Subject: RE: diebold, etc hacks
From: "Gregory G. Luke" <gluke@strumwooch.com>
Date: 12/22/2005, 3:19 PM
To: "'Howard J. Brown'" <hbrown@jamestownr.com>, "'Larry Levine'" <larrylevine@earthlink.net>, "'Paul Goodwin'" <paulg@goodwinsimon.com>, "'Lisa Hansen'" <Lhansen@council.lacity.org>, "'John Levine'" <jlevine_1@hotmail.com>, "'Jeffery J. Daar'" <jdaar@daarnewman.com>, election-law@majordomo.lls.edu, gbandassoc@aol.com

Mr. Brown,

Your statement is simply untrue, unless you confine your definition of
"real-world elections" to multi-county elections operating different
vote counting technologies, in which case the complexity of altering
aggregated results does increase exponentially.

It is important, however, to recall that many multi-jurisdictional
elections are close enough that altering the outcome of a small number
of jurisdictions may change the aggregate outcome.  Targeting such swing
counties is not the stuff of science fiction.

Further, within any given county, there are always elections involving
"real-world" contests, issues, and consequences.

The Hursti hack demonstrates that all one needs to alter results on GEMS
servers undetectably (used both by almost all OS and DRE systems) is
access.  Such access does not require a broad coordinated conspiracy.
Mere incompetence would suffice, and the record of recent DRE elections
here in California is enough to give one pause.

In Alameda and Riverside Counties (CA), for instance, it is the policy
of elections officials to deny requests for system access
("chain-of-custody") and other records in connection with DRE recounts,
despite the plain mandate of CA Elections Code 15630, which provides
that "[a]ll ballots, whether voted or not, and any other relevant
material may be examined as part of any recount if the voter .... so
requests."

Denial of public access to such plainly relevant election material (now
the subject of two parallel legal challenges) lays bare an essential
danger: attention to DRE system design & functionality is not sufficient
to protect long-standing, public post-election rights and remedies.
Just as the election laws around the country adapted to the use of
mechanical lever voting machines (which also do not preserve ballots),
so must they now adapt to the use of DREs if citizens hope to preserve
their right to verify election results.

Recent AVVPAT mandates contribute to such verifiability, but, as the
California Association of Clerks and Elections Officials has warned (in
opposing such paper trail mandates), the VVPAT does not close the loop
against all forms of electronic data/vote tally manipulation.


Gregory Luke
Strumwasser & Woocher LLP
100 Wilshire Blvd., Suite 1900
Santa Monica, CA  90401
      Phone: (310) 576-1233
      Facsimile: (310) 319-0156
       gluke@strumwooch.com 
 
IMPORTANT NOTICE: This message is intended for the use of the individual
or entity to which it is addressed and may contain information that is
privileged, confidential, and exempt from disclosure under applicable
law.  If you read this message, and you are not the intended recipient,
or the employee or agent responsible for delivering this message to the
intended recipient, you are hereby notified that any dissemination,
distribution, or copying of any part of this communication is strictly
prohibited.  If you have received or read this communication in error,
please notify the sender immediately by e-mail reply or by telephone and
immediately delete this message and all its attachments from all data
storage media.
 

-----Original Message-----
From: Howard J. Brown [mailto:hbrown@jamestownr.com] 
Sent: Thursday, December 22, 2005 11:33 AM
To: Larry Levine; Paul Goodwin; Lisa Hansen; John Levine; Jeffery J.
Daar; election-law@majordomo.lls.edu; gbandassoc@aol.com
Subject: Re: diebold, etc hacks

and the chances of a broad enough coordinated conspiracy to do the
hacking
described in the article, sufficient to affect a real-world election,
approach zero.
H Brown
----- Original Message ----- 
From: "Larry Levine" <larrylevine@earthlink.net>
To: "Paul Goodwin" <paulg@goodwinsimon.com>; "Lisa Hansen"
<Lhansen@council.lacity.org>; "John Levine" <jlevine_1@hotmail.com>;
"Jeffery J. Daar" <jdaar@daarnewman.com>;
<election-law@majordomo.lls.edu>;
<gbandassoc@aol.com>
Sent: Thursday, December 22, 2005 1:08 PM
Subject: Fw: diebold, etc hacks




----- Original Message ----- 
From: "Barry Wellman" <wellman@chass.utoronto.ca>
To: "Lloyd Levine" <levine4assembly@hotmail.com>;

<Lloyd.Levine@asm.ca.gov>

Cc: "larry levine" <larrylevine@earthlink.net>; "beverly wellman"
<bevwell@chass.utoronto.ca>
Sent: Thursday, December 22, 2005 6:05 AM
Subject: diebold, etc hacks


got 'em by the scrotum now!

 Barry
 _____________________________________________________________________

  Barry Wellman         Professor of Sociology        NetLab Director
  wellman at chass.utoronto.ca  http://www.chass.utoronto.ca/~wellman

  Centre for Urban & Community Studies          University of Toronto
  455 Spadina Avenue    Toronto Canada M5S 2G8    fax:+1-416-978-7162
     To network is to live; to live is to network
 _____________________________________________________________________
http://www.wired.com/news/evote/1,69893-0.html


Welcome to Wired News. Skip directly to: Search Box, Section

Navigation,

Content.

