To BBV EXPERTS: "Ballot Text is Editable" = "Soylent Green is People."

OK black box votin' experts, here's one for you:

Is there any recursive linkage between the "Ballot Text" in the Diebold GEMS Touch Screen configuration parameters, so that the candidate's name on the e-ballot HAS to match the vote tabulation record for the same candidate? (I'm not talking about the Bev Harris "hack" that switched totals in MS Access, I'm talking about Touch Screen Configuration.)

In other words, if Ballot Text is editable (to appear any way you want on the screen), what prevents a vote for "Kerry" from being counted as a vote for Bush, or vice versa?

Because of the proprietary software that we are forbidden by law to look at.

we have succeeded in GA to getting some big name legal organizations to pushing past the 'not able to look at it' argument.... watch for news on this in the next 2 weeks.

as for the contract between Diebold and GA, found out this week we will be able to nab a copy of it...

this contract will tell all.... it will be a very useful prop in the war on privatized elections...

keep your eyes and ears open.. some good news will be coming soon...


do not entirely despair... just somewhat despair.....

You might want to get copies of any RFPs that were sent out and the vendors' responses. That might be fun.

Meanwhile, sure, see if the company violated any provisions of the contract and if the contract, the RFPs or the RFP responses violate state or federal law.

Good luck!

Let's see if I can explain this simply.....

On the Diebold system, the database which collects and tallies the votes do not contain a candidate name. Instead, it contains a candidate number.

When the candidate database is created, there are actually TWO databases:

DB #1 = Candidate Name = Candidate Number

DB#2 = Candidate Number = total votes cast for that candidate.

The simple answer to your question is YES, a vote cast for candidate A can be counted for candidate B if both A and B equate to the same candidate number. (Which is even easier progmatically than using the name.)

Simple Sample:
IF candidate =101
Vote Total = candidate101current sum +1
elseif
candidate = 102
Vote Total = candidate101currentsum +1
endif

If the names on the e-Ballot can be edited _independently_ from the "candidate name = nnn" statements, i.e., with the Ballot Text editor, when the voter touches the screen for "candidate A" (Ballot Text), the vote could actually go to candidate B which was how the ballot was set up originally before the text was edited. The Ballot Text Editor would make this impossible for the voter to detect. So does it work that way?

I'm not sure if I have your question correct, but maybe this will help.

The text on the screen can say *anything*.

As well, a program can tell the computer to do *anything* when someone touches an area on the screen.

The computer doesn't care what the ballot text (button to touch) says. It is meaningless to the program. It's just text.

When someone touches the text on the screen to place a vote, basically the first thing that happens is a variable is assigned a value.

Then the programmer tells the program what to do, based on an "if...then" statement.

For example "if button='yes' then ..."

the "..." part would be some kind of routine to add a 1 to the total of the appropriate candidate.

it would be just as easy to write a program to add a 1 to the wrong candidate as it would to add a 1 to the correct candidate. It's just a matter of saying which total to add 1 to.

I'm not a programmer per se but I've taken a bunch of classes in programming and I know enough to answer your question... the answer is, nothing at all prevents a vote for Kerry from being counted as a Bush vote. it would be easy to do that. It's all about what the programmer put in the code.

In fact it would be VERY easy to put up a verification screen at the end that confirmed your vote showing the correct vote, and actually send a different vote to the memory card.

Especially if you didn't have to worry about people looking at your code all this would be very easy.

...and that's why he's making every effort to get the word out.

:scared:

such that once the Ballot Text has been linked to the database, you can't just unlink it by editing the Ballot Text. I'm suggesting that this isn't how the software works. It's like having a word processor to design your ballot to appear as anything you want AFTER you've programmed the database. Everything starts out fine, UNTIL you swap the names around on the ballot, which does NOT make a corresponding change in the database where the votes are tabulated. The voter sees ONLY the ballot text. Ideally, the ballot text should NOT be editable after the database has been defined.

The only question I have is: what appears on that summary screen at the end? It sure LOOKS like it's just the same Ballot Text.

Will the "Open Software" provision help to reveal AND correct this?

