Last minute 'security by obscurity' defense unlikely to ensure integrity of results...
By Brad Friedman on 12/19/2011, 2:10pm PT  

Well, whaddaya know? Suddenly, after all these years of warnings from The BRAD BLOG that electronic voting systems are exceedingly vulnerable to manipulation by insider election officials as well as outside hackers from almost anywhere, such as China or Iran or even al Qaeda, the GOP is now worried about electronic vote hacking in their Iowa Caucuses on January 3rd.

"Their fear," as AP reports today, is triggered by little more than a two-minute video posted on the Internet in early November, purportedly created by the "hacktivist" collective known as Anonymous, calling on members, in a trademark computer-generated voice, to "peacefully shut down the first-in-the-nation Iowa caucuses." [The complete video is posted at the end of this article.]

Progressive radio and television host Thom Hartmann covered the AP story on his radio show this morning, suggesting that while the GOP may have concerns about Anonymous shutting down or manipulating the results of the Iowa caucuses, they may also attempt to use the opportunity of heightened security to ensure that Republican candidate Ron Paul is not named the winner. A poll released last night by Public Policy Polling (PPP) shows Paul vaulting into the lead in Iowa, as previous front-runner Newt Gingrich's numbers have collapsed in the Hawkeye State. Paul now leads over Romney in Iowa, according to PPP's poll, with 23%, followed by Romney at 20% and Gingrich at 14%.

[NOTE: I will be appearing on Hartmann's TV program, The Big Picture with Thom Hartmann, this evening to discuss this story. --- UPDATE: My appearance with Hartmann is now posted here.]

According to AP's report, the GOP is now concerned about "an Iowa caucus marred by hackers who corrupt the database used to gather votes and crash the website used to inform the public about results that can shape the campaign for the White House."

They go on to report that "Experts in computer security said such concerns are valid."

Unfortunately, however, it appears as though the steps the GOP are planning to take to try and counter the threat will do little ensure the public can trust the results that the party eventually reports to the public. (In the Iowa Caucuses, party officials, rather than state election officials, tally and report results to the media and public.)

If Republicans in Iowa, or anywhere else for that matter, truly fear the manipulation of results, there is only one way to help make such manipulation as difficult as possible. Similarly, if supporters of Ron Paul are concerned about same --- and they have every good reason to be, particularly considering the well-documented history of vote manipulation by supporters of Mitt Romney in the past --- they ought to be calling for the very same solution to help ensure the integrity of results in Iowa (and, frankly, everywhere else) in 2012...

AP's story quotes long-time University of Iowa computer science professor and e-voting expert Dr. Douglas Jones, whom we have quoted many times ourselves over the years here at The BRAD BLOG, as he has long been warning about the threat of e-vote manipulation. He confirms, once again, to AP that such a threat is indeed quite real.

"It's very clear the data consolidation and data gathering from the caucuses, which determines the headlines the next morning, who might withdraw or resign from the process, all of that is fragile," Jones told AP.

Wes Eno, a member of the Iowa GOP's central committee and political director for candidate Michele Bachmann's state campaign, says, "With the eyes of the media on the state, the last thing we want to do is have a situation where there is trouble with the reporting system...We don't want that to be the story."

In response to the concerns, the party is said to have "authorized additional security measures aimed at ensuring hackers are unable to delay the release of caucus results."

What those "additional security measures" are, however, is not detailed. The Iowa GOP official in charge of coordinating caucuses, Ryan Gough, "declined to comment on specifics of the new security efforts so as not to give away 'the game plan' to hackers," says AP.

Good luck with that whole "security by obscurity" thing, fellas. There is really only one way --- and it needn't be a secret --- to help assure that results cannot easily be manipulated by either Anonymous or by GOP officials themselves.

While most GOP Caucuses in Iowa employ secret ballots, as cast on paper, some, in the past, have used a show of hands. The results in both cases are then sent to state GOP headquarters, by phone or by computer, where they are then tallied by a computer database and finally announced to the media.

