Friday, August 27, 2004
Blackbox voting update
The first concerns a vulnerability in Diebold's GEMS central tabulator that accumulates the votes from the polling places.
On Aug. 8, 2004, Harris demonstrated to Howard Dean how easy it is to change votes in GEMS, on CNBC TV.
The resistance of public officials even to look at the problem is breathtaking. Of course, they know that if they look at the problem, they will not be able to deny responsibility later on. This is a MUST READ! But really, all these reports are MUST READS!
The second report is concerned with multiple databases in use in the tabulation software. It's equivalent to keeping more than one set of books. As a former dabbler in databases, I can personally attest that this is an unnecessary vulnerability—in fact, it violates elementary principles of good database design.
The data tables in accounting software automatically link up to each other to prevent illicit back door entries. In GEMS, however, by typing a two-digit code into a hidden location, you can decouple the books, so that the voting system will draw information from a combination of the real votes and a set of fake votes, which you can alter any way you see fit.
That's right, GEMS comes with a secret digital "on-off" switch to link and unlink its multiple vote tables. Someone who tests GEMS, not knowing this, will not see the mismatched sets of books.
Black Box Voting has traced the implementation of the double set of books to Oct. 13, 2000, shortly after embezzler Jeffrey Dean became the senior programmer. Dean was hired as Vice President of Research and Development in September 2000, and his access to the programs is well documented through internal memos from Diebold. The double set of books appeared in GEMS version 1.17.7.
During this time, while Jeffrey Dean was telling the prosecutor (who operated from the ninth floor of the King County Courthouse) that he was unemployed, he was in fact employed, with 24-hour access to the King County GEMS central tabulator -- and he was working on GEMS on the fifth floor of the King County Courthouse.
The third report explores a host of vulnerabilities associated with the GEMS software and Microsoft Access.
The following things can be done when you go in the back door in GEMS using Microsoft Access:
1) You can change vote totals.
2) You can change flags, which act as digital "on-off" switches, to cause the program to function differently.
According to internal Diebold memos, there are 32 combinations of on-off flags. Even the programmers have trouble keeping track of all the changes these flags can produce.
3) You can alter the audit log.
4) You can change passwords, access privileges, and add new users.
And that's not an exhaustive list of the problems.
Finally, Report 4 makes some recommendations and takes a look at how much money various states have invested in Diebold software.
Blackbox Voting is still signing up volunteers as part of an Election Watch Crew. This is a very necessary step in securing the results of this election. Volunteer if you can.
Related post: Lend Bev Harris a hand and make your vote count