Its technically very easy, depending on how secure the equipment is stored when it is not in use. To be effective, the hack would only work on machines that will not produce a record of input from the voter and the final result. Machine like thus are called direct-recording electronic (DRE) machines. Such machines are manufactured by a number of companies and are available in a number of different models. One such machine is the Diebold AccuVote TS, and a newer version of the AccuVote known as the TSX. Georgia, Delaware, Louisiana, New Jersey and South Carolina still use the AccuVote TS. Altogether, fifteen states use DRE voting machines of several makes and models, all with no audit trail.
But wouldn’t that be detected when the machine is tested before and after the election? If the reprogramming was blatant, yes. If the reprogramming was clever, no. In 2006 Edward Felten, a Princeton computer science professor and his student Alex Halderman did just that. He published a paper detailing how he modified the machine with a malicious code to change the record of votes to produce whatever outcome the code writer desired. The code could then propagate from one machine to others like a virus within a local network of voting machines. You can read the report here. Or, you can download the report here.
Some states use the Sequoia AVC Advantage voting machines, which Princeton professor Andrew Appel demonstrated could be similarly manipulated in a 2007 legal filing. Appel bought a Sequoia machine online for $82 and demonstrated that he could remove 10 screws and easily replace the Sequoia’s memory card with a modified version that would alter the outcome of an election.
Lets take a look at the Sequoia machine and see if it can be hacked. This machine is not connected to the internet, so a remote attack won’t work. As described in professor Appel’s document, it will require a human to remove ten screws to open it and then remove a plugged in component, then replacing that component with one that is reprogrammed and the machine is then reassembled. It takes just a few minutes to hack each machine. If we are able to penetrate the storage room where these machines are located most of the time, a hundred could be reprogrammed in a few hours. The component that we remove could then be reprogrammed at our leisure and used for the next batch of stored machines. This could be accomplished at anytime well ahead of an election.
How could a programming change in a DRE become undetectable? Aren’t the voting machines checked for accuracy and security? It is pretty easy to avoid detection if properly written. Let me give you an example using simple steps instead of the actual programming language and code.
After looking at how the votes are gathered from the touch screen, we capture what the voter has selected. Instead of sending that to the routine that normally processes the entry, we send it to a subroutine that conditions the vote to meet our expected outcome.
That subroutine has an input from the system clock telling it the date and time. The time information is then used to either bypass the subroutine, sending the voter’s selection back out for normal processing, as if the subroutine was not there, or it performs certain functions to modify the vote and then sends the modified vote back to the normal process, as if it was the voter’s actual entry. This makes the subroutine active only when we want it active, such as on election day during certain hours. On any other day or time, it is not detectable.
The subroutine could modify only votes for a certain candidate, only a percentage of votes for a certain candidate, or maintain a certain percentage lead given to one candidate over another. For example, if we want to give one candidate a steady 1% lead over another candidate the program could change the vote from an unfavored candidate to a liked candidate thereby keeping the vote count the same, or it could simply discard a vote for the unfavored candidate.
If the DRE is checked for accuracy at any time other than the actual polling hours as programmed into the subroutine, the accuracy will be what is expected and the voters input will exactly match the machine’s actual output.
On Nov. 7, the day before last year’s elections, former CIA Director James Woolsey flagged DRE voting machines as a key vulnerability. “If I were a bad guy from another country who wanted to disrupt the American system … I think I’d concentrate on messing up the touch-screen systems,” he told Fox News.
It is known that Russian hackers tried to access election-related computer systems in at least 21 states during last year’s election. Intelligence officials have said there is no evidence that hackers changed any votes. If an expert like Halderman, who was only a student, was able to infiltrate a voting machine, I believe the possibility of a skilled Russian hacker and a person willing to risk being caught in the act of breaking into a storage facility and swapping parts is closer to truth than fiction.
Looking at a few critical states that swayed the electoral college voting, I find it odd that one candidate, the one that polls had given an outstanding lead to, lost uniformly by exactly 1% to a candidate that was tens of points behind in the majority of those respected polls. A coincidence? Perhaps, but I think not.
