Tuesday | September 23, 2003
Diebold machines are scary shit
Many of you have urged me to write about electronic voting machines in the past, but I've demurred. It lends way too much to defeatist "they're going to steal the election anyway, so why bother voting" talk.
Not only that, but I wanted to make sure the tin-foil-hat aspect of the issue was cleared out.
Now that more media attention is being paid to the issue, it looks like there was very little "tin foil" on the issue. It's legit, and it's scary.
Tell me about the flaw you uncovered in the Diebold system.
Well, we uncovered a few problems in the memos, but the first one that we published specifically supported the flaw that I wrote about in July of 2003. And to my surprise these memos admitted they were aware of the flaw, and it was actually brought to their attention by Ciber labs -- which is a certifier -- in October 2001, and they made a decision not to fix it [...]
So what was the flaw?
Specifically the flaw was that you can get at the central vote-counting database through Microsoft Access. They have the security disabled. And when you get in that way, you are able to overwrite the audit log, which is supposed to log the transactions, and this [audit log] is one of the key things they cite as a security measure when they sell the system.
So you can break in and then hide your tracks.
You don't even need to break in. It will open right up and in you go. You can change the votes and you can overwrite the audit trail. It doesn't keep any record of anything in the audit trail when you're in this back door, but let's say you went in the front door and you didn't want to have anything you did there appear anywhere -- you can then go in the backdoor and erase what you did.
Who would have access to this? Are we talking about elections officials?
A couple situations. Obviously anybody who has access to the computer, whether that's the election supervisor, their assistants, the IT people, the janitor -- anybody who has access to the computer can get into it.
Where is this computer -- is there one per county?
Yes, there's one per county.
The other situation would be supposing someone gets in by either hacking the telephone system or by going backwards in through the Internet, because the Internet does connect to these GEMS computers, even though they deny it. A lot of the press watches election results come in on the Web and what they're watching is actually being uploaded directly off the GEMS computer.
These computers in the counties are connected to the Internet, and someone can go through the Internet --
-- and just go into it, correct. It would be as the results are uploading. You see, they make a big point of the fact that there's no Internet connection to the voting machine, but that's sort of parsing the issue. That's true, in the polling places there's no Internet connection, but the voting machines connect into the GEMS machine through modem. And the GEMS machine then connects to the Internet, and that's what the press watches.
And somebody who knows about this can go to each one of those GEMS machines and have access to the vote and change the results?
Yes, as they're coming in.
Note that this isn't a partisan issue. Yeah, the Diebold CEO is a hardcore GOoPer who has promised to deliver Ohio to Bush in 2004 and all. But the vulnerabilities in the machines can be exploited by anyone. Democrats in California could use them to screw Republicans just as Republicans in Florida can use them to screw Democrats.
It's about real Democracy. It's about ensuring votes are counted and awarded to the candidate who earned those votes.
What's so difficult about slapping a little printer on each machine and having it spit out a paper ballot (like a receipt)? If there are any irregularities, count the paper ballots to guarantee the integrity of the electoral process.
Posted September 23, 2003 01:16 PM | Comments (166)