We hate to pile on… (Or do we?)
But, really, with all the recent discussion of California Sec. of State Bruce McPherson’s mind-blowing about-face re-certification of Diebold — against state law, we hasten to add — this may be a good time to point out one small item that we’ve been meaning to mention for a while.
As Jody Holder’s recent comment points out, McPherson’s silly “conditions” for re-certification of Diebold in California require a few much-less-than-adequate knee-jerk “safe guards” towards protection of the handling of the hackable memory cards in Diebold’s voting machines. (Here’s McP’s full “Certificate of Conditional Certification”).
Never mind, as Holder mentions, that the protective seals to be required are easily peeled away without tearing. Or that such voting machines have been stored in poll workers houses for weeks leading up to an election. More to the point, for the moment, there are ways to manipulate the information on those memory cards even without removing them or breaking the seals. This is more of a concern than ever, since it was recently proven, by the now-infamous Harri Hursti hack in Leon County, FL, that changing the information on the memory cards can force election results to be flipped…without a trace being left behind.
On that note, here’s the little item we’ve been meaning to point out. It’s a photograph from the side of a Diebold AccuVote TSx TS6 touch-screen voting machine:
Now we have no idea what that “IrDA” port is meant to be used for with a touch-screen voting machine, but we do know that the IrDA (Infrared Data Association) is an Infrared port used for wireless connection between two devices. We used to have one on the back of our notebook and desktop computers which we used to keep the two systems synched up via wireless data transfers over that Infrared port.
A few election watchdog groups, including some members of the National Institute of Standards and Technology (NIST) who works with the federal authorities on these matters, have issued warnings about the IrDA port and protocols on voting machines. However, little — if anything — seems to have been done to mitigate the rather obvious security threat posed, as far as we can tell.
Here’s how a page at Microsoft.com, last updated December 4, 2001, explains cable-free Infrafred data transfer on the Microsoft Windows CE operating system (the operating system which happens to be used in Diebold’s AccuVote touch-screen voting machines — like the one pictured above)…
This application is currently possible under Microsoft® Windows® CE and the Windows family of operating systems. The underlying technology is based on inexpensive, widely available short-range infrared transceivers that adhere to the Infrared Data Association (IrDA) standards. IrDA standards (available from the IrDA at http://www.irda.org) also enable non-Windows devices to talk to Windows-based applications.
There ya go.
The issue of the IrDA port on touch-screen voting machines hasn’t been much discussed as far as we can tell. VotersUnite.org issued an alert mentioning it, with a photograph (seen at right), back on October 26, 2004. The alert warned:
This from TrueVoteMD: Diebold AccuVote TS electronic voting machines have an infrared (IrDA) port installed. This is a remote communication port through which another remote device could communicate with the touch screen and change either its data or its software or both.
If your county uses Diebold touch screens, let your county officials and election judges know that it is crucial to cover the IR port with opaque tape.
The National Institute for Standards and Technology (NIST) — who works with the federal Election Assistance Commission (EAC) to develop and recommend guidelines for electronic voting machines — issued a similar warning [PDF] about the Infrared ports on voting machines in a report which warned “The use of short range optical wireless,” like infrared, “particularly on Election Day should not be allowed.”
As mentioned, since touch-screen machines have been stored at poll workers’ houses and other unsecured locations prior to Election Day, and since data can be transferred to the machines and their memory cards via Infrared — even without removing the cards or breaking their protective seals — the IrDA ports would seem to be a tremendous concern.
The NIST report discusses such concerns and some of the troubling security issues with IrDA protocols:
IrDA does not provide encryption at the Physical Layer, and depends on the end systems to implement security if any.
…
With optical, it is possible for a session to be ‘hijacked’ unless strong authentication measures are implemented between communicating systems. When a session is hijacked, a foreign device masquerades as a trusted system that is authorized to exchange data. Because the system has no way to distinguish the masquerader from the authorized system, it will accept anything from it as if [sic] was authorized.
