Harris found about 40,000 unprotected computer files

bushtrash

Kim Zetter: 'How E-voting threatens democracy'
Posted on Tuesday, March 30 @ 10:05:49 EST
--------------------------------------------------------------------------------
By Kim Zetter, Wired News

In January 2003, voting activist Bev Harris was holed up in the basement of her three-story house in Renton, Washington, searching the Internet for an electronic voting machine manual, when she made a startling discovery.

Clicking on a link for a file transfer protocol site belonging to voting machine maker Diebold Election Systems, Harris found about 40,000 unprotected computer files. They included source code for Diebold's AccuVote touch-screen voting machine, program files for its Global Election Management System tabulation software, a Texas voter-registration list with voters' names and addresses, and what appeared to be live vote data from 57 precincts in a 2002 California primary election.

"There was a lot of stuff that shouldn't have been there," Harris said.

The California file was time-stamped 3:31 p.m. on Election Day, indicating that Diebold might have obtained the data during voting. But polling precincts aren't supposed to release votes until after polls close at 8 p.m. So Harris began to wonder if it were possible for the company to extract votes during an election and change them without anyone knowing.



A look at the Diebold tabulation program provided a possible answer.

Harris discovered that she could enter the vote database using Microsoft Access -- a standard program often bundled with Microsoft Office -- and change votes without leaving a trace. Diebold hadn't password-protected the file or secured the audit log, so anyone with access to the tabulation program during an election -- Diebold employees, election staff or even hackers if the county server were connected to a phone line -- could change votes and alter the log to erase the evidence.

In addition to glitches, there are concerns about the people behind the machines. A few voting company employees have been implicated in bribery or kickback schemes involving election officials. And there are concerns about the partisan loyalties of voting executives -- Diebold's chief executive, for example, is a top fund-raiser for President Bush.

Paperless touch-screen machines, also known as Direct Recording Electronic machines, appeared in the '90s. However, they cost about $3,000 each, and few counties opted to buy them until funds became available through HAVA.

According to political consulting firm Election Data Services, about 50 million people in the United States will vote this November using paperless touch-screen voting machines, while 55 million will use optical-scan machines that require voters to use a pen to mark a paper ballot, which an electronic machine then scans.


two of the top three companies do have foreign ties. Diebold Election Systems began as a Canadian firm called Global Election Systems before being purchased by Ohio-based Diebold Inc. in January 2002. And Sequoia Voting Systems is owned by two foreign firms -- 85 percent by De La Rue, a British company, and 15 percent by the Jefferson Smurfit Group of Ireland.

As for criminal activity, a Sequoia regional manager was indicted in Louisiana in 2001 for conspiring to commit money laundering and bribery, although he was never convicted. Philip Foster was accused of facilitating a 10-year kickback scheme between his brother-in-law and an election official involving millions of dollars in overcharges for voting equipment. But while the election official went to jail, Foster, who still works for Sequoia, received immunity for his testimony and is in the process of trying to get the charges expunged from his record.

Sequoia spokesman Alfie Charles said the voting equipment in question wasn't Sequoia equipment, and that "Sequoia has never been under any investigation regarding the situation in Louisiana and absolutely no allegations of improper conduct have been directed at the company."

Tom Eschberger, a vice president for the largest voting firm, Election Systems & Software, or ES&S, was also involved in a bribery and kickback scheme, this one in Arkansas. Former Arkansas Secretary of State Bill McCuen was convicted for his role in the crime, but Eschberger, like Foster, received immunity.

Up until 1995, Nebraska Sen. Chuck Hagel had been chairman of ES&S (then called American Information Systems) before quitting the company in March of that year two weeks before launching his Senate bid. ES&S, based in Omaha, Nebraska, manufactured the only voting machines used in the state in his election the following year. According to Neil Erickson, Nebraska's deputy secretary of state for elections, the machines counted 85 percent of votes in Hagel's race; the remaining votes were counted by hand.

Hagel, a first-time candidate who had lived out of the state for 20 years, came from behind to win two major upsets in that election: first in the primary race against a fellow Republican, then in the general race against Democrat Ben Nelson, the state's popular former governor. Nelson began the race with a 65 percent to 18 percent lead in the polls, but Hagel won with 56 percent of the vote, becoming the state's first Republican senator since 1972.

Now it was October 2002. Hagel was up for re-election, and Harris discovered that the senator still owned a financial stake in his former firm. Hagel held investments worth between $1 million and $5 million in the McCarthy Group. (Hagel won't reveal the exact size of his investment in the asset-management firm.) The McCarthy Group owns about 25 percent of ES&S, according to Hagel's chief of staff, Lou Ann Linehan. She estimated that Hagel's stake in ES&S amounts to about 1.5 percent.

