Diebold Opti-Scan Voting Machine

An analysis of Diebold's Opti-Scan (paper ballot) voting machine.

Computer expert Harri Hursti gained control over Leon County memory cards, which handle the vote-reporting from the precincts. Dr. Herbert Thompson, a security expert, took control of the Leon County central tabulator by implanting a trojan horse-like script.

Two programmers can become a lone programmer, says Hursti, who has figured out a way to control the entire central tabulator by way of a single memory card swap, and also how to make tampered polling place tapes match tampered central tabulator results. This more complex approach is untested, but based on testing performed May 26, Hursti says he has absolutely no reason to believe it wouldn't work.

Three memory card tests demonstrated successful manipulation of election results, and showed that 1990 and 2002 FEC-required safeguards are being violated in the Diebold version 1.94 opti-scan system.


Posted on June 30, 2005 at 7:57 AM • 19 Comments

Comments

ProbitasJune 30, 2005 8:57 AM

Not to worry, citizens. We can fix that problem by applying more technology to it. All is well.

Move along.

FreemanJune 30, 2005 9:12 AM

Maybe they should use Sandia's Wireless Crypto. After all, it goes to 256-bits AND BEYOND! And that's DOUBLE current standards!

Davi OttenheimerJune 30, 2005 9:32 AM

I thought this bit was interesting:

"Computer expert Harri Hursti gained control over Leon County memory cards, which handle the vote-reporting from the precincts. Dr. Herbert Thompson, a security expert, took control of the Leon County central tabulator by implanting a trojan horse-like script. [...] Congresswoman Corrine Brown (FL-Dem) was shocked to see the impact of a trojan implanted by Dr. Herbert Thompson. She asked if the program could be manipulated in such a way as to flip every fifth vote. 'No problem,' Dr. Thompson replied."

Amazing that the system appears to lack any data verification at all -- an attacker can change executables or data (votes) without triggering any red flags (pun intended).

Josh O.June 30, 2005 9:38 AM

I think that people need to be careful not to polarize the issue of electronic voting into a democrat/republican issue. Am I the only "Right Wing Wack Job" who doesn't trust e-voting and who thinks that the current attempts at improving homeland security are a waste and may decrease our security. I don't think that many politicians on either side really view these issues as seriously as many people here do, not even the democrats. So I think another approach other than party politics may be in order.

zimbel42June 30, 2005 9:46 AM

I'll say it again; voting machines should have at least the same requirements and required security as video gaming machines (slot machines run by a government). If they're messing things up that are this basic, an orgainzation like GLI (Gaming Laboritories, International) would likely fail them in minutes.

David MackintoshJune 30, 2005 10:03 AM

I don't understand the vunerability of optical vote readers. Surely it would be trivial to check the counts of "suspect" machines by dividing the ballots from the suspect machine in two, running those two piles through two different machines, and comparing the sums of the two machines to the total from the first -- especially if the two machines were each 'calibrated' with a shuffled stack of ballots with a known count. This would make tampering far more difficult and require more widescale fraud to significantly alter an election result.

Davi OttenheimerJune 30, 2005 10:25 AM

@Josh O

I'd love to imagine that voting systems are built and managed in some independent and honest vaccum, but this is the land of opportunity.

Besides that, treating voting systems as non-partisan would require overlooking that fact that the technology is deeply mired in very partisan affairs.

Walden O'Dell, the Diebold Inc. CEO, was an avid Bush benefactor and even ran fund-raisers at his mansion asking for $10K donations to benefit the Ohio Republican Party's federal campaign fund. More to the point, these funds supported Blackwell, the Republican Secretary of State who just also happened to be in charge of selecting Diebold as the official voting machine.

So after Diebold successfully lobbied Blackwell, Blackwell tried to use his sole control of $106 million in federal funds to force counties in Ohio to buy the Diebold voting systems against their wishes and without open vaildation of the new systems.

http://www.zwire.com/site/news.cfm?...

"Lake County joined 31 other counties in a lawsuit which resulted in a Franklin County Common Pleas Court judge extending until Sept. 15 a deadline to select a new voting machine vendor that provides a paper audit trail."

Another interesting example is Chuck Hagel's election in Nebraska.

Chuck Hagel's run for the U.S. Senate in Nebraska in 1996 was done on electronic voting machines owned by ES&S. He won both the primaries and the general election in victories considered the biggest upsets of that election. Hagel was the first Republican to win a Nebraska senatorial campaign in 24 years. Moreover, he won virtually every demographic group, including many largely black communities that had never before voted Republican. Then, six years later Hagel ran again against Democrat Charlie Matulka in 2002, and won in a landslide. He was re-elected to his second term with 83% of the vote: the biggest political victory in the history of Nebraska. Again, the votes were counted by ES&S.

