Elections Hacked and 'Man of the Year'.

November 05, 2006 at 11:05 PM | categories: stupidity, liberty rants, security | View Comments

I get excited around election time. I hope for change in this country and I think that my vote matters. There are so many exciting candidates running this year. With such a principled platform, and so many good candidates running, I have every hope in the world that there will be at least one libertarian victory this year.

Oh, but aren't I so naive?

Elections Hacked

The Elections in this country are rigged. You might label me a conspiracy theorist for that statement, but before you do, watch this video: HBO's Elections Hacked. Here are just a few of the extraordinary things brought forth in this film:

  • With unmodified 2004 Diebold voting machines, Blackbox voting was able to show that they could rig an election by replacing the memory card with one which was specially prepared to skew the votes. Also, there was no evidence of tampering and all of the security checks done by the unit itself passed both prior to and after the voting occurred. The memory cards also have an executable binary on them that could be modified to skew results while leaving no trace of the change besides the change itself. The votes on the paper log, those stored on the card, as well as the integrity checks performed by the machine would appear impeccable. The only way for someone to detect foul play would be to audit the memory card itself, which because it's detachable from the voting machine itself can easily be destroyed and/or replaced.
  • The GEMS system, diebold's vote counting system can easily be hacked by simply changing values in an unencrypted, non hash value checked database. As long as you change the value outside of the GEMS system (ie with a hex editor) the GEMS system does not detect any foul play and assumes the value is correct.
  • Diebold claims that the memory cards used in their systems contain no binary executable component. A forensic analysis of an actual diebold memory card proved otherwise. An executable on the memory card introduces the possibility of someone modifying the way in which votes are collected on the voting machines by simply replacing the memory card.

Do we have any proof of rigged elections in this country? No, and we probably never will -- there simply is no public access to scrutinize the voting process. But before labeling me a conspiracy theorist, please ask yourself: Isn't there enough evidence to prove that the elections COULD POSSIBLY be rigged without detection? If your answer is yes then we have common ground and we need to do something about it.. if your answer is no, prove me wrong, and if you're unable to do that.. then you're simply not paying attention.

I am a computer scientist and I am completely disgusted by what BlackBox voting was able to uncover in the above mentioned film. Here are very simple modifications that every Computer Science BS graduate I know of could implement with readily available and easy to use tools:

  • Hash value checking. If you perform a hash value function (eg md5 sum) over the entire memory card (as well as a seperate hash specifically over the executable portion) before it is allowed to continue with the vote tabulation process, there is no way that someone could tamper with the memory card because the original hash value and the hash value of the card would not match. I am simply flabbergasted that this simple technique is not used in the diebold system. In the film it was obvious that the only audit trail left behind on the paper log was that the initial vote counts were all zeros. Certainly this is good information to have, but in addition to that, it should report that every single bit of memory on the card is in its original condition, including the binary executable portion of the card to insure that it hasn't been tampered with. Diebold should publish the md5 sum of the executables on a public website, have several independent arbiters audit the code with the same md5 sum as published, then the county should publish the md5 sum of a properly zeroed card on the election commission website, and then photographically scan and post on their website each signed paper log to show that the md5 sum printed on the log is exactly the same before vote tabulation occurs as the 'pristine' card's md5 sum. In case you didn't follow all that, if those guidelines were followed, it would PROVE that the card was not tampered with as long as the independent arbiters were of good character and had a solid understanding of the code.
  • Encryption. Encryption is so incredibly easy to implement these days. As the video showed, the GEMS system database is obviously written in PLAIN TEXT. If the system were to simply apply a little basic encryption then modification of that data would be impossible unless the attacker were to know the key, which could be different at each precinct and generated just minutes before the polls open. Every computer science program in the country teaches at least something about encryption, so the fact that Diebold is not using it in their system shows they are either completely incompetent or completely fraudulent in their practices.
Certainly though, one of the absolute best practices for ensuring correct vote tabulation is to use paper ballots which have worked just fine for a good long time. But even if in the interests of performing vote counts rapidly, we desire an electronic voting system, an open-source public scrutinizable (sp?) voting system is a no brainer. Why do we, the taxpayers, purchase a very expensive voting system and then not demand access into it's internals?

Man of the Year

WARNING: movie plot spoilers ahead

Apparently, I am not alone in my view on electronic voting. Even the movies are talking about it. Last night I went to the theater and saw Man of the Year. The new Robin Williams movie about a third party candidate winning the presidential election is also all about how electronic voting might go wrong. It is also probably the worst movie I've seen this year. In all actuality, it is doing a superb job at misdirecting attention away from the fine efforts being done by Blackbox voting by showing how absurd a 'glitch' in the voting system might be. But before I tell you why I hated this film, let me tell you the few things I did like about this movie:

  • Dobbs (Robin Williams' character) is a third party candidate
  • He gets into the presidential debate (However, he does seem to get in with relative ease, which doesn't educate the public much on the problems third party candidates have in getting into the debates in the real world.)
  • He touches on some interesting current event topics (His TSA joke about the old lady being labeled a terrorist was especially funny)

But here is why I really hated this film:

  • Dobbs wins the election because of a 'glitch' in the electronic voting system. This 'glitch' is that any candidate with double letters in his name will win as long as those letters alphabetically precede any other candidates double letters. Dobbs wins because he has two B's in his name (beating out Kelogg with two G's and Mills with two L's because B comes before G which comes before L). As a computer scientist, I found this plot device to be totally, absurdly, stupidly distracting throughout the entire movie. There is absolutely NO WAY that a 'glitch' of this nature would ever occur, it would have to be deliberate, but when Dobbs tells america that his election was incorrectly chosen, he is quick to point out that no foul play was involved and that it was simply an accidental computer 'glitch'. Had it been malicious, it probably would have made for a much more entertaining film, but then they would still have had to come up with a more involved, more realistic method for changing the votes. This plot device simply insulted my intelligence.
  • Eleanor, the voting system manufacturer whistle blower, meets Dobbs and has a grand old time with him, dancing, paintball shooting, a thanksgiving dinner, but takes her sweet-ass time (almost a month) to tell Dobbs that the vote was a fraud. Then once she does tell him, Dobbs immediately believes her. Eleanor offers no proof to him whatsoever. What could have been a political and technological intriguing point.. died with a thud.

The worst part of this movie is that, as absurd as it is, it could make some people believe that this sort of thing is what the whole problem with real-world elections is about, and if they ever realize the absurdity of the movie, the credibility of anyone who casts doubt on the real-world election systems goes away with it. It's called misdirection folks, and this movie has it bad.

So, we have elections in two days. Am I still excited? Even more so.

Read and Post Comments