Programmer types: how could this DRE system be rigged for Bush?

When looking through the Greens' 2004-recount reports from Ohio's 7 DRE counties, I was struck by this Lake county recount observer's report.
http://www.iwantmyvote.com/recount/ohio_reports/counties/lake.php



The DRE system, as described, looks to me as though it would be difficult to rig for a particular candidate - except on a machine by machine basis, after the candidate order was assigned. Which would take a bit of doing.

Am I missing something?

ON EDIT: Maybe the machines can be accessed remotely. If so, I guess that would be the answer.

I don't know too much about them, but would like to learn.

The question is whether the cells were labeled correctly on each machine at the time the votes were cast, including ballot order rotation of course, and whether the vote totals in the central tabulator matched the precinct totals if they were all added up. If the database labels and the ballot text are forced to be linked in the software, it's harder to rig it without some real programming.

With Diebold's junk, the 2 (ballot text and database labels) are completely un-linked!

And of course you'd have to watch out for exploits that use straight party voting illegally to cause vote switching which might not be noticed by the voters. There is not supposed to be straight party voting in OH. If the ballot text MUST match the database as stated above, it makes this harder to implement illegally too.

As far as the printout of the ballot images, they could have been altered, but it is the right way to do a recount on such a machine. A paper trail would have been better, assuming the chain of custody was maintained properly.

Thanks, Bill.

How would a layperson know if the database labels and the ballot text are forced to be linked in the software?

actually looking at whatever software is used to configure it. I assume this is done on a server like GEMS and downloaded to the machines somehow. If not, it's on the machines themselves.

The best way would be to find a friendly elections official and have them show you. You enter a candidate's name in the database, see if you can change it on the ballot and save it without changing the database label. Then you just need to see if the results reports are labeled according to the database or the ballots. Most likely, it's the database and the reason for this, I think, is that the ballots usually have the candidates' full legal names while the database and results are shorter versions.

you would need to have access to it so you can look inside each cell.

When the votes are recorded they could be saved to a location outside the candidate area initially and then based on programming transferred to the candidate of choice within the candidate area although not for the voter's choice.

It might be necessary to see the spreadsheet prior to an election and make a copy of it to compare to it after the election as far as the programming.

It would not be necessary to rigged all machines to win an election. Precincts that generally favor Republican candidates could be programmed to record a vote for a Democratic candidate as a vote for a Republican candidate or as a no vote.



How are the candidate results determined when the the cell assignments are rotated? Is there a key assigned to determine which results belong to which candidates? Or is it done within the spreadsheet?

Your suggestion to make a copy of the spreadsheet prior to an election - and then compare it to a copy made after the election -sounds like an excellent precaution.

Thanks!

write some code to intercept before the cells.

I'd just write some front end code that would move every third vote for canidate A to canidate B.

If so, how would the vote-switching code for a particular machine "know" which cell was a Democrat cell and which cell was a Repub cell for that precinct?

Cheers!

of key presses that will put the equipment into or out of a locked-down demo mode. They use the secret codes so they can put equipment on retail display and keep the kiddies from playing with it. So one possible way would be a secret sequence of UI actions that tell the software which candidate to fraudulently favor.

Another possibility is that the statement that no updates were allowed since 1999 is not true. Can they really prove the chain of custody in a bulletproof way for a 5 year period? The full article you linked to expresses some doubt about that. You would not necessarily have to reinstall the entire software application. Depending on the design of the system it may be possible to replace just a single file with a hacked version, or to add a file with an innocent sounding name that performs the hack. So an important question would be to know what type of peripheral devices the machines have that could have been used to surreptitiously update them. If there is one or more peripheral device, what is to stop a technician who is checking the machine or a user who is configuring an election from installing a hack when no one is looking or perhaps when someone is looking who isn't technically saavy?

Also, you could use a combination of the above two methods -- maybe sometime in the last 5 years someone had a chance to install a generic hack that, once installed, provides an admin user doing configuration, a polling place worker or even a voter with the use of secret key press combinations to configure a fraud algorithm.

There is also the possibility (as demonstrated by BBV) that a program can be stored in the memory card cartridge. Then you wouldn't need to update the software on the main machine, you would just have to update what is stored on the card. Those cards must be subject to regular maintenance since they would have to be zeroed out before each election.

The full article talks a bit about the custody of both the machines and the cartridges. It says they use a two-key system for locking them away and other safeguards that, if followed, would require both a Republican and a Democrat to be in on a scheme. But systems like this are all too fallible. One of the dirty tricks used in other Ohio counties was to have a BOE "Democrat" board member who was a Republican plant and only posing as a Democrat. Another approach used in Ohio was to convince BOE employees to follow certain procedures that seemed innocent to them but had a negative effect on the truthfulness of the result. These and many other "social engineering" tactics can defeat safeguards.

And, of course, there is the possibility that these particular machines weren't hacked. Is there some reason (other than the details of the machines themselves) that would lead us to think a hack was done here specifically?

"Also, you could use a combination of the above two methods -- maybe sometime in the last 5 years someone had a chance to install a generic hack that, once installed, provides an admin user doing configuration, a polling place worker or even a voter with the use of secret key press combinations to configure a fraud algorithm." -eomer

Sounds plausible. Cheers!

I don't have any reason to believe that the DREs in Lake county, in particular, were hacked. I was just surprised to read about a DRE system that appeared to be secure. Thanks for disillusioning me.

Cell assignments are rotated at each precinct so that a particular candidate does not always get the top spot...

************
use a templet for assigning votes to candidates that doesn't match the actual candidate order in several traditionally high Dem precincts.

these apparently was done in Cuyahoga county in multi precinct polling places.

lots of votes weren't counted at all due to being switched to Nader
whose votes weren't counted.

I'm not sure how an incorrect "template" would be used on a DRE in Lake county.

Cheers.

The CEO of the parent company which owns Sequoia is not allowed into the United States because of his ties with Chavez. Our own government doesn't trust the CEO, yet millions of Americans must trust their votes on his equipment.

Someone who has ties to Chavez, and is banned by Bush, can't be all bad.

President * named his new yacht "Sequoia" - new within weeks of the 2004 Presidential 'Election'. Something in Denmark stinks...

The enemy of my enemy is not always my friend...

:kick:

Maybe one already creates the results that they want in advance. You could create a report in the final computer that is counting results to include false precinct totals for each machine. Then when each cartidge is read, the new data is sent back to the cartridge at the same time overwriting the results. Most of the cartridges on these machines are simple flash memory cards. Not too hard to rig I would imagine. You just need one programmer to be bought off in the office. Considering that a commercial programmer probably makes three times as much as a local county programmer, that may not be hard to swing.

Another comment on the management of Sequoia and Diebold. Both companies created their software designs years before either parent company was even thinking about buying them. Has anyone investigated Howard Van Pelt? He is one of the old school sales types that ran the predecessor to Diebold Election. HVP was connected to every one in elections. He always bragged that he had every vendor's owner at his house as well as just about every NASED member. i have not kept up with him for years but last I heard he was working on the Shoup grandkids' machine "Advanced Voting".