The undated report — from the EAC’s own standards body, NIST — then goes on to describe how simple and readily available IrDA software drivers are to obtain for use with UNIX and most Windows Operating Systems, including Windows CE. As well, it points out that such software could add executable code to the machines on, or prior to, Election Day and could then delete itself after ithe code has completed its main purpose [emphasis ours]:
IrDA software drivers are available form [sic] a number of sources for use with UNIX, Windows and other Operating Systems (OS). Most versions of MS Windows come with support for IrDA already included. This is true of the MS Windows CE operating system as well as Windows XP. Microsoft also provides a free IrDA driver which can be downloaded from it web site. Other suppliers of IrDA systems (e.g., Ericsson) offer their own drivers including source code (Texas Inurnments [sic]).
With the source code available, an interrupt handler (executable code) could easily be added. For example, when the voting terminal receives a special bit configuration (caused by holding down multiple keys concurrently) that is outside the usually accepted range, a special interrupt could be generated invoking a handler that could be programmed to perform any desired function. This would require a small amount of code and could easily be hidden; such code would be difficult to discover.
If such code was installed in the driver, which is considered to be Commercial-Off-The-Shelf (COTS) [even if compiled and installed by the voting system manufacturer] it would not be examined by the ITAs [the federal Independent Testing Authorities].
Code in such a handler could be designed to place the voting terminal in a mode where it downloads and install [sic] an executable module, thus allowing unapproved logic to be added to the voting machine while in use on Election Day. Obviously this executable could perform any function the programmer desired including deleting itself when finished. The only recourse is to disallow communications with the voting terminal during use. It might be augured [sic] that such code could be added the day before Election Day.
Obviously, that last paragraph is very troubling. But also note the section about COTS.
The source code for that “Commercial-Off-The-Shelf” software is what Diebold recently argued that they couldn’t provide to North Carolina after they changed their law to require all voting machine vendors to submit such code in order to receive state certification. Diebold went to state court arguing they shouldn’t be forced to supply the source code for COTS software. Eventually, they lost that battle, and notified North Carolina they preferred to pull out of the state entirely (if the state wouldn’t change the law for them) rather than complying with the state law requiring the submission of all such source code.
And another comment posted to NIST’s voting website [PDF] by James C. Johnson on October 5, 2005, also discusses the concern, revealing that the use of the IrDA protocols could be used at any time, even after final “Logic and Accuracy” tests have been performed, and thus “totally compromising the system”:
It is interesting that the VVSG [Voluntary Voting System Guidelines] currently under development, while mentioning this technology does nothing to restrict or prevent its use, not even on Election Day.
It is understandable that communications technology be used for pre election preparation, but is totally irresponsible and inexcusable to allow it to be used during an election. The presence of this technology makes it possible to upload to the voting system anything that is desired after the final “Logic and Accuracy” test have been performed, thus totally compromising the system.
Perhaps some of you have additional thoughts on this matter. Like why such a port would be needed, or even present, on a touch-screen voting machine at all. And why the existence of such a port — to our knowledge — has hardly been discussed at all in conjuction with these machines. Especially in light of the now-infamous Leon County, FL “hack test” proving that executable code can be added to Diebold’s memory cards resulting in a completely flipped election…as we’ve said…without a trace being left behind.
CORRECTION: We had previously identified the machine in the article’s first photo as a TSx, when it’s actually from a slightly older TS6 like those used in Maryland and elsewhere. The second photo, with all of the various ports identified, was originally taken from the Diebold AccuVote TS User’s Manual. We have conflicting reports on whether the IrDA port is still used on the newer TSx machines and will try to follow up later with definitive information when we can get it.
UPDATE 6/28/06: Something happened during our import to the new software here at BRAD BLOG to munge up the comments section of this post. We’ll see if we can figure out how to restore them correctly. Until then, we’ve turned off the comments on this post.
Before I say anything else, let me point out that what is opaque to visible light may well not be opaque to IR. The only way to know if tape is blocking IR is to test it at close range.
Back to why these things MIGHT legitimately have an IR port.
Although it’s clear from the physical appearance that the hardware is purpose-built (it looks a bit like a laptop with the lid rotated so the screen faces away from the main body), it’s very likely that it uses a standard motherboard. It’s cheaper if they can use a standard motherboard for a product that’s going to sell in thousands rather than in millions.
