Daily Kos

Academic primer on e-voting fraud

by Winger

Wed Nov 10, 2004 at 06:52:08 PM PDT

This diary is a look at the potential for e-voting fraud, from an academic's perspective.  I have a PhD in Computer Science, with publications in computer security.  I am not a US citizen.  I am employed at one of the top computer science departments in the US.

Below, I summarize the paper Analysis of an Electronic Voting System by Tadayoshi Kohno (Security and Cryptography Group, UC San Diego), Adam Stubblefield (Computer Security and Applied Cryptography, Johns Hopkins), Avi Rubin (Computer Science professor and Technical Director of the Johns Hopkins Information Security Institute, and Dan Wallach (assistant professor of computer science, Rice University).  I have simply lifted extracts which I believe can be readily understood by the lay(wo)man.

I finish with some links to additional information on e-voting problems, and some comments about Bev Harris.

As a foreigner, it is fascinating to see the empirical trend in the US of fraud used to hold onto power: JFK (Illinois?), Nixon, Reagan (Iran). What makes some people assume Bush/Rove will buck the trend?

Here is the title with extracts of the Abstract.  My emphasis (bold).
Analysis of an Electronic Voting System

July 23, 2003

Abstract

... Recently, ..., the source code purporting to be the software for a voting system from a major manufacturer appeared on the Internet.

... Our analysis shows that this voting system is far below even the most minimal security standards applicable in other contexts.

... common voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal. ... we demonstrate that the insider threat is also quite considerable. We conclude that, as a society, we must carefully consider the risks inherent in electronic voting, as it places our very democracy at risk.

Here's the kicker, part of a summary of results in the Introduction.
we discovered significant and wide-reaching security vulnerabilities in the AccuVote-TS voting terminal. Most notably, voters can easily program their own smartcards to simulate the behavior of valid smartcards used in the election. With such homebrew cards, a voter can cast multiple ballots without leaving any trace. A voter can also perform actions that normally require administrative privileges, including viewing partial results and terminating the election early. Similar undesirable modifications could be made by malevolent poll workers (or even maintenance staff) with access to the voting terminals before the start of an election. Furthermore, the protocols used when the voting terminals communicate with their home base, both to fetch election configuration information and to report final election results, do not use cryptographic techniques to authenticate the remote end of the connection nor do they check the integrity of the data in transit. Given that these voting terminals could communicate over insecure phone lines or even wireless Internet connections, even unsophisticated attackers can perform untraceable "man-in-the-middle" attacks.

Now, if you have even just a little technical background training, this should have set your heart palpitating.

Here is Table 1 of the paper, summarizing the main forms of attack:

Voter (with forged smartcard)Poll Worker (with access to storage media)Poll Worker (with access to network traffic)Internet Provider (with access to network traffic)OS developerVoting Device Developer
Vote multiple times using forged smartcardyesyesyes---
Access administrative functions or close polling stationyesyes--yesyes
Modify system configuration-yes--yesyes
Impersonate legitimate voting machine to tallying authority-yesyesyesyesyes
Modify ballot definition (e.g., party affiliation)-yesyesyesyesyes
Cause votes to be miscounted by tampering with configuration-yesyesyesyesyes
Tamper with audit logs-yes--yesyes
Create, delete, and modify votes on device-yes--yesyes
Link votes to voters-yes--yesyes
Delay the start of an election-yesyesyesyesyes
Tamper with election results-yesyesyesyesyes
Insert backdoors into code----yesyes

Even if you don't quite understand the row/column labels, one thing should be clear: from a computer security perspective, the potential for fraud is incredible.

The final part of the paper I wish to quote is a segment which appeared on another diary earlier today:


4.4 Votes and audit logs

Unlike the other data stored on the voting terminal, both the vote records and the audit logs are encrypted and checksummed before being written to the storage device. Unfortunately, neither the encrypting nor the checksumming is done securely.

All of the data on a storage device is encrypted using a single, hardcoded DES [NBS77] key:

  #define DESKEY ((des_key*)"F2654hD4")

Note that this value is not a hex representation of a key. Instead, the bytes in the string "F2654hD4" are fed directly into the DES key scheduler. If the same binary is used on every voting terminal, an attacker with access to the source code, or even to a single binary image, could learn the key, and thus read and modify voting and auditing records.

What this basically says is: since 1997, there has been a gaping encryption hole left uncorrected, and any idiot can jump in and do whatever they want.

Perhaps now it may be clearer why many of us working in computer security have viewed this as the biggest threat to democracy in this country.

I shall finish with some general information/links on e-voting, followed by some comments on Bev Harris.

THE CASE AGAINST ALL-ELECTRONIC VOTING

Internationally renowned computer scientists as well as election experts
and activists are taking to the Web to point up the dangers of voting
equipment that doesn't produce paper ballots for verifications.