The GOP is calling on all caucuses to use paper ballots this year so that "the ballots would provide a backup in the event of any later confusion about the results." But those paper ballots only go so far towards ensuring integrity, the central tabulating database is the real vulnerability in the system.

In order to ensure those paper votes are tabulated correctly across the state, and not manipulated by anyone, they must be counted publicly at the caucus locations, with results announced and posted at the time to caucus goers and the public at large at all 1,800 caucus locations, before those results are then sent to the central tabulation center.

The hand-counted paper ballot system, with decentralized results posted at the "precincts," is the only way to try and protect against manipulation of the results --- from either insiders or outsiders --- in a way that the public can know the results have not been manipulated.

For the more technically minded, Jones explains in the AP article how Anonymous --- or anybody else --- could target the results in Iowa --- or anywhere else...

Jones said officials are likely working to prevent two of Anonymous' favorite tools. The first sends thousands of requests to a website server, rendering the site inaccessible. The second is known as a "SQL injection" and could be used to change the content of a computer database, including one used to record vote totals.

When elections officials in Washington, D.C., tested an online voting system last year, University of Michigan researchers were able to use an SQL injection to quickly invade the system and make it play the Wolverine fight song every time someone voted, he said.

"These SQL vulnerabilities are notorious, widely known and yet it's a mistake people keep making," Jones said. "It is one of the first things that you try these days."

The BRAD BLOG reported extensively in 2010 on the complete takeover of the D.C. election cited above, by "white hat hackers" from the University of Michigan, and how, once they were inside the election system and changing all of the recorded votes, they also noticed that computers from both Iran and China were inside the system as well.

As to concerns about manipulation by more "friendly" forces, supporters of Ron Paul, no doubt, recall the Tampa Straw Poll in 2010 where supporters of Mitt Romney were videotaped voting again and again and again, "stuffing" the 100% unverifiable electronic touch-screen voting systems used there. When some complained about the vote manipulation, they reportedly received threats from the local Republican Party's organizer of the straw poll.

And yet, despite all of the well-founded fears, so far only the GOP in Iowa has, at least partially, woken up to the concerns.

AP's story reports that officials in the upcoming primary states of New Hampshire (where they use paper ballots, but tabulate the majority of them only by Diebold computers serviced and programmed by a company with a criminal background) and in South Carolina (where they use the same 100% unverifiable ES&S touch-screen systems that inexplicably "elected" the completely unknown and largely illiterate Alvin Greene as the state's 2010 Democratic nominee for the U.S. Senate) have absolutely no worries...

Among the early voting states, the hacking concerns have most spooked officials in Iowa. In New Hampshire, whose primary is one week after the Iowa caucuses, officials rely on a mostly manual process that uses paper and is less vulnerable to an attack on computer systems, said Assistant Secretary of State Anthony Stevens. In South Carolina, which follows 11 days later, State Election Commission spokesman Chris Whitmire said he was not aware of any concerns.

Oh, and there's one other concern that the GOP doesn't seem to have in Iowa. To our knowledge (and we'd love to be told otherwise), there is no requirement for state-issued Photo IDs at the Iowa Caucus sites. That, despite years of Republican claims that "voter fraud" is prevalent at the polling place (it isn't, as dozens of studies have shown.) The lack of Photo ID requirement by the state GOP at caucuses is likely because they know quite well that the result would be a lot of their own elderly voters, who no longer have a drivers license, would be disenfranchised at the caucuses on January 3.

Good luck, Republicans!

* * *

The November 2, 2011, video purportedly created by Anonymous, decrying both the Democratic and Republican parties as having "failed us" due to their service to "mega-corporations" instead of the American people, and calling for members to "peacefully shut down the first-in-the-nation Iowa caucuses," follows below...

* * *

UPDATE 12/20/11: Video of my appearance on last night's The Big Picture with Thom Hartmann, discussing the above, is now posted here.

* * *
Please support The BRAD BLOG's fiercely independent, award-winning coverage of your electoral system, as available from no other media outlet in the nation, with a donation to help us keep going (Snail mail, more options here). If you like, we'll send you some great, award-winning election integrity documentary films in return! Details right here...

Share article...