Q: What's the most common rationale against using hand-counted paper ballots?

A:  The most common statement is so stupid that I feel insulted to even have to refute it.  People who are pro-DRE always say "We have a 200 year history of problems with paper ballots, and it has been shown over and over again that we cannot secure them from tampering".

Anyone with half a thimbleful of sense will realize that what they are saying is, "We have 200 years of rampant election fraud, and so far we have been unable to figure out how to keep fraudsters from having unrestricted physical access to our voting medium".

Can anyone possibly explain how adding networked, closed-source computers to the equation will make the process more open, auditable, and trustworthy?  If you can't secure a big locked box holding a bunch of paper, where people have to change one vote at a time, can we reasonably expect you to secure a group of networked Windows PCs?  Come on - nobody is really this stupid.

David Allen of BlackBoxVoting.com has a couple of great thoughts about paper:

"The fact that fraud has occurred on occasion with paper ballots does not invalidate the use of paper ballots any more than occasional counterfeiting invalidates the use of paper money."

And:

"According to the Justice Department, thieves and robbers made off with $45 million in paper money in 2003. According to the American Banking Association, computer thieves made off with $500 million in digital cash that same year."

"Explain to me again how paper is the problem?"

Look, you don't have to hack into computer systems for a living to not trust these systems.  All you have to do is look at our HUGE history of election fraud, combined with the power and profit agendas of the e-voting companies, and the clear desire for our elected officials to stay in power (some, by any means possible - ever follow what goes on during 'redistricting'?), trusting a closed, automated system is a terrible idea.  Would you trust the results if you walked into a voting booth, closed the curtain, and whispered to a political activist on the other side of a screen who you want to vote for, assuming that they would accurately "take care of it"?

If not, don't trust e-voting.  The systems don't deserve it. 

Q: What do you recommend to protect voters from this kind of hacking?

A: Great to hear from you! I appreciate your sentiments - one thing I used to tell my engineers is "Don't bring me problems, bring me solutions". I really should hold myself to the same standards.....

I think the best solution is a return to hand-counted paper ballots. They are simple, resistant to fraud, easy to secure (steel or plexiglass locked boxes versus encryption, authentication, authorization, digital audit trails, etc), easy to understand, and provide a clear mechanism for recount. As you know, it would be extremely difficult to compromise a large number of these ballots, and impossible to do from a distance.

If someone were to develop a computer-based system as simple, reliable, and verifiable as hand-counted paper ballots, it would be hailed as a technological marvel. The arguments citing human error and malfeasance concerns with paper ballots are ridiculous, since human error and malfeasance are equally possible regardless of the voting medium used, and are actually amplified by the use of computer systems since physical access is no longer required for tampering. The technology just makes it easier. The MIT/CalTech study of 2001 shows that hand-counted paper ballots are the most accurate out of the 5 methods currently used, and Canada hand-counted their last parliamentary election using paper ballots in four hours.

The biggest mistake we can make is using these machines "Because we've already paid for them". If my shiny new car leaves me stranded by the side of the road, I don't just sit in it because I've already paid for it, and I expect it to work. I have to go back to walking, because I know it works, and I need to get somewhere. These systems open the doors to many NEW kinds of election fraud, while solving none of the problems.

However, I understand the realities of budget and politics, and while I advocate hand-counted paper ballots, that may not be 100% viable as a solution, particularly since we have already invested in a large number of DREs. I think that a budget argument in favor of DREs would be misguided, since I can't imagine that paper ballots are more expensive than computers, especially when you factor in all of the recounts and disruptions that these DREs have caused.  Despite the fact that we already use them, there simply must be a paper ballot for the system to have any integrity, especially since the DREs are not nearly as well-designed as the Apple computer that you appear to be using :-)

If it is unreasonable or politically untenable to move completely to hand-counted paper ballots, then I suggest a compromise such as the Voter Verified Paper Ballot(VVPD) design proposed by Dr. Rebecca Mercuri. While I am sure you have seen the details, I have attached a .pdf for your reference.

In addition, I have a couple of other suggestions (since you asked):

1) Auditing should be continual, and in the event of any discrepancies the scope of the audit should expand. In the event of a conflict, the VVPB should serve as proof of the intent of the voter. At a certain threshold of irregularities, ANY electronic tabulation must be suspended and hand-counting used to tally results.

2) Wireless should never be used. I'm sorry, I hope you didn't advocate it and I am insulting you, but that's just a really stupid idea. There is absolutely no way to protect systems using wireless technology against a Denial of Service (DoS) attack. For more info on wireless, please stop by http://www.chuckherrin.com/wardriving .

