Knocking the Vote
Diebold says its voting machines are bulletproof. Hackers say otherwise.
By James Renner
Published: Wednesday, October 19, 2005
Ion Sancho wants to get things right this time. As supervisor of elections for Leon County, Florida, he stood at the epicenter of the election fiasco of 2000. Voter confidence, he realizes, is paramount. That's why he's let a computer hacker have a go at one of his new machines.
The apparatus in question is the Accuvote 2000 Optical Scan, a boxlike computer that reads ballots as they are inserted. The data is collected and stored on a memory card that's later uploaded into a central tabulator. Diebold, the machine's Canton-based manufacturer, claims that the memory cards cannot be altered to influence votes. Sancho figured he'd find out for himself.
In May, he gave Dr. Herbert Thompson access to an Accuvote 2000. As hackers go, Thompson doesn't quite fit the mold of a pasty-faced kid playing Warcraft in Mom's basement: He's the chief strategist at Security Innovation, a Florida tester of online security for IBM, Microsoft, Google, and other large businesses and government agencies. If anyone can uncover a problem, it's this guy.
But not even Thompson could have expected this: He was able to manipulate a memory card using homemade devices. When he inserted it into the Diebold machine, 10,000 votes were awarded to one candidate, and the Accuvote detected no sign of fraud.
In a later test coordinated by Sancho, another security expert was also able to manipulate results, this time with flair: He programmed the Leon County computer's LCD screen to read: "Are We Having Fun Yet?", an homage to the 1983 hacker movie WarGames.
When Sancho reported the problem to Diebold, he was told that technicians already knew about it, though no one had bothered to alert election officials. Since making the results of his hacker tests public, Sancho has received letters from Diebold's attorney, accusing Leon County of violating its licensing agreement.
"Diebold absolutely refuses to acknowledge that these memory cards can be manipulated," says Sancho. "Here in Leon County, our memory cards are under lock and key. But I'm aware of other jurisdictions that do not treat memory cards with that level of security."
A Diebold spokesman says that only election officials have unrestricted access to the machines. But that alone may be too risky for Cuyahoga County, where two officials were indicted in late August for their conduct during last year's election. And thanks to a decree by Secretary of State Kenneth Blackwell, Ohio counties had only one choice when it came to buying new voting machines: Diebold. This does not appear to be coincidence.
--------------------------------------------------------------------------------
For 146 years, Diebold has been a leading supplier of security systems. It built the safes that survived the Great Chicago Fire of 1871. When Hurricane Katrina reduced New Orleans to rubble, Diebold vaults kept the banks' money high and dry. A top maker of ATMs, Diebold reported revenue of $2.38 billion last year. In January, Forbes named it one of the best-managed companies in America.
Its ventures into voting technology, however, have been fraught with melodrama. Electronic voting machines from Diebold began showing up in precincts across the country in 2002, winning favorable response from election boards; the easy-to-use ATM-like devices were a blessing to disabled voters who could not read or punch paper ballots.
But troubles began in 2003, when Diebold chairman Walden O'Dell sent out invitations to a $1,000-a-plate fund-raiser at his Columbus mansion in support of President Bush's reelection campaign. In the letter, O'Dell wrote that he was "committed to helping Ohio deliver its electoral votes to the president next year." It was perhaps not the best choice of words for a man whose company manufactures half the country's voting machines.
Subtlety has not been a recurring theme among Diebold execs. From 2000 through 2004, board member William "Tim" Timken helped raise $800 million for Republican coffers. He was rewarded by Bush with an ambassadorship to Germany this year [see "Lederhosed," August 31].
As Athens County prepared to purchase new voting equipment in 2003, Diebold consultant William Chavanne paid a visit to Elections Chairwoman Susan Gwinn. She later told The Columbus Dispatch that Chavanne offered her $1,000, which she declined.
In January 2004, Diebold representative Pasquale Gallina visited Franklin County Board of Elections Director Matthew Damschroder on the very day the county began accepting bids for new voter-registration software -- a competition between Diebold and its rival, Electronic Systems & Software. "I'm here to give you $10,000. Who should I direct it to?" Gallina asked, according to testimony provided by Damschroder to Franklin County prosecutors. He took Gallina's check and donated it to the Republican Party. (Damschroder was fined a month's pay for accepting a political donation on county property.)
If Diebold has been quick with favors, the state has been happy to reciprocate. Secretary of State Blackwell, a vociferous supporter of Bush, issued a series of mandates early in 2005 that directly benefited Diebold. First, all Ohio counties were ordered to introduce electronic optical-scan voting machines, of which Diebold is one of only four manufacturers. Following closed-door meetings with Diebold execs, Blackwell reversed that decision, allowing counties to choose between optical scans and touch-screen machines. At the time, Diebold was the lone vendor certified by Blackwell to sell touch-screens.
