Technology Whos counting .net

In the aftermath of the protracted and painful 2000 election that left the nation precariously hanging like a paper chad for a month, waiting to see who would be the next President - Congress passed HAVA (Help America Vote Act). The act was passed in October of 2002, and allocated $3.86 billion of matching funds to the States to modernize and “electronify” their election systems. It would be the first time in US history that the Federal Government would finance election “improvements.” I like to refer to it as the Hijack Americans’ Votes Act... Voting in the Post-HAVA world is broken down into the Casting of the votes, and the Counting of the votes.

Successful election campaigns are sated, squelched and nourished by grassroots efforts. Grassroots are planted in and sprouted from the soil of election integrity.

The heartbeat of any election, or any election integrity issue, is vote tabulation – the counting.

The casting of the vote has been addressed ad infinitum. But it is the counting that all Americans need to be better informed about— electronic vote tabulation is but one of the many perpetrators quietly placing America’s representative democracy on the endangered species list...in peril of extinction.

Those who wish to maintain the status quo of insecure electronic voting like to focus strictly on the Casting of the ballot and ignore that the Counting processes even exist. It’s like the crazy Uncle that one never discusses at family gatherings—you know he’s lurking out there on some short back limb of the family tree... but he never comes up in conversation, and he never shows up at the table. The “oh-it’s-just-fine-the-way-it-is” crowd would have you believe that both the electronic casting and counting systems are secure, efficient, and trouble-free. Outside of a few glitches....

Casting votes electronically is generally referred to as DRE (Direct Recording Electronic) Touch Screen voting, and was employed by about one in three voters this past election. It offers no record of the ballot cast on paper for voter verification or in the event of a recount.

But Counting votes electronically, by computer tabulation systems –Tabulators -- covered much more ground... conservatively 70-80 million votes. Voting rights authority, Lynn Landes claims that 99% of our ballots today are tabulated by machine. Despite glaring defects in the current software systems employed for tabulation, the move is on to blanket the country with them by the next national elections.

Despite the fact that many States’ Constitutions guarantee that the counting of the residents votes be a transparent and publicly observable function, when HAVA ushered us into digital-invisible votes, many simply accepted that loss of transparency with an apathetic shrug. For the first time in history, the American electorate was losing the ability to observe the counting of the ballots... in many cases there were no more ballots. The resulting erosion of public confidence would forever change the perception of American elections at home and abroad.

A. Touchscreens vs. Optical Scan

Nearly 35 Million voters , or around 30%, in the November, 2004 Election, voted on Touch Screens, also referred to as DRE’s and 68 million used Optical Scanners. (Paper ballots, including absentee ballots scanned and tabulated by electronic machine.) The main difference in these two technologies being... Optically scanned ballots can be re-scanned or recounted if necessary. Digital (Touch Screen) votes just disappear, making a recount all but impossible. Digital votes are cast and counted in the electronic software of the system. The 1970’s saw the debut of the touch screen voting machine; however the first states to use widespread Touch Screen voting were Florida, Maryland and Georgia.

All Maryland Touch Screens have been on a “lockdown” since the November. 2004 election due to statewide failures, including 12% of the machines in Montgomery County, some of which seem to have lost votes in significant numbers.

DRE (Direct Recording Electronic) voting machines came onto the scene in the 1990’s, but at a $3000 price tag, they lacked affordability. Then along came HAVA. And $3.86 billion Federal matching dollars.

In Ohio, Florida, Pennsylvania, Texas, and New Mexico, complaints came in from voters who were selecting Kerry on the Touch Screens and saw their votes change to Bush on the Summary Screen.

In Ohio, Mahoning County was the largest county using Touch Screen voting. They used ES&S Ivotronic Touch Screens whose administrative password (1111) was reported on the company website.

According to SaveTheVote.Com this password can’t be easily modified, which would mean that anyone who had obtained the publicly reported password could change the default settings on the machines. “Default settings” are built-in by the manufacturer, and can be changed by users with proper access-- for example, on a home computer, screen savers or type face. A troubling number of states reported that a vote for Bush was the default choice in the software of electronic TouchScreens.