Nicole Plyler Fisk
Gene Howington
FFS Guest Blogger
Joy of Fishes
Chuck Stanley
shortfinals
Terry Welshans
ann li-summers
wordcloud9
Flowers For Socrates 
Once I worked briefly with an Army CID officer who was very liberal in teaching me the “unknown ways of detectives.” These were not, of course, unknown ways but the useful part of his teaching was the emphasis on basic principles. (TV cops don’t always emphasize those.) He taught me: “There IS no such thing as a coincidence.” When I pointed out that I had actually had three coincidences in my lifetime already, he said, “but if you committed a crime, none of those three would have been involved.” Couldn’t argue with that!
Scary stuff!
So paper, hand-marked ballots counted laboriously one at a time may be safer – assuming somebody hasn’t figured out how to do a mass brain-wash of poll workers?
Our state uses a hand-marked ballot that is inserted into a counting machine that does the recording. The paper ballot is retained within the machine and is available for manual verification if a recount is needed. Simple and secure, no labor involved unless a recount is called for. Hand counted paper ballots work,but are subject to human counting errors and may result in multiple recounts (best 2 out of 3 close enough?).
I think California has the same system as yours, otherwise it would take weeks to get election results – I was being a little facetious about hand-counting, but not about the hard-.marked ballots.
Eleven states, including California use paper ballots and DREs with a paper trail. Kentucky is among the seven states who use paper ballot and DREs without a paper trail. A map of which states use which method is available at the first link in the article.
Remember the ‘hanging chads’ in Florida? It took weeks to sort that mess out.
I was a canvasser for GOTV in Pennsylvania during October and November 2016. Aside from the known possibility of hacking the vote, in the one small district I worked in, in Pittsburgh, on election day itself, there were four (count’em — 1, 2, 3 — FOUR!) other problems facing voters at that voting location that day, and the lawyer at Hillary Headquarters spent all day from 7:00 a.m. until past 8:00 p.m. running back and forth to court to resolve them:
1. NO POLL WORKERS SHOWED UP — NOT ONE! Only the election judge.
2. Somebody (the election judge?) tried to unlawfully “hire college students” to sit in for authorized poll workers.
3. Voters were threatened twice in the morning by drive-by pick-up trucks filled with ARMED harassers screaming at them. Both times the harassers had to be driven off by LEOs but nobody was arrested or charged!
4. Many voters were told that they had to go elsewhere to vote because of the lack of poll workers, but the location they were given was an empty lot. Some of us had to go to the empty lot and redirect tired, harassed voters back to their proper location.
Malisha, that is a whole ‘nother related problem. If I want to, I could get into the DNC server and copy their registered voter roles, change them to different precincts and load them back. No one would notice, and I could hide my entry into the system. Then, on election day those voters would not be allowed to vote in their own precincts. Not saying that happened, but if I was a Russian Hacker who wanted to change the out come, I might do so……… I could also provide that data bank to an interested party for direct marketing purposes. Just sayin’………
I find it more than passing curious that every bank I have ever done business with used Diebold ATM machines. I always get a printed transaction receipt. No Diebold ATM I used in the past forty years has never made a mistake with a deposit or withdrawal. The ATM makes a carbon duplicate of the register receipt that comes out the slot.
So how come we are told Diebold cannot construct voting machines which print out receipts, and keeps verifiable paper records inside the machine?
Inquiring minds want to know.
Damn, I never thought of that! It’s remarkably obvious that it is doable. You just KNOW that the banks have to toe the line to keep track of people’s money; but not so much the vote.
Proof of vote tampering is surfacing..
Bloomberg has an interesting article about actual data breaches here:
https://www.bloomberg.com/amp/news/articles/2017-06-13/russian-breach-of-39-states-threatens-future-u-s-elections
Pingback: Hacking the Vote: Part II | Flowers For Socrates