All this might just have been boring Nebraska election statistics, but a January 2003 article in the "The Hill" (an independent Washington paper) revealed that Hagel was CEO of ES&S (then AIS) until 1995 and he still a major stockholder of the parent company of ES&S, McCarthy & Company. Hagel resigned as CEO of ES&S to run for the Senate and resigned as president of the parent company McCarthy & Company following his election (where he remains a major investor).

The McCarthy Group is today run by Michael McCarthy, Chuck Hagel's treasurer. Hagel's financials list the McCarthy Group as an asset, with his investment valued at $1-$5 million. Campaign finance reports show that Michael McCarthy also served as treasurer for Hagel until December of 2002.

Hope that helps clarify why there should be a great deal of uncertainty about the validity of these systems, especially with regard to their partisan origins.

Anonymous CowardJune 30, 2005 1:43 PM

Things were so much simpler when all you had to do was follow Mayor Dailey's advice: "Vote Early, Vote Often!"

Brian HurtJune 30, 2005 3:36 PM

The solution here, if you have paper ballots, is simple. After the election, some random statistically signifigant subset of machines are recounted by hand. You have a Democrat, a Republican, and an Independent or Third Party member counting. One holds up a ballot, and all must agree on who the vote is for. You pick the machines after the voting is done (by rolling dice or drawing cards from a hat or something) so that no one knows ahead of time which machines are safe to rig and which machines will be counted. Any fraud widespread enough to signifigantly alter most election results would be found (at which point a system wide recount could be ordered).

The goal here isn't to make the voting machines unriggable- that's impossible. The goal here is to make the voting machines transparent, so that any rigging gets detected.

Rob MayfieldJune 30, 2005 7:39 PM

"After the election, some random statistically signifigant subset of machines are recounted by hand. You have a Democrat, a Republican, and an Independent or Third Party member counting. One holds up a ballot, and all must agree on who the vote is for."

I think this is an excellent idea - but it doesnt go far enough. A better solution would be to get the candidates to count *all* ballot papers using this method. The more time they spend doing it, the less time they spend annoying everyone else ;-) If they finish too quickly, order a recount.

Erik CarlseenJuly 1, 2005 2:22 AM

@Josh - Even some of those of us who are independent enough to annoy left- and right-wingers sick of hearing the conspiracy theory de jour from either side (as for me, if I speak enough of my mind I can make a Democrat or Republican's head explode - like this: If Republicans are elected we'll lose our Political free speech, if Democrats are elected we'll lose the freedom to say anything that offends anybody, unless of course, they're an evil white male - now 99% of the people reading this hate me!).

@Rob - Genius.

People, there's no great conspiracy here. Have any of you met / talked to / hung out around / gotten drunk with many politicians? With a few exceptions, these people are dumber than rocks. They're like the politically-savvy morons you see in corporate life that kiss enough ass to make it up the ladder, and manage to not leave a solid trail when they screw things up. A pretty face on an empty head.

They don't write biils. They get handed bills written by lobbyists, and ask their staff to proof-read them. Their staff doesn't proof read them; they're too busy trying to screw the interns. The only conspiracy is that these vote leeches manage to slime their way through the ranks of their respective parties, and we vote for them because we'd really be screwed if the other guy got elected and we don't want to waste our vote on the loony third-party guy (who might actually have an idea, even if it is a loony one).

Want to get the problem fixed? You need to create a media frenzy (tm). This the way things get done in this country. Get Bill O'Reilly upset about it or something. Hint - don't tell him it's a Karl Rove conspiracy - tell him that Hillary conspired with the Republicans in exchange for them running a loser in 2008 like they did in '92 and '96 - of course, she's getting screwed because the Republicans were planning on doing that anyway. But I digress. You need to frame the argument in a manner that can exist in an intellectually deviod circus, with lots of catchy one-liners. Fan the flames of absurd paranoia. Make people think the machines are so unreliable, the terrorists could win! Yeah, that's the ticket....

(No, I'm not kidding. The answer really is that stupid.)

Clive RobinsonJuly 1, 2005 12:30 PM

Irrispective of the "percieved" facts, and party bias vote rigging is an important issue.

I have yet to meet a politition who would not be interested in a "surefire" way to get elected irrispective of the method used (as long as they could deny they had knowledge). In the UK we have seen very obvious rigged council ellections but guess what nothing has been done about it, so people have actually said "why vote it's all rigged anyway".

Voter confidence is based on seeing that their vote (is) counted. The old metal box with the wax seal and the civil servant sitting there checking the voter forms and lists actuall inspires confidence in the system simply because it's simple and there are just to many people and pieces of paper involved for a plausable fraud to happen.

