 |
Sat Oct 11 2008 | |||||||||
|
||||||||||
|
Departments Election Issues What’s all the fuss about Diebold in Florida and California? by John Washburn, for VoteTrustUSA January 4, 2006 What in the World is Interpreted Code and What’s Wrong With It Anyway? Earlier this month Leon County, Florida Supervisor of Elections Ion Sancho, invited computer experts to demonstrate the existence of a security flaw in Diebold optical scanners described in a report published on July 4, 2005. The test was repeated in December in order to refute specific denials by Diebold. In statements to two different election officials Diebold claimed it was not possible to alter the outcome of an election in such a way that the perpetrator would not need passwords and the tampering would not be noticed during normal canvassing procedures. Sancho set up the test environment on December 13, 2005 to prove these claims false. The outside experts had no access to the optical scanner and the complete canvassing procedure was followed for 8 test ballots. The result was that while the 8 paper ballots had a vote tally of 2 Yes and 6 No, all of the official reports - from the optical scanner on through to the publication of county results - showed an outcome of 7 Yes and 1 No. Because of this design defect, which exists on all Diebold touchscreen machines (DRE) and optical scanners, the Secretary of State of California has demanded that the Diebold software be re-examined by the Independent Testing Authority (ITA), who originally certified that the systems were in compliance with the 2002 Federal Voluntary Voting System Guidelines. This breach of security exploits an inherently insecure feature of the Diebold optical scanners and touch screens known as interpreted code. Below is a simplified diagram of a voting machine (or view in separate window). Diebold equipment has several hardware components (printer, touch screen, smart card reader, buttons, etc). These are represented by light blue boxes. There is also memory, which is represented with dark blue boxes. Some of the memory is read-only (ROM) and contains firmware. Part of the programming in ROM (firmware) is an interpreter for the Diebold-specific language AccuBasic. Also in the firmware is all the programming needed to interact with the hardware. (For simplicity, interactions with the touch screen elements of the DRE are not shown.) At the beginning of Election Day, the voting machine (DRE or optical scanner) must print a Zero Total Report, which is signed by poll workers before the first vote is cast. The report is the official record that the “electronic ballot box” has not been stuffed before the election. Unfortunately, the programming in the ROM does not know how to print the Zero Total Report. This is by design. The firmware of the voting machine is “burned” into the ROM at the factory and is mass produced. If the ROM did contain the details of how to print a Zero Total Report, there would need to be at least 51 versions of firmware (one version of ROM for each state and DC). This is where the memory card and its interpreted code come in. Among other things, the memory card contains 3 elements: the ballot definition (names of candidates, ballot position, etc.), the vote tallies (e.g. number of votes for John Doe for Senate) and a file of compiled AccuBasic tokens. This last item is the interpreted code, which is the fundamental problem of the design. The firmware does not know the details of how to print the Zero Total Report. But it does know that the code to do this is on the memory card in a file with an extension of ABO. The firmware also knows the code in the ABO file is stored under the name ELECTION_ZERO_REPORT. Let’s follow along as the Zero Total Report is printed. The poll workers push buttons on the front panel of the optical scanner or insert a supervisor’s smart card into the DRE. This tells the voting machine to print the Zero Total Report (shown on the diagram as arrow number 1). The firmware in turn yields control to the code contained under the name ELECTION_ZERO_REPORT in the ABO file of the memory card (represented in the diagram as arrow number 2) The AccuBasic tokens are not human readable nor machine executable, but are halfway between. What exactly are these tokens? Tokens are to programs what shorthand is to written prose. The command PRINT is represented as a single token, which uses 1 byte of memory instead of the 5 bytes which the 5 letters of PRINT would occupy. So if the voting machine’s central processing unit (CPU) cannot execute a token how does the PRINT token get anything to the printer? The answer is through the interpreter. The interpreter translates the shorthand of the token into all the messy details needed by the CPU and the printer in order to print the phrase: “John Doe: 0” on the Zero Total Report (represented in the diagram by the 3 arrows all labeled 4). There are 3 such arrows because the stream of AccuBasic tokens contained in ELECTION_ZERO_REPORT interacts with both the ballot definition and the vote tallies. Unfortunately, the interaction with the vote tallies is unrestricted and the AccuBasic tokens contained in ELECTION_ZERO_REPORT can print anything on the paper tape report to be signed by the pollworkers. Finally, the formatted names and numbers are printed for the poll workers to sign (represented in the diagram as