3) In the event that DREs must be used, they should undergo some REAL certification. We have established international standards for certifying system security called the Common Criteria, and our voting machines need to be certified at a least a level 6, if not a level 7. I have attached a .pdf introduction to the Common Criteria, as well. It's a little dry, but Information Security is a complex field that can be difficult to simplify. I apologize in advance if your eyes glaze over reading that.

4) Move back to hand-counted paper ballots. I LOVE technology, and immerse myself in computers and computer science, but responsible engineering doesn't equal using the newest technology simply because it's available. It means using the Appropriate technology to solve the problem, and that rarely means making things more complex and susceptible to abuse while eliminating auditing ability.

Q: Chuck:
1. This affidavit is circulating on the web today. This guy claims he wrote the software that was used to hack (at least) the Florida vote. I'm enclosing the URL for his sworn affidavit for you to review. You would know if what he  says he wrote is possible or if this guy is some kind of a nutcase.

2. Bev Harris (Black Box Voting) is dubious; is it ego talking? I don't believe Curtis said he put the code on/in the machines, only that he gave the code to Feeney.  But I'll pass along her comments, some of which are logical questions to ask.

A: 1) What he's written sounds entirely plausible. Diebold is known for using hidden fields in their touch screens, and it is referenced in their field guides ( I remember a section about how to cancel a vote). It would be VERY simple to design a program just like what this guy is saying - that's the whole basis for my arguing against using computers in voting. Since the certification process is a joke and no real source code review is done, what he's saying sounds technically plausible to me.
Whether it's true or not, I don't know, but it's technically quite possible.

(By the way - he never said he wrote software that was used to Hack the Florida vote - he said he wrote a prototype.  Read it closely....)

2) Hi - Please don't get me wrong: I'm dubious, too. Please don't interpret my saying that it was plausible to mean that I think he's the "smoking gun" - I mean that it is entirely plausible for a developer to write backdoor software to be placed inside voting systems. Just like you said, I don't remember him saying he had ever actually installed the software or even mentioning vendors, just that he had written something designed to switch votes.

In answer to your original question - "You would know if what he says he wrote is possible or if this guy is some kind of a nutcase" - like I said, it's technically possible, but I don't know if it's true.

It's probably not the way I would have done it, but like I say on my site, if I were an attacker I don't think that I would target the touchscreens at all since that's where I know people are going to look. That doesn't mean it wasn't done.

Many of Bev's points below are valid. But, like you said, I don't recall him saying that he placed the software in the machines, only that he wrote a VB program to flip votes. That part is entirely possible, but may be one of the "grains of truth" Bev mentions below.

I'll be (and I'm sure you will be) very interested to see how this plays out. I don't think it's Bev's ego talking - I think it's a healthy skepticism.  Especially about the Qui Tam information - she would know more about that than I would.

There's a lot of disinformation being generated out there about this issue, a lot of sketchy posts on blogs, etc that look like they're designed to throw people off and keep them chasing their tails. Anything that does eventually "blow the lid off" is going to be examined and re-examined, and millions will be spent trying to discredit it, so it really needs to be bulletproof before any MSM reporters will stake their reputations on it.

Good answers to Bev's questions would be a great start, and I'm curious to see what happens.

(One last note - Just because "I wouldn't do it that way" doesn't mean that someone else wouldn't have.  If I were Nixon, I wouldn't have kept the tapes.  If I were an Enron exec, I would have done a Helluva lot of things differently.  If I were Mondale, I wouldn't have made campaign promises to raise taxes.  If I were Diebold, I wouldn't have written such sloppy software and left an FTP server open to the world.  If I were an Elections Official in Volusia County, I wouldn't have left tapes in the trash on the porch.  If I were Mr. Feeney, I wouldn't be a paid lobbyist while in office.  If I were the Ohio Secretary of State, I wouldn't Co-Chair the Bush-Cheney campaign.  The list goes on.... Just because something's a dumb-ass idea doesn't mean someone who should've known better wouldn't do it.  The questions are all worth asking - don't just believe it on blind faith - but don't give people too much credit, either.  In hacking investigations and in audit work, I've found that mysteries can often be solved when Human Stupidity is given its proper consideration.  Very often, the answer to "He wouldn't be that stupid, would he?"  winds up being "Oh, yeah.  I guess he was." 

It's not getting any smarter out there... --Frank Zappa.)

Q: How'd you get involved with this? Aren't you a Republican?