Mark Munroe, Chairman of Mahoning County Board of Elections, said there were 20-30 machines requiring recalibration during the voting process due to votes cast for one candidate being counted for the candidate’s opponent. About a dozen other machines had to be reset because they just froze. Sixteen precincts reported problems with the machines that caused election results to be delayed by three hours.

New Jersey had brand new Touch Screens, fresh out of the box, showing only zeros for some major party candidates at the end of the day.

A good place to get a first hand feel for the switcheroo phenomena of DRE Touch Screen voting is at the "wheresthepaper" website where you can conduct a quick mock election of your own, and then check the machine afterwards to see what actually transpired.

To get a better idea of what an Optical Scan system looks like and how it functions, click here to see the Diebold Accuvote-OS system.

Computerized ballot scanners were introduced in the1960s, but have their origins in the world of standardized testing, as in the famous SAT tests. In 1937 IBM introduced the Type 805 Scoring Machine, which read graphite pencil marks on paper by their electrical conductivity. They were used for our first educational SAT testing and continued to be used well into the 1950’s.

This evolved into a method called “optical mark-sense scanning” that also had its roots in test scoring, but later emerged as a voting system. The first usage in an election was in Nebraska in 1976, the systems developed by the Urosevich brothers’ Data Mark company in conjunction with Westinghouse Learning Corporation. When AIS surfaced as an election company (1979) they soon developed their model 315 Central Count Ballot Tabulator for use in Nebraska elections as well. AIS you recall reorganized in 1997 to become ES&S.

This past November, in nine Counties in Indiana, a program error caused the Optical Scanners to count straight party Democratic votes for Libertarians instead. One race was overturned when the program was corrected.

Florida had some interesting Optical Scan results as well: Calhoun County has 82% of the voters registered Democrats yet 63% of the County voted for Bush; Lafayette County - where 83% of the voters are registered Democrats and 74% of the County voted for Bush; Liberty County, again - 88% Democrats. 64% voted Bush; and Washington County, voters are 67% Democrat, yet voted 71% for Bush. All four Counties’ votes were Optically Scanned by Diebold. There were 25 other Optically Scanned Counties that also swung towards the President despite Democratic majorities

In 11 Florida Optically Scanned counties, Bush won between 50% to 100% more votes than had been anticipated. Kathy Dopp conducted a county by county examination of voting patterns in Florida that was double checked by Zogby analysts who concluded that Bush received 16% more votes than he should have in the Optical Scan counties. No wonder it’s Ohio’s new favorite choice for voting equipment statewide.

In Pike County, Arkansas, a scratch on the sensor of their ES&S Optical Scanners was responsible for the loss of 692 of the County’s 4083 votes, or one in six votes lost. The same scanner scratch also disqualified 433 votes in the U. S. Senate race. ES&S said the scratch probably occurred during the election, but there was no way of knowing for sure.

Crittendon County, Arkansas, had a whimsical, madcap Optical Scanner as well. Seems the Crittendon scanner wanted the United States to have more than just one President… so nearly 1900 of the votes cast (in a County of 17,284 voters) registered as voting for more than one Presidential candidate!

Officials in Wisconsin say that around 27% of the votes cast in Medford, on November 2, were not counted due to an ES&S programmer having improperly set the Optical Scanner that records the ballots.

In New Mexico, President Bush carried every precinct where votes were counted with electronic Optical Scanners. Just this past January (2005) Ohio Secretary of State Kenneth Blackwell (and former Bush/Cheney Campaign Co-Chair) declared that the entire Buckeye state will be voting Optical Scan only. And Diebold only, keeping it all in the home state.

“Maryland voters will never know for sure whether their election choices last year were recorded correctly--- and the same uncertainty could haunt them next year if lawmakers again fail to address a serious defect in the touch-screen machines used throughout the state.” -- Washington Post , March 22, 2005

B. TABULATORS

Many hear “election fraud” and assume the electronic Touch Screen to be the culprit. Although Touch Screens processed around 30% of all votes in November, 2004 - while problematic - these voting machines play more the role of the accessory to the crime, rather than the criminal itself.

Meet GEMS Tabulators -- the Diebold designed Microsoft Program responsible for counting all the ballots at the County level where Diebold is servicing (Optical, DRE, paper, electronic, absentee... all ballots). Also referred to as the “Central Tabulator,” “Central Server”-- the Mothership of the vote count. In this case, the potential scene of the crime. In November 2004, computerized ballot tabulators of all brand names counted about 60% of the votes, with GEMS counting a majority.

