How to Win an Election Without Getting Votes: Stuffing Ballot Boxes, High-Tech Style
This story first appeared in print in The Seattle Sinner, November 2003. I have republished it here due to rising interest in voting machine hacking and the integrity of the US election system. Only minor edits for clarity and updating website links.
“Those who vote decide nothing, those who count the votes decide everything.” — Joseph Stalin
Voting is very important to a republic. In a government for the people, by the people, the election mechanism is the way we’re ensured proper representation. In the hopes of making our voices heard, we spend a lot of time debating the issues and the candidates for various positions. We banter about what type of campaign finance reform will actually work. We hit the phones and the streets for Bring Out The Vote campaigns. We ponder whether our one small vote will really count when there are thousands others.
But wouldn’t it all be moot if the very computers that tally our votes are not as aboveboard as we trust them to be?
Accusations abound from various groups and individuals, and their concerns are valid. If the voting system itself can be circumvented, if it is possible for unscrupulous people to commit fraud, then we, the people are completely powerless to effect change in our government.
And such unscrupulous people have existed in the United States since the beginning. Our history is rich with vote fraud, major scandals being uncovered even into the late 20th century.
In the old days, candidates from both parties have used such low tech methods as vote buying, ballot box stuffing, chasing would-be voters from the polls, and voting for dead or non-existent people.
The 1948 campaign for U.S. Senator in Texas included known election fraud on both sides. Lyndon B. Johnson won that race.
Illinois in the 1960’s was a hotbed for old fashioned scheming. “Vote early, vote often,” were the words fictionally attributed to Mayor Richard J. Daley of Chicago. It is said that John F. Kennedy may have won the presidency because of such efforts in Cook County, IL.
Jimmy Carter helped uncover ballot stuffing by his opponent in the 1962 Georgia Senator Primary race, forcing a recount.
Accusations of fraud all over the country flew from both sides in the 2000 Presidential elections.
With many such activities occurring in major races not too long in our recent past, it’s not surprising to suspect the possibility now. Our technology has improved, but people are still the same. Politicians have always, and will always, do anything they can to get elected.
This is why it is so important to have a completely transparent election process, so that the people themselves can be the check and balance against corruption. And for the most part, Washington State seems to have an open system, from registration, to Logic and Accuracy tests, to transportation of ballots, to witnessing counts. Anyone is allowed to observe any part of the election process first-hand.
But a chain is only as strong as its weakest link.
The introduction of computerized voting interfaces is raising security concerns nationwide. Touch-screen voting technology is already being purchased in Georgia and Maryland, and Arizona has experimented with internet voting.
Justifiably, the question is being raised: “Is it secure?”
What most people don’t realize, however, is that voting systems have been computerized for decades. The only thing that’s changing now is the interaction with the voter.
Optical ballots and punch-cards have always been counted by computers. And where there is code, there is possibility for error, vulnerabilities, “exploits,” and backdoors.
King County uses Diebold’s election product. Votes are cast using a pencil on an optical scan ballot, which is then counted by a server using GEMS (Global Election Management System) software.
The possibility for error is low. All elections software is rigorously tested and certified by an independent testing authority before a system is allowed to be used in the state of Washington.
A vulnerability is code that can be intentionally abused by an outside user to compromise the security of a system. In other words, the software can be hacked by an outsider. But in order to commit such an action, one must have some type of access to the computer.
In King County, officials have made steps to prevent this.
The GEMS server, which maintains the database of votes as they’re counted, is kept in a locked room. Access to keys is tightly monitored.
Access to the software requires two passwords — one to log into the operating system, and another for GEMS itself. No one person knows both passwords, requiring two people to be present to use the software.
Two activity logs are kept. One is generated by the software itself, and one is a manual log written by all county employees who use the software.
These logs are public record, and available to any citizen who asks to see them.
Additionally, while the GEMS server does have a network card, it is physically connected to a local network that only connects to optical scanner machines directly involved with the counting process. It is not tied in with the county network or the internet.
This leads to reasonable assurances against possible hacking from outsiders, which is all well and good. But what is to prevent corruption from occurring on the inside? What is to keep King County election workers themselves from rigging an election one way or another?
Which leads us to the third problem with computer code: backdoors.
A backdoor is a piece of code written secretly by the programmer intended to allow unauthorized access to a system. It could be anything from a hidden username giving full access to a server from the internet, to a special key which bypasses security features.
In the case of election software, it could easily be a specific ballot combination that moves large numbers of votes from one candidate to another, or a jumble of keystrokes that opens a secret menu allowing any kind of possible changes to the results.
Yet this code is not open for examination by the public. Should any backdoors exist, we would have no way of knowing.
Systems manufacturers claim the source code is a “trade secret”. Yet our rights to have our votes properly counted should supercede corporate trade interests.
There is also an assertion that releasing the code would make it more vulnerable to hackers. But even if an exploit was discovered by a would-be hacker, he would still have to have some kind of access to the machine, which is strictly controlled in this county.