If they did go with a standard motherboard it’s possible the one they chose came with a load of doohickeys that we all expect these days: 10/100 network interface, USB ports, and even IR ports. As is clear from the picture, the IR LEDs stick out slightly from the case. Not as much as the keypadocnnnector, to be sure, but they do stick out. The only way to have the case block them off would be to add a corresponding protruberance to the case moulding. Possible, but it spoils the clean lines.
So if you were the case designer, and not giving a thought to security (and why would you, since the programmers didn’t either), you’d leave holes for the IR LEDs and even label what they are (so idiot poll workers don’t phone the support line and ask why those two indicators never do anything).
That’s the innocent explanation. Which I’m tempted to believe, because those LEDs could be recessed and covered by a piece of material that is opaque to visible light but transparent to IR and nobody would know they were there. Why advertise the fact that they’re there? OK, four possibilities: the innocent explanation as above; they’re too damned stupid to think of concealing the fact that there’s an IR port; it’s a double-bluff (if we were being naughty we’d have covered our tracks better); or it’s Bush/Rovnan psycophathic in-your-face "we’re doing this and you can’t stop us, so nyah, nyah, nyah."
Sandy, YES.. the same.. AND, given that, you CAN write a program for a "palm pilot" that would "signal the voting machine, get the counts/IDs for the current vote, then send back (if needed) the -changed- votes/IDs to get the result you want".. and all that could happen in just a matter of seconds, with no one noticing.
I had been thinking it would be a bitch to "fiddle with cards". I know if someone wanted to badly enough, they could and would.. but what a pain. Now that we see the "super easy" way, holy shit.. They even have cell phones that have IR ports, and run Java apps.. you could put the program on a PHONE and stand next to the machine talking to someone and point the phone at the port and click a button.. boom! flipped votes (if needed).
Brian De Ford: I agree that there "could" be an "nnnocent" explination, but I don’t believe there really is. Sure, if they want "cheap motherboards" to use as a base, fine.. but then DISCONNECT the IR.. there’s NO VALID reason to have it. A lot of "cheap motherboards" these days have WiFi too and/or BlueTooth. Should they just leave those up?
I don’t think you can just "cover" the ports for IR and still use them either. IR is slower than visible light and visible light is blocked by anything opaque. That is, Microwave towers don’t work when something blocks them, and infra red is between light and microwaves. I did a quick search but didn’t find the details I was looking for, I might be backward on that, but I"m pretty sure IR being near heat, it won’t transmit well through any obsticles.
Bottom line is, this is a HUGE security hole in these systems. Anyone who has "inside" knowledge can tweak any of these machines at will. If we had full access to the system schematics and software, we could tellf
This post is directed toward Jody’s post at 3:41pm P.T.
She writes, "Why would a company continue to market a voting system that has known security defects? Why would a state election official approve such a system once it has been pointed out, especially when to do so would be an illegal act?"
I posted a thought in reaction to a post at BBV by Bev Harris "Election Family Tree: Who got us into the and how…." It is a theory I have applied to your question, because I have had the same question.
(This is Bev Harris’s post below and then my reaction I will post):
As we unravel the family tree responsible for the current elections mess, to our surprise it looks like some of these people are in fact legally related. This article exposes some of the ties, family and otherwise. Let’s open tho otoset and look at some of the underpinnings of today’s secret elections:
{Ed note: Rest of post deleted since it was the complete article from BBV. Please do not copy and paste full articles, especially when they’re long, and/or not completely on topic like this one. But rather, give a few useful paragaraphs along with a link to the original article — in this case the original article is right here. Thanks for understanding!}
To Jody Holder,
This is how I saw/reacted to what Bev Harris had posted.