arrow number 5). The security test performed in Leon County demonstrated that the stream of AccuBasic tokens contained in ELECTION_ZERO_REPORT can misreport the vote tallies on the memory card. By using a $300 card reader (or any PC for the PCMCIA cards), the vote tallies can be pre-loaded so the votes in the Yes column equal +5 and the votes in the No column to equal -5. The Zero Total Report then lies by printing the memory contents are zero. The voting process began with a database containing: Yes No +5 -5 As the 8 ballots in Leon County were scanned (or entered on the touch screen), the normal operation of the machine increments the vote tallies in the 2 database entries: Yes and No. This normal operation added 6 votes to the -5 initially stored as the tally for the No column for a final result of 1 No and added 2 to the +5 initially stored as the tally for the Yes column for a final result of 7 Yes. As the voting process continues, the database contains: Yes No 6 4 And ends finally with: Yes No 7 1 Since there were 8 ballots cast, by 8 voters, a result of 7 to 1 in favor of the proposition would not call attention to the alteration – nothing appears amiss even though the voters actually cast ballots totaling 2 YES and 6 NO. Further, the initial alteration of the memory has been obliterated by the normal operation of the voting machinery because the database tabulates the votes incrementally rather than showing a single record for each vote. In short, the -5 starting point becomes -4 not individual records of -5 and +1. This is similar to an odometer wheel as opposed to summarizing several, separate bookkeeping entries. The contents of the data file are then uploaded to a central tabulator (not shown). Reports from the central tabulator (e.g. the county summary or precinct details) will show a reasonable result of 7 for and 1 against, because that process prints the contents of the database, which has already been altered at the DRE or Optical Scan polling station. It is because of these kinds of issues that interpreted code is expressly prohibited by the 1990 and 2002 Voluntary Voting System Guidelines. It is simply too difficult to secure the code if it is interpreted at the time of execution. Since the code is interpreted at execution time and not before, code inspection and customary Logic and Accuracy testing would not detect manipulations such as the one above. Even if the card, which was tested on Monday, was legitimate, the ability to swap the card out for a corrupted card by Tuesday morning means any prior testing was a wasted effort. In that instance, the code tested before Election Day is not the code which runs on Election Day. In a similar way, interpreted code makes it difficult to determine on Wednesday what code actually was executed on Tuesday; even if the altered memory card is available. A detailed examination of the stream of AccuBasic tokens would be needed and even then you could not be certain exactly what was executed previously. Where do we go from here? First, all voting machinery using such prohibited interpreted code must be recalled. Then it must be determined if Diebold is the only vendor with this design defect. Since the NASED/EAC system of independent test authority labs failed to note this defect in the Diebold equipment, it is likely a similar defect would go "unreported" if present in machinery from other vendors. And finally, the testing and certification process that allowed this unacceptable violation of security standards to be overlooked must be dramatically improved to protect the integrity of our election process.  Email this article to a friend |
Don't forget to check out articles from 2007 and 2008
"Renowned computer security expert agrees to meet California county supervisor's '1000 to 1' challenge to 'manipulate' Sequoia voting machine!"
December 13, 2006
Brad Friedman
"100 phantom votes found in one precinct; DelCo board of elections hinders investigation"
December 12, 2006
Stephanie Frank Singer
"Think globally, protect the vote locally"
December 1, 2006
Paul Rogat Loeb
"Will they or won't they: last chance for Democrats"
November 17, 2006
David Swanson
"The vote protectors"
November 16, 2006
Robert C. Koehler
"Ohio's 2006 vote count now includes a higher percentage of uncounted ballots than in 2004, and a statistically impossible swing to the Republicans"
November 14, 2006
Bob Fitrakis, Harvey Wasserman and Ron Baiman
"The drama of empty numbers"
November 9, 2006
Robert C. Koehler
"A monumental victory for the election protection movement"
November 8, 2006
Bob Fitrakis & Harvey Wasserman
"Pick a number 2006"
November 7, 2006
Mike Ferner
"How they stole the mid-term election"
November 7, 2006
Greg Palast, The Guardian ( UK ), Comment
"STOP Blackwell, what's that sign: Everyone look what's going down"
November 7, 2006
Bob Fitrakis & Harvey Wasserman
"Parallel election midday report"
November 7, 2006
Rady Ananda
"Tuesday's outcome may depend on the power of the election protection movement"
November 5, 2006
Bob Fitrakis and Harvey Wasserman
"The power of a social movement can beat the GOP double Chickenhawks"
November 2, 2006
Bob Fitrakis and Harvey Wasserman
"Check out We Count for a great TownHall confrontation between Vicki Lovegren of Ohio Vigilance and Michael Vu, Supervisor of Cuyahoga County BOE"
November 1, 2006
Victoria Lovegren, Ph.D.