ES&S filed suit, claiming the lack of choice violated federal fair-election law. Thirty-one counties jumped onboard. Blackwell eventually certified the ES&S system, but not before Cuyahoga County had purchased Diebold machines. (Punch-card machines made by ES&S will still be used for the November 8 election.)
--------------------------------------------------------------------------------
Michael Vu, elections chief for Cuyahoga County, dismisses talk of Diebold conspiracies.
"People used to ask, 'How can someone stuff the ballot box?' Now we're asking, 'How can someone hack the machine?'" says Vu. "Basically, we're just changing words around. Number one, we would never give someone free rein to the device. What we will do is put tamper-tape on the memory cards, with a serial number over top of that."
By May 2006, Vu says, all Cuyahoga County precincts will have Diebold touch-screen machines. He anticipates no problems with hackers.
"The possibilities are endless," he says. "Let's talk about the probabilities."
When it comes to Diebold, Bev Harris loves to talk probabilities. As president of Seattle-based BlackBoxVoting.org, a nonprofit, nonpartisan group that monitors elections, she has taken on the mission of showing that Diebold is not only corrupt, but also too incompetent to shoulder the responsibility of managing the nation's voting.
In her own effort to demonstrate the fallibility of Diebold machines, Harris successfully logged onto the Diebold site used to transfer voting software. No password required. She spent three days downloading 40,000 sensitive files. Runnable program code. Internal manuals. Source code.
In August, Wired magazine published intra-office e-mails posted on the BlackBox website. Some of the messages, dating as far back as 2001, showed that members of Diebold's staff were aware that the company's database was unprotected.
Computer technician Jim March, a California Republican and board member at BlackBoxVoting.org, derides Diebold for using poorly written software, which is created with Microsoft Access. This, he says, is practically an invitation for hackers.
"We kicked the tires to see how their system works," says March. "When we kicked the tires, the car caught fire and the seat cushions came off. The e-mails make absolutely clear that Diebold is not only hackable, but that they knew about this internally."
In comparison, voting software used by Diebold's top competitor is produced in-house for redundant security. "Our operating software cannot be bought off a shelf," says ES&S spokeswoman Jill Friedman. "You cannot connect our equipment with consumer equipment." At Diebold, the optical-scan machines have USB ports -- the port of choice for everything from high-speed cable modems to iPODs.
Diebold spokesman Mark Radke dismisses BlackBox's findings as the work of conspiracy theorists. "People have to consider the source," he says.
Election results, he counters, cannot be hacked from outside. "These machines are never hooked up to the internet. You can't hack it over the internet. We have layers and layers of security."
The demonstrations in Leon County, Florida, however, were performed without online hacking.
"The way it's set up, you can't [hack] it on a massive scale," says Ohio Senator Jeff Jacobson (R-Butler Township). "But I do think it is possible for someone with more anarchistic impulses or someone who wants to influence specific precincts."
Jacobson is fighting for an updated paper-ballot system that allows old-fashioned hand recounts when fraud is suspected. The potential for hacking, he says, is not the lone problem posed by electronic voting machines. "Unlike punch cards, these things are going to become obsolete. You'll have to replace these things every 10 years. And there will be no federal money to do so. I've always been concerned about this idea long-term."
Already there have been election problems with Diebold machines. The State of California, in conjunction with BlackBox's March and Harris, filed suit against Diebold for its voting-machine failures in the November 2003 elections. After several machines crashed and printers jammed, California Secretary of State Bruce McPherson blocked all future sales of Diebold touch-screens to California. March and Harris provided hacked evidence showing that Diebold had installed software in its machines that had not been state-certified, which may have contributed to the problems. In September, Diebold refunded California $2.6 million and agreed to replace all touch-screens with optical-scan machines that had met state requirements. March and Harris both got $76,000 for their trouble.
--------------------------------------------------------------------------------
On September 21, Diebold chairman Walden O'Dell had some bad news for investors. The company's third-quarter revenue forecasts would be off to the tune of $50 million. Diebold stock plunged 15.6 percent. O'Dell blamed Hurricane Katrina, saying that the storm had put the kibosh on ATM deliveries. He also fired his chief operating officer and took the reins himself, for good measure. He says that an October 26 conference call with reporters will provide evidence supporting his claim. (Scene's request to speak with O'Dell was declined by a Diebold spokesman.)
But Jim March of BlackBox says that California's September victory wrought more damage to Diebold than Katrina did.
"They failed in a spectacular fashion," he says. "That is what sent their stock tumbling. These guys are liars, from top to bottom."
