Piece in Salon about the new electronic voting machines everyone's getting, and the potential for fraud. A couple excerpts:
Specifically the flaw was that you can get at the central vote-counting database through Microsoft Access. They have the security disabled. And when you get in that way, you are able to overwrite the audit log, which is supposed to log the transactions, and this [audit log] is one of the key things they cite as a security measure when they sell the system.So you can break in and then hide your tracks.
You don't even need to break in. It will open right up and in you go. You can change the votes and you can overwrite the audit trail. It doesn't keep any record of anything in the audit trail when you're in this back door, but let's say you went in the front door and you didn't want to have anything you did there appear anywhere -- you can then go in the backdoor and erase what you did.
. . . .
The other situation would be supposing someone gets in by either hacking the telephone system or by going backwards in through the Internet, because the Internet does connect to these GEMS computers, even though they deny it. A lot of the press watches election results come in on the Web and what they're watching is actually being uploaded directly off the GEMS computer.
Here's the really alarming part:
I got a call from one of our more brilliant computer programmers -- he's got quite a few advanced degrees -- and he called me on a weekend and he said, "I want you to go to your computer." And he walked me through it just like a support tech does -- open this panel, click this, do this, do that. And as I'm doing this it was appalling how easy it was. Once you know the steps, a 10-year-old can rig an election. In fact it's so easy that one of our activists, Jim March in California, put together a "rig-a-vote" CD. He's been going around showing it to elections officials, and now this CD has been making its way to Congress members.It's shocking. All you do is double-click the icon. You go backwards through the Internet to that county computer, and if you have Microsoft Access on your machine you can walk right into that election database while it's open. It's configured for multiple access at the same time. You can be in there changing things and you can change anything you want.
God help us if the contents of that CD ever get out onto the Internet. I imagine there are script kiddies out there would love nothing better than to throw an election to some oddball candidate and then watch the mayhem.
Honestly, I don't really see why everyone's jumping on these computer-voting systems. I don't like the idea of everything being wrapped up in bits & bytes where you can't always track what's going on, and little in the way of physical artifacts. Personally, this is a case where I think I prefer a system that uses paper ballots. That way even if they're scanned into a computer to be counted and someone hacks into the system, you can still go back to the original paper ballots and re-count them. With a wholly electronic system, it just seems too easy to go in and wipe the entire trail.
Posted by Jason at September 23, 2003 08:48 AM