A: I get asked this a lot, and it really shows how focused our country is on partisan politics.  I am a voter, first and foremost.  That being said, yes, I am a Republican and have been since being sent to Republican Indoctrination Camp at age 2. That's where we are taught supply-side economics and the values of mutually assured destruction. :-)

I got involved with this because I have been against the adoption of these voting systems for years. It's a dumb-ass idea to implement them this way - our votes are too important. I wouldn't trust my Bank with computer systems this insecure; Hell, I wouldn't keep recipes on a system this insecure. When I saw all of the documentation regarding Diebold and their heavy partisan leanings, and then when the results came flooding in with a clear Bush victory when I seriously expected Kerry to win, I put two and two together. I am, by trade, a professional White-Hat Hacker, so I know how easily "secure" systems can be breached, especially by insiders. Roughly 80% of all computer crimes are perpetrated by insiders, so that's always the best place to look first.  When the insiders also write the code and roll the machines out, there is no question that they have too much power and can not be trusted, whether they support my party or not.  It's called "Segregation of Duties" in the professional world, and it is vital for system integrity.

But that was all theory and conceptual before I tried it myself. I knew that the descriptions and ideas were bad, but I hadn't actually seen a copy of the software. So I went to BlackBoxVoting.org following a link off of some website, I don't remember which, and saw Bev's plea - "Computer Guys - Test it yourself!". I thought, all right, I will. After all, this IS what I do for a living. It's like asking an accountant to balance debits and credits - nothing special, and besides, I was curious. Surely if our states are rolling this out to Hundreds of Millions of voters, somebody checked it. It can't be as bad as these liberal whiners are making it out to be - they're just pissed off that our folks turned out in mass.

What I found truly shocked me, and made me physically ill.  That's what is documented on the other page. It IS that bad. I personally don't have conclusive evidence that voter fraud was perpetrated, but I can tell you as an Information Security professional that it would have been very, very easy to do. If I had to choose between someone conspiring with exit poll workers nationwide or someone changing values in an Access Database as the cause of the difference between the poll numbers and the "actual" results, I'll go with the easier, more effective option every time. Why choose the hard way when it's more trouble and you're less likely to succeed? Again, I'm staying clear of making specific allegations - I'll leave that to the activists who are gathering data - but I would be much more surprised if the election weren't hacked than to find out that it was.

It was too easy, the companies were too partisan and unethical, and there was too much at stake for them NOT to hack it. It looked like Bush was going to lose, and they had this tool available to pull out a victory. 

Why do I call Diebold partisan and unethical, you ask?  How's this:

"I am committed to helping Ohio deliver its electoral votes to the president." - Walden O'Dell, Diebold's CEO in a fundraising letter to Republicans, Fall 2003. O'Dell and other Diebold Senior Executives are Republican "Pioneers", which is the designation you get when you raise over $100,000. Brothers Bob and Todd Urosevich co-founded ES&S, another voting machine company, before Bob became President of Diebold Election Systems. His brother Todd is a Vice President of ES&S, the #2 vote machine maker, and is also a "Pioneer". According to campaign finance records at OpenSecrets.org, of the over $240,000 given by Diebold’s directors and chief officers to political campaigns since 1998, all has gone to Republican candidates or party funds. Is that partisan enough for you? Well, what about calling them unethical?

Check this out - No less than 5 people (Cooper, Lee, Graye, Elder, and Dean - http://www.blackboxvoting.org/bbv_chapter-8.pdf ) involved with the management and development of Diebold's systems are convicted felons, including Senior Vice President Jeff Dean, and topping the list are his twenty-three counts of felony Theft in the First Degree. According to the findings of fact in case no. 89-1-04034-1 (Washington State, King County District Court):

“Defendant’s thefts occurred over a 2 1/2 year period of time, there were multiple incidents, more than the standard range can account for, the actual monetary loss was substantially greater than typical for the offense, the crimes and their cover-up involved a high degree of sophistication and planning in the use and alteration of records in the computerized accounting system that defendant maintained for the victim, and the defendant used his position of trust and fiduciary responsibility as a computer systems and accounting consultant for the victim to facilitate the commission of the offenses."

To sum up, he was convicted of 23 felony counts of theft from by - get this - planting back doors in his software and using a "high degree of sophistication" to evade detection.  The reason for the embezzlement?  He needed the money because "he was embezzling in order to pay blackmail over a fight he was involved in, in which a person died."  A little more:

BlackBoxVoting.org's associate director Andy Stephenson obtained the court records of Jeffrey Dean which noted that the King County, Washington prosecutor was after him for over $500,000 in restitution.