Wired News
Search:
  Text Size: Small Text Normal Text Large Text Larger Text
[Home][Technology][Culture][Politics][Wire

Services][Blogs][Columns][Wired

Magazine]

Diebold Hack Hints at Wider Flaws


Breaking News
Breaking News from AP and Reuters

    * NYC Transit Union Chief Hints at Talks
    * Japanese minister calls China a threat
    * Israel kills West Bank gunmen
    * Italy probes US marine for murder in Iraq
    * Signs of Tamiflu resistance no cause for alarm: WHO


Special Partner Promotion
Find local technology jobs.
*
See Also

    * Can State Ignore Its E-Vote Law?
    * Another Blow to E-Voting Company
    * An Introduction to E-Voting
    * E-Vote Guidelines Need Work
    * Pull the lever on Machine Politics

By Kim Zetter Kim Zetter | Also by this reporter
2005-12-21 08:35:00.0

Election officials spooked by tampering in a test last week of Diebold
optical-scan voting machines should be equally wary of optical-scan
equipment produced by other manufacturers, according to a computer
scientist who conducted the test.

Election officials in Florida's Leon County, where the test occurred,
promptly announced plans to drop Diebold machines in favor of

optical-scan

machines made by Election Systems & Software, or ES&S. But Hugh

Thompson,

an adjunct computer science professor at the Florida Institute of
Technology who helped devise last week's test, believes other systems
could also be vulnerable.

"Looking at these systems doesn't send off signals that ... if we just

get

rid of Diebold and go to another vendor we'll be safe," Thompson said.

"We

know the Diebold machines are vulnerable. As for ES&S, we don't know

that

they're bad but we don't know that they're (good) either."

Thompson and Harri Hursti, a Finnish computer scientist, were able to
change votes on the Diebold machine without leaving a trace. Hursti
conducted the same test for the California secretary of state's office
Tuesday. The office did not return several calls for comment.

Information about the vulnerability comes as states face deadlines to
qualify for federal funding to replace punch-card and lever machines

with

new touch-screen or optical-scan machines. In order to get funding,

states

must have new machines in place by their first federal election after

Jan.

1, 2006.

Optical-scan machines have become the preferred choice of many

election

officials due to the controversy over touch-screen voting machines,

many

of which do not produce a paper trail. Optical-scan machines use a

paper

ballot on which voters mark selections with a pen before officials

scan

them into a machine. The paper serves as a backup if the machine fails

or

officials need to recount votes.

The hack Thompson and Hursti performed involves a memory card that's
inserted in the Diebold machines to record votes as officials scan
ballots. According to Thompson, data on the cards isn't encrypted or
secured with passwords. Anyone with programming skills and access to

the

cards -- such as a county elections technical administrator, a savvy

poll

worker or a voting company employee -- can alter the data using a

laptop

and card reader.

To test the machines, Thompson and Hursti conducted a mock election on
systems loaded with a rigged memory card. The election consisted of

eight

ballots asking voters to decide, yes or no, if the Diebold

optical-scan

machine could be hacked.

Six people voted "no" and two voted "yes." But after scanning the

ballots,

the total showed one "no" vote and seven "yes" votes.

Diebold did not return several calls for comment.

Thompson said in a real race between candidates someone could pre-load

50

votes for Candidate A and minus 50 votes for Candidate B, for example.
Candidate B would need to receive 100 votes before equaling Candidate

A's

level at the start of the race. The total number of votes on the

machine

would equal the number of voters, so election officials wouldn't

become

suspicious.

"It's self-destroying evidence," he said. "Once ... the machine gets

past

zero and starts counting forward for Candidate B, there's no record

that

at one point there were negative votes for Candidate B."

Thompson said a second vulnerability in the cards makes it easy to

program

the voting machine so that it thinks the card is blank at the start of

the

race. This is important because before voting begins on Election Day,

poll

workers print a report of vote totals from each machine to show voters
that the machines contain no votes.

"The logic to print that zero report is contained on the memory card
itself," Thompson said. "So all you do is alter that code ... to

always

print out a zero report (in the morning)."

David Jefferson, a computer scientist at Lawrence Livermore National
Laboratory and chair of California's Voting Systems Technical

Assessment

and Advisory Board, said that programming software on a removable

memory

card raises grave concerns.

"The instant anyone with security sensibility hears this, red flags

and

clanging alarms happen," Jefferson said. "Because this software that

is

inserted from the memory module is not part of the code base that goes
through the qualification process, so it's code that escapes federal
scrutiny."

The vote manipulation could conceivably be caught in states where

election

laws require officials to conduct a 1 percent manual recount to

compare

digital votes against paper ballots. Parallel monitoring, in which
officials pull out random machines for testing on Election Day, might

also

catch vote manipulation.

But Thompson says machines could be programmed to recognize when

they're

being tested so as not to change votes during that time. And a manual
recount that only examines 1 percent of machines might not be broad
enough.

"The question is, if you have altered a memory card in just one of the
polling places or even just on one machine, what are the chances that

the

machine would fall under that 1 percent?" Thompson said. "That's kind

of

scary."

[Print story][E-mail story] Page 1 of 1
Ads by GooglePadgett Communications
Audience Response Specialists
providing wireless voting keypads.
www.pcipro.com
UK/EU Audience Response
UK/EU Powerpoint Compatible
Electronic voting systems
www.teamtalk.co.uk
New Democratic Party
Get Today's Top Election News Free!
Compare News Articles & More at AOL
www.aol.ca
Innovision Incorporated
Wireless Audience Response and
Interactive Meeting Technologies
www.innovisioninc.com


Wired News: Contact Us | Advertising | Subscribe
We are translated daily into Korean and Japanese
C Copyright 2005, Lycos, Inc. All Rights Reserved. LycosR is a

registered

trademark of Carnegie Mellon University.
Your use of this website constitutes acceptance of the Lycos Privacy
Policy and Terms & Conditions