"This discribe a situation that sounds like a "Soap Opera". I mean you can’t believe what goes on in politics or government. The reason I wanted to point this out to you, because of the whole, "What’s the Matter with Kansas?" book/theory. How has the GOP and the right wing Neo-Cons have taken control. Try to remember these NeCsCons have been working years on trying to excute taking back congress and all government. The following post from BlackBoxVoting.org I think can help you see how they took over in SOCAL voting districts. This is a good example of
"What’s the Matter with California?" A book/theory soon to be written if we don’t stand
up and fight. You can go here if you need help with remembering the book I have noted above;
http://en.wikipedia.org/wiki/Wh...er_with_Kansas
When you read the below I would like you to identify, "Brigham Young University", (Google it!)look who has graduated from that school and
what/who do they support, also look at some other elements like where these elections official have come from (out of state). This is something we all need to understand. We are not involved in our own local governing, what can come in and do the job for us, and it sureisn’t someone who cares about the citizens of this state!"
I thought if anything it might stir somenrnterest, or if someone in my good saw this maybe the might have some information on the people Bev mentioned. You never know….
REPLIES FROM BRAD…
Rich Miles #5 – We’ve discussed AccuPoll over at VelvetRevolution.us as the only machine vendor that we were able to endorse in our "Divestiture for Democracy" campaign because they agreed to the conditions we set forth. More info here… Unfortunately, it looks like they may now be facing an SEC investigation and possible bankruptcy, though I have an idea of the causes for either. I wouldn’t doubt it’s due to some of the reasons you mention.
Sandy D #6 – Yes, it’s exactly the same IrDA infrared port used on Palm Pilots. It would very easy, in theory, to walk up to a Diebold AccuVote TS machine and transfer data with the use of a Palm.
Jody Holder #8 – Thanks, as always foyryour insight. I’m on the same page. I feel your pain.
But a keypad port is not a standard port on an everyday motherboard.
Can anyone here come up with even ONE STANDARD off-the-shelf motherboard with a keypad port?
And IrDA ports don’t usually have LEDs (except on handheld devices, like palm pilots.) If they’re there, they obviously use them for something.
This is a special purpose device. You’d have to question why they would add something like that (at extra cost) to a device that’s supposed to be secure.
And yeah, I know…I’m just sayin this is what I found out.
Please feel free to prove me wrong if you can.
To Rich Miles and Brad –
I doubt it is that simple with AccuPoll. I would not put complete faith in that company without further investigation. btw, AccuPoll has a marketing agreement with Unisys for its system. Also, doesn’t AccuPoll verifi l blslots depend on bar-codes. How transparent is that?
As 2 alternatives, there are also (1) the Avante Opti-Trakker for accessible paper trails, and (2) the AutoMARK made by Automark Technical Systems (ATS) and marketed by ES&S.
A little bit of esoteric trivia about infrared:
During my tenure at Capitol Studios we sometimes had to record to or play back from these awful consumer multitrack recorders called ADATS. They use a fairly common digital interface called "Lightpipe" that uses…wait for it…Infrared. The machines were supposed to have little plugs in the lightpipe ports to prevent the infrared data from doing mischief.
We also had in all our rooms professional DAT (digital audio tape) machines, called Panasonic 3700s, that used infrared remotes, so the engineer could place them into record, etc., using what looked like a modern TV remote.
Often the ADATs came inioithout the little plugs. We typically set these machines on a credenza in front of the rack at the back of the room tht held the DATs. At first we couldn’t figure out why the DATs seemed to have a mind of their own. We quickly discovered that the digital Lightpipe data was sending bogus signals to the remote port of the DATs, which they interpreted as commands: Start, Stop, Record, etc.
Bottom line is, infrared can easily be hacked and corrupted without even trying hard.
The point is, if what Kathy has told me via message is correct…..this new loophole will bring yet another final nail into Diebold’s coffin. When it comes to shutting down both the election offices, and going straight to the supreme courts on their machines.
The system can be dismantled piece by piece now if, as intended it is accurate that there is no place in the constitution that would allow for the kind of tampering/illegal loophole that is in their enrpre product line….infra red ports & e-feed.
Doug E.
This illustrates why the source code for these devices must be disclosed, accurately and publicly. This is a pedestrian application of a mature technology. There are no secrets to keep by these companies. It is plainly reasonable that the workings of these devices must be publicly inspectable.
