Earthweb
Images Research Events Premium Services Media Kit Network Map E-mail Offers Vendor Solutions Webcasts
 SUBJECTS:
 FEATURES:
Search EarthWeb Network

Whitepapers from the Xenos Electronic Content Management Center
CASE STUDY
Xenos infoWEB Enables New York's Tioga County to Automate Paper-based Processes and Cut Operating Costs.

WHITEPAPER
The New Strategic Imperative of Electronic Informa-tion Distribution
Improve the distribution and repurposing of reports and other crucial documents.

WHITEPAPER
Turbo-charge Your ECM Systems to Meet High-volume Content Distribution Requirements

WHITEPAPER
Get Off the EDI VAN Without Re-engineering Your Business
Deliver substantial benefits without significant software upgrades or investment.

CASE STUDY
Fireman's Fund Insurance—Real-time Access to Insurance Documents for Agents

internet.commerce
Be a Commerce Partner
Web Hosting Services
Promotional Products
Online Universities
Promotional
Promotional Pen Items
Cheap Plasma TVs
Laptop Computers
Memory
Web Hosting
Accept Credit Cards
Conference Services
Car Donations
Corporate Gifts
Home Networking

AMD How-to Article:
Driving Windows x64: A Checkup, with Tips and Workarounds

AMD Article:
Supersizing Java
IT Management : Columns : Executive Tech: Fixing Elections for Fun and Profit

Symantec Data Management Solutions
Whitepaper: The Benefit of Continuous Data Protection
Data volume continues to grow at nearly 40% to 50% each year, making back up of mission critical data very difficult. For any organization looking to manage data growth, improve reliability, and speed data recovery, continuous data protection provides the avenue to address the challenges in a method that will improve overall data protection without weighing down IT with costly solutions.
Register Now to Download.
Whitepaper: Breaking Through the Dissimilar Hardware Restore Challenge
This paper discusses recovery to virtual computer environments, hardware migration strategies, hardware repurposing for optimal resource utilization, meeting recovery time objectives, and increasing disaster tolerance.
Register Now to Download.
Whitepaper: Converging System and Data Protection
From resilience against threats to efficient restoration of normal operations, Symantec can help keep your business up, running, and growing—no matter what happens.
Register Now to Download.
Webcast: Symantec Brings Disk-based Data Protection and Advanced System Recovery Together
Symantec Backup Exec™ and Symantec LiveState Recovery™ allow rapid and easy backup and recovery of virtually any Windows data and Windows system.
Join us for an informative Webcast to learn how to:
  • Create backups and restore to specific system recovery points
  • Maintain data availability and minimize server downtime
  • Eliminate backup windows, improving increased system reliability
  • Dramatically minimize downtime by rapidly recovering entire systems to dissimilar hardware platforms or even to virtual environments
Register Now to Watch.

Related Articles
Computer Experts Allege U.S. Vote Fraud
Vote and Get A Free CoffeeCup
- ITSMWatch Newsletter -
email:
IT Focus
Wireless in the Enterprise

Wireless technology continues to make great inroads into networks. But IT pros still must contend with a number of issues such as security, access and integration.

Ready? Set. Go!

Mobile Workers Never Looked So Thin

The Incredible Hidden Wireless Connection

Product Watch
Tools for SQL Server - Multiple Tools For SQL Server Management
Anti-Executable - Blocks Unknown Applications From Launching
Reload - Backup Platform for GroupWise Features Single Message Restore
KnowledgeTree - Document Management Platform with Workflow and Metadata Searching
Interop Secure Shell - SSH and SFTP Server/Clients for Windows w/SFU, SUA

more products >>

Datamation Definitions
data mining
ERP
extranet
grid computing
intranet
network appliance
outsourcing
storage
VPN
virus
FREE Tech Newsletters

Microsoft Training Resources: System Integrity. Learn about technologies that make computers innately more resilient to attacks.

Fixing Elections for Fun and Profit
December 20, 2005
By Brian Livingston

Brian Livingston Two counties in Florida have terminated their use of Diebold computerized voting equipment after computer experts showed that vote totals could be changed by a single individual in a way that would be undetectable later.

The county commission of Leon County, which includes Tallahassee, voted on Dec. 13 to scrap its Diebold equipment and switch to a different manufacturer, at an estimated cost of $1.3 million. Three days later, the county council of Volusia County (Daytona Beach) approved a similar change. The switch will cost that jurisdiction at least $2.5 million, county officials said.

These actions, and the events that led up to them, can teach us a great deal about our dependence on computer procedures that are developed by flawed human beings.

It's not just elections, of course, that are affected by programming errors and poorly understood code. Imagine your company purchasing a large development project from an outside firm. If that firm overcharges you, and you dispute the bill, can your mission-critical software be disabled at the push of a button by its developers until you pay up? It's a good idea to ask these questions before you invest your money in computerized solutions.

Testing the Vote-Counting Equipment

The revelations in the Florida counties were engineered by Herbert Thompson, a computer science professor at the Florida Institute of Technology, and Harri Hursti, a programmer who lives in Finland. They examined optical-scan ballot counting equipment purchased by Leon County from Diebold Inc., a major maker of ATM and election equipment. The technicians were introduced to county supervisor of elections Ion Sancho by BlackBoxVoting.org (BBV), a nonprofit organization that critiques computerized voting.

Under Sancho's watchful eye, the computer experts ran the following demonstration, according to a BBV report.

Initializing the counter. A Diebold-specified memory card, a device about the size of a credit card, was inserted into the optical-scan counting machine to initialize it. As is the case before every election, a "zero report" was run, showing that zero votes were recorded in each race.

Inserting the ballots. Sancho and others marked optical-scan ballots by filling in circles on the printed cards. These forms were then inserted into the counter, as voters normally do after marking their ballots. The totals, counted by witnesses before the insertion, were Yes 2, No 6.

