Words in Boxes

Nouns, verbs, and occasionally adjectives.

Friday, October 27, 2006

The Coming Election Fraud

One of the paranoid fears I have is that one or more of the upcoming Congressional elections will be stolen. My fears were doubled by reading a great (by which I mean frightening) article on Ars Technica about the vulnerabilities of our voting system.

In a nut shell, electronic voting systems are so badly designed and have so many points of vulnerability that in order to assume an honest election you have to assume the honesty of the thousands of people who have access to the voting machines in closely contested races, and further assume that nobody will try to break into the central vote counting computers, many of which are connected to the internet.

The problem is that the way that people are supposed to win elections – a lengthy campaign trail, expensive television ads – is the most cost-inefficient method there is. It is much, much cheaper to hire a programmer to alter the vote count in electronic voting machines. The stakes are high, and people break the law everyday for much less.

The detailed example that the article uses is the Diebold AccuVote TS. Some highlights:

  • The memory card that stores the votes is protected by a physical lock. Every lock on every machine manufactured uses exactly the same key. Tens of thousands of copies exist. The locks can be picked in ten seconds.

  • By using supervisor cards and entering a PIN number, a person can manually change vote totals. Every machine manufactured has exactly the same PIN – 1111.

  • Vote totals are stored in an unencrypted Microsoft Access file, which can be accessed by anyone with a copy of the software.

  • "Many [of Diebold's General Election Management Software servers] are connected to a modem bank, so that the accumulators can dial in over the phone lines and upload votes. One team of security consultants hired by the state of Maryland found the GEMS bank by wardialing, discovered that it was running an unpatched version of Windows, cracked the server, and stole the mock election."

  • There is reported evidence that an August 3 election in Shelby County, Tennessee was the victim of intended tampering of the kind outlined in the article.

The scariest part of this type of fraud is that properly carried out, it leaves absolutely no physical evidence.

Fundamentally, however, it doesn't matter how thoroughly you test a paperless direct-recording electronic voting machine before, during, or after an election. A determined cracker can always find a way to compromise the system in an undetectable way. The only real protection against wholesale election fraud is genuine auditability, and that's a feature that paperless DREs lack by design.

The only way to tell that something might have happened is to compare voting results to exit poll results and look for a statistically significant difference, which is an established accurate method, as reported by a recent article by Robert Kennedy, Jr.:

Exit polls in Germany, for example, have never missed the mark by more than three-tenths of one percent. ''Exit polls are almost never wrong,'' Dick Morris, a political consultant who has worked for both Republicans and Democrats, noted after the 2004 vote. Such surveys are ''so reliable,'' he added, ''that they are used as guides to the relative honesty of elections in Third World countries.''(18) In 2003, vote tampering revealed by exit polling in the Republic of Georgia forced Eduard Shevardnadze to step down.(19) And in November 2004, exit polling in the Ukraine -- paid for by the Bush administration -- exposed election fraud that denied Viktor Yushchenko the presidency.(20)

In the 2004 Presidential election, exit polling completely diverged from poll results:

But as the evening progressed, official tallies began to show implausible disparities -- as much as 9.5 percent -- with the exit polls. In ten of the eleven battleground states, the tallied margins departed from what the polls had predicted. In every case, the shift favored Bush. Based on exit polls, CNN had predicted Kerry defeating Bush in Ohio by a margin of 4.2 percentage points. Instead, election results showed Bush winning the state by 2.5 percent. Bush also tallied 6.5 percent more than the polls had predicted in Pennsylvania, and 4.9 percent more in Florida.(33) ...

According to Steven F. Freeman, a visiting scholar at the University of Pennsylvania who specializes in research methodology, the odds against all three of those shifts occurring in concert are one in 660,000. ...

The insecurities tended one direction:

In precincts where Bush received at least eighty percent of the vote, the exit polls were off by an average of ten percent. By contrast, in precincts where Kerry dominated by eighty percent or more, the exit polls were accurate to within three tenths of one percent -- a pattern that suggests Republican election officials stuffed the ballot box in Bush country.

I'm not ready to believe that the 2004 election was stolen, but voting fraud has happened in the past (1960, Cook County) and it will happen again. It's much easier now.

I'm James Sulak, a software developer in Houston, Texas.

You can also find me on Twitter, or if you're curious, on my old-fashioned home page. If you want to contact me directly, you can e-mail comments@wordsinboxes.com.