The only reasons I have been given for electronic voting machines are,

1, More efficient (ie costs less)
2, Produces faster results

I for one am not interested in the cost savings it is afterall very low when judged as a "per head cost".

I am however very concerned about the second point, various people have indicated that Bush got in the first time due to Fox Network incorrectly reporting he was getting a landslide on exit poles, and this critically effected the later votes.

If this is true then point 2 above is very undesirable, as this could easily sway the vote if the results of one area became known before the polls closed in other areas.

In the UK we have recently tried "Postal Voting" this has turned out to be a total and unmitigated disaster. A judge likened the process to that of a "Banana Republic" in a case of vote rigging brought before him.

The aim of introducing postal voting in the UK was to get more pepole to vote, however it has actually reduced confidence in the whole process. I suspect the lack of visable transparency and a change from the old is likley to cause more than a few people to kill the machines off, and this might allready be happening (see Davi Ottenheimer's information about the 32 counties in Ohio above).

I like many others are starting to ask the question "How do we keep politicians honestly representing us". Unfortunatly the answer appears to be we cannot, they make the rules as they see fit and we don't get a choice.

This unfortunatly after some further considered thought gives rise to the question "Do we actually need them".

Perhaps it's time we proved Winston Churchill's maxim wrong. Modern communications may (in theory) allow us to have increased democracy, can we however be trusted with it.

another_bruceJuly 2, 2005 1:47 PM

we have vote-by-mail here in oregon, it works great. none of the posters has addressed the greatest cost of opaque vote counting performed on machines made by an acknowledged partisan running proprietary software: it's the attitude of the citizen -
the election was RIGGED
my national leaders are ILLEGITIMATE
the republic to which i pledged allegiance is GONE
i'm no longer a citizen of a great country comprised of 50 states, i'm a survivalist on the landscape of an oppressive corporate oligarchy. as with care and concern, feeling and fervor, political identity and affiliation are now strictly local. it's every man for himself and the devil take the hindmost.

ModeratorJuly 2, 2005 5:54 PM

Just a reminder to everyone that thousands of other blogs are waiting to receive your political rants.

John SmithJuly 2, 2005 10:46 PM

This is the basic pattern with electronic voting machines--they just don't have any serious thought devoted to securing them. It's embarrassing to see how bad the procedures are, how bad the old VSS was (now very lightly edited and reissued by the EAC, along with the decision that the previously planned major rewrite of the standard isn't necessary), how few people in the area of electronic voting have even seriously thought through how to do meaningful auditing, or how to recover when some problem is detected.

--John

jeanfronAugust 29, 2005 3:02 PM

They don't write biils. They get handed bills written by lobbyists, and ask their staff to proof-read them. Their staff doesn't proof read them; they're too busy trying to screw the interns. The only conspiracy is that these vote leeches manage to slime their way through the ranks of their respective parties, and we vote for them because we'd really be screwed if the other guy got elected and we don't want to waste our vote on the loony third-party guy (who might actually have an idea, even if it is a loony one).

Want to get the problem fixed? You need to create a media frenzy (tm). This the way things get done in this country. Get Bill O'Reilly upset about it or something. Hint - don't tell him it's a Karl Rove conspiracy - tell him that Hillary conspired with the Republicans in exchange for them running a loser in 2008 like they did in '92 and '96 - of course, she's getting screwed because the Republicans were planning on doing that anyway. But I digress. You need to frame the argument in a manner that can exist in an intellectually deviod circus, with lots of catchy one-liners. Fan the flames of absurd paranoia. Make people think the machines are so unreliable, the terrorists could win! Yeah, that's the ticket....

Lisa LundgrenFebruary 8, 2006 3:04 AM

Well, I gotta hand it to you. You busted us.

Sure, we stole the election. We really did. Oh, GWB didn't know about it. Not "really." And not at the time.

But we stole the election every way you can think of and about a dozen ways you can't.

No offense, but let's be real, OK? It feels good to be liberal, but as a whole you're not known to be the brightest bulbs on the tree. Oh, sure, from your coign of vantage there are none brighter, but mediocre minds have a mediocre understanding of genius. So it's not your fault: How could you be expected to exceed your own limitations? And really, it's not just you. How could any Godless, socialist fuckwads rise out of their collectivist sewers to proffer something of true political value?

But here's the good news: Don't listen to all that BS about Democrats needing to get back to your roots; needing to find a unifying message - a call to arms; needing to advance your own agenda with your own proposed solutions.

Nah, that wasn't your problem in '04. After all, Kerry really won; by about a million votes. But "officially," Bush had more popular votes. And God bless those voting machines! No, don't worry about the ideological crap. You spend the next two years making really sure those voting machines work.

Then it'll be a lead pipe cinch.

Yours in Christ,

Lisa Lundgren

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..