"So now we have someone who's admitted that he's been blackmailed over killing someone, who pleaded guilty to 23 counts of embezzlement, who is given the position of senior programmer of the (Diebold) GEMS central tabulator system that counts approximately 50 percent of the votes in the (Bush-Kerry) election, in 30 states, both paper ballot and touch screen," said Stephenson. 

In addition, Dean told prosecutors (whose offices were on the ninth floor of the King County courthouse) that he was unemployed, when in fact he was working for Diebold who afforded him with 24-hour access to Diebold's King County, Washington GEMS central tabulator, according to Stephenson. (Dean worked on the GEMS tabulator on the fifth floor of the same King County courthouse!) http://portland.indymedia.org/en/2004/10/301469.shtml

Do you trust computer systems designed by this man?  Is trust important in electronic voting systems?

So here we are - Means, Motive, Opportunity - the whole package. And since the systems are so poorly designed, no audit trail to show any wrongdoing. Add some cries of "conspiracy theories" and "sore losers", and you've got yourself a mandate.  Four more years, indeed.  Surprise, surprise.

BUT - what happens in 2006 or 2008, now that tens of thousands of activists know about the holes and how easy it is to steal votes? Well, it'll be interesting, that's for sure. These systems appear to be DESIGNED to be easy to Hack, so one can only imagine what will happen.  But I for one will embrace President Homer Simpson and will fully support his new 2008 doughnut agenda as a welcome change. I hope that we can all stand together and welcome him as we Republicans continue to bring "dignity back to the White House."

Q: I thought the problem was the touchscreens, but you're talking about something different.  Why would an attacker target the GEMS software instead of the TouchScreens? back

A: Good question.  With all of the hype about the touch screen terminals, you'd think they'd be a likely target.  When you look through Hacker eyes, though, that's the best reason to avoid them.  Here's what I think:

I feel that it is unlikely that these individual touch screen machines would be targeted. At greater risk than the individual touch screens are the Central Voting Tabulation computers, which compile the results from many other systems, such as touch screens and optically scanned cards. From a hacker’s standpoint, there are a couple of reasons why these central computers are better targets:

a. It is extremely labor intensive to compromise a large number of systems, and the chance of failure or being detected increases every time an attack is attempted. Also, the controversy surrounding the touch screen terminals ensures that their results will be closely watched, and this theory has been born out in recent days.

b. If one were to compromise the individual terminals, they would only be able to influence a few hundred to maybe a couple of thousand votes. These factors create a very poor risk/reward ratio, which is a key factor in determining which systems it makes sense to attack.

c. On the other hand, the Central Vote Tabulation systems are a very inviting target – by simply compromising one Windows desktop, you could potentially influence tens or hundreds of thousands of votes, with only one attack to execute and only one attack to erase your tracks after. This makes for an extremely attractive target, particularly when one realizes that by compromising these machines you can affect the votes that people cast not only by the new touch screen systems, but also voters using traditional methods, such as optical scanning systems and absentee ballots, since the tallies from all of these systems are brought together for Centralized Tabulation. This further helps an attacker stay under the radar and avoid detection, since scrutiny will not be as focused on the older systems, even though the vote data is still very much at risk since it is all brought together at a few critical points. This also has been born out by early investigations, where the touch screen results seem to be fairly in line with expectations, while some very strange results are being reported in precincts still using some of the older methods.

This is not to say that the touch screens don’t have their problems, which are well documented on the web and the news. My point here is that if you want to steal an election, targeting the individual touch screen machines is not the easiest way to do it.

Q: Hi, I read your analysis, and wanted to forward it to a doubting friend (he doesn't believe in "conspiracy theories". only coincidence theories).

But the point he made to me is that if it's so easy to hack these systems, as it appears to be, why aren't there a lot of people doing it? Why don't Democrats? Why doesn't some anarchist hacker make Homer Simpson win? I know you said they don't want to get caught, but they still make viruses, etc. Maybe I'm missing something. Anyway, any insight you can give would be appreciated.

Oh, and do you think it would take lots of people? Because another point he makes is that sooner or later someone would talk...especially if they could write a book. I don't think they would survive long enough, but I have to try and convince my friend.

A: Good questions, so here we go:

1) An outside attacker has a more difficult time getting in than an insider does, so an insider will always be able to "out-hack" someone from the outside very easily. Also, some 80% of incidents come from insiders, so that's always the first place we look when responding to a hacking incident.