"Official states electronic voting system added votes never cast in 2004 Presidential election; audit log missing"
November 1, 2006
Peter Peckarsky, Ron Baiman, and Robert Fitrakis
"Repairing the U.S. system of voting: 50 concrete steps"
November 1, 2006
Harvey Wasserman, Bob Fitrakis and Steve Rosenfeld
"Will a shocking new GOP court victory and Karl Rove's attack on Ohio 2006 doom the Democrats nationwide?"
October 30, 2006
Bob Fitrakis & Harvey Wasserman
"Renoite sue Sequoia Voting Systems"
October 28, 2006
Patricia Axelrod
"Severe election problems seen in ten states"
October 27, 2006
Jason Leopold
"Direct material proof of massive election fraud in Ohio in the 2004 U.S. presidential election"
October 26, 2006
Ron Baiman
"A talk with Mark Crispin Miller about what voters can do to prevent another stolen election"
October 26, 2006
The Ostroy Report
"Will Ken Blackwell find the ways to steal Ohio 2006 as he did in 2004?"
October 25, 2006
Bob Fitrakis and Harvey Wasserman
"Important voter activism"
October 22, 2006
Victoria Lovegren, Ph.D.
"A loaves & fishes/Holy Ghost victory for the GOP in November?"
October 17, 2006
Bob Fitrakis & Harvey Wasserman
"Why is the man who stole Ohio campaigning with a white supremacist?"
October 9, 2006
Bob Fitrakis and Harvey Wasserman
"This cannot be"
September 28, 2006
Robert C. Koehler
"Court victory lets preserved Ohio 2004 ballots tell new tales of theft and fraud as indictments and convictions mount"
September 25, 2006
Bob Fitrakis & Harvey Wasserman
"Unfit for use in ANY democracy"
September 20, 2006
Rady Ananda
"An open letter to Gov. Robert Taft and Sec. of State J. Kenneth Blackwell"
September 8, 2006
Harvey Wasserman, et. al.
"Coshocton County complaint"
September 3, 2006
Tim Kettler
"Saving the ballot evidence from Ohio 2004"
September 2, 2006
Bob Fitrakis and Harvey Wasserman
"San Diego suit’s second hearing: Judge to rule next Tuesday on constitutional and jurisdictional questions"
August 25, 2006
Rady Ananda
"New Zogby Poll: It’s Nearly Unanimous"
August 24, 2006
Michael Collins, “Scoop” Independent Media
"How the last presidential election awoke me from an unsound sleep"
July 22, 2006
Jeanne Norris Weinberg
"PFAW's Neas praises advance of Voting Rights Act, Calls on Bush Administration to start enforcing the law"
July 22, 2006
People For the American Way
"Why Democrats don't count: lessons from the un-Gore of Mexico"
July 16, 2006
Greg Palast
"Resolution of no confidence in current U.S. elections"
July 16, 2006
J30 Coalition
"An open letter from Ohio to the people of Mexico"
July 13, 2006
Bob Fitrakis and Harvey Wasserman
"The stolen election of 2004"
July 11, 2006
Michael Parenti
"The Democrats must now say "We Do Not Concede" in the U.S. as it's being said in Mexico"
July 9, 2006
Bob Fitrakis and Harvey Wasserman
"Project Vote, voting rights organizations, file to overturn restrictive voter registration rules "
July 7, 2006
Brian Mellor
"BBV: Unredacted Hursti Diebold reports, photos released"
July 4, 2006
Bev Harris
"Ignore that man behind the screen, Dorothy"
July 1, 2006
Greg Palast
"Bob Fitrakis for Governor -- he is now on the ballot"
July 1, 2006
Fitrakis campaign
"Alameda County supervisors embrace election fraud"
July 1, 2006
Allen C. Michaan
"San Diego’s run-off election aggregate results are plausible"
June 18, 2006
Ron Baiman
"A vote of no confidence: democracy left to languish in living rooms, garages"
June 15, 2006
Robert C. Koehler
"Kennedy's challenge: Salon, Mother Jones & the tortured dialogue"
June 15, 2006
Michael Collins and
"Warren County revisited"
June 12, 2006
Richard Hayes Phillips, Ph.D.
