Touchscreens have a trail that can be audited; can experts confirm?

I'm told by a computer person that even touchscreens have trails that can be audited to determine the actual results by county or precinct.
The computer compiler has a hard drive memory that contains all of the individual votes, which can be extracted by an independent computer expert. Or so I'm told. Can any other computer persons confirm this?? If so, its a whole new game. Just file suit to impound computer memories and have them checked to see how they match.

As a computer expert myself, what I know about these machines indicates that votes lose their individuality as soon as the vote is entered. All they do is tally the votes much as the old mechanical lever arm machines did.

The design goal of these machines seems to have been to make them as un-auditable and un-recountable as possible.

Thank Ben. That just makes it even more clear as to the "intent" of the vote machine co's!:mad:

so that you can see each ballot that was cast on the machine but if the data's corrupted, what good is that?

Tbe newer touch screen systems store the coordinates on the screen touched by each voter in flash memory in the individual voting machines. That is converted into numerical codes which are stored on the removable cartridge that is used to download the votes from each machine. The cartridge results may or may not be identical to the voters' intent.

Technically, the flash memory can be downloaded from each machine and reconstructed to show what each voter really intended. However, getting from "it could be done technically" to "it will be done legally" is a horrendously difficult process. It's a hell of a lot simpler to have a voter-verified paper ballot print out of the machine for rechecking the vote.

There are also numerous audit logs that can be analyzed for inconsistencies that point to machine error or fraud. Getting these logs is one thing (they're public records) getting them in a timely manner is another. Being able to analyze and use them in time to successfully challenge election results is still another.

Again, the VVPB is an essential starting point.

horrendously difficult process.

Thanks Hedda, same conclusion as above.

To any of the "doubters" here; or "I need absolute proof" crowd.

Can't you see a pattern here?

i worked in a restaurant over 10 years ago -- touch screens certainly had auditing capabilities (to do reports on the entire day, etc.) -- I also work for a software company, and one of our products is for scheduling deicing at an airport -- it's a touch screen, and it records and audits all actions, including who was signed in, when the system timed-out for non-activity (the person has to log back in, that's audited, too). If all of these action are traceable, I would think, that even though the machine is doing things without a "paper trail" some of that activity could be traced -- BUT -- even if there were things that were in the code (such as hot spots which flipped to bush instead of recording Kerry when Kerry was selected) -- the INTENTION of the vote could not be determined -- just the actual vote as it occurred....

unless the code was inspected....

This is all speculation -- the systems may be too different to even compare, but thought I'd offer my understanding of it.

It is very easy to change the contents of a hard disk, even if this is true.

The result of the vote is whatever the voting machine company says it is.

there are forensics experts who can audit/restore original results. The name of one was posted here yesterday by RaulVB and he sent that information to the lawyers in Ohio.

Is that about the same thing?

If you want to read a technical report done by a crack team paid to experimentally hack a Diebold touchscreen system early this year, go here.

Elsewhere, some call it "editing" an election rather than hacking, because if you can gain Supervisor status, you can just type in new numbers for vote totals.

In addition, the experts note that Diebold's machines, which were astonishingly adopted by the State of Maryland after they commissioned and (I guess?) read the report, HAVE CODE FOR WEIGHTED BALLOTS.

These are some notes I took from the technical report.

<http://www.raba.com/press/TA_Report_AccuVote.pdf>
Trusted Agent Report
Diebold AccuVote-TS Voting System
January 20, 2004
Prepared by RABA Innovative Solution Cell (RiSC)Dr. Michael A. Wertheimer, Director
<http://www.raba.com/press/TA_Report_AccuVote.pdf>

When a Supervisor Card is inserted into an AccuVote-TS Terminal, a 4-digit PIN is requested. Given the PIN, one has the ability, e.g., to end the election, clear the vote counts, or vote multiple times. note, page 17

page 18 -- with a keyboard attached to the terminal, an attacker can overwrite the results for a voting terminal. This would elevate the attacker to a Supervisor status, without needing even a smart card.
Removing the PCMCIA card enabled the attacker to switch the names of two candidates. The voter would think s/he was voting for Candidate A, but would actually be voting for Candidate B.

Page 20 Remove the test recording software from the Accu-Vote TS Terminal that allows the keyboard exploit. It serves no valid function.

Page 20 The current version of the GEMS software still contains many of the vulnerabilities widely published on the Internet. It was disappointing to see that no obvious attention was paid to addressing these weaknesses....One vulnerability, for which a patch was made available in July 2003, allows a remote attacker to get complete control of the machine....By successfully directing Canvas at the GEMS modem interface, the team was able to remotely upload, download, and execute files with full system administrator privileges. All that was required was a valid phone number for the GEMS server.