Currently, the programs can only be examined and tested by a few select state-approved testing authorities and consultants.
You or I, as the citizens who vote, are not allowed to examine the code.
Like a “black box” with inner workings we can’t see, we arrive at the polls in droves, throw our vote inside, and trust that what comes out is the same as we put in.
According to Dean Logan, Director of Records, Elections, and Licensing of King County, transparency throughout all parts of the system is vital to keeping the process corruption-free. Yet where is this transparency when it comes to the count itself?
Granted, Logan is to be commended for the work he has done and is doing to ensure election integrity in King County. The recent systems put into place have done wonders to prevent tampering from a single individual or outside group. Yet none of it would prevent insider manipulation if Diebold’s software contains backdoors.
I spoke with Logan at great length, and he didn’t seem the type who would try to rig an election. I wouldn’t want to directly accuse his department of any foul play. I have no evidence, nor any reason to suspect that they, specifically, are up to anything.
But good policy and good law is not based upon blind trust. “No one would ever abuse the system” is not a good reason to leave gaping loopholes or massive flaws in security. The question should not be, “Would they do such a thing?” but “Could they?” Only solid checks and balances in the entire process can ensure the maximum level of trust.
According to certain individuals, the answer to “Could they?” is yes.
Writer Bev Harris of Renton has written a book on the subject, and tracks the issue on her website, http://blackboxvoting.org/ [originally BlackBoxVoting.com.]Her work has created quite a stir in the media, the election community, and at the corporate offices of election system manufacturers.
In fact, her website was recently offline for several weeks, brought down by Diebold itself. She had linked to a New Zealand website containing thousands of leaked internal memos and emails, and parts of the GEMS source code. The legal claim against her was that such a link violated the Digital Millennium Copyright Act (DCMA), forcing her hosting provider to shut down the site completely.
Since then, it and its sister site has been taken down multiple other times through the use of fake spam accusations and hacking attempts. Someone wants to stop this information from being spread, and is using every unfair method to do so.
While Harris is strongly Democrat, similar websites and books have been written by strong conservatives as well, showing that it doesn’t matter what side you’re on to want a fair election.
Jim Condit, Jr., of VoteFraud.org, makes similar accusations against elections systems manufacturers and the election reporting company, Voter News Service (VNS). On presidential election night, this one single company reports poll results to all of the news outlets, including NBC and CNN. In many cases, results from election machines are delivered first to VNS, and then to state certification officials.
James M. Collier has also written a book and tracks voting integrity issues via his website at VoteScam.com [Now defunct. Via the Wayback machine: https://web.archive.org/web/20060202012249/http://www.votescam.com:80/ ]
In addition to overall concerns about what “could be done”, there are two very specific known security holes.
Database Insecurity
The GEMS software uses simple .mdb database files to store vote counts, passwords, and the audit log. These files are not password secured, and can be opened and changed using a regular copy of Microsoft Access.
MS Access is so common, in fact, that a copy of it was found on King County’s GEMS server. It had come with the computer included in Microsoft Office. According to Logan, it was never used on the server to manipulate elections databases.
It was, however, used on a copy of elections database files on a different computer, to write customized software that would generate post-election reports. The reporting software was so good, that Diebold is now looking at integrating it with their current system.
Network Interface Devices Allow Access to the Counting Computers
Various types of network interface devices have been found in counting computers all over the country. Connected modems, network cards, wireless cards, and even cellular modems, have all been noted.
Diebold admittedly includes modems in their touch screen voting system, supposedly for reporting results. Independent analysis showed that Diebold needed to enhance encryption on these connections.
But data can flow both ways. What’s to assure us this isn’t happening?
The clear answer to solving all of these problems is to make the entire election process completely transparent. Any software that could potentially be abused, especially that used to count votes or transmit results, should be considered public record and made fully available for examination by all citizens. This requirement should be made state law, forcing Diebold and others to open the code, or lose our business.
What you should not do is give up on the system and stop voting all together. A republic depends upon vigilant citizens. Edmund Burke stated that the only thing necessary for the triumph of evil is for good men to do nothing. Apathy will only allow potential tyrants to win.
As with all political processes, but best actions involve education and communication.
Educate yourself by participating in the election process. The doors are wide open to observe tests and counts. Visit the websites included in this article and do your own web searches on vote fraud of all types.
Communicate by asking hard questions of elections officials and elected representatives. Send letters to state legislators and write to local newspapers. Talk to friends about what you know.
Are elections in this country rigged?
I for one remain unconvinced either way. Would it be possible for a conspiracy to manipulate local, state, and even national elections? I believe it fully. Would people in the right positions be motivated to do such a thing? Absolutely. Could such a fraudulent scheme actually be pulled off? We have only to look at history to know it’s happened before with lesser technology. Is it happening today, here in our state, our county? I honestly don’t know.
The important thing is that we continue to ask these questions and demand answers. Transparency is the best protection to ensure any government office is running with integrity.
Corruption thrives on secrecy. The place to look is at what is hidden the most. And right now, that’s the code.
