October 20, 2008
Want Your Vote to Count Twice? It's Possible, Professor Says
Dan Wallach, an associate professor of computer science at Rice University, held a fake election with his students that demonstrated the vulnerability of electronic touch-screen voting machines, according to an MSNBC report. Mr. Wallach said the machines can be easily hacked by a tech-savvy person with enough access.
To prove his point, Mr. Wallach had his computer-science students play the role of “unethical programmers” who altered codes and set PIN numbers to allow themselves or others to vote multiple times on touch-screen ballots. The students, who split into six small groups, used an in-house machine to conduct their sabotage, and the device later underwent an audit by two other groups. One student group hid their bug so well that it could be traced only by running the whole program and went undetected during two audits.
Some studies have suggested that touch-screen machines can be manipulated, but Michelle Shafer, a spokeswoman for Sequoia Voting Machines told MSNBC that there has never been evidence of such fraud.
“While well-intentioned, this type of exercise may only drive fear for the voting public,” Ms. Shafer said.—David DeBolt
Posted on Monday October 20, 2008 | Permalink |Comments
Commenting is closed for this article.
Previous: Where Have All the Legal Downloading Services Gone?
Next: Attendance Is Way Down at This Year's Community-College Technology Conference
Let’s see:
A group of students hid their bug so well that it went undetected during two audits. And those were students. Highly experienced experts almost certainly would have been even more effective, in making sure that there was no detectable evidence of their compromise of the system. Why does the fact that “there has never been evidence of such fraud” in the field, fail to give me any warm fuzzy feelings of confidence in hidden-source voting machines? Why is the obvious alternative – open-source voting systems, as used in Australia and other less backward countries – seem more desirable every time a hidden-source vendor’ spokesperson is interviewed?
— Adam Reed Oct 20, 05:09 PM #
I saw Wallach on a PBS interview program the other evening. He ranted about the possibilities of voter fraud by hacking into these machines. He seemed to imply that all “actual” and potential hacking was done or would be done by Republicans. I inferred he felt the fraudulent behavior was perpetrated or would be done only by Republicans. He certainly seemed paranoid regarding the voter fraud of Republicans. In comparison, Democrats were nearly saints. Shafer’s comment about this type work driving “unfounded” fears is correct. It certainly seemed like Wallach writes and speaks from a base of fear hoping to make others afraid!
— bob kaehr Oct 20, 05:19 PM #
Bob, you make an astute observation, that “corruption” generally knows no party boundaries. However, there is some rational basis in some observers’ particular suspicion of the Republican party:
Back in 2004, it was revealed that Diebold, a major manufacturer of electronic voting machines contributed a significant sum of money to Republican candidates. (see: http://www.prweb.com/releases/2004/08/prweb149382.htm ) This kind of activity (which apparently has since stopped) raises the inference of possible unethical behavior; especially when companies like Diebold are adverse to revealing the source code of their machines or making their software open source and completely transparent.
So I’ll agree with you that both Dems and Repubs are not immune to corruption, the history is that the Republican party has been a greater beneficiary of voting machine mfrs, raising that suspicion.
— NeoteriX Oct 20, 06:33 PM #
Fair enough, and the same is true of the contributions Obama has made to ACORN. Why use technology when you can enroll felons, children, the deceased and the nonexistent to vote on your behalf?
— TRB Oct 20, 07:17 PM #
TRB..what are the total number of fraudulent registrations since certain hired registrars were fired by ACORN? How does this number compare to other voter roll checks as to # of frauds per 1000 new registrations? Thanks..
— nana Oct 20, 09:05 PM #
Both sides are equally capable of voter fraud. That’s not the point. The point is that something as important as voter software should be 100% open source so that we ALL know how the system works and can identify when problems occur. There are clear financial reasons why corporations would want to hide possible problems with their software. That by itself should rule out the idea that anyone should make money off election software.
— 35 year old dude Oct 20, 10:22 PM #
The interesting point to me is that neither Republicans nor Democrats are of as much concern as foreign hackers which isn’t addressed here.
Nonetheless, so a district (or city or state) has 100 voters registered and 200 votes. I should think that would invalidate that election and make it subject to recast or recount.
— Rob Oct 21, 07:34 AM #
Oops! Part of this discussion may be a mute point. I made a major blunder in my earlier post. MARK CRISPIN MILLER was the person I saw and heard on the Bill Moyers Journal on PBS not Dr. Wallach. I apologize to Dr. Wallach for not catching this blunder earlier. Nonetheless, some of the points regarding voter fraud have been quite pertinent to issues that might erupt from the Wallach experiment. Again I am sorry for the blunder I made in my earlier post.
