 |
Tue Feb 09 2010 | |||||||||
|
||||||||||
|
Departments Election Issues The Harri Hursti hack and its importance to our nation by Susan Pynchon, Florida Fair Elections Coalition January 29, 2006 I was one of ten people present at the "hack" of the Leon County, Florida voting system, which took place on Tuesday, December 13, 2005 around 4:30 in the afternoon at the county elections warehouse. Leon County's voting system is the Diebold Accu-Vote OS 1.94w (optical scan). ?The Leon County Supervisor of Elections, Ion Sancho, authorized a "test" of his Diebold voting system to see if election results could be altered using only a memory card. Harri Hursti (photo at right), a computer programmer from Finland, who has been working with Black Box Voting, facilitated the test and it has come to be known as the "Harri Hursti Hack." Following is a description of that hack and its significance for our nation, which I hope will correct much of the misinformation circulating regarding this event. The Hack To select which voting machine to use for the test, Ion drew a serial number of one voting machine from a container holding all the serial numbers of all the Leon County machines. Since the test took place at the elections warehouse, all the voting machines were already stored there and the one machine, whose serial number was selected, was located and brought into the warehouse office, where it was plugged into an electrical outlet (so it could operate!). It was not networked to any other machines. We checked the serial number of the machine against the serial number that Ion had randomly selected. Earlier, Ion had given ONE Diebold memory card to Hursti. Bev Harris and Kathleen Wynne of Black Box Voting were also present at the test. Harri had programmed the memory card that morning, in his hotel room, using an off-the-shelf crop scanner. I drove Harri in my car from the hotel to the warehouse. When we arrived, Harri was asked to stay outside the warehouse office where the central tabulator is located, so that there would be no question about whether he had had any access to the central tabulator. When the randomly-selected voting machine was brought into the warehouse office, all of us went into the warehouse office except Harri, whom we could see sitting in a chair on the other side of a plate glass window separating the office from the rest of the warehouse. Ion ran a complete mock election. He had had actual paper ballots pre-printed with the following question: "Can the votes on this Diebold system be hacked using the memory card?" There were two possible answers: "Yes" or "No," with an oval to the left of each answer to be filled in by the voter. Everything was conducted as in a normal election. Ion first printed a "zero tape" (a poll tape from the machine that is supposed to show that nothing has been altered before the election begins). This was the first step in the hack --the zero tape showed zero votes for both the "Yes" answer and the "No" answer, even though Harri had altered the memory card and votes had been subtracted from one answer and added to the other answer. Harri used the interpreted (executable) code to cover up the fact that he had changed the vote counters. Then eight of us voted, filling in the oval on our paper ballot. Six of us voted "No," the election could not be hacked. Two of us voted "Yes," it could be hacked. Then, one by one, we inserted our ballots into the voting machine. Ion checked after each voter to make sure that the counter on the machine was counting properly as each ballot was inserted. So, we ended up with an accurate count of 8 ballots cast on the screen on the front of the voting machine. Then Ion placed an "ender card" in the machine to end the election and printed the poll tape. Instead of two "Yes" votes, the poll tape showed seven "Yes" votes. Instead of six "No" votes, the poll tape showed one "No" vote. Harri did not just flip the votes, as he wanted to show how easy it was to change the totals completely. At that point, Ion Sancho's technician, TJ, said, "Well, that doesn't prove anything because the printer template can be changed." (And that is true. The poll tape can be made to read anything at all, which was proved in an earlier test on a Leon County op-scan in May of 2005, when the poll-tape was made to say, at the bottom of the tape, "Is this real or is it Memorex?") Ion responded to TJ that they were taking this to the next level and that he wanted TJ to upload the memory card to the central tabulator. TJ, who had quite apparently been talking to the Diebold reps, said he didn't want that to happen because he didn't know if Harri might have planted some kind of virus on the memory card that would infect the central tabulator. Ion then explained to TJ that, just an hour earlier, he had obtained permission from the Leon County Council to replace the Diebold system. That meant that the Leon County Diebold system would never be used in any election again, and thus Ion said it was all right to upload the memory card to the central tabulator. (The