Headline, May09, 2013


In its sales pitch to the state of Georgia,  Diebold had declared that its AccuVote TS machine was designed to be not only accurate but also fully secure. Its audit trail would record  ''any attempt to create, access, or delete information.''  Separately Diebold explained that independent laboratories would test the machines and ensure that they met high federal standards.
The machines would also be thoroughly tested by Diebold.

None of these claims was entirely true.
From the FTP site, Harris learned that Diebold machines placed  in polling places could be accessed with a  ''supervisor smart card''. Incredibly, every one of these cards had the same password  -'''1111'''   -hard coded into the system. So, anyone with a card could conceivably tamper with vote counts, or simply stop the election when he chose.
Miko Hypponen, the Finnish computer virus expert echoed the sentiment of Harris's online gang of computer experts:
''What were they thinking?''

Worse,  -one of the ways certain Diebold polling-place machines were configured to relay their votes to a ''central server'' was by wireless modem. That, says Hypponen, could make an election  ''potentially hackable''  or disruptable, from anywhere in the world.'' The machines to be used in Georgia relayed results by landline modem, which was better   -but far from hackproof. Tallies could also be uploaded from the machines to a cartridge and physically brought to central server.
But that was the cartridge that might bear results doctored by a supervisor smart card.

Most distressing,  the central server,  to which polling-place results were sent,  employed a database engine used by Microsoft Access. The very mention of that caused  -and should cause-  all computer experts to shake their heads. ''Microsoft Access is great for managing electronic records of something that would be unwieldy on paper,'' said Taylor Bodman. ''But you don't keep serious applications on it. It is too basic and easily hacked.''

On the AccuVote central server, Harris believed, a supervisor would see  votes coming in on his screen through a program called GEMS. But behind it, like a second set of books, was the database engine usable by Microsoft Access, where the  ''vote totals''  were stored. With a couple of Mouse clicks, Harris was able to go in through Microsoft Access, as if through a back door, -change vote totals, and erase any  ''audit trail''  of her actions.

The supervisor looking at his screen on GEMS would see the new tally and have no idea it had been doctored by a hacker.

Strangely, another function allowed anyone with access to the GEMS central server to create minus votes. Why, Harris wondered, would there ever be cause to record negative vote in an electronic voting machine? Later, Diebold spokesman would offer this response:
''Yes, negative votes can be entered into GEMS. If for some reason an election administrator determines they have a need to enter negative votes, that is for them to determine, and we do not believe the system should prevent that.''

So, as far as Harris could tell, this appeared to be the system that Diebold had sent to two labs for approval. The two labs had agreed that it met standards,  all right - but standards set in 1990, the stone age for D.R.E technology.

 And so the Georgia story disclosed a larger one: the grievous lack of any federal regulatory oversight for machines that would perform the most public function in America, and in every reasonable likelihood, All over the world.

With respectful dedication to Imran Khan. And with very best wishes for his full and earliest recovery from this wretched freak accident! 
See Ya in the Arena!!

With respectful dedication to Shigeki Matsuura Editor-in- Chief  HUFFPOST  Japan.

Good Night & God Bless!

SAM Daily Times - the Voice of the Voiceless


Post a Comment

Grace A Comment!