[ale] OT: Voting machines cracked in California

Wed Aug 1 19:59:14 EDT 2007

 From http://arstechnica.com/articles/culture/evoting.ars/1 , a very 
accessible piece on the new dangers from our current electronic voting 
systems.

"If we want to steal an election, then ideally we want as few warm 
bodies in on the scam as possible. All of the old-school election 
manipulation tricks, like voter intimidation, vote-buying, turn-out 
suppression, and so on, require legions of volunteers who know exactly 
what's going on; but in the new era of electronic vote tampering, an 
election thief can do a whole lot more with a whole lot less.

Election security experts break down voting fraud types into two main 
categories, based on how many bad apples it takes to swing an election: 
retail fraud and wholesale fraud. Retail fraud is the kind of election 
fraud that's most familiar to us, because it has been around for the 
longest time. In general, retail fraud involves multiple bad apples at 
the precinct level, carrying out any number of bad acts involving 
multiple voters and voting machines. Some examples of retail fraud are 
ballot stuffing, restricting polling place access by means of 
intimidation, vandalizing individual machines to make them unusable, 
counterfeiting ballots, and so on.

Wholesale fraud is relatively new, and it involves a single bad apple 
who can affect an election's outcome at the precinct, county, and state 
levels. (Actually, by this definition, wholesale fraud is as old as the 
poll tax. But let's stick to wholesale fraud involving electronic voting 
machines for now.) So with wholesale fraud, one bad apple can affect 
different barrels of various sizes, depending where in the election 
process she's placed.

The table below breaks down the newer types of fraud that electronic 
voting machines have made available to election thieves:

Retail & Detectable
? Multiple voting
? Deleting votes
? Disabling a machine
? Invalidating all the votes on a machine

Wholesale & Detectable
? Altering the vote tabulation process
? Altering the record of tabulated results

Retail & Undetectable
? Altering the vote recording process
? Altering the record of votes

Wholesale & Undetectable
? Altering the vote tabulation process
? Altering the vote recording process
? Altering the record of votes

In this table, "detectable" denotes instances of tampering and fraud 
where we could potentially know that something went wrong with the vote, 
even if we're not sure what has happened or how. Undetectable fraud 
denotes fraud that's absolutely impossible to detect after the fact 
(short of a whistleblower coming forth), and that's functionally 
impossible to detect before the fact due to time and resource 
constraints on pre-election machine testing.

The scariest part of Table 2's list of e-voting fraud types is the box 
where the "Undetectable" row and the "Wholesale" column intersect. 
Undetectable wholesale fraud is the ultimate apocalyptic scenario for 
security analysts, and for democracy?it's the briefcase nuke in downtown 
Manhattan, or the human-transmissible bird flu strain in the 
international terminal of LAX.

Because undetectable wholesale election fraud is the holy grail of 
anyone who wants to steal an election, I'll spend the rest of this 
article discussing it in some detail. Along the way, you'll also see 
that most of the attacks I'll cover can also be carried out on the 
retail level, as well."