Hagel disclosed the McCarthy investment in his campaign filings, but he neglected to mention that McCarthy owned part of the company counting his votes. His campaign treasurer, Michael R. McCarthy, was also chairman of the McCarthy Group and a member of ES&S's board of directors.

"That's about all it took," Harris said, expressing surprise that no reporters had bothered to uncover data that took only a few Internet searches to find.

In addition to raising concerns about the integrity of Hagel's election, the information raised concerns for Harris about Hagel's vote in Congress on HAVA. As he prepared for re-election that year, Hagel, along with hundreds of other legislators, passed the bill, which devoted billions of federal dollars to purchasing new voting machines like the ones ES&S made.

a month before the November election, she faxed a five-page press release, including supporting documents, to 3,000 journalists around the country, among them editors for Nebraska newspapers and broadcast stations, she said. No one responded.

She wasn't surprised that the Omaha World-Herald, the state's largest newspaper, didn't jump on the story. The Omaha World-Herald Co., the paper's parent company, owns part of ES&S (the newspaper declined to say how much). But the silence from other editors stunned her.


But Hagel's staff faxed Wired News a 2,600-word profile of Hagel published in the World-Herald in October 1996 that briefly mentioned in three paragraphs the senator's chairmanship of the voting company. It also noted that World-Herald publisher John Gottschalk was the person who recruited Hagel to the voting company in 1992.

Harris posted the information about Hagel to her publicity website, and ES&S sent her a cease-and-desist letter, the first of three that she would receive from voting companies over the next year. The letter, hand-delivered by a courier, warned Harris to retract statements on her website that implicated Hagel in wrongdoing or face a lawsuit.

Three months after the election, Alexander Bolton, a reporter for The Hill, a newspaper covering Capitol Hill, began reporting a story about Hagel's connection to the voting firm. But before the article ran, he got a visit from Linehan, the senator's chief of staff, who was accompanied by "a prominent GOP lawyer." According to Bolton, they asked him "to soften the story or drop it."

The staff's attempt to influence Bolton's story wasn't unusual. "That's what congressional staffs do," Bolton said. But the interest of the GOP lawyer was different. "That was very unusual," Bolton said. "I've been at The Hill for over four years and that has never happened. It's probably because Hagel has presidential ambitions."

Hagel, a 57-year-old telecommunications millionaire and twice-wounded Vietnam veteran, was on the short list for George W. Bush's running mate in 2000, a slot that ultimately went to fellow Nebraskan Dick Cheney. Hagel and his staff haven't ruled out a possible presidential bid by Hagel in 2008.


Harris documented 56 cases in which software flaws were implicated in miscounts and wrote an account of them (PDF) on her website. "I didn't finish (finding cases)," she said. "I just got tired of writing." In Dallas County, Texas, in 1998, for example, ES&S tabulation software failed to count about 44,000 votes that its optical-scan machine had recorded on ballots. In 2000 in Allamakee County, Iowa, 300 ballots fed into an ES&S optical-scan machine produced 4 million votes. The machine broke down repeatedly and flashed absurd numbers throughout the evening, election auditor Bill Roe Jr. told the Chicago Tribune.

"Equipment failures such as this are rare," wrote ES&S spokeswoman Meghan McCormick in an e-mail when asked about the problem. "When they do occur we carefully review each situation and make changes as needed."

Harris said it concerned her that only large discrepancies seemed to get reported. "You're going to catch it when you know that 5,000 votes are cast and 140,000 are counted," she said. "But what if it's a difference of 500 or 100? Who checks?"

In fact, the relationship between vendors and election officials has raised questions about conflicts of interest around the country. Manufacturers vying for million-dollar contracts have sponsored national and state conferences for election officials and courted some officials with expensive meals, cruises and tickets to concerts and sporting events, according to a Los Angeles Times investigation. They also hire former state employees to ease their way through contract negotiations and certification processes.

For example, after she left office, former Florida Secretary of State Sandra Mortham, a one-time running mate of Florida Gov. Jeb Bush, became a lobbyist for both ES&S and the Florida Association of Counties. During that time, the association signed an exclusive endorsement deal with ES&S to earn a commission on any contracts that counties signed with the voting company. Karen Marcus, the association's president when the deal was signed, said Mortham didn't broker the partnership, nor did the association pressure counties to purchase ES&S machines.

In California, where counties are under court order to replace punch-card machines and will likely spend $400 million on new equipment, former Secretary of State Bill Jones praised the virtues of touch-screen voting while in office in 2001, sponsoring a $200 million bond measure to help counties purchase new e-voting machines. Support for the bill, which passed in 2002, was financed by Sequoia and ES&S. Jones became a consultant for Sequoia after leaving office and is now a GOP Senate candidate.

As Harris began to uncover more information about e-voting glitches, she decided to write a book about the voting companies and their machines. She launched BlackBoxVoting to track the progress of her investigation and contacted several publishers to pitch her idea. But no one wanted to touch it. They all told her voting was boring.

