Technology Review - Published By MIT
Technology Review  in English | en Español | auf Deutsch | in Italiano | 中文 | in India
Advertisement

How to Hack an Election in One Minute

Continued from page 1

By Daniel Turner

Monday, September 18, 2006
smaller text tool iconmedium text tool iconlarger text tool icon

Diebold has been aware of security issues in the past. In late 2003, the company sent cease-and-desist letters to various Internet Service Providers after internal company documents, outlining known security flaws, were published online.

The push to replace paper ballots came after the infamous "butterfly ballots" and hanging chads in the 2000 Presidential election, in which the Caltech/MIT Voting Technology Project estimated there had been up to two million votes not counted due to confusing ballot designs or faulty equipment. Congress passed the Help America Vote Act (HAVA) of 2002, which aimed to replace old voting machine with electronic, touch-screen ones. No provisions were made mandating a paper trail.

A year later, Representative Rush Holt (D-NJ) sponsored the Voter Confidence and Increased Accessibility Act. It would have mandated that electronic voting machines leave a paper trail for independent vote verification. Although the bill had 157 co-sponsors, it has not yet been brought up for a vote.

If enacted, however, this measure still might not be sufficient to safeguard elections. The CITP researchers show that it is possible to hack a voting machine so that its paper receipts agree with a tampered result.

Some companies and researchers have been investigating options for independent verification devices (IVDs)--separate machines that would be attached to each electronic voting device and provide a separate voting record. Roy G. Saltman, a voting technology consultant, recently wrote a paper for the National Institute of Standards and Technology recommending the use of IVD to "improve integrity and public confidence in the correctness of reported outcomes."

Some IVDs work by capturing the video displayed on the voting machine, so that a separate record exists of which on-screen buttons a voter pushed. Others add another layer of confirming or rejecting voting choices. Another potential system provides a synthesized voice reading to the voter (through headphones) as a confirmation of his or her choices; the voter can hear that votes are being recorded accurately.

"Some of these systems are, in the long run, promising," says Felten. But he's skeptical that they're ready just yet.

"It's a complex problem," he says. "An IVD has to get input directly from the voter, and still, you can't tell what's happening inside the computer."

"If you want independent verification," he says, "you need [an independent] paper trail. That's the best safeguard right now."

Tags

e-voting election voting machine voting technology

Related Articles

Comments
  • Not even a second tape
    Cash registers have two printers - one with the customer receipt, a second with the accounting receipt.

    The accounting receipt is in a hidden compartment.  If the machines had a kept receipt which displayed through a lens the vote just cast, the voter could easily verify that that vote was recorded on the receipt correctly.

    Then any fraud would have to make artificial copies of these vote-by-vote tapes to successfully steal votes - stealing the electronic votes would beuseless because a hand cound would catch it.
    Rate this comment: 12345

    wizwom
    09/18/2006
    Posts:8
    Avg Rating:
    4/5
  • paper, and paper alone
    will provide voters with confidence that their votes have been recorded correctly. Electronic voting machines are "black boxes" that cannot ever be trusted completely. Let's not be in such a hurry -- we should vote on paper and take as many days as necessary to count the ballots by hand. The television networks would love it -- 5 days of suspense on which they could report, instead of just a few hours!
    Michael Rodemer
    Rate this comment: 12345

    rodemer
    09/18/2006
    Posts:3
    • Re: paper, and paper alone
      In Canada we use paper ballots.  At the end of the polling day, we count them up (about 1-1.5 hrs at the most), phone in our results to the constituency office who holds the results till they all come in, who then calls in the results to the federal election office.  Results are known within 2 hrs of poll close, so by 11pm Pacific, we know who won the election and what the results were.  This is with paper - very easy, very reliable and doesn't take 5 days to get results.  The whole electronic thing seems to be more about the "cool" factor than the election's integrity and infallibility.
      Rate this comment: 12345

      darronre
      09/18/2006
      Posts:1
  • Misdirected effort
    It is easy to snype at a developed technology and find flaws. The chalange for you is to find ways to make this technology secure. I am getting tired of the fault finders. If they are so smart, find a way to secure the process. I believe that many "hackers" have a low self esteem. They are compelled to find fault with others, rather than take the risk to develop something themselves. But then, someone will be snyping at them.
    Rate this comment: 12345

    gasper@almap...
    09/18/2006
    Posts:2
    • Re: Misdirected effort
      Please remember that in order to make devices like this secure, it is necessary to hack it in order to expose the flaws. The Diebold machines deserve a special emphasis since the company and its employees are big financial supporters of the current administration which has certainly been the subject of controversy on its election tactics.
      Rate this comment: 12345

