Scoop Blogwatch: Hacking Your Vote
If you were hired to create some software to count votes in an election, how would you do it? What considerations would
you have and how would you implement them. What would be your security considerations?
Think for a moment before reading on, and we'll compare your thoughts with what's actually out there. The results may
surprise you.
Disclaimer: This is my personal blog and my opinions are my own and not necessarily that of my employer.
No, This Is Not All About Touch Screens
There has been some major upset in the last few years about touch-screen voting systems and how easy they are to hack - but I don't want you to focus on that, for now. The interesting thing is when you bring
up "voting software" most people think these systems are what you're talking about.
In this case I'm more interested in how you would implement vote-counting software - the thing used to count the votes
when cards are passed through a reader and tallied. Take 10 minutes or so and specifically think about:
Voting audit trails
Counting accuracy
Security
Tampering prevention
You keep on musing while we take a break to describe the election process and how votes are counted today...
How Your Vote Is Counted
Every county has the jurisdiction to implement an election as it sees fit, under the guidelines of the Federal Elections
Commission (FEC). This means that every county in the US can buy and use "certified" systems from companies such as
Diebold, ES, and Sequoia.
One of the biggest sellers out there (the state of Maryland paid $50 Million US for this one) is the Diebold's
Accu-vote. It consists of a battery of optical readers (one for each polling place) and memory cards for storing
election results. It also comes with a license for GEMS, their vote-tallying and reporting software; one license per
county for use by the Supervisor of Elections.
On the day that you vote, your ballot gets put into an officious looking black box with the other ballots. At the end of
the day your ballot is pushed through one of these readers, and your vote is stored on one of these memory cards:
Once all of the ballots from a polling place are collected and read, a tape is printed by the optical reader that has
the results on it, including a full count of the ballots read in. The election workers from that polling place sign the
ticket and off it goes to the Department of Elections.
The next step in the voting chain is that the Election Supervisor (or one their appointees) takes the memory cards from
each polling place and methodically plugs them into a computer running GEMS, the vote-counting software. GEMS reads the
information from the cards and once all the cards are read, a final report is printed out and the Supervisor certifies
the results and the election.
Seems simple enough right? Have an idea how you might implement this system?
The Diebold System
In 2003, Bev Harris (the then-housewife and now-founder of BlackBoxVoting.org) wanted to know more about the election
software that was being used in her home town near Seattle, WA. She got on the internet and ran Google search after
Google search until suddenly...
... when I found that Diebold Election Systems had been storing 40,000 of its files on an open web site, an obscure
site, never revealed to public interest groups, but generally known among election industry insiders, and available to
any hacker with a laptop, I looked at the files. Having a so-called security-conscious voting machine manufacturer store
sensitive files on an unprotected public web site, allowing anonymous access, was bad enough, but when I saw what was in
the files my hair turned gray. Really. It did.
The contents of these files amounted to a virtual handbook for vote-tampering: They contained diagrams of remote
communications setups, passwords, encryption keys, source code, user manuals, testing protocols, and simulators, as well
as files loaded with votes and voting machine software
Turns out that Diebold kept their CVS system up on a public FTP site, with no security. Oops.
She downloaded every file she could find, which included requirements, diagrams, code, and binary files. Of particular
interest to her was GEMS - the software that tallies the votes for the county.
…snip…