It should be noted that while the other companies manufacture tabulators with similar operating systems, GEMS is the one selected to examine here due to availability of system information. You can learn about the other tabulator systems in this report’s later Chapters on other Election "Companies".

GEMS stands for Global Elections Management Systems. (Global Elections was later bought out by Diebold. See "Companies" Chapter.)

Independent electronic Tabulator testing conducted in Illinois, from the mid-1980’s to present, using tens of thousands of ballots, determined the ’new’ electronic ballot counting equipment at the time to be riddled with significant errors -- anywhere from a 16% to a 28% error rate. Now that’s nowhere near the vendors’ self proclaimed 1% error rate.

Stanford’s David Dill has professed that one single bug (malicious software), installed by one single individual, could be distributed to thousands of machines, and change a “very large number of votes” -- all the while undetected. The electronic tabulators make malicious hackers salivate. By simply compromising one Windows desktop, they could potentially influence up to hundreds of thousands of votes. One “attack” to execute the crime -- and one “attack” to erase your tracks, and you’re out.

This concept is at the heart of the electronic Tabulator dilemma, and is, curiously, still the most disregarded topic in today’s legislative discussions covering election reform.

B1. About GEMS - How GEMS work; How Database 2 works

“There’s no password to get in, you can tamper with the audit trail, you can tamper with the votes, you can do anything you want with this program, it’s wide open to unlimited rape as long as a standard copy of Microsoft Access is around. This is the single biggest problem with the Diebold product” -- Jim March, Computer consultant

In our 2004 election, GEMS was used in 37 states, 1000 Counties. (*Nearly all of the Ohio Counties used Central Tabulators to count the votes at the county level, even where they used paper ballots, and 85% of Ohio voted paper ballots. Triad was the company responsible for 41 of Ohio’s 88 Counties Tabulators.) Plans are for GEMS and ES&S computer tabulators to count the entire nation’s votes by our next national election...

GEMS:

Is the computer system that COUNTS all the votes transmitted from the precincts at the County level (where GEMS is being used), the final total of which is sent off to the Secretary of State’s office.

Is unprotected - detected in numerous cases to be uncertified. Counts up to 2 million votes at a time. (ES&S Tabulators counted 90% of the votes of the entire city of Chicago within 1 hour and 20 minutes. In comparison they claim that any Touch Screen precinct’s votes can be tabulated within two minutes.)

Is the system pronounced by IT Auditors and Computer Scientists to have “stunning flaws”.

Can be “penetrated” or hacked into within anywhere from seconds to one minute. A chimpanzee named Baxter was trained to hack into the system... Howard Dean demonstrated a hack entry on television with Bev Harris of BlackBox Voting.

Contains properties that serve only to enable manipulation and tampering with the vote count, and to simultaneously cover all traces of same.

Software written and programmed by a convicted felon (Jeff Dean, Sr. VP of Global, the company Diebold took over), imprisoned for 23 counts of fraud for... can you guess? Extensive electronic embezzlement using accounting software programs.

**(To learn more about Dean, Diebold, GEMS and the prominent and revealing security tests performed on the system prior to and after the 2004 election, read the "Companies" Chapter on Diebold of this report).

HOW GEMS WORKS:

You vote... any kind of ballot, at the polling place or precinct, early or on time.

Polls close. Precincts’ poll workers transmit their results electronically to the County Supervisor’s Office via Modem. Diebold often has its own technicians on site at the County or the Precinct -- in charge of this critical transfer. In the case of GEMS, Diebold supplies the County with the entire finished computers, with Windows and all applications already loaded in. Some Secretaries of State also have access to the transmission to GEMS in their offices (See Blackwell- There Must be 50 Ways to Steal Elections Chapter)

The voting machines’ attachment to Modems allows them to be operated or accessed from offsite locations. Many Counties say they are not connecting GEMS via the Internet

Optical Scan machines often upload their final results to the Tabulators at the County by serial port connection, transmitting the contents of the machine’s memory card to the GEMS Tabulators, with no poll tapes—creating more risk. Touch Screens use Remote Access Server (RAS) to dial or communicate with GEMS...Presenting another vulnerable point of access. Anyone (terrorist, student hacker, partisan) - who has the servers telephone number, can alter the results by phone. It has been reported that ES&S Touch Screens send their tabulations wireless to the County tabulators... Of the two, it appears the consensus is that the Optical Scanners are harder to hack than the Touch Screens, though not impenetrable by any means.

