|
|
Tags for This Article:
Voting Integrity (2708) Democracy (1945) Voting Technology (1918) Voting (1675) Voting Machines (1479) Voting Reform (1059) Voting Laws State (605) Fraud (568) Technology (396) Computers (203)
|
Add to My Group
Not only does New York lack the plausible deniability the rest of the nation may assert as the litigation for fraud and breach of contract against the voting vendors mushrooms, but New York is also on notice that these vendors are ineligible to do business in New York. The evidence of the vendors' flagrantly "irresponsible" conduct and record of failed voting equipment is contained at http://www.votersunite.org/info/VendorsProhibited.pdf , http://www.votersunite.org/info/IrresponsibleVendors.pdf and http://www.votersunite.org/info/UpdatedVendorIrresponsibility807.pdf. Non-responsible vendors include a vendor whose committed a crime, been indicted for a crime, committed ethical violations, exhibited failed past performance on other contracts, etc. The list of "non-responsibility" for the voting vendors New York is proposing to do business with is a virtual who's who of non-responsibility. Who in New York is paying attention? Who is going to take responsibility, look at the evidence and enforce the law, enjoining these vendors from conducting business in New York?
Who is going to implement New York's law, which requires that the state's machines be capable of demonstrating their "integrity and security" by being able to "demonstrate an accurate tally"3. None of the machines New York is considering purchasing can do that. Secretary Bowen has already told us of all of these machines' "inadequa[cy] to ensure accuracy and integrity of the election results". New York could choose to disregard her findings- in which case I bet I know where we could pick up some equipment at fire sale prices. Or is someone in a position of responsibility in New York going to step up and ensure New Yorkers that they will not be trading in their lever machines for these electronic voting systems now publicly revealed to be not merely snake oil, but the antithesis of what is required for a secure, transparent, reliable electoral system? Why Computerized Voting Systems are so Much worse than Our Lever Machines4 Computerized Voting Machines Are Vulnerable to Viruses and Other Attacks Which Can Spread Between Voting Machines and Steal Votes on the Infected Machines Regardless of New York's Ban on Wireless Devices All of the electronic voting machines tested in California were found vulnerable to malicious attacks that could "affect election outcomes". The reports also point out:An attack could plausibly be accomplished by a single skilled individual with temporary access to a single voting machine. The damage could be extensive - malicious code could spread to every voting machine in polling places and to county election servers. The fact that New York prohibits wireless devices will not prevent the election-altering attacks found by California's independent experts to be so easily executable. I asked Bruce O'Dell5 to explain why even with a ban on wireless, there's really no such thing as a "closed system" with "stand-alone" computers. Understanding that computerized voting machines are fundamentally different than mechanical lever machines in this way is essential to appreciating how devastating it would be for New York to switch our lever machines for these electronic voting machines, particularly the DREs. The implications for tampering on a grand scale are breathtaking.Malware (software that performs a malicious function) can be spread from voting machine to voting machine - like deliberately-crafted viruses that not only change election results, but spread form machine to machine via memory cards, and delete themselves at the end of the election (see the Princeton report for an example). But that's just one way to subvert the voting software. Here are more ways I can think of:- hardware exploits; the manufacturer of a circuit board substitutes components which contain hardware with covert functionality; this was exploited by the CIA against the Soviet Union in the 1980s, when they discovered a company smuggling computer hardware into Russia form the West; among the consequences was the largest non-nuclear explosion ever recorded, as the compromised equipment was installed to regulate the Soviet natural gas system. This is described in the attached document, (which is among the best short introductions to computer security that is accessible to the general reader). And of course, there is simply no way to know for sure if a wireless receiver has been built into any piece of voting equipment. The feasibility and consequences of that particular class of exploit are described in Section 3.1.1 and 3.1.2 of www.verifiedvoting.org/downloads/shamos-rebuttal.pdf - Rootkit and virtualization technology. Both the Brennan Center and Princeton reports mention rootkit or virtualization attacks on voting equipment. A rootkit is a type of software exploit which specifically replaces and/or bypasses portions of the