I would opine, in short, that these machines are the greatest scam/fraud since the beginning of electricity.
:::::::::::::::::::::::::::::::::::::::::::
"SUPPORT CLINT CURTIS!"
__www.ClintCurtis.com__
:::::::::::::::::::::::::::::::::::::::::::
"This illustrates why the source code for these devices must be disclosed, accurately and publicl
Kestrel:
The keypad port appears to be a plain old 4 pin serial port, so no mystery there. I don’t know why they wouldn’t just get a board without irda, of which many exist.
Hey Everybody, I sent Clint Curtis an email and he wrote back and says he needs help. It can be remote help. I’m not trying to step on any toes,but if you can help even remotely go to his website and send him an E-mail. There is a lot that needs to be done to make this a top tier race so we can shinm igme l oth on the whole sorry story of election manipulation. I wish I knew how to do this for him but I am at a loss.So I thought I’d throw it out there and see if you guys with the smarts could help. Thanks I know how much you all believe in this,SOOOO whaddya say?
By the way that last post was OFF Topic Sorry, just thought this thread would get the most look sees. Thanks Again
Brad
Perhaps it is time for us to all get together and help VR purchase AccuPoll and appoint a bi-partisan committee to run it without partisanship.
Why not get back to insisting on the good old fashioned paper ballots? It took approximately 45 minutes for the results of the election here in Canada in January (pop. 32 million)
Smartly done Bradley! Thanks for all you do man. And Jody? I’m so glad to see youhtheht there in the middle of things in California. You’re the best!
Time to ban the machines or wrap ourselves around polling locations on Election Day? 100 feet away of course! No breaking the law. We’ll leave that up to Cheney for now.
They’ve been caught InfraRed-handed!
Isn’t it amazing we’re talking about these computer ports as a danger to our Democracy and at the same time all of America is talking about the selling off of shipping ports and the danger to our country there?
I agree, 60 Minutes ought to do a story on this. America trusts they’ll do a fair investigation.
You have some great stuff that merits saving as an Adobe Acrobat file. Unfortunately, your choice of background and typeface colors make this impossible! Please consider changing!
Re: Accupoll:
they are getting voting results beamed to them so they can change them on the fly… bastards! I want ’04 back!
The biggest problem is, there is NO EXCUSE for abaondoning Paper (100% paper, or imprinted plastic film, or whatever)!..
I’m a Software Engineer.. I have dreams of being able to log onto the "central system" from home, click up your district on voting day, and logging your vote. That dream SHOULD NEVER BE REALIZED.. Why? as a profesonal workin
I suffered so much derision the other day when I suggested that "absentee ballots" be used by California voters that it is all too tempting to just shut up, allow the debacle of another fixed election happen, and allow the maintaining of Republican majorities in the House of Unrepentant and the Seenot.
So all you sheep who insulted me go ahead and vote on machines you know to be corrupt rather than submit an absentee ballot that can’t be monkeyed with. No wonder democrats can’t win – no on is open to any other ideas than their own. I, at least, will know without equivocation for whom I voted, and if a manual recount should be ordered, my vote will be clear to the counter as well. The rest of you do as you please and help out the Republicans by votg in a fixede.nbe. Unbelievable.
Bill Arnett .. who’s to say your ballot won’t get "lost in the mail"? If I’m not mistaken, absentee ballots aren’t counted "in public", per se’.. that is, they get the envelopes.. they know there are ballots in side.. can’t they read/toss them as they see fit?
As opposed to opening the box and counting the ballots in front of a public crowd.
Not sure who "derided" you so bad.. but I think the overall point (from my perspective) is that we need to fix the ENTIRE SYSTEM, not just find ways around a broke system. And, even if "everyone at BradBlog" DID send in absentee ballots in an attempt to get SOME votes out on paper, the "masses" still need to know that these machines are bad, right? The masses need to be educated and protected from these bad machines.
Savantster,
My goodness, has no one ever heard of
#1 Russian Restaurant in Brooklyn New York. See you soon.
Russian Restaurant
http://russian-restaurants.tqga...estaurant.html