Exact quote, page 20
"The team demonstrated the following vulnerabilities:
1. The GEMS server lacks several critical security updates from Microsoft. As a result,
the team successfully exploited a well-known vulnerability using a software product
known as Canvas27. This vulnerability, described in a security advisory from
Microsoft28 for which a patch was made available on July 16, 2003, allows a remote
attacker to get complete control of the machine. Since this is the same weakness that
the August 11, 2003 “Blaster” worm exploited, it means that if the GEMS server was
exposed to an environment where “Blaster” was propagating, it might have been
infected. By successfully directing Canvas at the GEMS modem interface, the team
was able to remotely upload, download and execute files with full system
administrator privileges. All that was required was a valid phone number for the
GEMS server.

2. Modify GEMS software and/or election database on LBE (local board of elections) server. Given physical access to the server, one can insert a CD that will automatically upload malicious software, modify or delete elections, or reorder ballot definitions. The problem is that the server enables the "autorun" feature."

3. Exploit the USB port in the rear of the device.

4. ... the database files that contain the election definition (and results) are neither encrypted nor authentication protected. Results can be modified at will. In addition, ballot definitions can be altered so that the mapping between candidates and their "ordinal numbers" can be changed. A sophisticated user can automate this procedure requiring only a few minutes access to the server.

Page 23 re Diebold "We feel that a pervasive code rewrite would be necessary to instantiate the level of best practice security necessary to eliminate the risks we have outlined in the previous sections. Our analysis lacked the time and resources to determine if Diebold has the expertise to accomplish this task."