operating system that are used to detect the presence of malicious software. (Google "rootkit" - Wikipedia has a reasonably accurate overview). With sufficiently sophisticated virtualization technology, the voting software and operating system itself could be perfectly fine; it would just be interrupted during elections to enable the malicious code to execute. There would be no way for the non-rootkit code to know this had happened. This kind of exploit is ideally suited to be introduced by malicious insiders at the vendor or manufacturer, but anyone with hands-on access to central tabulators or memory cards or precinct equipment, or direct or indirect access to the networks connected to central tabulators, could introduce a self-replicating rootkit. - Device driver and privileged code. Every other software component might be legitimate, but compromising device drivers or privileged operating system code enables malicious code to take complete control of the device. One or a few malicious insiders at the manufacturer, vendor - or anyone with hands-on access to central tabulators or precinct equipment, or direct or indirect access to the networks connected to central tabulators, could compromise thousands of machines. This code can be distributed under the guise of a software patch if you believe Chris Hood (the whistleblower who reported undocumented patch distribution in Diebold equipment in Georgia in 2002). [For more about this whistleblower and the theft of Georgia's elections, see RFK Jr.'s http://www.rollingstone.com/politics/story/11717105/robert_f_kennedy_jr__will_the_next_election_be_hacked]. - Malicious application logic. Ideally suited for exploit by malicious insiders at the vendor, with potential exploitation by malicious insiders at the state or county election office (anyone with hands-on access to central tabulators, memory cards or precinct equipment, or direct or indirect access to the networks connected to central tabulators), as Harri Hursti demonstrated with his Diebold op-scan exploits. - Memory card exploits. Both Hursti and Princeton researchers have shown how executable code can be transmitted on memory cards from machine to machine.The following studies/reports all confirm that there is no such thing as closed, stand-alone computerized voting systems and attest to the ease with which voting software can be corrupted to alter the outcome of an election, often without detection. Moreover, these independent studies demonstrate how computerized voting has created the potential for theft on a massive scale, made possible for the first time in history by this technology. http://brennancenter.org/dynamic/subpages/download_file_39288.pdf http://itpolicy.princeton.edu/voting/ts-paper.pdf http://www.sos.ca.gov/elections/elections_vsr.htm http://www.blackboxvoting.org/BBVtsxstudy.pdf http://www.blackboxvoting.org/BBVreport.pdf If You Don't Call Your Government on its Negligence and Irresponsibility, Who Do You Think Is Going to Do That? These computers, which the nation has been forced to vote on, have created the very opposite of what 150 years of case law in New York has established as essential to a democratic election: a secure, accurate means to vote in which the risk of tampering is reduced as much as is humanly possible. Nothing in New York's "better" law, including the ban of wireless devices or the requirement that source coding be places in escrow, will adequately safeguard against the potential for this wholesale computer-assisted fraud, which humans could never have achieved alone.6 All of the inspection reports mentioned above are responding to the existing crisis wherein the other states already bought these unsafe and unreliable electronic voting systems, leaving the computer experts to propose mitigation strategies in an attempt to make the most of a bad situation. There is no excuse for New York to purchase these poorly designed, insecure machines only to have to then spend millions more of our tax dollars trying to compensate for their inadequacies through auditing and mitigation strategies. Instead, New York can pay attention to the overwhelming evidence and make the only reasonable decision – which is to not purchase such flawed and budget-breaking voting systems. The other states, all of which have committed the error of negligently presuming the voting machines sold by these vendors were secure, are now suffering the consequences of their irresponsibility. No responsible business would approach security that way. As Bruce O'Dell stated to me: The boards of directors of publicly-owned companies that applied the same standard to their corporate accounting systems would face the very real prospect of personal jail time under the federal Sarbanes-Oxley legislation, and their corporation's stock could well be delisted.
www.re-media.org Andi Novick Northeast Citizens for Responsible Media www.re-media.org
Copyright © OpEdNews, 2002-2008 |
|
||||||||||||||||||||||||||||||||||||||||
Must Read (
Well Said (
News (
Touching (
Funny (
Supported (
Interesting (
Inspiring (
Valuable (