irony here, of course, is that Diebold would worry about a virus being planted on this particular memory card! What about all the thousands of people around the country who have access to memory cards...doesn't Diebold worry about one of them planting a virus? And the second irony is that ITA testing is supposed to catch these security vulnerabilities and yet Diebold claimed to be worried about a security exploitation by Harri Hursti AFTER all ITA testing had been completed). So, TJ became convinced that it was all right to upload the memory card, which he did. And there, on the central tabulator screen, appeared the altered results: Seven "Yes" votes and one "No" vote, with absolutely no evidence that anything had been altered. It was a powerful moment and, I will admit, it had the unexpected result for me personally of causing me to break down and cry. Why did I cry? It was the last thing I thought I would do, but it happened for so many reasons. I cried because it was so clear that Diebold had been lying. I cried because there was proof, before my very eyes, that these machines were every bit as bad as we all had feared. I cried because we have been so unjustly attacked as "conspiracy theorists" and "technophobes" when Diebold knew full well that its voting system could alter election results. More than that, that Diebold planned to have a voting system that could alter results. And I cried because it suddenly hit me, like a Mack truck, that this was proof positive that our democracy is and has been, as we have all feared, truly at the mercy of unscrupulous vendors who are producing electronic voting machines that can change election results without detection. Beyond this, however, what is the real significance of the "Harri Hursti hack?" There are several answers to that question. The Significance of Harri's Hack First of all, the Hursti hack reveals only one vulnerability in an almost unlimited number of potential flaws or vulnerabilities in electronic voting systems (both op-scans and DREs). However, the Hursti hack is individually significant because the flaw it exposed is a planned vulnerability in the system, not something that is accidentally there. It had to be PUT there (programmed) on purpose. For Diebold to claim innocence about this would be absurd. It would be like saying you didn't know your garage had a door while you were standing there holding the garage door opener. Or, because this security vulnerability is so huge, it would more accurately be like saying you didn't know your house had a garage at all!! Since something like 95% of computer scientists agree that electronic voting machines (op-scans and DREs) have an almost infinite number of potential flaws or vulnerabilities, the Hursti hack shows, above all, THE IMPORTANCE OF HAVING PAPER BALLOTS for an independent confirmation of machine results. The beauty of paper ballots is that they are completely independent of any machine, unlike the printer paper trail. Therefore, they provide a true independent, manual audit of machine results. Paper ballots are also the only electronic voting method that eliminates, almost completely, any question about voter intent because the ballots are voter-generated, filled in by the voter's own hand, thus eliminating the need for a voter to confirm his/her choices on any printer-issued receipt. Paper ballots are the only way to have a fail-safe election with any electronic voting machine. You must have paper ballots and you must manually audit (count) a portion or all of those ballots in every election. The ONLY evidence in the Hursti hack that could discredit his alteration of results were the paper ballots themselves.But these ballots can only be useful if they are actually counted after an election to check against the machine count. The Hursti hack shows clearly that there must be an independent paper trail that can be manually audited to confirm (or discredit) machine results. The hack exposes a serious electronic voting flaw, but then, ironically, re-instates optical scan as the only electronic voting method that provides truly independent, manual audit capabilities. A National Defense Issue There is another aspect of this hack that is of vital importance to our nation. Harri and Dr. Thompson explained to me that there are 3 levels of computer attack (and please remember that electronic voting systems are computers, whether they are networked or not). Level One, called a "script kiddy," is the most primitive and can be copied by a novice from an internet site and then be used to create a virus or hack a computer or a computer system. Level Two is more sophisticated and is the level at which most viruses, worms, Trojan horses and hacks are conducted, often by "casual hackers" who, for whatever reason, enjoy conducting "electronic break-ins" into computers. Level Three is called a "Nation-State" attack. A Nation-State attack is a highly sophisticated, heavily funded electronic attack by a foreign country, a foreign operative, a terrorist group, organized crime, or a political group