Votes tallies are received by the County “Central Tabulators”/computers - (GEMS or other tabulation systems) from the precincts over dial-in telephone lines, through modems. This allows anyone with a PC and simple computer dialing techniques to dial into GEMS, and, once connected, manipulate votes. Diebold has been advised to disconnect all modems for optimum security. King County, Washington -- no stranger to election fraud allegations -- has had up to 48 modems attached to their GEMS at one time.

GEMS is on a host computer at the County Election Office and counts on an unpatched/ unprotected Microsoft Windows 2000 or XP Operating System. (ES&S’s tabulator program - ERP 1.6 - is said to run Windows XP unpatched as well, per Andy Stephenson formerly of Black Box Voting who has witnessed it, despite company claims of “no Windows based systems.”)

GEMS stores incoming vote totals in a ledger (column, or database) like a traditional accounting program. This first column is referred to as “Candidate Counter”. It stores the actual vote count and is used for any spot checks and sample recounts (1-3% samples).

Here’s where GEMS diverges.... The software contains a separated, hidden 2^nd column/ ledger or database which copies Column 1’s totals and stores them in the concealed Column 2. This is the “SumCandidate Counter.” (*There is also the capacity to create a 3^rd Column or 3^rd “set of books” in GEMS.)

Proper bookkeeping never allows for unprotected extra ledgers that could be used to alter or erase original ledger info -- but GEMS does... (Like a business that keeps 2 separate sets of accounting books... one secure, one open to tampering.) Unless, of course, you’re talking about creative bookkeepers. But don’t take my word for it - ask your accountant. The only reason for a hidden second set of books is for covert manipulation of data.

If you’d like to experiment with hacking into a GEMS system, you can click on this site:

Chuck Herrin- Hack the Vote Yourself

The steps are explained by Chuck Herrin, IT Auditor, who makes his living hacking into systems to ensure security for companies or individuals. You can see just how fun and easy it is to rig the vote!

Isn’t it intriguing how the biggest voting reform activists we have out there now are computer programmers? Something to think about.

How Column/ Database #2 Works

GEMS system uses Microsoft Access, a standard database program, to enter the columns or tables. Column 2 or “SumCandidate Counter” has a “back door” entry allowing viewing and manipulation of the hidden 2^nd column of votes. A computer programmer identified only as “Cape Cod” discovered the back door in July of 2003, after being tipped off by Diebold’s own leaked memos, and Bev Harris of BlackBoxVoting.org then reported it. This is where the totals may be altered in real time, by remote...while the votes are being tallied. According to Bev Harris—the 2^nd Database can be viewed and changed “in less than one minute.” Due to multiple system security breaches, access is simple and speedy, and one only need know Excel. (ES&S tabulator also is reputedly an Access driven database.)

Microsoft Access normally contains a preventative device - a numbered log-in record, or Audit Log to show who entered and when.GEMS, however, disabled that feature so one could create their own log numbers, leaving no accurate traces of foul play.

Diebold had posted its default password for accessing the program on to its site, (“GEMSUSER”). Testers found other passwords in the storage that can overwrite Administrative passwords when simply copied and pasted into the chosen election.

Audit logs -- the place where one would look to discover any evidence of system tampering or fraud, can be easily changed or deleted with local or network/ modem access. Once inside the database, nothing a perpetrator does is logged: Opening and viewing audit logs, deleting or altering audit logs, adding usernames or passwords, or changing vote tallies. In other words, you can easily break into the room, steal the goods, vandalize the property, and run out the back door -- all without leaving a trace.

Thousands of leaked internal memos from Diebold have shown that they’d known their audit logs could be altered in this fashion since 2001... Diebold memos also discussed the use of cell phones to intercept and transmit vote data.

