Diebold machines face crucial test

By Ian Hoffman, STAFF WRITER

Back in May, voting activists went on the Internet and for $300 apiece purchased two devices used to record moisture levels in corn.

Certain corn scanners use the same memory cards as Diebold Election Systems' optical scanning machines for ballots and can easily modify them. That makes corn scanners a tool for vote hacking.

Sitting by a hotel pool last spring in Florida, Finnish computer expert Harri Hursti wrote his own program on a memory card so it could alter poll results on a Diebold machine in Leon County and flash a screen message — "Are we having fun yet?" — that shocked the local elections supervisor.

Prodded by activists with nonprofit Black Box Voting, California elections officials have agreed to a test hack of the Diebold voting machines running in 17 of its counties, from San Diego to Los Angeles and Alameda to Humboldt.

The test, first reported by The Daily Review last week, originally was scheduled for Wednesday but will likely be delayed until mid-December.

At risk for Diebold is its reputation, millions of dollars in sales and possibly its mantle as the nation's largest supplier of electronic voting equipment.

If Hursti or another computer expert succeeds in hacking Diebold's voting machinery, the McKinney, Texas, firm could be forced to redesign software fundamental to each major component of its voting system. Securing new state and federal approvals would bring delay and loss of sales that the company is counting on before next June's primary.

Counties face Jan. 1 state and federal deadlines for acquiring new, handicapped-accessible voting systems that also offer some form of paper record. Those counties relying on Diebold might turn to other voting-system makers.

As a result, there have been extensive, ongoing negotiations between Black Box Voting and the California secretary of state's office, which also is talking to Diebold, about conditions of the test, confidentiality of the results and measures of success. The talks continued over the weekend, but state officials said they remain committed to performing the test.

"Secretary (Bruce) McPherson takes testing these systems very seriously," said his spokeswoman Nghia Nguyen Demovic. "He wants safeguards in place so that every vote cast is secured. He's doing his due diligence to assure voter confidence."

Last week state officials said they will select the voting equipment at random from a California county using Diebold.

Hacking strategies can be caught by recounting the ballots. California law requires a recount in 1 percent of precincts after every election. But in Los Angeles County and other jurisdictions, elections officials do not recount absentee ballots, which are mailed in and scanned at election offices. Absentee ballots are more than a third of the vote in California and in several counties more than half of the vote.

"You just tamper with the GEMS database for the absentee vote, and then if you exclude the absentees from the one percent recount then you completely own the process," said Jim March, a board member of Black Box Voting. The hacks — there are two — are almost elegantly simple.

Before every election, Diebold optical scanning machines used in polling places are programmed for ballot and report details, using memory cards. Touch-screen machines, as Alameda County uses, are programmed with PC cards.

Hursti realized this was a way into the voting system after looking at some of the Diebold software Black Box Voting founder Bev Harris downloaded from an unsecure company Web site.

"Within 24 hours, he said 'I have found the Holy Grail,'" Harris recalled.

Hursti taught himself the rudiments of Diebold's programming language, AccuBasic. Using the crop scanner, he then wrote his own Diebold programs onto the memory cards.

Touch-screens apparently can be reprogrammed the same way but more easily because PC cards can be written with a laptop computer. The optical scanning machines and the touchscreens are accessible to thousands of volunteer pollworkers on Election Day and often for several days before.

The AccuBasic files themselves are generated by the core of the Diebold voting system, a central vote-tabulating computer known as GEMS.

Another expert, Herbert Thompson, chief security strategist for Security Innovations, a Wilmington, Mass., computer-security firm, found that inserting no more than 60 lines of software into the computer's database program could change vote totals.

Getting the hack into GEMS requires access to the machine, typically kept in a locked room. But for an insider with that access, the rest of the task is as simple as sliding in a compact disc.

FAIR USE NOTICE

This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of political, democracy, scientific, and social justice issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml. If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner.