How Could Anyone Possibly Mess With With E-Voting Machines... When They're Left Unguarded For Days?

from the oh,-that's-right,-it's-easy dept

Fri, Jun 6th 2008 2:09am — Mike Masnick

One of the common complaints from the e-voting companies about the various independent security tests that find problems with their machines, is that those test occur under conditions that would never happen in the real world. Specifically, the e-voting companies like to claim that most of the "hacks" revealed would require a lot of access to the machines with no one noticing -- and that just wouldn't be feasible during an election with election officials all around. While even that might be questioned, a much bigger issue is that most polling places leave the e-voting machines totally unguarded and totally unprotected, sometimes for days before the election -- giving anyone with nefarious intent plenty of time to mess around with the machines.

Ed Felten has been pointing this out for years. He took photos of such machines at Princeton in 2006 and then again at the primary election earlier this year. This past Tuesday was another election day in many places, including New Jersey, and Ed Felten, once again, took photos of a whole bunch of totally unguarded e-voting machines that any passerby could have accessed. Of course, given that the software itself doesn't seem to work maybe someone will actually adjust the machines to make them work better. Always look on the bright side.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: e-voting, ed felten, princeton, security

17 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Chunky Vomit, 6 Jun 2008 @ 4:26am

Maybe Hilary is dropping out of the race because she has figured out how to win the presidential election without actually being on the ballot.
[ link to this | view in chronology ]
Anonymous Jerk, 6 Jun 2008 @ 4:41am

Perhaps...
...We should go back to paper ballots, and let a couple of 5th graders re-design these e-voting machines, since they could probably design better security features.
[ link to this | view in chronology ]
Ferin, 6 Jun 2008 @ 4:51am

Take a look at this
Don't know if you've seen this yet, but there's an interesting article on slashdot, where (supposedly) a Republican Party Precinct Chair in Harris County, Texas who wll be a precinct judge this fall is asking for advice on what he needs to look out for to prevent tampering with electronic voting machines during an election.

http://ask.slashdot.org/article.pl?no_d2=1&sid=08/06/05/1848216

As to this, I remember when I was still in high school the machines would be delivered and sit in our unlocked gym several days before an election. These were the old mechanical monstrosities, but from what I understand that practice still hasn't changed with the new touchscreen machines. I think what it will really take to wake people up is somebody performing an attack that elects mickey mouse or something. People just don't seem to get how bad these systems are.
[ link to this | view in chronology ]
Jake, 6 Jun 2008 @ 4:57am

In fairness to the e-voting companies, election officials have to take some of the blame for this particular problem, as do whoever happens to be hosting the polling station. It's also admittedly a problem to which I can't see an easy solution; someone with the willingness and the necessary skills to tamper with one of these machines, at in the case of the better models, will have little trouble getting past a couple of locked doors and a burglar alarm.
[ link to this | view in chronology ]
- Jim, 6 Jun 2008 @ 7:04am
  
  Re:
  With paper/mechanical systems that wasn't the case. If the new system requires experts to know if is working and beefed up security... maybe the old way was better?
  [ link to this | view in chronology ]
  - Rich Kulawiec, 6 Jun 2008 @ 7:21am
    
    Re: Re:
    There's no doubt of this. The security and integrity of the electoral process depends not only on the inherent properties of the equipment (whether computerized or mechanical or pencil/paper) but on the procedures used to conduct the election using that equipment and post-election auditing. It's clear that in addition to the unfixable security problems inherent in all computerized voting systems, we are also faced with a myriad of procedural problems that exacerbate their consequences.
    It's well past time to return to the simplest possible systems: pencil and paper. Yes, such systems still have their issues (as do ALL electoral systems) but those issues are well-known, well-understood, and addressed via proven countermeasures. None of which can be said about electronic systems, BTW.
    [ link to this | view in chronology ]
What..the...hell, 6 Jun 2008 @ 5:56am

I hate people sometimes...
[ link to this | view in chronology ]
What..the...hell, 6 Jun 2008 @ 6:01am

I hate people sometimes...
Do they really think people are this stupid when it comes to technology (ignore the fact that I submitted a blank post earlier, lol)... but seriously.

If people can crack security features in games without so much as breaking a sweat, do you really think they can stop someone from tampering with an electronic voting machine?

On top of that, most of the people in politics or those that will probably manage these election locations never took a computer course before in their life and can barely check their own email. The machines could completely fail or skew the election data and NO ONE WILL NOTICE. There'll be no proof.