— bob kaehr Oct 21, 08:38 AM #
Bob, as Republicans have been the beneficiaries of “questionable” electoral processes in the last two presidential elections, I should think it’s fairly obvious why they should be the primary suspects in machine tampering.
— me Oct 21, 08:43 AM #
I hate to pile on, but I think my friend bob meant “moot” point. If his point were mute, I wouldn’t even be able to guess how he plans to vote.
Vote suppression has, by the way, been an almost exclusively Republican sport since the South switched parties 40 years ago. The GOP is even pretty frank about it—except insofar as they equate voter registration with voter fraud. (Conceivably I could register to vote as Mickey Mouse, but it is highly unlikely that I’d go to the trouble of ginning up enough fake ID to vote as Mickey Mouse.)
The problem of hackable voting machines is a different kettle of fish. That is an easily avoidable problem which for some odd reason has not been avoided.
— BertW Oct 21, 09:07 AM #
An interesting exploration of the risks of manipulating computerized voting, including the way voting is counted, to steal elections is Kim Stanley Robinson’s trilogy “Science in the Capital” starting with “Forty Signs of Rain.”
— Bruce Rockwood Oct 21, 09:14 AM #
TRB, you are failing to distinguish between fraudulent votes and fraudulent attempts at registration. The ACORN employees defrauded ACORN by collecting payments for registering voters when the employees had filled the forms out themselves. Even where the states do not discover the errors, the dead or fictional people thus registered are not going to go to the polls and vote. This is not a conspiracy to stuff the ballot box for Obama with votes cast by Mickey Mouse. ACORN helps Obama only when they register legitimate voters who otherwise might have sat this election out. That’s what really annoys the Republicans, but complaining about that doesn’t sound very good, so they complain about registering Mickey Mouse and call it voter fraud.
— Lisa Oct 21, 09:35 AM #
I am very, very concerned about voter fraud this year. Why hasn’t the country learned to get a paper trail?
— Katherine Oct 21, 09:36 AM #
“Why hasn’t the country learned to get a paper trail?” Reason 1: “the country” is an abstraction. Reason 2: the people who live in this country have no say over anything. Reason 3: the people who pretend to represent the people and by inference the country are not motivated to run honest elections.
— David A. McCullough Oct 21, 09:42 AM #
Why hack easily detectable extra votes when you can just as easily switch some number of legitimate votes from one candidate to another, without a trace? Electronic voting machines (open software or not) are inherently dangerous.
Optical scanner ballots are quickly countable, but also easily recheckable, by hand if necessary.
Ballot security remains an issue, whether it is Box 13 in Duval County Texas or Cook County vs. Southern Illinois holding out to submit the last determinative votes.
Localities where one party is so weak that it can’t come up with poll watchers are susceptible to delivering extra votes. The danger is less about ineligible names actually showing up to vote, than about votes tacked on at the end of the day for eligible voters who didn’t show. If one locally dominant party is thoroughly corrupt enough to include every election worker in fraud, this will show up in other easily detectable ways as well.
— Bill S. Oct 21, 09:47 AM #
several comments:
#10 — I saw a PBS special last night about LBJ — it is well known that he, or his cronies, were stuffing the ballot boxes in Texas — even PBS admitted it openly in the documentary!
#9 — liberal paranoia rears its ugly head again, despite recounts and recounts of the ballots by liberal news media organizations (largely unreported by the MSM) whose results, no matter how many times they counted, always, ALWAYS indicated Bush won (2000). The Supremes DIDN’T select, they merely upheld existing Florida law. Seethe away.
In all of my years in Chicago, it was well-known and widely joked about that the dead continue to vote for decades as long as they’re democrats. Since Obama is a direct product of that corrupt political machine, who honestly believes that their tactics won’t affect this election? I don’t think you will find a more corrupt (and almost entirely democratic) political system than Illinois’.
Further, the country had better take note: if Obama wins and dems take a super majority in the senate and win as many seats in the House as they hope, the country will come to resemble the shambles that the State of Illinois is. Beware!
— bb-1 Oct 21, 10:35 AM #
Can someone explain why we have to use computers? What’s wrong with old-fashioned paper & pencil? Yes, every system has it’s faults, but why are we turning to computer-based systems? Do we just not like to wait to see the tally?
— JustMe Oct 21, 10:38 AM #
16 – I won’t argue 2000, I’ll personally concede that one, however, do you agree it is fair that the donations issue (diebold and the gop) at least raises the appearance of a conflict of interest?
17 – There are lots of logistical benefits to electronic voting — (valid) changes to the ballot may be done quickly and are easily rolled out to the machines (reducing spelling errors, last minute entries, etc.). Printing ballots usually requires a significant lead time to go to press.
