Thomas D. Schneider, Ph. D.
Frederick, MD
version = 1.25 of votingmachines.html 2006 Nov 18
"But look what they are doing!" I said. "These are violations of their right to vote!" "Oh, they've always done that," he said quietly. "You just notice it because now they're playing games with the white folks, too. How's it feel?"
-- Bev Harris and Jerome Dudley in Black Box Voting: Ballot Tampering in the 21st Century (www.blackboxvoting.org, Chapter 1, pages 2-3)
This page is an urgent call for
In the 2004 and 2005 Elections I used a Diebold AccuVote-TSTM voting machine to cast my vote. This page is devoted to explaining why my and your votes on this and other computerized voting machines may have not counted.
Warning: HUMOR: Bush Wins Florida! This small humorous clip explains the problem in a nutshell. The only difference is that when you voted, they would be very careful to make sure that you were not frustrated ...
User Interface. The user interface of the Diebold AccuVote-TSTM is very clean. It consists of a flat touch screen sitting on top of a pizza-box computer. The computer has a lock that perhaps attached it to the voting box. One inserts a small card that supposedly loads the particular vote ballot into the machine. One then merely touches the appropriate squares to vote. A final screen shows the votes. One may back up and change votes. (I did not try this.)
After The Vote. After I finished voting, there was no evidence that I had voted. As far as I could see, my vote might not have been recorded in the machine. My vote might have been set to anything and I could not verify it. My vote might be tallied later. But there is an even worse problem. Without open source code nobody, not even the election officials, knows what happened.
The Problem is in the Program. The computers were loaded with a program. Consider the possibility of this program, written in Pascal. You don't need to be a programmer to follow it. The stuff inside "(*" and "*)" is comments to help you see what is going on.
This MADE UP snippet of code does several things.(* If today is November 2, 2004 then do the following ... *) if date = "2004 November 2" then begin (* Pick a random number between 0 and 1. *) r := rnd(0); (* If the random number is less than 1/100 then do the following ... *) if r < 1/100 then begin (* Set the vote to a Favored Candidate *) vote := Illegally_Favored_Candidate else begin (* other wise do this: *) (* Set the vote based on what was pressed on the screen *) vote := fingerpress(screen); end end else begin (* When it is NOT November 2, act "normal". *) (* Set the vote based on what was pressed on the screen *) vote := fingerpress(screen); end
How Programs Work. To understand the severe danger that our Democracy is in, you must understand how computer programs work. There are two components to a program. The first is the source code. The example above is source code. It can be easily read and understood by humans. Comments (as I gave above inside "(* ... *)" ) help but are not necessary (or even could be misleading) to understanding what the code does.
In some computer languages source code can be read by the computer, but this slows down the processing. So in general the source code is transformed into binary. The binary code is long strings of 1s and 0s:
This can be read by the computer directly. It is burned onto CDs for distribution, usually with a severe legal warning that a user agrees not to attempt to convert the binary back to source code.10111010100110101001010011001100001101101010101
The Voting Computer Is a Black Box. The use of binary means that you can not know what is going on inside a voting machine. Even if you had the binary of the program, you still would still not know whether or not an illegal code snippet like the one given above is in the machine. Voting officials (presumably) only get the binary from the company, not the source. So the voting officials do not really know what the program is doing and they must trust the company. What if the company has been paid a lot of money to throw the election to a particular candidate?
Call for Open Source Code. There is only one way to verify the 2004 election. The source code for all election computers must be released. The source code must then be compiled by election officials and the resulting binary compared to the binary distributed by the company. If the comparison does not match by even one bit, the election has been compromised!
Myth 1 Electronic voting systems are inherently insecure and vulnerable to fraud.The argument is invalid. Having found no proven cases previously does not mean tampering is not happening now.
FACTS Marylands new Direct Recording Electronic (DRE) voting system has been studied and analyzed more than any other voting system in use in the country. Not one of the security analyses conducted on Marylands voting system showed evidence of fraud or manipulation or the ability to manipulate the voting system in a polling place, considering the procedural and human safeguards that surround an election. The changes made as a result of the analyses improve the security of the voting system and further diminish the likelihood of fraud. Additionally, as noted in a recent U.S. Congressional Research Report, there are no proven cases of tampering with the Direct Recording Electronic (DRE) or other computer-assisted voting systems in public elections.
Myth 2 The voting systems do not accurately record and tabulate the votes cast.Testing the machines on a different date from the date of the election is invalid. The binary code must never be supplied by the company. The source code must must be made public to allow anyone to verify it.
FACTS All of the analyses of Marylands voting system confirmed that the system counts and tabulates votes with 100% accuracy. An independent testing authority tests the source code, a human-readable program written by a programmer, to ensure that the software accurately records and tabulates votes cast. Election officials and an independent verification firm thoroughly test each voting unit to ensure accuracy.
Myth 5 Hackers could alter a voting system by introducing a Trojan Horse or breaking into the election management system.If Election offices do not receive source code, then who compiles the source code? Is the compiled source code the EXACT SAME binary as is used in the election?
FACTS A person must have physical access to source code in order to plant a Trojan Horse (i.e., hidden program or utility that can cause harm). Election offices do not receive source code and only receive application software (i.e., computer-readable program). A person would need physical access to the main computer to break into the election management system. This computer is password protected and is located in a secure location. The voting units and the main computers are never connected to the Internet.
Courtesy of the National Election Data Archive Project |
George W. Bush could have won the 2004 presidential election due to large-scale vote fraud without election data showing the patterns that the Election Science Institute (ESI) and pollster Warren Mitofsky claim must exist if vote fraud had occurred. The analysis that Mitofsky presented at the October 14, 2005 American Statistical Association fall conference has been proven mathematically useless for testing exit poll data for vote fraud.
"The concept of invisible ballots created with secret software is fundamentally flawed"
--- programmer Alan Dechert, co-founder and president of the Open Voting Consortium (OVC).
"The National Election Data Archive (NEDA) is the first mathematical team to release a valid scientific analysis of the precinct-level 2004 Ohio presidential exit poll data. NEDA's analysis provides virtually irrefutable evidence of vote miscount.
Abstract This paper presents a fully independent security study of a Diebold AccuVote-TS voting machine, including its hardware and software. We obtained the machine from a private party. Analysis of the machine, in light of real election procedures, shows that it is vulnerable to extremely serious attacks. For example, an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates. An attacker could also create malicious code that spreads automatically and silently from machine to machine during normal election activities -- a voting-machine virus. We have constructed working demonstrations of these attacks in our lab. Mitigating these threats will require changes to the voting machine's hardware and software and the adoption of more rigorous election procedures.
"A recount with these machines essentially involves an election official hitting the reprint button and then saying oh the results are the same that we already printed. All fine here, voting. This tells us nothing about whether we have the tally. Garbage in, garbage out."Washington Post John Broder and Ian Urbina
--- Avi Rubin
What are Tom's qualifications for creating this page? I have written over 200 programs.
This page can be found using the Tiny Url: tinyurl.com/r95zt
This page was written entirely with my personal resources on my own time. No governmental funds, equipment, space, time, matter or electrons were used. Although I am a government employee, speaking out about candidates is allowed under the Hatch Act. On page 4 of the Pdf booklet: "Permitted and Prohibited Activities for Employees Who May Engage in Partisan Activity ... May express opinions about candidates and issues". "Expressing opinions about candidates and issues in private and in public (even when done in a concerted way to elicit support for a candidate or party)." is permitted. This page is paid for by Thomas Schneider and not authorized by any candidate.
Tom Schneider's Home Page
origin: 2004 November 3
updated: see top of page