Under General Recommendations
Page 24

7. GEMS and AccuVote-TS software contain code for "weighted ballots." This does not have any apparent use for Maryland elections; vendor should provide plausible scenario for weighted ballots in a general election; if none can be provided, this code should be removed.

~~~~~~~~~~~~~~~~~~~~~~~

If that's too geeky for you, here's a plain language newspaper version of the test, definitely worth a read.


Md. computer testers cast a vote: Election boxes easy to mess with
----------------------------------------------------------------
By Stephanie Desmon
Sun Staff (Maryland)
January 30, 2004
<http://www.sunspot.net/news/local/bal-te.md.machine30jan30,0,4050694.story?coll=bal-local-headlines>

For a week, the computer whizzes laid abuse - both high- and low-tech -on the six new briefcase-sized electronic voting machines sent over by the state.

One guy picked the locks protecting the internal printers and memory cards. Another figured out how to vote more than once - and get away with it. Still another launched a dial-up attack, using his modem to slither through an electronic hole in the State Board of Elections software. Once inside, he could easily change vote totals that come in on Election Day.

"My guess is we've only scratched the surface," said Michael A. Wertheimer, who spent 21 years as a cryptologic mathematician at the National Security Agency. He is now a director at RABA Technologies in Columbia, the firm that the state hired for about $75,000 to look at Maryland's new touch-screen voting machines scheduled to be unveiled in nearly every precinct in Maryland for the March 2 primary.

The state has no choice but to use its $55 million worth of AccuVote-TS machines made by Diebold Election Systems for the primary. The old optical scanners are gone. Yesterday, Wertheimer calmly presented his eight-member team's findings to committees in the House and Senate, explaining the weaknesses they discovered and a plan for how to plug many of the cracks, at least in the short run.

MORE

We use smartcards: flash memory or memory to record votes.

Problem is these cards like a hard-disk are susptiable to static electricty, any voltage increase, magnets.

You kept hearing about blackscreens machines refusing to boot (sounds like a mem problem to me)

this past election 50 million Americans casted their votes on touchscreen machines. Can we audit it? If the cards and data haven't been compromised.

Diebold and other evoting companies have a law forbbidng any requests to see their software. It is contractual, with states.

you may want to view this http://coalition4visibleballots.homestead.com/CovertVideo.html

watch the diebold meeting

on edit to clarify:

The touchscreen device itself is an input device, much like your keyboard or mouse. If there is not a piece of software in place to log each input separate from the main program, then there is no way to review them later, just as there is no way (apart from a separate program like a keystroke logger) to know exactly what you typed on your keyboard and when.

Its bullshit. But it holds firm.

If we cant impound the machines then Diebold will wipe the out the databases. This is all time sensitive stuff.

can't it pretty much do what ever it wants?

The equipment belongs to the County, not a private company.

The company just has a service contract.

I pulled this off their site.. Note the dodge on where the information goes. It goes ON site to GEMS?

When a voter casts their ballot using the Diebold touch screen system, the ballot selections are immediately encrypted and stored in multiple locations within the voting station. When stored, the order of cast ballots is scrambled to further insure ballot anonymity. The image of each and every ballot cast on the voting station is captured, and can be anonymously reproduced on standard paper should a hard copy of ballots be required for recount purposes. Once voting concludes at a precinct, a printed election results report is printed as a permanent record of all activity at each voting station. This printed record is used to audit the electronic tabulation of votes conducted during the election canvas process, when final, official election results are reported.
\

Can Diebold provide electronic provisional voting that will eliminate the need for paper ballots?

A: The AccuVote-TSX provides a very effective method to electronically capture ballot information of provisional or challenged voters. Provisional voters use the AccuVote-TS touch-screen terminal like every other voter, but provisional ballot information is stored in a separate database until voter verification occurs. At this time, the encrypted provisional ballot data can be electronically transferred into the general election data and included within the final vote tabulation results. This process eliminates the need for the generation and storage of paper ballots for use with provisional voters. This capability has been used in live election environments and is a proven Diebold solution for provisional voters.


What type of capabilities does GEMS® provide?

A: The Global Election Management System (GEMS®) software provides a powerful, easy-to-use graphical interface that supports all of your election systems; Touch-screen and optical scan. From ballot creation to tabulation and post election reporting, GEMS provides an integrated Windows® solution that works. GEMS' standard Internet and reporting capabilities allow the election administrator to quickly report results to the public, candidates and the media, and to easily customize these reports for specific needs.

this goes on to explain their reality vs Ours, and all of the research independents have done that say 90 percent of the time.. Their Gems software isn't safe! I just read the first page, it's only combative to the excel files used on BBV to expose their software.

http://www6.diebold.com/dieboldes/response7.pdf

The companies OWN the software, and the contract they have the state/county sign maintains their proprietary status. Some states have managed to get a copy of the code placed in escrow with the state, but none have ever done anything beyond that ... like actually examine the escrowed code ... much less compare code being used on election day to the escrowed copy.

No one can prove that the data stored on such a machine was recorded correctly, thus such data is useless for auditing purposes.

Imagine of company in which you had to rely on data entred into the computer of purchases, but never got to talk to the vendor, or see an invoice or purchase order.

I have a payment for $10,000 for legal services. I do not know who the money was payed to, what services were rendered or if the services were rendered. Such a system is unacceptable.

Why?

Because it is ripe for abuse. But, assume you are living in a world of perfectly honest people and they will never abuse the system. You are still screwed because what if the payment was suppposed to be $1,000 and someone mis-keyed the data.

David Allen
www.thoughtcrimes.org

The info from memory is lot better than what we have anywhere else.
It has to be more credible than an arbitrary number turned in by a partisan official with no paper trail or credible support.

But even given if it's taken off of memory.

Who is given the access to those numbers? Is the information collected then transmitted to Diebold? Or ES&S (they are related too i think, people who own them). These two rival Brothers tabulate 80% of the vote.

in 1988 Jeb's Bush's first choice for running mate was San Mortham ES&S lobbyist.