County Election Supervisors who run GEMS Tabulators on their computers only see Column 1, and are likely unaware of even the existence of the hidden Column 2 (or 3). The first column is the one used for any “spot checks” of results from the polling stations, before final tally, and because it reflects the actual vote, will not arouse any suspicions when checked.

Nothing in GEMS official documentation mentions the existence of the hidden columns in the program. Nor do Diebold officials inform County election officials, who will be running the program, of the purpose of the 2nd or 3rd hidden columns of data.

Column 2 is easily disengaged from Column 1, allowing it to stand alone. The GEMS program design allows the columns to be ‘unlinked’ from a ‘hidden location’ using a code. Bev Harris discovered that with but two mouse clicks --you could destroy ALL vote data.

If an insider was committing vote fraud during the tally, and got wind of an imminent supervisory check that just might reveal the foul play, GEMS has even compensated for this! With a feature wherein a small manual entry by the operator automatically triggers a pre-programmed mechanism that immediately synchronizes both sets of books to the actual true vote count.

A good perpetrator of fraud must be mindful not to add or subtract any actual voters from the final count, so as not to call attention to the deed. Least conspicuous actions would be “transfers” or “migrations” of votes from one candidate over to another - one in ten, one in five - or votes could simply be switched from Candidate A to Candidate B, by switching the columns.

Computer savvy experts claim that with a crew of as little as five people, you could pull off a hack into every single customer County on an automated basis… by entering through the modem pool wired right into the GEMS box. A couple of programmers, a few partisans to pick which races to hack and by how much, and a field guy/gal to collect the data.

Now here’s the kicker -- After all the above compromises of Column 2, Diebold’s program then chooses, for its Final Election Total Report, to use the results pulled from.... you got it -- the hackable Column 2!

When the County Supervisor pulls up their Totals Report, likely unbeknownst to them, they get Column 2 information on their screen. The additional column(s) were designed to defeat the individual precinct checks. Because this is done after polls close, it explains how candidates can go home as “winners,” only to discover later that they’re “losers.”

In Florida, November 2004, exit polls showed a near dead heat between Kerry and Bush just before 9:00 PM. By 1:00 AM the polls gave a 4% lead. The switch itself was mathematically impossible because there were only 16 more poll respondents within that time frame... If you follow the patterns, most of the mystery “vote migrations” we’ve seen since the advent of electronic tabulation have occurred after 11:00 PM. A time period that I now affectionately refer to as the “GEMS Witching Hour”.

Giving new meaning to Diebold’s slogan “We never rest.”

“We won’t know about Florida until between midnight and 1:00 AM...”

-- Jeb Bush, 2000

B2. Aren't they required by law to be certified?

Technically, yes. It’s one reason why Diebold is paying a $2.6 million settlement to California for lack of proper certifications at both State and Federal levels, and other problems. In California, it’s against the law to sell a voting system that is NOT tamper-resistant. California Elections Code 19205(c) bans even theoretical security holes. Diebold assumed an enormous risk by even attempting to service the Golden State.

NASED (National Association of State Election Directors) appoints ITA’s (Independent Testing Authorities), to test for security and operational flaws.Turns out to be somewhat of a misnomer, however, as these labs are not truly “independent” -- their technicians were paid by Diebold, according to Black Box Voting, to test and report on Diebold equipment. And they’re also not really “testing.” Testers were reportedly instructed by the company not to put anything “negative” in their reports.

The most important test “Penetration Analysis” (ie.hackability), of GEMS systems was routinely notated “Not Applicable” and “Not Reviewed” on ITA reports. Lab testers revealed to auditors they had elected NOT TO TEST Penetration Analysis in order to avoid “going negative,” per instructions.

“No electronic voting system has been certified to even the lowest level of the U.S. Government or International computer security standards, such as the ISO Common Criteria. Thus, no current electronic voting system is secure by the U.S. Government’s own standards.” -- Dr. Rebecca Mercuri, Computer Scientist, Radcliffe, Harvard fellow

Tabulators count backwards

Jim March - Hack the Vote for techies

Back to Glitches, Hitches, ANOMALIES & IRREGULARITIES

Back to Top of PagE

Forward to Blind Trust

PRINT THIS PAGE

MEMORIZE THESE LINKS!

Mark Crispin Miller Blogspot Black Box Voting

VoteTrustUSA.org US Count Votes.org Verified Voting.org