Tabulating the vote. The totals tallied by the vote counter, however, were Yes 7, No 1. In addition, the totals accepted from the counter by the central tabulator, also made by Diebold, showed Yes 7, No 1. No alerts had been sounded by either machine.

How was the count changed? Hursti had added data to the memory card prior to its insertion. This subtracted votes from one position and added them to the other. The same change could be made by almost any dishonest election official, Hursti explained, without the need for any password or much specialized knowledge. Yet the tampering "will not be detected in any normal canvassing procedure," he said. A recount using the same memory card would deliver the same results.

How the Winning Candidate "Rolls Over" the Loser

In a PDF report released in July 2005, Hursti said the Diebold memory cards can hold "an executable program which acts on the vote data." In a well-designed election system, by contrast, the vote counting mechanism should contain only "the ballot design and the race definitions." In other words, initializing a counting machine should install only a list of the candidates and ballot measures to be tallied in each race.

In his report, Hursti indicates that the vote-changing trick can be accomplished using plain old integer math. The Diebold election machines are designed to count each position's votes up to 65,535, which is 1 less than a power of 2. When 1 more vote is counted, the tally "rolls over" to 0. The following vote brings the total to 1, and so forth.

The Diebold equipment, Hursti explains, can be secretly initialized so that Candidate A starts with 65,511 votes -- which is the same as minus 25 -- while Candidate B starts with +25. The "zero report" would blithely show 0 votes for each candidate. After more than 25 votes have been cast for Candidate A, there would be no indication that any tampering had occurred.

Let's say the exact same number of voters happen to cast ballots for each candidate. Congratulations, Candidate B -- you appear to have won by 50 votes. Multiply this by thousands of precincts in a state, all using identical memory cards, and you're talkin' real results.

Accomplishing the Trick in Actual Elections

Diebold, based in North Canton, Ohio, will not comment specifically on the rejection of its equipment by Leon County. But the manufacturer has sent a letter to county officials saying their testing was "a very foolish and irresponsible act" and may have violated the company's licensing agreements, according to a Dec. 15 Associated Press report.

In a development that may or may not be election-related, long-time Diebold chairman and CEO Walden O'Dell resigned for "personal reasons," effective immediately, according to a company press release dated Dec. 12. In September, Diebold was forced to pay California a fine of $2.6 million for installing uncertified software into the state's voting machines. The company's stock plunged more than 15 percent.

Unfortunately for voters, the trick demonstrated on Diebold's equipment by Hursti may very well have already been used in real elections:

Partisan access. Several election officials have access to memory cards prior to elections. These officials tend not to be neutral. They're usually high-level partisans in the Democratic or Republican Party. For example, Diebold memory cards became an issue in Ohio after the 2004 Presidential election. Secretary of State Kenneth Blackwell ordered the cards and other election records sealed from public inspection until after the state's electors were sworn in, according to a Dayton Daily News article.

Mysterious miscounts. In one incident that was widely reported in Florida after the 2000 Presidential election, a Volusia County precinct showed a final count of negative 16,000 votes for the Democratic candidate, Al Gore. The error was resolved by making a hand count of the ballots. But Leon County's Sancho now believes the "mistake" is evidence of a real fraud attempt that failed only due to sloppiness. "Someone with access to the vote center in Volusia County put it on a memory card and uploaded it into the main system," the election supervisor told Orlando's WESH-TV News in an interview.

Impossible recounts. The recount in Volusia County was possible because the actual voting records had been preserved. But that isn't possible in a growing number of U.S. counties. In Florida, about half the state's voters now use touch-screen equipment with no paper ballot and no record of the votes other than a memory card, according to a Dec. 17 Miami Herald article. In addition, the Florida Legislature passed election laws in 2001 eliminating recount requirements for touch-screens and not requiring a paper audit trail, according to Law.com.

How Not to Write Code

Trustworthy vote counting is not a Republican or a Democratic issue. It's essential to any free country. The sloppy code and ludicrous back doors found in some computerized election equipment should be a wake-up call for all Americans -- and an object lesson to businesses everywhere in how not to outsource programming.

I wrote on April 5, 2005, that computer scientists had determined that the reported 2004 election totals in some states, including Ohio, were simply impossible to reconcile with scientifically valid exit polls taken the same day. That article became the top story at Daily Kos, America's most widely read political blog, and others.

Unfortunately, we're going to see a lot more stories like this about election fraud, and it won't be good news. It's bad for democracy and it brings shame on computer professionals who should be exposing these shoddy systems, not programming them.

With everything I've learned in my life about computers, I don't want any votes disappearing into a shiny metal box or an ephemeral memory card. The only way an election can be fair is when tangible, paper ballots are marked by hand by actual voters (with alternate provisions for disabled voters). You can tabulate the votes using any machine you want, as long as the paper ballots can be recounted as the final word.

An Executive Tech update

A spokesman for the Ohio Secretary of State e-mailed me comments on the above article on Dec. 21. His remarks and my response are in my Jan. 3, 2006, column.

Executive Tech Takes Off

The Executive Tech column will enjoy a holiday break later this month, as will its readers, hopefully. The next installment will appear on Jan. 3, 2006.

Brian Livingston is the editor of WindowsSecrets.com and the coauthor of "Windows Me Secrets" and nine other books. Send story ideas to him via his contact page. To subscribe free and receive Executive Tech via e-mail, visit our signup page.


Executive Tech Archives


JupiterWeb networks:

Graphics.com

Search JupiterWeb:

Jupitermedia Corporation has three divisions:
JupiterResearch


Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Jupitermedia Corporate Info | Newsletters | Tech Jobs | E-mail Offers