as Harri Hursti demonstrated with his Diebold op-scan exploits.

The following studies/reports all confirm that there is no such thing as closed, stand-alone computerized voting systems and attest to the ease with which voting software can be corrupted to alter the outcome of an election, often without detection. Moreover, these independent studies demonstrate how computerized voting has created the potential for theft on a massive scale, made possible for the first time in history by this technology.

http://brennancenter.org/dynamic/subpages/download_file_39288.pdf http://itpolicy.princeton.edu/voting/ts-paper.pdf http://www.sos.ca.gov/elections/elections_vsr.htm http://www.blackboxvoting.org/BBVtsxstudy.pdf http://www.blackboxvoting.org/BBVreport.pdf

If You Don't Call Your Government on its Negligence and Irresponsibility, Who Do You Think Is Going to Do That?

These computers, which the nation has been forced to vote on, have created the very opposite of what 150 years of case law in New York has established as essential to a democratic election: a secure, accurate means to vote in which the risk of tampering is reduced as much as is humanly possible. Nothing in New York's "better" law, including the ban of wireless devices or the requirement that source coding be places in escrow, will adequately safeguard against the potential for this wholesale computer-assisted fraud, which humans could never have achieved alone.6

All of the inspection reports mentioned above are responding to the existing crisis wherein the other states already bought these unsafe and unreliable electronic voting systems, leaving the computer experts to propose mitigation strategies in an attempt to make the most of a bad situation. There is no excuse for New York to purchase these poorly designed, insecure machines only to have to then spend millions more of our tax dollars trying to compensate for their inadequacies through auditing and mitigation strategies. Instead, New York can pay attention to the overwhelming evidence and make the only reasonable decision – which is to not purchase such flawed and budget-breaking voting systems.

 1  |  2  |  3  |  4  |  5  |  6  |  7

 

ElectionTransparencyCoalitition.org

Andi Novick Election Transparency Coalition, www.etcnys.org, http://nylevers.wordpress.com/

The views expressed in this article are the sole responsibility of the author
and do not necessarily reflect those of this website or its editors.

Contact Author

Contact Editor

View Authors' Articles