Live from Austin!

Another interesting flaw has been discovered in the Diebold paperless voting machines used in many US states.

The Diebold machines are supposedly secure because they run software from an EPROM, software that has been independently audited and certified for use by election board officials.

Except it turns out that if you change a single jumper inside the machine, it will boot any code you care to supply on a standard flash memory card instead. The jumper switch can be adjustedusing a screwdriver or (better) a pair of needle-nose pliers. Once you’ve booted the machine with your suspect software, simply reset the jumper and remove your memory card. When the machine is turned off, any evidence of tampering will vanish and it will go back to booting from the EPROM.

How ingenious. How…convenient.

The Black Box Voting web site has revealed that there’s an interesting ‘defect’ in the Diebold GEMS voting system’s central tabulator.

If you enter an appropriate two-digit code into a hidden part of the system, the software creates a second database of votes. The second set of votes can be edited without any safeguards, and the voting system will report the final tallies from the bogus database rather than the one containing the real votes.

A spot check against paper records will use the real data, and the machine will seem to be counting the votes correctly because the computer’s output will match the paper votes for all the votes checked. However, the totals reported for the district will be taken from the bogus database instead. This is, of course, exactly how you would want an election-fixing feature to work…

Interestingly, the dual-database ‘feature’ appeared in the Diebold system shortly after Jeffrey Dean was hired as senior programmer of the GEMS central tabulator. Who’s Dean? Oh, just some guy who pleaded guilty to 23 counts of embezzlement, performed by manipulating data in computerized accounting systems.

There are over 1,000 Diebold GEMS systems in place in over 30 states. They count millions of votes. The ‘problem’ was reported to Diebold in 2003, but they haven’t fixed it in any of their subsequent software releases. Now, isn’t that interesting?

Remember that last year, Diebold CEO Walden O’Dell wrote that he was “committed to helping Ohio deliver its electoral votes to the President next year”, and urged people to donate to the Republican party.

First, a tale of true love:

It was, “Let’s see if you can do some of the best action ever filmed and, if you can’t, you’ll know you’re not as good as you think you are, you have limitations, stick to dialog.” I was daring myself to hit my head on the ceiling of my talent.

—Quentin Tarantino

Anyway, yesterday I spent over an hour walking, as part of stage one of my plan to get fit. Will Self puts it like this:

I’ve taken to long-distance walking as a means of dissolving the mechanized matrix which compresses the space-time continuum, and decouples humans from physical geography.

Me, I listen to radio shows on the iPod. Yesterday, This American Life, which is excellent but occasionally depressing. “The Annoying Gap Between Theory and Practice” was no exception. The segment about the new voting machines does a good job of getting across the kind of jaw-dropping stupidity that those of us of a more technical bent find in RISKS digest. I was somewhat surprised that it didn’t even mention that all the voting machine companies are run by Republicans, or that Diebold’s CEO has pledged his support to making sure Bush gets elected next time. Liberal media my ass.

Then in the third segment, they trail a newly elected, once intensely idealistic politician for three days. The surface message is interesting, but what’s really compelling is the deeper message in which we hear how the political system destroyed his soul and turned him into another career politician.

The source code for the Diebold touch-screen voting systems being installed in the US was accidentally left on an unprotected FTP server. It turns out that there’s a back door in the code, and it’s trivial to tamper with the results.