or operative within our own country. In other words, a Nation-State attack could be mounted by any well-financed group that would benefit from sympathetic candidates being placed in powerful positions or by certain agenda(s) being implemented, or by any group that wants to gain political or financial advantage or wreak havoc on our nation. Harri told me, and Dr. Thompson confirmed, that Harri's hack was Level One (the first, primitive level), and could have been done by an 8th grader with some basic information. They explained to me that the voting machines in this country are so vulnerable that they cannot even withstand a Level One attack, much less a Level Two or a Nation-State attack. Our country spends billions of dollars on national defense, and yet we have a gaping hole in our national security through the widespread use of completely vulnerable, electronic voting machines. Counting paper ballots is not a step backwards. It is a vital component for the security of our elections and our protection against a "bloodless coup" or the overthrow of our government through our elections system. It seems inconceivable, yet is all too possible, that such an electronic attack could occur without detection, as did Harri's hack on the Leon County voting system. A paper audit trail is, as almost all computer scientists agree (except for those who are the equivalent of tobacco company doctors who stated for years that smoking was fine for your health), absolutely necessary to preserve our democracy, and paper ballots are the fail-safe audit trail (as long as those ballots are manually audited and are guarded like the gold in Fort Knox). This is not something that can be delayed until next year or until the next decade. Whatever investment has been made in DREs must be re-evaluated in the same way we re-evaluated the exploding gas tanks of Ford Pintos. Just as Ford knew, but never disclosed for years that people were dying from the exploding tanks, the voting machine companies know their machines are completely vulnerable. There is too much at stake to trust machines that have been proven to be untrustworthy. We must have paper ballots, and we must have them now. To do less, with the knowledge we have, would be to sacrifice our democracy for the sake of convenience. It is not important that our elections be convenient, but it is vital that they be accurate, secure and verifiable. Otherwise, why hold elections at all? Ion Sancho had the courage to test what should have been tested by our federal government. He should be hailed as a national hero for exposing a breach in our national security the size of the Grand Canyon. But no quantity of such tests can find or expose the infinite number of electronic flaws, malicious or otherwise, that are possible in these systems. The day may come when these systems can be made secure, but that day is not now nor is it in the forseeable future. This is a time for courage, and for leadership. Our country's officials must guard our freedom as they have been elected to do and choose auditable, verifiable voting systems, based on paper ballots, that will defend our nation from an all-too-possible "electronic Pearl Harbor." The original source is here: http://www.votetrustusa.org/index.php?option=com_content&task=view&id=798&Itemid=51 Email this article to a friend |
Don't forget to check out articles from 2009 and 2010
"Renowned computer security expert agrees to meet California county supervisor's '1000 to 1' challenge to 'manipulate' Sequoia voting machine!"
December 13, 2006
Brad Friedman
"100 phantom votes found in one precinct; DelCo board of elections hinders investigation"
December 12, 2006
Stephanie Frank Singer
"Think globally, protect the vote locally"
December 1, 2006
Paul Rogat Loeb
"Will they or won't they: last chance for Democrats"
November 17, 2006
David Swanson
"The vote protectors"
November 16, 2006
Robert C. Koehler
"Ohio's 2006 vote count now includes a higher percentage of uncounted ballots than in 2004, and a statistically impossible swing to the Republicans"
November 14, 2006
Bob Fitrakis, Harvey Wasserman and Ron Baiman
"The drama of empty numbers"
November 9, 2006
Robert C. Koehler
"A monumental victory for the election protection movement"
November 8, 2006
Bob Fitrakis & Harvey Wasserman
"Pick a number 2006"
November 7, 2006
Mike Ferner
"How they stole the mid-term election"
November 7, 2006
Greg Palast, The Guardian ( UK ), Comment
"STOP Blackwell, what's that sign: Everyone look what's going down"
November 7, 2006
Bob Fitrakis & Harvey Wasserman
"Parallel election midday report"
November 7, 2006
Rady Ananda
"Tuesday's outcome may depend on the power of the election protection movement"
November 5, 2006
Bob Fitrakis and Harvey Wasserman
"The power of a social movement can beat the GOP double Chickenhawks"
November 2, 2006
Bob Fitrakis and Harvey Wasserman
"Check out We Count for a great TownHall confrontation between Vicki Lovegren of Ohio Vigilance and Michael Vu, Supervisor of Cuyahoga County BOE"
November 1, 2006
Victoria Lovegren, Ph.D.
