Sent to you by Regis via Google Reader: Election Fraud in Kentucky via
Schneier on Security by schneier on 3/24/09
I think this is the first documented case of election fraud in the U.S.
using electronic voting machines (there have been lots of documented
cases of errors and voting problems, but this one involves actual
maliciousness):
Five Clay County officials, including the circuit court judge, the
county clerk, and election officers were arrested Thursday after they
were indicted on federal charges accusing them of using corrupt tactics
to obtain political power and personal gain.
The 10-count indictment, unsealed Thursday, accused the defendants of a
conspiracy from March 2002 until November 2006 that violated the
Racketeering Influenced and Corrupt Organizations Act (RICO). RICO is a
federal statute that prosecutors use to combat organized crime. The
defendants were also indicted for extortion, mail fraud, obstruction of
justice, conspiracy to injure voters' rights and conspiracy to commit
voter fraud.
According to the indictment, these alleged criminal actions affected
the outcome of federal, local, and state primary and general elections
in 2002, 2004, and 2006.
From BradBlog:
Clay County uses the horrible ES&S iVotronic system for all of its
votes at the polling place. The iVotronic is a touch-screen Direct
Recording Electronic (DRE) device, offering no evidence, of any kind,
that any vote has ever been recorded as per the voter's intent. If the
allegations are correct here, there would likely have been no way to
discover, via post-election examination of machines or election
results, that votes had been manipulated on these machines.
ES&S is the largest distributor of voting systems in America and its
iVotronic system --- which is well-documented to have lost and flipped
votes on many occasions --- is likely the most widely-used DRE system
in the nation. It's currently in use in some 419 jurisdictions in 18
states including Arkansas, Colorado, Florida, Indiana, Kansas,
Kentucky, Missouri, Mississippi, North Carolina, New Jersey, Ohio,
Pennsylvania, South Carolina, Tennessee, Texas, Virginia, Wisconsin,
and West Virginia.
ArsTechnica has more, and here's the actual indictment; BradBlog has
excerpts.
The fraud itself is very low-tech, and didn't make use of any of the
documented vulnerabilities in the ES&S iVotronic machines; it was basic
social engineering. Matt Blaze explains:
The iVotronic is a popular Direct Recording Electronic (DRE) voting
machine. It displays the ballot on a computer screen and records
voters' choices in internal memory. Voting officials and machine
manufacturers cite the user interface as a major selling point for DRE
machines -- it's already familiar to voters used to navigating
touchscreen ATMs, computerized gas pumps, and so on, and thus should
avoid problems like the infamous "butterfly ballot". Voters interact
with the iVotronic primarily by touching the display screen itself. But
there's an important exception: above the display is an illuminated red
button labeled "VOTE" (see photo at right). Pressing the VOTE button is
supposed to be the final step of a voter's session; it adds their
selections to their candidates' totals and resets the machine for the
next voter.
The Kentucky officials are accused of taking advantage of a somewhat
confusing aspect of the way the iVotronic interface was implemented. In
particular, the behavior (as described in the indictment) of the
version of the iVotronic used in Clay County apparently differs a bit
from the behavior described in ES&S's standard instruction sheet for
voters [pdf - see page 2]. A flash-based iVotronic demo available from
ES&S here shows the same procedure, with the VOTE button as the last
step. But evidently there's another version of the iVotronic interface
in which pressing the VOTE button is only the second to last step. In
those machines, pressing VOTE invokes an extra "confirmation" screen.
The vote is only actually finalized after a "confirm vote" box is
touched on that screen. (A different flash demo that shows this
behavior with the version of the iVotronic equipped with a printer is
available from ES&S here). So the iVotronic VOTE button doesn't
necessarily work the way a voter who read the standard instructions
might expect it to.
The indictment describes a conspiracy to exploit this ambiguity in the
iVotronic user interface by having pollworkers systematically (and
incorrectly) tell voters that pressing the VOTE button is the last
step. When a misled voter would leave the machine with the
extra "confirm vote" screen still displayed, a pollworker would
quietly "correct" the not-yet-finalized ballot before casting it. It's
a pretty elegant attack, exploiting little more than a poorly designed,
ambiguous user interface, printed instructions that conflict with
actual machine behavior, and public unfamiliarity with equipment that
most citizens use at most once or twice each year. And once done, it
leaves behind little forensic evidence to expose the deed.
Read the rest of Blaze's post for some good analysis on the attack and
what it says about iVotronic. He led the team that analyzed the
security of that very machine:
We found numerous exploitable security weaknesses in these machines,
many of which would make it easy for a corrupt voter, pollworker, or
election official to tamper with election results (see our report for
details).
[...]
On the one hand, we might be comforted by the relatively "low tech"
nature of the attack -- no software modifications, altered electronic
records, or buffer overflow exploits were involved, even though the
machines are, in fact, quite vulnerable to such things. But a close
examination of the timeline in the indictment suggests that even
these "simple" user interface exploits might well portend more
technically sophisticated attacks sooner, rather than later.
Count 9 of the Kentucky indictment alleges that the Clay County
officials first discovered and conspired to exploit the
iVotronic "confirm screen" ambiguity around June 2004. But Kentucky
didn't get iVotronics until at the earliest late 2003; according to the
state's 2003 HAVA Compliance Plan [pdf], no Kentucky county used the
machines as of mid-2003. That means that the officials involved in the
conspiracy managed to discover and work out the operational details of
the attack soon after first getting the machines, and were able to use
it to alter votes in the next election.
[...]
But that's not the worst news in this story. Even more unsettling is
the fact that none of the published security analyses of the iVotronic
-- including the one we did at Penn -- had noticed the user interface
weakness. The first people to have discovered this flaw, it seems,
didn't publish or report it. Instead, they kept it to themselves and
used it to steal votes.
Me on electronic voting machines, from 2004.
Things you can do from here:
- Subscribe to Schneier on Security using Google Reader
- Get started using Google Reader to easily keep up with all your
favorite sites
--~--~---------~--~----~------------~-------~--~----~
__________________________________________________
O texto acima e' de inteira e exclusiva responsabilidade de seu
autor, conforme identificado no campo "remetente", e nao
representa necessariamente o ponto de vista do Forum do Voto-E
O Forum do Voto-E visa debater a confibilidade dos sistemas
eleitorais informatizados, em especial o brasileiro, e dos
sistemas de assinatura digital e infraestrutura de chaves publicas.
__________________________________________________
Pagina, Jornal e Forum do Voto Eletronico
http://www.votoseguro.org
__________________________________________________
Você recebeu esta mensagem porque está inscrito no Grupo "VotoEletronico" em
Grupos do Google.
Para postar neste grupo, envie um e-mail para [email protected]
Para cancelar a sua inscrição neste grupo, envie um e-mail para
[email protected]
Para ver mais opções, visite este grupo em
http://groups.google.com/group/votoeletronico?hl=pt-
-~----------~----~----~----~------~----~------~--~---