Link Here
By James Renner
Published: Wednesday, October 19, 2005
Ion Sancho wants to get things right this time. As supervisor of elections for Leon County, Florida, he stood at the epicenter of the election fiasco of 2000. Voter confidence, he realizes, is paramount. That's why he's let a computer hacker have a go at one of his new machines.
The apparatus in question is the Accuvote 2000 Optical Scan, a boxlike computer that reads ballots as they are inserted. The data is collected and stored on a memory card that's later uploaded into a central tabulator. Diebold, the machine's Canton-based manufacturer, claims that the memory cards cannot be altered to influence votes. Sancho figured he'd find out for himself.
In May, he gave Dr. Herbert Thompson access to an Accuvote 2000. As hackers go, Thompson doesn't quite fit the mold of a pasty-faced kid playing Warcraft in Mom's basement: He's the chief strategist at Security Innovation, a Florida tester of online security for IBM, Microsoft, Google, and other large businesses and government agencies. If anyone can uncover a problem, it's this guy.
But not even Thompson could have expected this: He was able to manipulate a memory card using homemade devices. When he inserted it into the Diebold machine, 10,000 votes were awarded to one candidate, and the Accuvote detected no sign of fraud.
In a later test coordinated by Sancho, another security expert was also able to manipulate results, this time with flair: He programmed the Leon County computer's LCD screen to read: "Are We Having Fun Yet?", an homage to the 1983 hacker movie WarGames.
When Sancho reported the problem to Diebold, he was told that technicians already knew about it, though no one had bothered to alert election officials. Since making the results of his hacker tests public, Sancho has received letters from Diebold's attorney, accusing Leon County of violating its licensing agreement.
"Diebold absolutely refuses to acknowledge that these memory cards can be manipulated," says Sancho. "Here in Leon County, our memory cards are under lock and key. But I'm aware of other jurisdictions that do not treat memory cards with that level of security."
A Diebold spokesman says that only election officials have unrestricted access to the machines. But that alone may be too risky for Cuyahoga County, where two officials were indicted in late August for their conduct during last year's election. And thanks to a decree by Secretary of State Kenneth Blackwell, Ohio counties had only one choice when it came to buying new voting machines: Diebold. This does not appear to be coincidence.
--------------------------------------------------------------------------------
For 146 years, Diebold has been a leading supplier of security systems. It built the safes that survived the Great Chicago Fire of 1871. When Hurricane Katrina reduced New Orleans to rubble, Diebold vaults kept the banks' money high and dry. A top maker of ATMs, Diebold reported revenue of $2.38 billion last year. In January, Forbes named it one of the best-managed companies in America.
Its ventures into voting technology, however, have been fraught with melodrama. Electronic voting machines from Diebold began showing up in precincts across the country in 2002, winning favorable response from election boards; the easy-to-use ATM-like devices were a blessing to disabled voters who could not read or punch paper ballots.
But troubles began in 2003, when Diebold chairman Walden O'Dell sent out invitations to a $1,000-a-plate fund-raiser at his Columbus mansion in support of President Bush's reelection campaign. In the letter, O'Dell wrote that he was "committed to helping Ohio deliver its electoral votes to the president next year." It was perhaps not the best choice of words for a man whose company manufactures half the country's voting machines.
Subtlety has not been a recurring theme among Diebold execs. From 2000 through 2004, board member William "Tim" Timken helped raise $800 million for Republican coffers. He was rewarded by Bush with an ambassadorship to Germany this year [see "Lederhosed," August 31].
As Athens County prepared to purchase new voting equipment in 2003, Diebold consultant William Chavanne paid a visit to Elections Chairwoman Susan Gwinn. She later told The Columbus Dispatch that Chavanne offered her $1,000, which she declined.
In January 2004, Diebold representative Pasquale Gallina visited Franklin County Board of Elections Director Matthew Damschroder on the very day the county began accepting bids for new voter-registration software -- a competition between Diebold and its rival, Electronic Systems & Software. "I'm here to give you $10,000. Who should I direct it to?" Gallina asked, according to testimony provided by Damschroder to Franklin County prosecutors. He took Gallina's check and donated it to the Republican Party. (Damschroder was fined a month's pay for accepting a political donation on county property.)
If Diebold has been quick with favors, the state has been happy to reciprocate. Secretary of State Blackwell, a vociferous supporter of Bush, issued a series of mandates early in 2005 that directly benefited Diebold. First, all Ohio counties were ordered to introduce electronic optical-scan voting machines, of which Diebold is one of only four manufacturers. Following closed-door meetings with Diebold execs, Blackwell reversed that decision, allowing counties to choose between optical scans and touch-screen machines. At the time, Diebold was the lone vendor certified by Blackwell to sell touch-screens.