"Official states electronic voting system added votes never cast in 2004 Presidential election; audit log missing"
November 1, 2006
Peter Peckarsky, Ron Baiman, and Robert Fitrakis
"Repairing the U.S. system of voting: 50 concrete steps"
November 1, 2006
Harvey Wasserman, Bob Fitrakis and Steve Rosenfeld
"Will a shocking new GOP court victory and Karl Rove's attack on Ohio 2006 doom the Democrats nationwide?"
October 30, 2006
Bob Fitrakis & Harvey Wasserman
"Renoite sue Sequoia Voting Systems"
October 28, 2006
Patricia Axelrod
"Severe election problems seen in ten states"
October 27, 2006
Jason Leopold
"Direct material proof of massive election fraud in Ohio in the 2004 U.S. presidential election"
October 26, 2006
Ron Baiman
"A talk with Mark Crispin Miller about what voters can do to prevent another stolen election"
October 26, 2006
The Ostroy Report
"Will Ken Blackwell find the ways to steal Ohio 2006 as he did in 2004?"
October 25, 2006
Bob Fitrakis and Harvey Wasserman
"Important voter activism"
October 22, 2006
Victoria Lovegren, Ph.D.
"A loaves & fishes/Holy Ghost victory for the GOP in November?"
October 17, 2006
Bob Fitrakis & Harvey Wasserman
"Why is the man who stole Ohio campaigning with a white supremacist?"
October 9, 2006
Bob Fitrakis and Harvey Wasserman
"This cannot be"
September 28, 2006
Robert C. Koehler
"Court victory lets preserved Ohio 2004 ballots tell new tales of theft and fraud as indictments and convictions mount"
September 25, 2006
Bob Fitrakis & Harvey Wasserman
"Unfit for use in ANY democracy"
September 20, 2006
Rady Ananda
"An open letter to Gov. Robert Taft and Sec. of State J. Kenneth Blackwell"
September 8, 2006
Harvey Wasserman, et. al.
"Coshocton County complaint"
September 3, 2006
Tim Kettler
"Saving the ballot evidence from Ohio 2004"
September 2, 2006
Bob Fitrakis and Harvey Wasserman
"San Diego suit’s second hearing: Judge to rule next Tuesday on constitutional and jurisdictional questions"
August 25, 2006
Rady Ananda
"New Zogby Poll: It’s Nearly Unanimous"
August 24, 2006
Michael Collins, “Scoop” Independent Media
"How the last presidential election awoke me from an unsound sleep"
July 22, 2006
Jeanne Norris Weinberg
"PFAW's Neas praises advance of Voting Rights Act, Calls on Bush Administration to start enforcing the law"
July 22, 2006
People For the American Way
"Why Democrats don't count: lessons from the un-Gore of Mexico"
July 16, 2006
Greg Palast
"Resolution of no confidence in current U.S. elections"
July 16, 2006
J30 Coalition
"An open letter from Ohio to the people of Mexico"
July 13, 2006
Bob Fitrakis and Harvey Wasserman
"The stolen election of 2004"
July 11, 2006
Michael Parenti
"The Democrats must now say "We Do Not Concede" in the U.S. as it's being said in Mexico"
July 9, 2006
Bob Fitrakis and Harvey Wasserman
"Project Vote, voting rights organizations, file to overturn restrictive voter registration rules "
July 7, 2006
Brian Mellor
"BBV: Unredacted Hursti Diebold reports, photos released"
July 4, 2006
Bev Harris
"Ignore that man behind the screen, Dorothy"
July 1, 2006
Greg Palast
"Bob Fitrakis for Governor -- he is now on the ballot"
July 1, 2006
Fitrakis campaign
"Alameda County supervisors embrace election fraud"
July 1, 2006
Allen C. Michaan
"San Diego’s run-off election aggregate results are plausible"
June 18, 2006
Ron Baiman
"A vote of no confidence: democracy left to languish in living rooms, garages"
June 15, 2006
Robert C. Koehler
"Kennedy's challenge: Salon, Mother Jones & the tortured dialogue"
June 15, 2006
Michael Collins and
"Warren County revisited"
June 12, 2006
Richard Hayes Phillips, Ph.D.
"Something smells fishy in San Diego!"