Only David Allen, a North Carolina publisher of comic book titles like Bastard Operator From Hell and My Big Fat Geek Wedding, was interested. It turned out to be a propitious partnership, though, since Allen had a background in systems administration and could answer some of Harris' technical questions. It was Allen who sent her in search of a voting machine manual, which led to the FTP site and the discovery of Diebold's source code.

"I knew that in order to really understand the potential for vote-rigging, we had to know how the systems worked," Allen said.

Diebold had installed the FTP site so that employees around the country could communicate with each other and transfer files. But somehow the company neglected to secure it. Harris wondered how the company could secure the nation's elections if it couldn't secure its own source code.

Currently one of the largest makers of automatic teller machines, the company entered the voting business in 1999 after purchasing a Brazilian technology firm and winning a $105.5 million contract to supply about 200,000 voting systems to the Brazilian government.

In 2002, Diebold jumped into the lucrative U.S. elections market by acquiring Canada's Global Election Systems and taking over its division in McKinney, Texas, to launch Diebold Election Systems. In 2000, prior to the passage of HAVA, Global Election Systems had reported a profit of just $1.1 million on total revenues of $20.2 million. Last year, Diebold's election division reported an operating profit of about $100 million.

Harris' discovery of Diebold's source code was significant because until then the only people who had seen the workings of a voting system had been forced to sign non-disclosure agreements. Anyone else who criticized the systems could do so only in theory, without seeing the code.

For weeks, about 75 people sifted through the files, including computer programmers who read the software code and lawyers who advised her about election law.

she needed to bring in academic experts who could formally analyze the code and weigh in on the security of the system.

She contacted Stanford University computer scientist David Dill, who had served on a California task force on e-voting and launched a nonprofit called VerifiedVoting.org to educate people about the need for a voter-verified paper trail. Dill contacted Avi Rubin, a computer scientist at Johns Hopkins University and director of the university's Information Security Institute.

He and Kohno divvied up reams of paper and attacked the code with highlighters and pens. Within half an hour they discovered the first serious flaw.

It was a basic error that students in Cryptography 101 learn never to make: Diebold's programmers had written the key for unscrambling the system's encryption directly into the code. This meant the key would never change, and anyone reading the source code (including anyone who downloaded it from the FTP site) would know it. The same key unlocked the data on every machine. It was the equivalent of a bank assigning the same PIN to every customer's ATM card.

"Oh man, we thought, this is horrible," said Kohno. "We realized that the system was written by novices and we weren't really surprised then by anything else we found."

For two weeks they did little but pore over the code and write their analysis. They talked to no one about what they were doing, fearing that Diebold would try to stop them with a restraining order.

Initially, they thought they might find malicious code in the software that would allow the results of elections to be changed at will. Computer scientists had long contended that anyone with access to a voting system could slip the code in and no one would know.

"We found a system that was so vulnerable in itself that you didn't need to put malicious code into it to rig an election," Kohno said. The system, they concluded, was open to attack from both inside and out.


Although any voting system is open to fraud, digital machines made it easier to affect vast numbers of votes with little effort, Mercuri said. She was the first to call for voter-verified paper ballots to be used with e-voting machines.

"If the Diebold system made it through the certification process, then the certification process is really broken," Rubin said. There was no reason to believe that systems made by other vendors were any more secure, he said.

Diebold's reaction to the memos only stoked criticism of the company. Diebold won't confirm whether the memos are genuine, but when Harris posted some of them to her website, Diebold sent a cease-and-desist letter accusing her of copyright violations under the Digital Millennium Copyright Act. This prompted half a dozen other people to host the memos on sites in New Zealand, Canada, Italy and the United States, including sites that offered a searchable database of the memos. And after students at Swarthmore College in Pennsylvania also received a cease-and-desist letter, an anti-Diebold campaign launched on the Internet, with dozens of people hosting the memos and dissecting their content on forums and blogs.

The company's reputation declined further when news came out that it had installed uncertified software on Diebold systems in 17 California counties before last year's gubernatorial recall, a violation of the state's election law. A former Diebold employee accused the company of doing the same in Georgia, though Diebold has denied the latter charge.


"I don't think there's any vast right-wing conspiracy to control the vote," said Allen, the publisher of Harris' book. "All I know is that voting fraud in this country has a long tradition. If there's enough money in it and it can be done with a reasonable certainty of getting away with it, it will be done."

Harris, who has continued investigating the voting companies and election glitches over the last year, is certain that research will eventually uncover evidence of actual tampering by public officials or voting companies. There's no evidence of this to date, but Harris feels it's inevitable.

"The material we're learning now is staggering," she said.

Reprinted from Wired News:
http://www.wired.com/news/
evote/0,2645,62790,00.html