ES&S filed suit, claiming the lack of choice violated federal fair-election law. Thirty-one counties jumped onboard. Blackwell eventually certified the ES&S system, but not before Cuyahoga County had purchased Diebold machines. (Punch-card machines made by ES&S will still be used for the November 8 election.)
--------------------------------------------------------------------------------
Michael Vu, elections chief for Cuyahoga County, dismisses talk of Diebold conspiracies.
"People used to ask, 'How can someone stuff the ballot box?' Now we're asking, 'How can someone hack the machine?'" says Vu. "Basically, we're just changing words around. Number one, we would never give someone free rein to the device. What we will do is put tamper-tape on the memory cards, with a serial number over top of that."
By May 2006, Vu says, all Cuyahoga County precincts will have Diebold touch-screen machines. He anticipates no problems with hackers.
"The possibilities are endless," he says. "Let's talk about the probabilities."
When it comes to Diebold, Bev Harris loves to talk probabilities. As president of Seattle-based BlackBoxVoting.org, a nonprofit, nonpartisan group that monitors elections, she has taken on the mission of showing that Diebold is not only corrupt, but also too incompetent to shoulder the responsibility of managing the nation's voting.
In her own effort to demonstrate the fallibility of Diebold machines, Harris successfully logged onto the Diebold site used to transfer voting software. No password required. She spent three days downloading 40,000 sensitive files. Runnable program code. Internal manuals. Source code.
In August, Wired magazine published intra-office e-mails posted on the BlackBox website. Some of the messages, dating as far back as 2001, showed that members of Diebold's staff were aware that the company's database was unprotected.
Computer technician Jim March, a California Republican and board member at BlackBoxVoting.org, derides Diebold for using poorly written software, which is created with Microsoft Access. This, he says, is practically an invitation for hackers.
"We kicked the tires to see how their system works," says March. "When we kicked the tires, the car caught fire and the seat cushions came off. The e-mails make absolutely clear that Diebold is not only hackable, but that they knew about this internally."
In comparison, voting software used by Diebold's top competitor is produced in-house for redundant security. "Our operating software cannot be bought off a shelf," says ES&S spokeswoman Jill Friedman. "You cannot connect our equipment with consumer equipment." At Diebold, the optical-scan machines have USB ports -- the port of choice for everything from high-speed cable modems to iPODs.
Diebold spokesman Mark Radke dismisses BlackBox's findings as the work of conspiracy theorists. "People have to consider the source," he says.
Election results, he counters, cannot be hacked from outside. "These machines are never hooked up to the internet. You can't hack it over the internet. We have layers and layers of security."
The demonstrations in Leon County, Florida, however, were performed without online hacking.
"The way it's set up, you can't [hack] it on a massive scale," says Ohio Senator Jeff Jacobson (R-Butler Township). "But I do think it is possible for someone with more anarchistic impulses or someone who wants to influence specific precincts."
Jacobson is fighting for an updated paper-ballot system that allows old-fashioned hand recounts when fraud is suspected. The potential for hacking, he says, is not the lone problem posed by electronic voting machines. "Unlike punch cards, these things are going to become obsolete. You'll have to replace these things every 10 years. And there will be no federal money to do so. I've always been concerned about this idea long-term."
Already there have been election problems with Diebold machines. The State of California, in conjunction with BlackBox's March and Harris, filed suit against Diebold for its voting-machine failures in the November 2003 elections. After several machines crashed and printers jammed, California Secretary of State Bruce McPherson blocked all future sales of Diebold touch-screens to California. March and Harris provided hacked evidence showing that Diebold had installed software in its machines that had not been state-certified, which may have contributed to the problems. In September, Diebold refunded California $2.6 million and agreed to replace all touch-screens with optical-scan machines that had met state requirements. March and Harris both got $76,000 for their trouble.
--------------------------------------------------------------------------------
On September 21, Diebold chairman Walden O'Dell had some bad news for investors. The company's third-quarter revenue forecasts would be off to the tune of $50 million. Diebold stock plunged 15.6 percent. O'Dell blamed Hurricane Katrina, saying that the storm had put the kibosh on ATM deliveries. He also fired his chief operating officer and took the reins himself, for good measure. He says that an October 26 conference call with reporters will provide evidence supporting his claim. (Scene's request to speak with O'Dell was declined by a Diebold spokesman.)
But Jim March of BlackBox says that California's September victory wrought more damage to Diebold than Katrina did.
"They failed in a spectacular fashion," he says. "That is what sent their stock tumbling. These guys are liars, from top to bottom."
Link Here
0 Comments:
Post a Comment
<< Home