Real world example: In professional hacking classes and conventions like Defcon, we play "capture the flag", where the object is to hack others while not being hacked yourself. What I usually try to do is firewall myself, find the best target server, hack it, and then patch and/or firewall it so nobody else can get in the same way I did. If you're already inside, it's much easier to MAINTAIN control than it is to take it away from someone else who's already there.

2) No, it probably wouldn't take that many, which is one reason why GEMS is so dangerous and why I focus on it more than the individual DREs and touchscreens. (See the hackthevoteFAQ for more, if you haven't already).

Real world example #2: One thing we do in large penetration tests for really big clients is gather a group of 2-8 hackers in a "war room", all with specific objectives. I have worked mostly on teams of 2-4 people, and we have hacked (with permission, of course) into some of the biggest banks and insurance companies in the world. One of our customers had over 70 people in their Information Security department, and a budget of over $50 Million, and we still got in and quickly took control. By contrast, our voting system security looks like it was designed by some part-timer at Best Buy.

I'm pretty sure that a small group in one to a few locations could have pulled it off, ***especially*** had they designed and built the systems. If you design and build the systems, you can just automate the whole thing with a few scripts and call it a night. It's documented that the GEMS software "calls home", but Diebold refuses to say what for. Bev Harris demonstrated that a 5-line VB script can change the votes and then delete itself. The possibilities are nearly endless when you build it yourself and keep it under wraps.

Q: You seem very intelligent and reasonable.  With all of the fraud, the lies, the dirty tricks, and the fanatics, WHY ARE YOU STILL A REPUBLICAN?

A: Thanks?  You wouldn't believe how many times I've been asked that in the past week.  Here's my short answer:

First, voter fraud has tainted both parties going back a long time, so switching sides won't automatically make it "better".  Second, I will have NO say in Republican policies if I switch parties.  I want my Party back, Dammit! 

My goal from this point forward is to bring the Republican party back away from the psychos and towards the center, and I can't do that from the outside.  I think that if you want to be an agent for change, you can't simply run away.  That's why I'm still here.

One caveat - In case of Armageddon before the 2008 elections, all bets are off.

Q: Why did you post this?  Won't this tell the Hackers what to do? back

A: That's a reasonable question, particularly for someone outside Information Security.  Let me answer in 2 parts:

1) The short answer is that Hackers already know this.  Not to insult those of you who are just finding out about this, but this isn't really news - it's been known for quite some time, and a mix of computer types and social activists have been trying to tell you that it's coming.  The GEMS software has been available for some time thanks to a dumb-ass move by Diebold, when they left an FTP server open to the public.  Copies of GEMS software, database files, user guides, code, and all kinds of "good stuff" have been circulating around the 'Net ever since. 

2) The ONLY way to get this fixed is with a huge public outcry.  I need YOU to help spread the word.  Not just read this, but tell two friends.  And it would help if one of them was a Senator. :-)

Q: Have you seen the recent happenings in NC, like the stuff happening in Gaston County?

A: Yes, I saw that.  Guess who runs the machines in Gaston County, NC?  A Diebold Employee! (Worst quote: "The county pays a technician from Diebold to operate its systems on Election Day. That person was in charge of transferring early votes from electronic storage to the counting computer.") http://www.charlotte.com/mld/observer/news/local/10192340.htm

OK - 1) how bad does your product suck if you have to keep a technician on-site to work on it, and 2) with the tech on site, the number of recorded votes and voters from the 2004 Election don't match in more than half of the precincts in Gaston County! (http://newsobserver.com/news/ncwire_news/story/1839095p-8157912c.html)

Either a) the machines are so poorly built that even having a Diebold technician on-site couldn't make them work right, or b).... <fill in the blanks yourself>.  Either way, we lose.

But it must just be a coincidence.  In an effort to defend these systems, Diebold spokesman David Bear said by phone that "No one would risk manipulating votes in an election because it's against the law and carries a heavy penalty." http://www.wired.com/news/evote/0,2645,65031,00.html?tw=rss.TOP

Hey - we need this guy to get the word out to the criminals!   That should also take care of the War on Drugs and that pesky Murder problem.  Of course, if you DID manipulate the votes and win the Election, you would have the ability to, well, CHANGE the law (and Senate rules) should you be indicted on, oh, say, Corruption charges. http://www.washingtonpost.com/wp-dyn/articles/A57294-2004Nov17.html.  But no one would do that, because that would be wrong. 

And besides, the fine folks at Diebold must be law-abiding ex-felons, right?  Even though they can't VOTE on the systems in some states, they can still design and build them.  <sarcastic sigh> THAT's a good idea.

Q: Where can we see the Diebold memos you're referencing? back

Chuck