VOTING INTEGRITY - LOOKING GLASS NEWS | |
Diebold in Florida:The Harri Hursti Hack and its Importance to our Nation |
|
by Susan Pynchon VoteTrustUSA.org Entered into the database on Friday, January 20th, 2006 @ 16:06:34 MST |
|
I was one of ten people present at the "hack" of the Leon
County, Florida voting system, which took place on Tuesday, December 13, 2005
around 4:30 in the afternoon at the county elections warehouse. Leon County's
voting system is the Diebold Accu-Vote OS 1.94w (optical scan). The Leon County Supervisor of Elections, Ion Sancho, authorized a "test"
of his Diebold voting system to see if election results could be altered using
only a memory card. Harri Hursti, a computer programmer from Finland facilitated
the test and it has come to be known as the "Harri Hursti Hack." Following is a description of that hack and its significance for our nation,
which I hope will correct much of the misinformation circulating regarding this
event. The Hack To select which voting machine to use for the test, Ion drew a serial number
of one voting machine from a container holding all the serial numbers of all
the Leon County machines. Since the test took place at the elections warehouse, all the voting machines
were already stored there and the one machine, whose serial number was selected,
was located and brought into the warehouse office, where it was plugged into
an electrical outlet (so it could operate!). It was not networked to
any other machines. We checked the serial number of the machine against
the serial number that Ion had randomly selected. Earlier, Ion had given ONE Diebold memory card to Hursti. Bev Harris and Kathleen
Wynne of Black Box Voting were also present at the test. Harri had programmed the memory card that morning, in his hotel room, using
an off-the-shelf crop scanner. I drove Harri in my car from the hotel to the
warehouse. When we arrived, Harri was asked to stay outside the warehouse office
where the central tabulator is located, so that there would be no question about
whether he had had any access to the central tabulator. When the randomly-selected
voting machine was brought into the warehouse office, all of us went into the
warehouse office except Harri, whom we could see sitting in a chair on the other
side of a plate glass window separating the office from the rest of the warehouse.
Ion ran a complete mock election. He had had actual paper ballots pre-printed
with the following question: "Can the votes on this Diebold system be hacked using the memory card?"
There were two possible answers: "Yes" or "No," with an
oval to the left of each answer to be filled in by the voter. Everything was conducted as in a normal election. Ion first printed a "zero
tape" (a poll tape from the machine that is supposed to show that nothing
has been altered before the election begins). This was the first step in the
hack --the zero tape showed zero votes for both the "Yes" answer and
the "No" answer, even though Harri had altered the memory card and
votes had been subtracted from one answer and added to the other answer. Harri
used the interpreted (executable) code to cover up the fact that he had changed
the vote counters. Then eight of us voted, filling in the oval on our paper ballot. Six of us
voted "No," the election could not be hacked. Two of us voted "Yes,"
it could be hacked. Then, one by one, we inserted our ballots into the voting
machine. Ion checked after each voter to make sure that the counter on the machine
was counting properly as each ballot was inserted. So, we ended up with an accurate
count of 8 ballots cast on the screen on the front of the voting machine. Then
Ion placed an "ender card" in the machine to end the election and
printed the poll tape. Instead of two "Yes" votes, the poll tape showed seven "Yes"
votes. Instead of six "No" votes, the poll tape showed one "No"
vote. Harri did not just flip the votes, as he wanted to show how easy it was to
change the totals completely. At that point, Ion Sancho's technician, TJ, said, "Well, that doesn't
prove anything because the printer template can be changed." (And that
is true. The poll tape can be made to read anything at all, which was proved
in an earlier test on a Leon County op-scan in May of 2005, when the poll-tape
was made to say, at the bottom of the tape, "Is this real or is it Memorex?") Ion responded to TJ that they were taking this to the next level and that he
wanted TJ to upload the memory card to the central tabulator. TJ, who had quite
apparently been talking to the Diebold reps, said he didn't want that to happen
because he didn't know if Harri might have planted some kind of virus on the
memory card that would infect the central tabulator. Ion then explained to TJ
that, just an hour earlier, he had obtained permission from the Leon County
Council to replace the Diebold system. That meant that the Leon County Diebold
system would never be used in any election again, and thus Ion said it was all
right to upload the memory card to the central tabulator. (The irony here, of
course, is that Diebold would worry about a virus being planted on this particular
memory card! What about all the thousands of people around the country who have
access to memory cards...doesn't Diebold worry about one of them
planting a virus? And the second irony is that ITA testing is supposed to catch
these security vulnerabilities and yet Diebold claimed to be worried about a
security exploitation by Harri Hursti AFTER all ITA testing had been completed).
So, TJ became convinced that it was all right to upload the memory card, which
he did. And there, on the central tabulator screen, appeared the altered results:
Seven "Yes" votes and one "No" vote, with absolutely no
evidence that anything had been altered. It was a powerful moment and, I will
admit, it had the unexpected result for me personally of causing me to break
down and cry. Why did I cry? It was the last thing I thought I would do, but
it happened for so many reasons. I cried because it was so clear that Diebold
had been lying. I cried because there was proof, before my very eyes, that these
machines were every bit as bad as we all had feared. I cried because we have
been so unjustly attacked as "conspiracy theorists" and "technophobes"
when Diebold knew full well that its voting system could alter election results.
