Home | Writings | Resume | Links | RSS Feed
A Proud Member of the Reality-Based Community
About Me :
I'm a grownup nerd living in the Boston burbs. I write computer programs for a living and plays for fun.
I'm married to a wonderful woman, and we share a nice little house with our daughter and our cats.
I'm a humanist, a technologist, an artist, and an idealist. I believe in reason, freedom, love, equality,
and democracy. (Did I mention that I'm
an idealist? I did, OK.)
I'm also a pragmatist and an empiricist. I reject ideology and dogma, especially when they conflict with
practical facts (i.e., pretty much always). I particularly hate willful ignorance, which tends to go hand-in-hand
with ideology and dogma.
Like the alignment of the planets, this blog gets updated as I have the time, inspiration, and inclination to do so.
Like the alignment of the planets, this blog gets updated as I have the time, inspiration, and inclination to do so.
Wednesday, December 08, 2004
Scam Codes
I don't know if the Clinton Curtis affidavit is a genuine document, or if many of its claims will withstand deeper scrutiny. Curtis claims to have developed a means for rigging electronic voting machines at the request of a Florida state representative, who is now in the US House. A number of liberal blogs, including The Blue Lemur and The Brad Blog are carrying the story, but it is starting to percolate into other venues, notably Slashdot, and get some traction with the "mainstream" corporate media.
It's pretty shocking material. Curtis claims he developed what he thought was demonstration code, intended to show how a touch-screen electronic voting machine could be rigged with a backdoor which meets three criteria: (a) It must be touchscreen-capable, (b) It must be capable of being triggered without any special equipment, and (c) It must be undetectable, even if the source code is inspected. Curtis claims that these requirements came directly from the congressman.
Curtis claims he developed a vote fraud prototype which presents itself as an ordinary touch screen voting machine, but with hidden buttons. A user with the knowledge of where the hidden buttons were could, by activating the correct sequence of such hidden buttons, change the vote totals! He writes:
"...By clicking the correct order of invisible buttons the candidate selected by the user is compared to other candidates within that same race. If the candidate they selected is leading the race, nothing happens. If the other candidate is leading the race, the vote totals are altered so that the selected candidate is now leading the race with 51% of the vote. The other candidates then share the remaining 49% in exact proportion to the totals they had previously. In the prototype supplied to Feeney, the vote totals showed on the screen. In an actual application, the user would receive no visible clues to the fraud that had just occurred..."
In order to more visibly demonstrate what Curtis is talking about here, I have created a small Flash movie which essentially replicates his prototype:
The movie includes some decoration around a pretty basic interface. Select a candidate, press "Cast Vote", and the totals are incremented accordingly. If you don't like the totals, or the candidates, or the order, just press "Setup", type in the values you like, and press "OK". (Press "Setup" again to dismiss the setup screen.) You can toggle the display of the vote totals, too, to simulate that aspect of a real voting machine. For simplicity's sake, I have assumed a three-person race, although there's no reason this wouldn't work for any number of candidates or races.
The vote fraud is possible on this simulation, as in Curtis's, by the use of hidden buttons. I have placed mine just to the left of each candidate's radio button. The sequence is important, since we only want people who know what they're doing to trigger the reallocation of votes, and we want to be able to select which candidate is favored.
In my simulation, it's a five step process. It's easier to do it than to describe it, but here goes:
1. You must click your selected candidate's hidden button 3 times, (*Just to the left of the circular radio button next to the candidate's name*)
2. Then click any other candidate's hidden button 3 times,
3. Then click your selected candidate's hidden button twice,
4. Then click any other candidate's hidden button twice,
5. Then click on your selected candidate's hidden button.
Try it!
When you do this, if you are displaying the vote totals, you will see that your candidate is now winning the race with 51% of the vote, and the total number of votes is unchanged. (This is important since precincts count voters very carefully to match up with their machine totals at closing.)
If this were an actual voting machine, how could I use it in practice? I would have to have people planted in as many voting stations as possible. They could be election officials or they could be ordinary voters, as long as they knew the correct sequence of hidden buttons to press. They could enter the fraudulent sequence at any time, although it would make a lot more difference later in the day than sooner. (If the code was entered at, say, 6:00 pm, when the polls have been open for 11 hours already, it is not likely that two hours of honest voting could overwhelm the results.) However, in order to make the scheme work, it would be imperative that the machines provide no audit trail, and that the inner workings of the machine, i.e. the source code, is never available to inspection, by the government or by the general public.
Now let's see. Which party controls a vast majority of local election officials and has virtually unfettered access to the machines? Which two companies make the machines which count 80% of the vote in America, are owned and operated by big party activists, which have successfully resisted putting any paper trail whatsoever into their machines? Which candidate wins when the source code for these machines are protected as "trade secrets", unavailable for view by anyone except company officers?
Who wins? It's as easy as Bush, Bush, Bush, Kerry, Kerry, Kerry, Bush, Bush, Kerry, Kerry, BUSH!
It doesn't matter if the Curtis affidavit is genuine. What matters is that rigging the vote in the way that Curtis describes is plausible -- indeed, as I have demonstrated above, it's easy. Curtis claims that the code to perform the vote fraud would be easy to detect if the source code was inspected (he says he couldn't meet all three criteria because of that), but I am not so sure that's the case. Experienced programmers know that it's relatively easy to obfuscate the purpose of any block of code, and although it's theoretically possible to find it by inspection, it's not hard to make that a very difficult practical task. As an example, here's the code which is responsible for most of the Flash movie above:
riggedvote.as
It's not a lot of code, just a couple of hundred lines, and I haven't taken any special care to hide the fraud, but it takes some work to find it just the same. Now imagine hiding that nugget of code inside hundreds of thousands of lines of code. If some enterprising Microsoft hackers can hide a Flight Simulator in Excel, it's not hard to hide a little bit of fraud in a voting system.