It's more a question of testing and auditing the user-level interface and configuration or perhaps a software redesign to make this sort of change impossible, or at least difficult. (Of course for a real programmer or hacker, none of this is difficult.) I'm just suggesting that it doesn't even require that level of expertise. I mean why make it difficult to perpetrate election fraud??? If we understand this correctly, anyone who can use a word processor can do it. And people with lesser skills may be easier to let's say...recruit.

Holt would help because it has random audits and of course the VVPAR, which is better than not being able to audit at all.

Note that Op Scans can probably be hacked the same way, so VVPBs wouldn't help either unless they too are audited.

If Holt's bill is enacted, will the "Open Software" provision reveal this flaw, and then force a repair.

Did Bev Harris "force" a repair of the MS Access back end hack of the GEMS election totals when she demonstrated that on national TV with Howard Dean? I don't think so.

I guess you're asking if there could be a law that could mandate software evaluation by impartial experts with a mandate to reduce or eliminate the possibility of election fraud right? I don't know. There are issues with lack of HAVA funding of this sort of thing, aren't there? Check it out.

I recently heard that the much maligned EAC is part of the National Institute of Standards and Technology. Imagine that. These are the Einsteins that are supposed to be looking after this stuff, writing the standards, checking the code, or at least the design of the system, like we are. Yet they can't even get their hands on the code and they apparently have no money to do their jobs. See what you can dig up about that. It sounds like another Republican-style unfunded mandate. Let me know if I'm wrong Wilmsie!

Have there been any laws or prosecutions to force Microsoft to come out with a clean operating system before testing it in the marketplace? Don't think so. Just all that anti-monopoly crap, valid though it may be.

The same sort of lax attitude is being applied to votin' systems, from what I see. It's just another form of deregulation.

that I don't think most of us understand yet (me included).

The problem is that for a program to run, it has to be compiled first. That basically means you wrap up all the code into an EXE file.

Once it's in an EXE file, the code is invisible. There is no way to crack open an exe file or un-compile a program. If there was, software companies would go nuts.

So the question is, if a company makes its code available to the public, how can you know that the EXE file on the voting machine is actually compiled from the same code you are inspecting?

I'm getting hazy on facts at this point but my understanding is that it involves reporting a "chain of ownership". This is discussed in a paragraph that was recently added to Holt's bill.

I am concerned about this because reporting the chain of ownership seems to be open to fraud in itself. If they report false information on the chain of ownership, how would anyone know?

This speaks to Landshark's assertion that computers are inherently problematic with voting. The public has a right to be able to view the vote counting process. As long as it is happening inside a computer, there is no way to view it and there is no way to know if it's being done properly. Perhaps if you were a computer expert you could find a way to verify many of the steps but it should be something that anyone can watch.

Gary

Also. can you paste the provisions added to the Holt bill?

Gary, you ask:

"if a company makes its code available to the public, how can you know that the EXE file on the voting machine is actually compiled from the same code you are inspecting?"

This is what digital signatures are for -- the same way you know that when you send someone your credit card info on the web, it's not going to someone else you didn't intend for it to go to. Instead of the identity of just a vendor, you authenticate the exe file itself and its author. ANY change to this file, or folder, or folders, will result in a different digital signature, which when compared to the one that came with the original code, will be detected. If there is a discrepancy, the code has been altered. If not, it's the same.

This does not address the issue of the election being transparent to the average voter however. Only computer security geeks and those who have dabbled in that field (as I have from time to time) will really understand what's going on. But in fact, the code can be proven to be the same code that was originally expertly inspected.

My point in this thread is different however: I'm talking about the human factors involved in using the program. If they are not designed with security in mind, they will be exploited no matter how well you authenticate the code.

The ballot definition files are Rich Text Files (rtf) and are simply generated by the information in the database. The RTF file lays out the fonts, placement, box sizes and presentation while drawing the acutal text from the database.

And there is no recursion back to the database to ensure that they match. Correct me if I'm wrong please.

Let's look at an easier possibility.......

Here's the Candidate Key database:

101 George Bush
102 John Kerry
103 Denise Majette
104 Johnny Isakson
105.....
106.....some candidates, then 50 races later the following entry...
102 George Bush
ooops, now George Bush equals 101 AND 102 and if I randomly sort the database alpha instead of numerically, a choice for 102 goes to George Bush instead of John Kerry.......