"Something smells fishy in San Diego!"
June 11, 2006
Ron Baiman
"Response to Salon Magazine"
June 6, 2006
Ron Baiman
"Analysis of Connally spreadsheet and other documents"
June 5, 2006
Ron Baiman
"RFK and Rolling Stone nail Ohio's stolen 2004 election, but much more must be done"
June 3, 2006
Bob Fitrakis and Harvey Wasserman
"Pick a card, any card"
May 27, 2006
Richard Hayes Phillips, Ph.D.
"Will the major media finally cover the electronic election fraud issue?"
May 15, 2006
Bob Fitrakis and Harvey Wasserman
"The money pit: Diebold vs. America "
May 15, 2006
Denis Wright
"Worst security flaw ever - 3 states invoke Diebold emergency procedures"
May 15, 2006
Black Box Voting
"Cranks and Kooks: Kerry won in '04"
May 11, 2006
Greg Palast
"Ohio 2004 election thief grabs Gov nod while (surprise! surprise!) voting machines malfunction"
May 5, 2006
Bob Fitrakis and Harvey Wasserman
"Hand counted paper ballots in 2008"
April 14, 2006
Sheila Parks
"Busheviks connected to New Hampshire phone-jamming scheme"
April 14, 2006
The Ostroy Report
"Are mainstream churches finally standing up to the GOP’s hateful “Christian” blitzkrieg?"
April 9, 2006
Bob Fitrakis and Harvey Wasserman
"Thousands march in New Orleans for right for Katrina survivors to vote in the city’s April 22 election"
April 7, 2006
Rainbow/PUSH Coalition
"Shocking Diebold conflict of interest revelations from Secretary of State further taint Ohio's electoral credibility"
April 6, 2006
Bob Fitrakis and Harvey Wasserman
"Faith-based voting"
March 30, 2006
Robert C. Koehler, Tribune Media Services
"Targeting the voters in Toledo"
March 30, 2006
Richard Hayes Phillips, Ph.D.
"Targeting the voters in Cincinnati"
March 30, 2006
Richard Hayes Phillips, Ph.D.
"Through a glass Darkely"
March 30, 2006
Richard Hayes Phillips, Ph.D.
"Is the Mainstream Media finally getting half the rigged voting machine story?"
March 29, 2006
Bob Fitrakis and Harvey Wasserman
"Please help Clint Curtis"
March 23, 2006
Robert Lockwood Mills
"Utah testing of the Diebold touch-screen reveals new problems"
March 19, 2006
Black Box Voting
"Trust us"
March 17, 2006
Robert C. Koehler, Tribune Media Services
"Harman vs. Winograd, tough choice?"
March 17, 2006
David Swanson
"Why did J. Kenneth Blackwell seek, then hide, his association with super-rich extremists and e-voting magnates?"
March 10, 2006
Bob Fitrakis and Harvey Wasserman
"Did 308,000 cancelled Ohio voter registrations put Bush back in the White House?"
February 28, 2006
Bob Fitrakis and Harvey Wasserman
"Statisticians recommend new measures to ensure vote count accuracy, release "Ohio’s 2004 exit poll analysis for novices”"
February 17, 2006
Kathy Dopp
"As Alito takes Supreme Court seat, Ohio GOP guts election protection "
February 1, 2006
Bob Fitrakis and Harvey Wasserman
"The Harri Hursti hack and its importance to our nation"
January 29, 2006
Susan Pynchon, Florida Fair Elections Coalition
"Programmer Jeff Dean worked for chief of White House Plumbers unit"
January 26, 2006
Bev Harris, Kathleen Wynne, and John Howard
"Free Press Editor in Film at Sundance"
January 23, 2006
Free Press Staff
"PA activists sue to vote on machines"
January 20, 2006
Rady Ananda
"Important documents"
January 20, 2006
Free Press staff
"The gun is smoking - The gun is smoking - 2004 Ohio precinct-level exit poll data show virtually irrefutable evidence of vote miscount"
January 18, 2006
Kathy Dopp and Ron Baiman
"Recipe for hacking ES&S and Sequoia, Hursti-style"
January 4, 2006
Black Box Voting
"What’s all the fuss about Diebold in Florida and California?"
January 4, 2006
John Washburn, for VoteTrustUSA
"New info may take out Diebold touchscreens"
January 1, 2006
Black Box Voting
Read Articles by Year:
2007 2006 2005 2004
2003 2002 2001 2000
All content © 1970-2008
The Columbus Free Press
Disclaimer