Fl officials denied refused to allow independent(2000)audits of e-voting machines.
ES&S systems e-voting systems do contain modems inside the machine, allowing them to communicate with the machine, satellites, or wireless connection would suffice. Or once they are carted off out of sight. Programmed before hand too

There was fraud in 1988.. Maybe our best source of information is to start with this 1988 report for US commerce Dept. Titled Accuracy, Intergrity, and Secruity in Computerized Voting-Tallying. Roy Saltman



http://www.itl.nist.gov/lab/specpubs/500-158.htm

but the data you get off the drive is only accurate if it was recorded accurately.

As I explained to someone a while back, a pciture of a counterfeit $100 bill is worth as much as the actual bill.

David Allen
www.thoughtcrimes.org

FEC standards require redundant storage on all voting machines. Technically, the answer to your question is yes. Realistically, the answer is an unknown since the manufacturers all disallow inspection of said data based on proprietary trade secret law.

Riverside County, California, 2003. A candidate asked for a recount, demanding the redundant file storage for inspection and the court denied the request based on proprietary trade secrets.

Touch screens are simply, thermally sensitive grids overlaying a computer screen or monitor.The grid is sensitive to body temperature. When Your finger touches the screen, the grid it senses the temperature change and records in Cy coordinates. A touch screen is not a computer . It is an IO device. (a keyboard). no magic here.

On hard drives and this "may be significant"

When he drive is formatted, it is prepared to accept data, and the drive is divided up into sections Each section has a unique address ( think of it as a s a street address) When you copy a file to a hard drive these sections get filled up the directory, like a phone book records the location of all those little ones and zeros (binary data) of the file. Here is the potentially significant part. When you throw the file away. You only throw the directory information about that file away. The one and zeros are still there, and until the drive needs the space, The data or parts of the data, the significant point may still be there.

I have to think this has been anticipated... if not well, you could get lucky and I think you would have seen a lot of reactionary scrambling.

My guess is thats not where the magic is.

on ones and zeros, or "binary" :

Binary is like Morse code. It is the simplest way to uniquely describe something. Morse code, long pules, short pulses, IE. SOS. Binary usage in computers equates more to on or off, Binary,in computers, marries with something called an an-gate of which qualified engineer need describe. But basically it like a turnstile which flips either on or off.

I keep thinking, if they manipulating things, it is at this level. I keep reading about unique anomalies about the vote tabulators. The anomalies,as far as this method of potential fraud, I surmise, is the smoking gun.

I am curious to know more on the topology and exactly how the data is transmits from one local to another whether leased lines, or dial up, etc., is used as the vote is tallied.

I am beginning to think the technician is a "snipe" hunt.

It feels good to be able contribute something here.

Now the farmer with bad grammar and poor punctuation, has to go milk the chickens.

k

The redundant storage is removable flash drives.

Primary storage is a PCMCIA card.

Data is transmitted over insecure, standard phone lines (typically the school/polling place fax line to avoid the PBX) in a plaintext file. The file is intentionally changed to plain text because Diebold couldn't figure out how to transfer an encrypted file and unencrypt it on the other end.

The DRE box is basically a laptop with a touchscreen - 286 (old) processor, no co-processor and the operating system, software and ballot definition files are loaded into firmware during an election.

The software date on the PCMCIA card is compared to the date of the software in the firmware on PowerOn and an upgrade to the firmware is automatic if the dates don't match.

January 2003 certification documents show:

SanDisk
140 Caspian Court
Sunnyvale, CA
http://www.sandisk.com

send me a PM with an email addy and I'll send you the technical spec document for Flash Memory and the PCMCIA cards.

.

OK, first we are talking about two different generations of fraud here, OHIO and The Newer generation touch screens. Can draw engineering parallels be made between the two?

Lets define more acronyms here first.

ROM read only memory
PROM Programmable Read only memory
E-PROM electronic programmable read only memory
EE-PROM Erasable programmable memory

The order, is also, sort of it's practical historical introduction into mainstream computing. the first be the least expensive ( though not at the time of its introduction) The latest chips would last have the highest cost. The more chips produced over time the lower the cost of goods.

The question is then, Why would a manufacture use an EE-PROM adding additional expense.
when he doesn't have to ...is this method in enginering?

The technician in OHIO, only one of the suspicious examples sited by Cong. Conyers.

In order to Reset the E-PROM in those days one would expose it to ultraviolet light.

Could the the weight of the heavy jacket have been an ultraviolet light? Did go to his jacket a couple times, for a smoke?

When one downloads firmware, to E-PROM don't you have to reboot the machine to invoke it? Didn't MS Eaton say the machine rebooted in her testimony?

k

you flash firmware.. which is in the chipset. you have to reboot. Cold boot usually, it has to update the Bios? doesn't it

blah I do remember something about Eprom but it's been awhile, my A+ skills are rusty

Once your assembly language program is in a binary format, it can be loaded into an EPROM. For programming an EPROM the following steps are required:

Write your program in assembly language. Make sure you include a hook (Jump Command) to intercept the restart address of the microprocessor so that your program starts up correctly.
Assemble and link the file to generate an EXE program.

blah blah i found of list that goes on and on about have an exe. or bin file on a link or patch.

I'm a generalist, more like a hardware historian. You have gone beyond me. I understand.

anybody else?

a Zero-Start report at the beginning of the election and a Results tape at the end.

BTW: These are the infamous "poll tapes" Bev pulled from the garbage in Florida.

Worse yet, we are going to be stuck with these machines in 2006.. they will sell on their newest scam: Paper trail... watch their be issues with it printing out bougs votes to match the hack inside the machine. If we can't get our hands on the code, we can never verify these machines are trust worthy.

Major vendors Sequoia, Diebold, and ES&S have prototypes of voter-verifiable paper trails that can be attached to their DRE machines. These systems still need to be certified, but that could probably be completed in time for the 2004 elections.


Note it never was completed in 2004, they had something beta type for 700 bucks.

Can't we just get rid of these machines all together when each and every one of these 3 companies is completely corrupt.

They must be banned!

we absolutely refuse to vote again until they stand up and get it fixed. Do away with electronic voting machines totally. Each new company that pops up is a Republican nest of thieves.