June 11, 2006
Ron Baiman
"Response to Salon Magazine"
June 6, 2006
Ron Baiman
"Analysis of Connally spreadsheet and other documents"
June 5, 2006
Ron Baiman
"RFK and Rolling Stone nail Ohio's stolen 2004 election, but much more must be done"
June 3, 2006
Bob Fitrakis and Harvey Wasserman
"Pick a card, any card"
May 27, 2006
Richard Hayes Phillips, Ph.D.
"Will the major media finally cover the electronic election fraud issue?"
May 15, 2006
Bob Fitrakis and Harvey Wasserman
"The money pit: Diebold vs. America "
May 15, 2006
Denis Wright
"Worst security flaw ever - 3 states invoke Diebold emergency procedures"
May 15, 2006
Black Box Voting
"Cranks and Kooks: Kerry won in '04"
May 11, 2006
Greg Palast
"Ohio 2004 election thief grabs Gov nod while (surprise! surprise!) voting machines malfunction"
May 5, 2006
Bob Fitrakis and Harvey Wasserman
"Hand counted paper ballots in 2008"
April 14, 2006
Sheila Parks
"Busheviks connected to New Hampshire phone-jamming scheme"
April 14, 2006
The Ostroy Report
"Are mainstream churches finally standing up to the GOP’s hateful “Christian” blitzkrieg?"
April 9, 2006
Bob Fitrakis and Harvey Wasserman
"Thousands march in New Orleans for right for Katrina survivors to vote in the city’s April 22 election"
April 7, 2006
Rainbow/PUSH Coalition
"Shocking Diebold conflict of interest revelations from Secretary of State further taint Ohio's electoral credibility"
April 6, 2006
Bob Fitrakis and Harvey Wasserman
"Faith-based voting"
March 30, 2006
Robert C. Koehler, Tribune Media Services
"Targeting the voters in Toledo"
March 30, 2006
Richard Hayes Phillips, Ph.D.
"Targeting the voters in Cincinnati"
March 30, 2006
Richard Hayes Phillips, Ph.D.
"Through a glass Darkely"
March 30, 2006
Richard Hayes Phillips, Ph.D.
"Is the Mainstream Media finally getting half the rigged voting machine story?"
March 29, 2006
Bob Fitrakis and Harvey Wasserman
"Please help Clint Curtis"
March 23, 2006
Robert Lockwood Mills
"Utah testing of the Diebold touch-screen reveals new problems"
March 19, 2006
Black Box Voting
"Trust us"
March 17, 2006
Robert C. Koehler, Tribune Media Services
"Harman vs. Winograd, tough choice?"
March 17, 2006
David Swanson
"Why did J. Kenneth Blackwell seek, then hide, his association with super-rich extremists and e-voting magnates?"
March 10, 2006
Bob Fitrakis and Harvey Wasserman
"Did 308,000 cancelled Ohio voter registrations put Bush back in the White House?"
February 28, 2006
Bob Fitrakis and Harvey Wasserman
"Statisticians recommend new measures to ensure vote count accuracy, release "Ohio’s 2004 exit poll analysis for novices”"
February 17, 2006
Kathy Dopp
"As Alito takes Supreme Court seat, Ohio GOP guts election protection "
February 1, 2006
Bob Fitrakis and Harvey Wasserman
"The Harri Hursti hack and its importance to our nation"
January 29, 2006
Susan Pynchon, Florida Fair Elections Coalition
"Programmer Jeff Dean worked for chief of White House Plumbers unit"
January 26, 2006
Bev Harris, Kathleen Wynne, and John Howard
"Free Press Editor in Film at Sundance"
January 23, 2006
Free Press Staff
"PA activists sue to vote on machines"
January 20, 2006
Rady Ananda
"Important documents"
January 20, 2006
Free Press staff
"The gun is smoking - The gun is smoking - 2004 Ohio precinct-level exit poll data show virtually irrefutable evidence of vote miscount"
January 18, 2006
Kathy Dopp and Ron Baiman
"Recipe for hacking ES&S and Sequoia, Hursti-style"
January 4, 2006
Black Box Voting
"What’s all the fuss about Diebold in Florida and California?"
January 4, 2006
John Washburn, for VoteTrustUSA
"New info may take out Diebold touchscreens"
January 1, 2006
Black Box Voting
Read Articles by Year:
2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000
All content © 1970-2009
The Columbus Free Press
Disclaimer