Diebold Election Audit Logs Defective

mtrachtenberg writes "Premier Election Solutions' (formerly Diebold) GEMS 1.18.19 election software audit logs don't record the deletion of ballots, don't always record correct dates, and can be deleted by the operator, either accidentally or intentionally. The California Secretary of State's office has just released a report about the situation (PDF) in the November 2008 election in Humboldt County, California (which we discussed at the time). Here's the California Secretary of State's links page on Diebold. The conclusion of the 13-page report reads: 'GEMS version 1.18.19 contains a serious software error that caused the omission of 197 ballots from the official results (which was subsequently corrected) in the November 4, 2008, General Election in Humboldt County. The potential for this error to corrupt election results is confined to jurisdictions that tally ballots using the GEMS Central Count Server. Key audit trail logs in GEMS version 1.18.19 do not record important operator interventions such as deletion of decks of ballots, assign inaccurate date and time stamps to events that are recorded, and can be deleted by the operator. The number of votes erroneously deleted from the election results reported by GEMS in this case greatly exceeds the maximum allowable error rate established by HAVA. In addition, each of the foregoing defects appears to violate the 1990 Voting System Standards to an extent that would have warranted failure of the GEMS version 1.18.19 system had they been detected and reported by the Independent Testing Authority that tested the system.'"

Old news

[canajin56]

is old. Its been known for years now. Its an Access database. Pretty sure you could reboot it, then hold down shift while it was starting to prevent the "auto-run" loading of the forms. And all the audit logs are just Visual Basic "triggers" that insert into a "log" table. Changing votes is as easy as going to the vote table and changing them. The Visual Basic triggers will be fired off, and insert crap into the logs. Then you just go to the log table and delete the new entries. There aren't logs of log changes or there would be an infinite loop of log entries, so you've just erased all record of your tampering. BlackBoxVoting.org has had detailed instructions up for as long as I've been hearing the name "Diebold".

Minnesota Anyone?

[craenor]

Considering that still, several months later, the State of Minnesota is recounting paper Senate ballots over and over, is this REALLY that bad of an option?

Re:The real problem

[blueforce]

OR.... Diebold didn't make them, rather Premier Election Solutions did. Diebold bought Premier back in the early oughties when Wally O'Dell was CEO and had deep interest with the Bush administration. Your banking "issues" are from a completely separate company in a completely separate state.

http://www.rawstory.com/news/2005/Diebold_CEO_resigns_after_reports_of_1212.html [rawstory.com]

Re:Fraud

[Chris Mattern]

how is this not treason?

Constitution, Article III, Section 3:

Treason against the United States, shall consist only in levying war against them, or in adhering to their enemies, giving them aid and comfort. No person shall be convicted of treason unless on the testimony of two witnesses to the same overt act, or on confession in open court.

That's how this is not treason.

Re:Why Authentication is a good idea!

[Ironica]

The very polite woman looked away and told me that she CANNOT look at my ID Cards because of laws/rules. ...
What troubles me is that there was almost ZERO authentication! All I needed, was a name and to show up where that name would be likely registered and I could vote fraudulently. ...
I realized that this must be ON PURPOSE. But why? All I can conclude after much though is to allow fraud.

No... it's to allow everyone to vote, even if they don't have the money to get a state ID card.

There's no FREE form of authenticated ID. A passport costs $100. A California State ID Card costs $7 if you qualify for a reduced fee.

A state that provides authenticated ID at no charge might not have a state law requiring that people be allowed to vote without ID, but around here, requiring ID would be a financial barrier to voting.

Re:Fraud

[heson]

We should change the laws to hold devices used in state and federal elections to similar or same standards as life-critical medical devices.

They are life-critical. Just ask Saddam.

I would rather ask these: http://icasualties.org/Iraq/index.aspx [icasualties.org]

Re:Fraud

[heson]

Watch "Hacking Democracy"(by HBO) (it's on youtube) for clues to how.

Re:Fraud

[Ioldanach]

The "operator" is the casino, or bank. They trust themselves, if they make a mistake they're the ones that lose money. The "operator" of the ballot box is a member of the government who may have an axe to grind.

seems like shared responsibility

[Trepidity]

In most industrial settings, if something's built to a specification, and it's later discovered to have failed to meet the specification, the vendor's still at least partly liable, even if the customer failed to discover the defect in initial validation.

Re:Fraud

[DavidTC]

Right, the owner is allowed to do various things with it, but not to reduce the payoffs below a certain amount, or alter the odds at all.

Aka, they have to do things through the interface, and the machine will not accept certain things.

Which is exactly where electronic voting machines need to be. Obviously, administrators should have, for example, the authority to set up an election. But not erase votes or tamper with the time of votes.

Whereas in reality all this is stored in a damned Access database and it's trivially easy to edit it however you want.

Re:Fraud

[Anonymous Coward]

The "operator" is the casino, or bank. They trust themselves, if they make a mistake they're the ones that lose money. The "operator" of the ballot box is a member of the government who may have an axe to grind.

NO.

Video gaming devices may be "owned" and/or "operated" by the casino. However they are audited and regulated by the state.

Every single credit, every transaction (i.e. number draw) is available for testing and audit by the state's gaming commission and the drop of a hat.

There is no way to "rig" a machine to pay you out AND HIDE that fact. While some people have succesfully rigged machines, it still shows up in the audit path.

ATM's are bad examples, they are actually horribly insecure. You can hack one pretty easily with some basic telephony equipment if it's in an indoor location. The trick is doing so in a location where nobody notices you tampering with the machine, and the outdoor ones are hardened against intrusion.
(Basically you can just tap into the phone line, and sniff the modem transmission).

Re:Fraud

[HiThere]

It was the MSAccess2000 version, but I've personally caught MSAccess making a mistake when adding two numbers. It didn't happen often, but it did happen. And they weren't even large numbers.

Now you might say "But you only caught one out of hundreds of thousands of calculations!". My response is "Do you know how difficult it is to track down that kind of error!" I expect that there are thousands that I didn't catch, or ascribed to rounding errors. The next day I stopped using (i.e., creating new programs in) MSAccess. This was difficult, as I didn't really have any good alternative. For awhile I did all the calculations in external code. (Eiffel as it happens.) It was kludgy, but it got the job done, and I stopped finding any errors...well, outside of my own errors.