All you'll end up with is a box full of data, and how that data is transferred or counted can be manipulated at will. Hell, you could just prevent the machine from writing anything into memory and just make up numbers when the election is over.

It's pure... bull...sh*t. Talk about a corrupt system...
[ link to this | view in chronology ]
- Cowmonaut, 6 Jun 2008 @ 6:43am
  
  Re: I hate people sometimes...
  Never blame on malice that which can be more easily explained by ignorance and stupidity.
  
  While politics is almost by definitiion corrupt, in this case it isn't corruption that is the problem necessasarily as much as blatant disreguard for change.
  
  Here we have a system based on certain expectations. These expectations are that it would be very time consuming to alter *paper* ballots, and that it would be 'impossible' for a voter to not recognize a 'blank' ballot.
  
  There are ways around those basic problems for altering elections using paper ballots, but for the most part it has and does work 'okay' in ensuring a fair vote.
  
  Now we are getting e-voting machines and we have a problem. You don't have hundreds of thousands of ballots at a local election, you have a handful of machines that create and tally the votes themselves.
  
  In short, less points of failure. Normally this is a good thing as its easier to keep track of, except it takes less failures to bring you down in some cases (like this).
  
  But the real problem here, is that election officials aren't adapting their system. As Mike usually points out as a failing of the recording industry, they aren't changing their 'business model' and it is causing problems.
  
  They need to get their act together, or else there will be problems in the near future. Fairly large problems.
  [ link to this | view in chronology ]
James, 6 Jun 2008 @ 6:44am

Re: Jake
I admire your willingness to look at this from two sides. However, it seems to me the greater burden of responsibility is going to be on the company that could've designed a much, much more tamper-resistant system and maybe should *not* have threatened to sue any third party that tried to do a security analysis. I mean, we're talking about machines that actually have executable code on the data card that they trust to init and verify the contents. We're talking about a security-natured company that essentially gave every internet-connected person access to a universal key to open up all its machines.
[ link to this | view in chronology ]
James, 6 Jun 2008 @ 6:48am

Re: Re: Jake
So, what I mean to say is... :)

...that I see and agree with your point that election officials need to take the responsibility to do their part by treating their voting mechanisms as things that are as important as they really are--I just want to make sure we don't look at that as any less of a rebuke to the companies that made this crap and took the underhanded actions they've taken to ensure their profits don't suffer at the expense of the people's rights.
[ link to this | view in chronology ]
Anonymous Coward, 6 Jun 2008 @ 7:07am

I think people need to start slapping "i've been hacked" stickers on unattended voting machines, along with how long they were standing at the machine unnoticed for.
[ link to this | view in chronology ]
ehrichweiss, 6 Jun 2008 @ 8:23am

Lexington, KY had them unguarded...
Seriously, the night before the election our kids' school had a presentation and the machines were just sitting out in the open where anyone could get their hands on one. If I had my camera phone on me I'd have taken pics but alas I did not and no one else seemed to even care at all. I don't think they were the Diebold machines but with the track record of ANY of the machines I wouldn't trust them at all.
[ link to this | view in chronology ]
Xuan, 6 Jun 2008 @ 8:45am

e-voting is the fraud of the century
It's at the very minimum a money scam perpetrated by con artists on ignorant officials, or worse, a diabolical scheme to steal elections. Why would anyone of right mind defend the use of these machines is beyond comprehension.

How hard is it for people to understand that the best voting system ever devised is Paper and pen? You print out a card with all the election information, and just have people mark the card with a permanent marker. If you make the card in an organized manner, you can then scan the choices using a very simple OCR machine. There, fast and acurate counting with reliable paper trail. Simple and cheap. But I guess that makes too much sense, or waste too little money, or too reliable for the official's liking.
[ link to this | view in chronology ]
Anonymous Coward, 6 Jun 2008 @ 8:49am

I love the "I've been hacked" sticker idea.....
[ link to this | view in chronology ]
Ulle, 6 Jun 2008 @ 10:42am

The really sad and scary thing about this is the apathy of the American media and the general public. Nobody seems to care, shoot guess everyone is too busy worring about having to spend $4 a gallon to fuel up their SUVs and hummers.
[ link to this | view in chronology ]
Anonymous Coward, 7 Jun 2008 @ 1:49pm

E-voting machines aren't the only polling stations that are left ungaurded, or their guard is a kid like me who works a part time shift somewhere they lock all the equipment in a closet. There's plenty of opportunity to screw with voting machines, but thats hardly the real problem, anyone with half a brain sees this.
[ link to this | view in chronology ]