I think the only way to make electronic voting trustworthy is to make it auditable at every level. This means careful validation and certification of open public source code, and an auditable paper trail.
Until then, your vote is only as good as the intentions of the person who follows you into the voting booth.
Verified Voting
Black Box Voting
20 Amazing Facts About Voting in the USA
0 comments
I don't know if the Clinton Curtis affidavit is a genuine document, or if many of its claims will withstand deeper scrutiny. Curtis claims to have developed a means for rigging electronic voting machines at the request of a Florida state representative, who is now in the US House. A number of liberal blogs, including The Blue Lemur and The Brad Blog are carrying the story, but it is starting to percolate into other venues, notably Slashdot, and get some traction with the "mainstream" corporate media.
It's pretty shocking material. Curtis claims he developed what he thought was demonstration code, intended to show how a touch-screen electronic voting machine could be rigged with a backdoor which meets three criteria: (a) It must be touchscreen-capable, (b) It must be capable of being triggered without any special equipment, and (c) It must be undetectable, even if the source code is inspected. Curtis claims that these requirements came directly from the congressman.
Curtis claims he developed a vote fraud prototype which presents itself as an ordinary touch screen voting machine, but with hidden buttons. A user with the knowledge of where the hidden buttons were could, by activating the correct sequence of such hidden buttons, change the vote totals! He writes:
"...By clicking the correct order of invisible buttons the candidate selected by the user is compared to other candidates within that same race. If the candidate they selected is leading the race, nothing happens. If the other candidate is leading the race, the vote totals are altered so that the selected candidate is now leading the race with 51% of the vote. The other candidates then share the remaining 49% in exact proportion to the totals they had previously. In the prototype supplied to Feeney, the vote totals showed on the screen. In an actual application, the user would receive no visible clues to the fraud that had just occurred..."
In order to more visibly demonstrate what Curtis is talking about here, I have created a small Flash movie which essentially replicates his prototype:
The movie includes some decoration around a pretty basic interface. Select a candidate, press "Cast Vote", and the totals are incremented accordingly. If you don't like the totals, or the candidates, or the order, just press "Setup", type in the values you like, and press "OK". (Press "Setup" again to dismiss the setup screen.) You can toggle the display of the vote totals, too, to simulate that aspect of a real voting machine. For simplicity's sake, I have assumed a three-person race, although there's no reason this wouldn't work for any number of candidates or races.
The vote fraud is possible on this simulation, as in Curtis's, by the use of hidden buttons. I have placed mine just to the left of each candidate's radio button. The sequence is important, since we only want people who know what they're doing to trigger the reallocation of votes, and we want to be able to select which candidate is favored.
In my simulation, it's a five step process. It's easier to do it than to describe it, but here goes:
1. You must click your selected candidate's hidden button 3 times, (*Just to the left of the circular radio button next to the candidate's name*)
2. Then click any other candidate's hidden button 3 times,
3. Then click your selected candidate's hidden button twice,
4. Then click any other candidate's hidden button twice,
5. Then click on your selected candidate's hidden button.
Try it!
When you do this, if you are displaying the vote totals, you will see that your candidate is now winning the race with 51% of the vote, and the total number of votes is unchanged. (This is important since precincts count voters very carefully to match up with their machine totals at closing.)
If this were an actual voting machine, how could I use it in practice? I would have to have people planted in as many voting stations as possible. They could be election officials or they could be ordinary voters, as long as they knew the correct sequence of hidden buttons to press. They could enter the fraudulent sequence at any time, although it would make a lot more difference later in the day than sooner. (If the code was entered at, say, 6:00 pm, when the polls have been open for 11 hours already, it is not likely that two hours of honest voting could overwhelm the results.) However, in order to make the scheme work, it would be imperative that the machines provide no audit trail, and that the inner workings of the machine, i.e. the source code, is never available to inspection, by the government or by the general public.
Now let's see. Which party controls a vast majority of local election officials and has virtually unfettered access to the machines? Which two companies make the machines which count 80% of the vote in America, are owned and operated by big party activists, which have successfully resisted putting any paper trail whatsoever into their machines? Which candidate wins when the source code for these machines are protected as "trade secrets", unavailable for view by anyone except company officers?
Who wins? It's as easy as Bush, Bush, Bush, Kerry, Kerry, Kerry, Bush, Bush, Kerry, Kerry, BUSH!
It doesn't matter if the Curtis affidavit is genuine. What matters is that rigging the vote in the way that Curtis describes is plausible -- indeed, as I have demonstrated above, it's easy. Curtis claims that the code to perform the vote fraud would be easy to detect if the source code was inspected (he says he couldn't meet all three criteria because of that), but I am not so sure that's the case. Experienced programmers know that it's relatively easy to obfuscate the purpose of any block of code, and although it's theoretically possible to find it by inspection, it's not hard to make that a very difficult practical task. As an example, here's the code which is responsible for most of the Flash movie above:
riggedvote.as
It's not a lot of code, just a couple of hundred lines, and I haven't taken any special care to hide the fraud, but it takes some work to find it just the same. Now imagine hiding that nugget of code inside hundreds of thousands of lines of code. If some enterprising Microsoft hackers can hide a Flight Simulator in Excel, it's not hard to hide a little bit of fraud in a voting system.
I think the only way to make electronic voting trustworthy is to make it auditable at every level. This means careful validation and certification of open public source code, and an auditable paper trail.
Until then, your vote is only as good as the intentions of the person who follows you into the voting booth.
Verified Voting
Black Box Voting
20 Amazing Facts About Voting in the USA