-- Professor David Dill's Web site calls for voting machines that provide a
"voter-verifiable audit trail." It includes an excellent "frequently asked
questions" page: verify.stanford.edu/evote.html

-- The Voting Technology section of the California Voter Foundation, an
excellent compendium of news, links and analysis by foundation President Kim
Alexander: www.calvoter.org/votingtechnology.html

-- "Election Guardians," a site devoted mainly to the suit filed by
Riverside County resident Susan Marie Weber challenging the legality of that
county's all-electronic system: www.electionguardians.org

-- "Black Box Voting," a site run by publicist and author Bev Harris,
including exposes of Sen. Chuck Hagel's previously undisclosed involvement
with the company that made the machines that count all votes in his home state:
www.blackboxvoting.com

-- Excellent recent articles by Salon.com's Farhad Manjoo on touch-screen
voting technology and problems recently revealed by Harris and others: salon.com/tech/feature/2002/11/05/voting_machines/ and salon.com/tech/feature/2003/02/20/voting_machines/

-- "Electronic Voting" site of Rebecca Mercuri, a specialist on election
technologies and a leading critic of all-electronic systems: mainline.brynmawr.edu/rmercuri/evote.html

-- Links to resolutions and documents debated by the Santa Clara County
Board of Supervisors: www.sccgov.org/agenda/view/0,5310,ccid%253D215948,00.html scroll to item 30. Supervisor Peter McHugh's successful amendment
supporting voter-verified paper audit trail is listed as "2/25/03 Supp Info 4."

-- Links to papers on election risks by Peter Neumann, principal scientist
at SRI International's Computer Science Laboratory: www.csl.sri.com/users/neumann/neumann.html#5 !

-- Report of the Caltech-MIT Voting Technology Project (July 2001),
endorsing use of optical-scan equipment: www.vote.caltech.edu/Reports/index.html
Source: Chronicle research

Bev Harris

You may have noticed the "Bev Harris is a shrill conspiracy theorist" branding that's going on. (Let's face it, her website is as amateurish as it gets.) While Greg Palast may be shrill, Bev Harris is an order of magnitude less so, and commands genuine respect with computer security academics and professionals, despite attempts to smear her as "shrill".  For example, the present paper cites Harris on the first page of the introduction:

... source code that appears to correspond to a version of Diebold's voting system appeared recently on the Internet. This appearance, announced by Bev Harris and discussed in her book, Black Box Voting [Har03], gives us a unique opportunity to analyze a widely used, paperless DRE system and evaluate the manufacturer's security claims.

Somewhat shrill, maybe; but she has made some extremely valuable contributions to research by computer security experts on e-voting fraud.

Tags: (all tags) :: Previous Tag Versions

Permalink | 7 comments

  •  Recommended (none / 0)

    and thank you for posting this.

    O 4 O: Oregon for Obama!

    by smugbug on Wed Nov 10, 2004 at 07:07:15 PM PDT

  •  Thank you (none / 0)

    Recommended and I will tip if you put up a jar!

    by Coldblue Steele on Wed Nov 10, 2004 at 07:09:52 PM PDT

  •  Thank you so much! (none / 0)

    I'm bookmarking this diary to show to my mom, an election judge in Maryland. I've been bringing this up for a couple of years now, and I've not been able to get her attention. And she's an accountant!

    What may help is that in addition to insecurity, these machines impose stupidity. She had to walk each voter up to the machine in order to keep an eye on the smart card. She broke her ankle last summer, so after the 4-hour rush, she was not a happy camper.

    I agree on the quality of Bev Harris's work. That's why her "lockdown" comment was so surprising and infuriating. She's always had a breathless quality, but I'd never seen her make shit up. It struck me as the height of stupidity.

    by hamletta on Wed Nov 10, 2004 at 07:34:03 PM PDT

    •  "Lockdown" (none / 0)

      One possible explanation for the "lockdown" incident: on Tuesday(?) Bev was slated for an interview with Olbermann on MSNBC; that day her interview never showed up on air. Perhaps editors or higher-ups decided she was too "shrill".

      This is completely and utterly speculative, so take it with less than a pinch of salt!

      Anybody know the real facts?

      LOSERMAN

      by Winger on Wed Nov 10, 2004 at 07:38:56 PM PDT

      [ Parent ]

      •  No (none / 0)

        She specifically stated that "a friend who is high up in TV" had told her that there was a lockdown on the story, and it wouldn't be covered. This just as Olbermann was posting a preview of Monday night's coverage on his blog.

        The reporters he's talked to this week, Craig Crawford and Jonathan Alter, have both given perfectly plausible explanations for the radio silence so far, primarily that reporters covering the campaign took Kerry's concession as a signal that it was all over, and took a much-needed long weekend. Alter said tonight that they're coming back to the office now, and we'll probably see more coverage in the coming days.

        Harris's comment was irresponsible in the extreme. And disappointing, too, because she does do some good work. I saw her on Topic A a few weeks ago with Howard Dean, and she was sane, presentable, the whole nine yards. She's certainly capable of covering these issues responsibly. Why she resorts to such hyperbole is beyond me.

        by hamletta on Wed Nov 10, 2004 at 09:23:35 PM PDT

        [ Parent ]

    •  Thanks for the "Thanks" (4.00 / 2)

      If you feel like it, recommend the diary by hitting the button over on the right, rather than rating me.

      LOSERMAN

      by Winger on Wed Nov 10, 2004 at 07:40:54 PM PDT

      [ Parent ]

  •  See also (none / 0)

    The material presented here:
    http://www.dakotatechnics.com/downloads/

    The server is a bit slow, so try again if you get an error.

    Healthcare for ALL! NOW! & OneCare at MySpace

    by SarahLee on Fri Nov 12, 2004 at 01:05:21 AM PDT

Permalink | 7 comments