UPDATE: The GEMS (Windows-based) system literally has a "Reset The Election" selectable option from a drop-down menu list;
Also, it is possible to destroy a tabulator's ability to recognize ballots by un-selecting three checkboxes on a program control panel, effectively disabling the system. Bev Harris gave a demo in Washington this week, open to the press.
Even FOXNews was there - at least their web folks were.
Um, at least they picked up the story that Capital News Service reported...
http://www.foxnews.com/story/0,2933,133214,00.html
Un-Flagwaving-Believable!
Activists Find More E-Vote Flaws
http://www.wired.com/news/evote/0,2645,65031,00.html?tw=rss.TOP
In the demonstration, a five-line script whipped up by a hacker in Notepad altered the election tallies in Global Election Management System, or GEMS, the (Windows-based) software that runs on a county's server and tallies votes after they come in from Diebold touch-screen and optical-scan machines in polling places. Diebold's reponse?
Diebold spokesman David Bear said by phone that no one would risk manipulating votes in an election because it's against the law and carries a heavy penalty.
Feel better now?
Key excerpts from the article in the Extended Entry section below.
EXCERPTS (
emphasis mine):
Harris demonstrated the vulnerabilities to officials in the California secretary of state's office several weeks ago and will be showing them to federal legislative staff and journalists Wednesday in Washington, D.C.
The vulnerabilities involve the Global Election Management System, or GEMS, software that runs on a county's server and tallies votes after they come in from Diebold touch-screen and optical-scan machines in polling places.
...
The trick was uncovered by Herbert Thompson, director of security technology at Security Innovation and a teacher of computer security at the Florida Institute of Technology.
...
After Harris met Thompson at the Defcon hacker conference this year, she asked him to examine the GEMS program. He found he could write a five-line script in the Notepad text editor that would change the vote summaries in GEMS without changing the raw precinct data. The auditing log in GEMS wouldn't record the change because it only tracks changes that occur within GEMS, not changes that occur on the computer outside of GEMS.
After writing the script, Thompson saved it as a Visual Basic file (.vbs) and double-clicked it to execute it.
The command happens in the background where no one can see it. To verify that the changes occurred, Thompson could write another script to display the vote data in a message box after the change. Once the scripts finished their work, they would go into the Recycle Bin, where Thompson could delete them.
When Harris demonstrated the vulnerability to officials in California, she opened the GEMS program to show that the votes changed as the script commanded them to.
...it's possible to change the voting summaries without using GEMS by writing a script in Visual Basic -- a simple, common programming language for Windows-based machines -- that tricks the system into thinking the votes haven't been changed. GEMS runs on the Windows operating system.
...
Thompson was pretty stunned to find that some of the same vulnerabilities that appear in the Diebold system appear in the fictional voting system he and his co-author created in their recent novel.
"When we wrote the book, we thought the election system it described was a bit far-fetched," Thompson said. "We thought it's impossible that any real voting system would have these problems. Then we saw the GEMS software, and it had four of the vulnerabilities that we wrote about in the book."
...
When asked to comment on this, Diebold sent Wired News an excerpt from a seven-page rebuttal that it distributed to election officials to counter Harris' claims. The excerpt said that the flagging feature is "typically used (for example) to reset any test results that were uploaded as part of any pre-election testing." No further explanation of this feature was forthcoming.
But speaking generally on the vulnerabilities Harris mentions, Diebold spokesman David Bear said by phone that no one would risk manipulating votes in an election because it's against the law and carries a heavy penalty.
How comforting.