On 1/4/06, Tanner Lovelace <[EMAIL PROTECTED]> wrote: > On 1/4/06, Rick DeNatale <[EMAIL PROTECTED]> wrote:
> > And I'm surprised and concerned that the test last month in Leon > > county FL, shows that the optical scan machines might not be as good a > > solution to verifiable voting as many open voting advocates, including > > me, thought they were. > > What happened here was that the accubasic interpreter was programmed > with 5 positive and 5 negative votes and so when they ran the test to > make sure there were 0 votes before starting the test, it did, indeed, say > that there were zero votes. They then voted on whether the machine > could be hacked or not. 6 people voted no and 2 people voted yes. > When they read back the results, they said: > > No: 1 > Yes: 7 > > Thereby proving the point of those that voted yes.[1] Yes, this could have > been caught with a manual recount, but the chance of that happening is > fairly slim. The problem here was that all the calculation was done using > the accubasic code and by simply switching the flash card, which could easily > be done by a poll worker or a random BOE person beforehand, the election > was changed. It's been a few weeks since I read the BBV report with the details of the hack, so I just re-scanned it. Actually, the exploit DIDN'T involve or require changes to the accubasic interpreter. The full details are available here: http://www.blackboxvoting.org/BBVreport.pdf The architecture of the voting machine puts the interpreter in firmware inside the scanning machine. The exploit didn't touch this firmware, rather it involved changes to a removable memory cartridge which holds two things. 1) The vote counters which tally up the votes for each candidate/proposition etc. These counters are only writeable by the scanner firmware, and are read-only to accu-basic programs, at least according to the AccuBasic manual http://www.bbvdocs.org/diebold/ab-manual.pdf 2) A set of "auditing" utilities specific to the election which are written in Accubasic. These utilities perform functions like printing a report prior to the start of the election, "proving" that EACH vote counter is zero at the start of the election, as well as printing a post election report of each candidates totals at the end of the election. The machines documentation didn't mention that these utilities were stored on the memory card. Hursti was first able to demonstrate that he could hack a memory card using an external programmer with new utilities writtten in accu-basic which simply printed false paper trails. This in and of itself couldn't be used to rig an election, since the votes are tallied from the actual data stored on the card, but it could be used to cover up a coordinated attack using a rigged tallying system. The balancing negative and positive votes were initialized directly, not through accu-basic. But covering up the ballot stuffing required changing the utility to print a zero-total report prior to the election. > If you think something like this couldn't effect a > national election, > think again and read this article entitled "President Nader or How I Learned > to > Stop Worrying and Love DREs" [2]. I remember watching the 2004 results coming in, and periodically looking at Ohio's official incoming precinct counts on the state's web site. I was astounded at one point to see that the Libertarian candidate had an unusually large lead in the presidential race in several counties, only to see his total vote count end up SMALLER than it had been early in the evening. Now I could be misremembering this. And then there are these footnotes from the referenced BBV report: (24) In Volusia County during the 2000 election, minus 16,022 votes appeared for Al Gore, and according to an internal CBS investigation (http://www.bbvdocs.org/misc/CBSreport.pdf), these votes caused the election to be erroneously called for George W. Bush. The documentation contained in the Diebold memos indicates that this was due to a memory card replacement, though no one explains how minus 16,022 votes appeared on a (now missing, according to the memo) memory card for a precinct with only a few hundred voters. (25) Document received in Nov. 2, 2004 Black Box Voting public records request from Volusia County. Diebold representative Mark Earley requests an explanation as to why 57 extra memory cards were needed, allegedly due to an unusually high occurrence of memory card corruption. He points out that Volusia County claims more corrupted memory cards than all the counties in the state of Florida, combined. (26) Poll tape analysis by Black Box Voting, with records obtained from Volusia County showed anomalies on 57 reports. Some of the reports were missing the zero tape, some were missing poll worker signatures, and several showed that multiple copies of the memory card for that precinct had been created. (27) In Brevard County, Florida, an unexplained anomaly caused a 4,000-vote error in the 2000 general election. Report: "CBS News Coverage of Election Night 2000" (http://www.bbvdocs.org/misc/CBSreport.pdf) (28) In Brevard County, officials repeatedly withheld logs and poll tapes from the Nov. 2, 2004 Black Box Voting public records request, and then deemed the records (including the results reports) to be proprietary and unavailable due to security concerns. -- Rick DeNatale Visit the Project Mercury Wiki Site http://www.mercuryspacecraft.com/ -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