You're talking programming; I'm talking Word Processing.
Which is easier?

With your "word processing" example, EVERY vote for the other candidate would be shifted. Someone would notice if John Kerry got 0 votes in any precinct, much less state wide. There's no "IF" statement in word processing.

In my example, you can randomize the vote stealing and only do a precentage. That would be fairly undetectable if all you needed was to shift 2% of the votes.

In WP, votes are swapped. No one gets zero. Kerry's go to Bush and Bush's go to Kerry and the voter never knows because he only sees the ballot text. You only do it in the precincts where Bush would have lost, based on voting history, demographics, voter registration lists, etc. and you reverse enough of those outcomes to swing the election.

I know there are other ways to do it. I'm just looking at the ones that don't require any alterations of the code or even access to the back end database (Bev Harris' thing). Why look for something you can't find when the evidence is that the system was either designed with fraud in mind, or at the very least, so negligently that it allows or encourages it.

in most jurisdictions isn't it?

If so, then the person configuring the ballot would have to be in on the rigging. You would have to first configure the ballot order with Bush and Kerry swapped. Then when you hack the ballot definition rtf file you would swap them back so the order appears correctly on the screen.

And who actually configures this stuff?

In Georgia, all ballot definition files are created by a central location - Kennesaw State University's Election Center. KSU does all the ballot definition files, prints a copy and sends it to the local precinct to verify, gets a signature on the printed copy (to avoid liability) and THEN programs all the PCMCIA cards for each unit. They also send an electronic file to Diebold to print the paper absentee ballots from, and program the PCMCIA cards for the OpScan units.

KSU Election Center is financed solely by the budget from the Georgia Secretary of State's office (1.5 mil right now).

(Other than the Diebold absentee printing and Op Scanning part of course?)

Does this school have a political or religious agenda?
Is it private or public?
Are they bi- or multi- partisan?
Are the TS totals uploaded to GEMS too?
Does KSU tabulate them on the GEMS servers?
What kind of security do they have there, etc, etc, etc?

When you centralize anything, you destroy any security. Hand it over to a single organization, regardless of ideology or anything else, and you have created a central point for problems.

I'm just giving you the facts as they exist in Georgia.

To answer your questions:
Does this school have a political or religious agenda?
Well, it was the home of Newt Gringrich's GOPAC

Is it private or public?
Public

Are they bi- or multi- partisan?
The Election Center is pro Cathy Cox (DEM) and Diebold.

Are the TS totals uploaded to GEMS too?
Of course.

Does KSU tabulate them on the GEMS servers?
No, in many instances, Diebold technicians are doing that in Georgia.

What kind of security do they have there, etc, etc, etc?
If they would answer those kinds of questions, we might be able to get the answers, but since they are funded entirely by the SoS they refer all questions to Cathy Cox, who refuses to answer by claiming "terrorists could use this security information to subvert the election process."

Perhaps this document will clear up any further questions you might have:
http://www.countthevote.org/dbd_docs/thegeorgiamethod.pdf

It was written by the KSU folks to sell the setup to other states.

Now that you mention it, I do remember the Newt connection.
Well good luck with those lawsuits down there!

Which is that ballots on the screen mean nothing because there is NO cross check in GEMS to ensure that the names on the ballot match the names/numbers in the vote counting database.

While this is also possible with Diebold Op Scans, they are probably easier to test, using some sample paper ballots.

Got me here to here, Anybody a memebr of ACM?

<snip>

The latest Communications of the ACM (v47n10) has several articles about
electronic voting. If you're not a member, you could drop by your
friendly neighbourhood CS library, or even buy digital copies over the
Web.

I found especially interesting the article by Di Franco, Petro, Shear
and Vladimirov titled "Small vote manipulations can swing elections":
DOI: http://doi.acm.org/10.1145/1022594.1022621
It's based on a Yale tech. report: ftp.cs.yale.edu/pub/TR/tr1285.pdf

A highlighted quote from the conclusion is "E-voting machines
potentially make electoral fraud unprecedentedly simple. An election
saboteur need only introduce a small change in the master copy of the
voting software to be effective."

<snip>

more fodder?