      JH
      09/18/2006
      Posts:8
      • Re: Misdirected effort
        Aren't you tired of taking a flaw in an vote counting machine and turning that into a political statement? You are suggesting that the engineers at Doiebold are complicit in a conspiracy to defraud the people. The Dieblod engineers probably went to MIT. I am positive that MIT does not encourage or promote duplicity. If you don't have a solution, stop complaining. I am tired of the widespread negativity that pervades this industry. As educated engineers we should applaud innovation and work to make it better. Sitting on the sidelines and criticizing is not productive. As a nation we respect the innovators, when was the last time you saw a statue to a critic?
        Rate this comment: 12345

        gasper@almap...
        09/19/2006
        Posts:2
  • totally unnecessary
      The saddest part of all this is that this situation need never have arisen in the first place.   Altera offers their Stratix II GX  FPGA line, which includes an onboard 128 bit AES encryption system which will *ONLY* accept initilization code from a source that has properly encrypted the code with a key that is built into a one time programmable register in the FPGA.  The register, and the decrypted initialization code are not accessible from outside the FPGA, so the code is as secure as anything *CAN* be.  The likelihood of anyone finding a means of altering the control code of the voting machine is virtually nil.

       Moreover, the cost of these FPGAs is quite low, not that cost should be a consideration in a crucial and sensitive application such as this one.

       Diebold is and has been aware of the flaws and deficits in thier design all along, and ought to be required to refund every penny customers have spent in purchasing these machines.

       Releasing these clearly flawed machines was a deliberate, cynical and self-serving social crime on the part of Diebold and its executives.

       Voting machines should never be allowed to be proprietary designs.  There is far too much secrecy in proprietary products, and such secrecy leads to the sorts of problems being seen in this instance.  A Federal Design Commission ought to be appointed to design a voting machine that is tamper proof, verifiable, and has an open architecture, permitting ANY citizen to review and critique the design.

       Open Source is the answer to the problem of reliable, trustworthy electronic voting machines.  No proprietary design, developed by a corporation with profit as its primary goal, can be trusted sufficiently for this crucial and highly sensitive application.  Even if we work on the assumption that a corporation would not deliberately allow a flawed design to go forward, out of social responsibility, the drive for profitability and time to market leaves too many holes, through which flaws and questionable designs can slip inadvertantly, due to the commercial focus necessary in a corporate environment.
    Rate this comment: 12345

    avrFreak
    09/18/2006
    Posts:5
    Avg Rating:
    5/5
  • Paper works fine
    It is strange to hear about the problems introduced by electronic voting when paper voting remains the most reliable system. Who is pushing the electronic voting agenda and what do they seek to gain from it?
    Rate this comment: 12345

    nukeisrael
    09/18/2006
    Posts:1
    • Re: Paper works fine
      Since this is a "technology review" site, I'm sure nukeisrael can provide citations of articles which show that inherent errors are less for paper voting than for electronic voting.  I, for one, would be interested in seeing this data.

      Also, there are many other vendors that do provide a "dual" paper record (VVPAT) system.  It generally consists of a secure scorlling printer receipt veiwable by the voter.  The voter reviews the entire paper receipt before submitting the ballot.  There is a second record kept in the machine (which can be printed out from the machine) and a third record stored on a memory cartridge.

      I think this kind of research does have merit, but the "hacks" need to be reported in context, and with regard to what other safeguards may/should be in place during an election. 

      I can hack a paper ballot box with a laser printer and a pen...  Give me unfettered access to the "box" where the ballots go, and I can swap out 100% of the paper ballots with my own.
      Rate this comment: 12345

      DocG
      09/19/2006
      Posts:1
  • Polite Engineers
    Tired of all the sniping and negativity? My! my! my!
    Voting machines counting backwards, changing votes
    right in front of the voters eyes. But we mustn't,
    mustn't speak of such troubling possibilities,
    must we(we of the software engineers).
    Rate this comment: 12345

    longnow
    09/24/2007
    Posts:3
  • Fire Sale
    It's been said that Diebold has tried to
    sell off its electronic voting machine division
    with no takers. I wonder why.
    Rate this comment: 12345

    longnow
    09/24/2007
    Posts:3
Reply

Log In

Forgot your password?     Register »
Advertisement

Videos
Latest Videos
Laser-Triggered Chemical Reactions

Top Stories Of The Day

Featured Content
Sponsored by:
White Papers

Twelve ways to reduce costs with SQL Server 2008
Find out how to reduce costs and get more efficient

Download

Total Economic Impact of SQL Server 2008 Upgrade
Forrester reports on increasing productivity and management capabilities

Download 

Achieving Cost and Resource Savings with UC
How Office Communications Server R2 and Exchange Server can make your business smarter and more efficient

Download 

The Compelling Case for Conferencing
Read how you can improve workload support and find IT efficiencies

Download

How Windows Server 2008 R2 Helps Optimize IT and Save you Money
Read how you can improve workload support and find IT efficiencies

Download

Windows Server 2008 R2 Hyper-V Live Migration
See how Windows Server 2008 R2 and Hyper-V enable virtualization and Live Migration

Download

RSS Feeds

xml icon TR Top Stories
xml icon TR Editors' Blog
xml icon TR Video Blog
xml icon TR Video
Advertisement
Subscribe to Technology Review's daily e-mail update. Enter your e-mail address

TECHNOLOGY RESOURCES
Advertisement
MIT Massachusetts Institute of Technology © 2009 Technology Review. All Rights Reserved.