More than that, that Diebold planned to have a voting system
that could alter results. And I cried because it suddenly hit me, like a Mack
truck, that this was proof positive that our democracy is and has been,
as we have all feared, truly at the mercy of unscrupulous vendors who are producing
electronic voting machines that can change election results without
detection. Beyond this, however, what is the real significance of the "Harri Hursti
hack?" There are several answers to that question. The Significance of Harri's Hack First of all, the Hursti hack reveals only one vulnerability
in an almost unlimited number of potential flaws or vulnerabilities in electronic
voting systems (both op-scans and DREs). However, the Hursti hack is individually
significant because the flaw it exposed is a planned
vulnerability in the system, not something that is accidentally there. It had
to be PUT there (programmed) on purpose. For Diebold to claim
innocence about this would be absurd. It would be like saying you didn't know
your garage had a door while you were standing there holding the garage door
opener. Or, because this security vulnerability is so huge, it would more accurately
be like saying you didn't know your house had a garage at all!! Since something like 95% of computer scientists agree that electronic voting
machines (op-scans and DREs) have an almost infinite number of potential flaws
or vulnerabilities, the Hursti hack shows, above all, THE IMPORTANCE OF HAVING
PAPER BALLOTS for an independent confirmation of machine results. The beauty
of paper ballots is that they are completely independent of any machine,
unlike the printer paper trail. Therefore, they provide a true independent,
manual audit of machine results. Paper ballots are also the only electronic
voting method that eliminates, almost completely, any question about voter intent
because the ballots are voter-generated, filled in by the voter's own hand,
thus eliminating the need for a voter to confirm his/her choices on any printer-issued
receipt. Paper ballots are the only way to have a fail-safe election with any
electronic voting machine. You must have paper ballots and you must manually
audit (count) a portion or all of those ballots in every election. The ONLY evidence in the Hursti hack that could discredit his alteration
of results were the paper ballots themselves.But these ballots can
only be useful if they are actually counted after an election to check against
the machine count. The Hursti hack shows clearly that there must be an independent
paper trail that can be manually audited to confirm (or discredit) machine results.
The hack exposes a serious electronic voting flaw, but then, ironically, re-instates
optical scan as the only electronic voting method that provides truly independent,
manual audit capabilities. A National Defense Issue There is another aspect of this hack that is of vital importance to our nation.
Harri and Dr. Thompson explained to me that there are 3 levels of computer attack
(and please remember that electronic voting systems are computers,
whether they are networked or not). Level One, called a "script kiddy," is the most primitive and can
be copied by a novice from an internet site and then be used to create a virus
or hack a computer or a computer system. Level Two is more sophisticated and is the level at which most viruses, worms,
Trojan horses and hacks are conducted, often by "casual hackers" who,
for whatever reason, enjoy conducting "electronic break-ins" into
computers. Level Three is called a "Nation-State" attack. A Nation-State attack
is a highly sophisticated, heavily funded electronic attack by a foreign country,
a foreign operative, a terrorist group, organized crime, or a political group
or operative within our own country. In other words, a Nation-State attack could
be mounted by any well-financed group that would benefit from sympathetic candidates
being placed in powerful positions or by certain agenda(s) being implemented,
or by any group that wants to gain political or financial advantage or wreak
havoc on our nation. Harri told me, and Dr. Thompson confirmed, that Harri's hack was Level One
(the first, primitive level), and could have been done by an 8th grader with
some basic information. They explained to me that the voting machines in this
country are so vulnerable that they cannot even withstand a Level One attack,
much less a Level Two or a Nation-State attack. Our country spends billions of dollars on national defense, and yet we have
a gaping hole in our national security through the widespread use of completely
vulnerable, electronic voting machines. Counting paper ballots is not a step
backwards. It is a vital component for the security of our elections and our
protection against a "bloodless coup" or the overthrow of our government
through our elections system. It seems inconceivable, yet is all too possible,
that such an electronic attack could occur without detection,
as did Harri's hack on the Leon County voting system. A paper audit trail is, as almost all computer scientists agree (except for
those who are the equivalent of tobacco company doctors who stated for years
that smoking was fine for your health), absolutely necessary to preserve our
democracy, and paper ballots are the fail-safe audit trail (as long as those
ballots are manually audited and are guarded like the gold in Fort Knox). This is not something that can be delayed until next year or until the next
decade. Whatever investment has been made in DREs must be re-evaluated in the
same way we re-evaluated the exploding gas tanks of Ford Pintos. Just as Ford
knew, but never disclosed for years that people were dying from the exploding
tanks, the voting machine companies know their machines are completely vulnerable.
There is too much at stake to trust machines that have been proven to be untrustworthy.
We must have paper ballots, and we must have them now. To do less, with the
knowledge we have, would be to sacrifice our democracy for the sake of convenience.
It is not important that our elections be convenient, but it is vital that they
be accurate, secure and verifiable. Otherwise, why hold elections at all? Ion Sancho had the courage to test what should have been tested by our federal
government. He should be hailed as a national hero for exposing a breach in
our national security the size of the Grand Canyon. But no quantity of such
tests can find or expose the infinite number of electronic flaws, malicious
or otherwise, that are possible in these systems. The day may come when these
systems can be made secure, but that day is not now nor is it in the forseeable
future. This is a time for courage, and for leadership. Our country's officials must
guard our freedom as they have been elected to do and choose auditable, verifiable
voting systems, based on paper ballots, that will defend our nation from an
all-too-possible "electronic Pearl Harbor." |