In addition, e-voting machines are more friendly to non-English speakers (as required by our Voting Rights Act), the hard of hearing, visually impaired, disabled, etc. E-voting has the flexibility to add many different languages, to provide digital recordings, dynamic font changing (to make words bigger), no hanging chads, or whatever the needs may be—in general there are more possibilities with e-voting.
These security issues could be easily addressed if the companies involved with the machines just opened up: open-source software, redundant systems for vote checking, etc. If these were solved, e-voting would be a tremendous boon to democracy.
— NeoteriX Oct 21, 11:27 AM #
The funniest thing to point out the voter fraud shenanigans of the GOP would be for a 46-state landslide victory for Obama, EXCEPT in Alaska, Arizona, Florida and Ohio. When I do the interactive electoral maps, I always color Ohio and Florida red.
Bob and other GOPers, the type of voter fraud suggested in this one report are done from the top of the corporate chain (a public statement by the Diebold chairman that GWB would win, no less). That is why the reporter focused on Republicans with this type of voter fraud.
The ACORN problem, on the other hand, are for REGISTERING voters. Relative to the coding possibilities, it is much easier to thwart a registration scandal at the polls (not many dead people actually show up to vote). Thus, those who don’t know they are being registered are pretty unlikely to vote — and if they do, it is easily caught (in most cases).
— drkvc Oct 21, 11:51 AM #
#19 – drkvc — you are wrong! Dead people routinely vote in Chicago.
— bb-1 Oct 21, 12:05 PM #
#18 – I am hearing impaired and have voted using machines, paper ballots, punch cards, and now computers. There isn’t a dime’s worth of difference from my perspective as to which is more friendly to the hard of hearing.
As a judge of elections, these arguments all bother me quite a bit. I can only work with my board to ensure that we get a match between ballots cast and the computer tally of ballots cast. We have to rely on the county to ensure our machines arrive tamper-proof and not tampered with. No system is ever perfect, but I sure hope security efforts and the ability of the voter to determine that their vote was cast as intended continue to improve.
— Matt Oct 21, 12:09 PM #
Matt – what is it that the hearing impaired person needs to hear while in the voting booth? (excuse my stupidity, plz)
— observer Oct 21, 04:11 PM #
The United States Government Accountability Office (GAO) reported various problems with electronic voting technologies used in the 2004 election. They published a document in September, 2005 titled “Elections: Federal Efforts to Improve Security and Reliability of Electronic Voting Systems Are Under Way, but Key Activities Need to Be Completed.”
I wonder how many of the key activities have since been completed?
The report is worth a read. If you find it rather long, it’s helpful to search it for the occurrence of the word “problem.”
http://www.gao.gov/new.items/d05956.pdf
— Ray Oct 21, 06:10 PM #
Can someone explain to me why requiring proof of citizenship, proof of residency and proof of age is considered to be vote suppression? If someone is not a citizen of the United States, they should not vote in our elections. If someone is not a resident of a particular state and/or district, they should not be allowed to register and vote in the local election.
Many years ago I was required to apply for social security numbers for my small children so I could list them on my tax return as dependents. The government had no problem requiring me to have them “registered” as citizens then. Why can we not require every legitimate voter to have a social security number? With the ability to check government databases so easily, why can’t we match one vote with one social security number? Is the problem the fact that this would require every citizen to have a social security number – a form of national ID? Isn’t that what those who pay taxes are already required to do? Why would that be a bad thing?
— FB Oct 23, 10:39 AM #
ACORN will jump on this.
— Pavel Oct 23, 02:22 PM #
There is a system that leaves a paper trail. It’s called paper ballots. The system we generally used before 2000, when incompetent voters in Florida cost the Dems the election. Now the Dems, as usual, discover their cure is worse than the disease, so it’s the Republicans’ fault.
— Steve D Oct 23, 03:15 PM #
My understanding is that if ALL the votes in Florida had been recounted, and not just the limited number Gore asked to be recounted, he would have won.
Can’t remember where I read that, though it was a reputable source. Can anyone help me on that?
— Gary Oct 25, 01:19 AM #
http://www.youtube.com/watch?v=IH0xzsogzAk
— someguy Nov 4, 05:53 AM #
It seems the topic has broadened to the disreputable and dishonest vote.
So,…
What would you call this —> people who move across state lines (temporarily) just to vote against an issue (one Dems are very much against). ??
— young analytical mind Nov 5, 10:50 AM #
“According to the findings of a 2007 review of voting systems in California, e-voting machines aren’t secure. Last year, California decertified them for general use. Secretary of State Debra Bowen subsequently limited the use of such machines to one per polling place, to be used only by disabled voters.” [Voting machine insecurity” by Jabulani Leffall]
To read the whole article: http://www.gcn.com/online/vol1_no1/47494-1.html
— y a m Nov 5, 11:21 AM #