< Negative Links
One Piece At A Time >

If You Read One NYCB This Summer, Read This One: Here's another, much more significant entry from the 'some of my readers may not know (and others may know all too well)' file. Lots of states are using a particular company's (Diebold's) system to tally votes in their state and federal elections. It turns out it's very easy to attack this system to make it give different vote tallies from the actual tallies.

The system keeps two sets of books, and you can get it to display tallies from the fake set instead of the set that reflects people's actual votes. Paper verification ballots are useless, because the software knows to use the real data for spot checks and only uses the fake data to report aggregate results. This is really bad. It undermines the integrity of the election system.

Something like this has long been suspected, and it is a general problem with electronic voting and vote counting systems, but it is no longer a hypothetical problem. The attack actually exists and has been demonstrated. (That link has a very detailed article about the problem which I recommend you read.) The system has been in place for four years in 30 states. It's possible it has already enabled election fraud.

As in accounting, keeping two sets of books is not something you do unless you want to cheat or are being pressured to cheat. It's not a bug--it's a whole other system designed for cheating, hidden inside the system the states were sold. The authors of that article pin the blame on a specific person, who had means, motive, and opportunity. But who specifically did it is not as important as the reaction to the discovery of the problem, which has been just awful.

Let's suppose I did something like this at the company where I work, and play out the scenario that would happen once someone found out. Obviously I would be immediately fired. My now-ex-employer would inform all our clients about the problem, and they in turn would demand that 'we' fix the problem immediately. Most of the bigger clients would ask that their sites be shut down until the problem was fixed. Everyone would take the problem very seriously.

While it would not be in my now-ex-company's interest to have information about the problem made public (at least until it had been fixed), it would also not be in their interest to let the problem remain unfixed. It would also not be in the client's interest to ignore the problem. If anyone ever exploited this hypothetical problem it would cause enormous damage to the client, and if we didn't fix it quick they would fire 'us', quickly.

Now let's exit that hypothetical and see what happened in the real world. As far as I can glean from that article, (it's a little vague), the person they blame doesn't work at Diebold anymore. I don't know if this is because he was fired, or because he got sent to prison for (unrelated but motive-providing) embezzlement.

But that is all that's happened. Nobody seems interested in fixing the problem, and according to the people who know how to exploit the problem, a lot of the time they can't get the interested parties to even watch a demonstration.

What's wrong with this picture? Here's my guess. Note that I'm going to explain this situation without claiming that any of the parties currently involved want to rig elections, which is certainly a possiblity but which explaining things that way tends to get you dismissed as a conspiracy theorist. Anyway, the problem exists and is exploitable whether or not I'm a conspiracy theorist.

Diebold is (in my explanation) trying to keep the counties and states from demanding action because any effective action would result in Diebold losing the contract--remember, this back door has been in the software for years. It's already way past "fix this now or else" territory and into "we don't trust you and we never can" territory--if the state wanted to take action.

The state officials don't want to take action because they don't want to admit that such a huge problem could happen on their watch. They know that if this knowledge becomes widespread the public will blame them (with some justification). A lot of them also have a lot of political capital invested in "information superhighway" type electronic voting rhetoric, and the states have put a lot of money (by state budget standards) into these fancy systems. It would cost a lot of time and money to switch. And for what? So you can say "Yes, this election was secure."? Well, you can say that no matter what, and save the time and money.

There's also no upside to solving the problem for the state officials. They are not directly damaged by bad elections so long as no one finds out they were bad (unless their opponent rigs the Secretary of State election against them, which would be ironic but also difficult). The only reason they should try to solve this problem is that their job is to not let this problem happen. California's secretary of state, Kevin Shelley, is the only official I know of who is doing his job in this respect.

If there were consequences for ignoring the problem, there would be incentive for the state officials to fix it. We wouldn't have to depend on government officials wanting to do the right thing. Right now there are no consequences because for the most part the ultimate bosses of everyone in this scenario (the citizens of the states) don't know about the problem yet. If the state officials watch a demonstration of the problem, they destroy any plausible deniability they might have had, and they create a news hook for media investigations into the problem. That's why they don't want to even look at it.

I am posting this entry to do my part to get rid of the plausible deniability. It's very important that the states secure the application as best they can for the coming election, and switch to a more secure system as soon as possible.

Filed under: ,

[Main] [Edit]

Unless otherwise noted, all content licensed by Leonard Richardson
under a Creative Commons License.