Viewpoint: Is the coming election really secure?

“It is enough that the people know there was an election. The people who cast the votes decide nothing. The people who count the votes decide everything.”

—Joseph Stalin

Winnebago County will use Diebold optical scan machines to record and tabulate votes in the upcoming Nov. 2 presidential election. About 1,000 of these systems are in use across the country, counting up to 2 million votes at a time.

But there is a glaring security flaw in the software for the Diebold central computer that would allow an unscrupulous individual to take over the vote tabulation in a matter of seconds and change the outcome of the election.

According to Bev Harris, operator of a Web site called Black Box Voting, she has discovered that the GEMS software can be manipulated by typing in a certain two-digit code in a specified location and thus create a second set of votes.

This second set of totals can be altered so it no longer matches the actual votes. The computer then will read the bogus totals, and no one will be the wiser. Harris has demonstrated that this can be done in about six seconds.

Although she uncovered this information in 2003, and it has been known since then, little has been done to close this security breach. Asked if any election jurisdiction in the country has moved to remedy the situation, Harris said: “Some have pulled the modems, but nobody has done anything else.”

Winnebago County is in somewhat better shape from a security standpoint than many other counties, according to information supplied by Margie Mullins, the county’s election supervisor.

Only she and data processing supervisor Craig Danekas are allowed in the central computer room. Both are deputized as election officials. Each has a personal password that is used to access the computer. The room also can be locked.

Mullins said the county does not use modems to forward precinct vote totals to the central tabulator. Ballots are physically transported to county election central in the county building at Church and Elm streets.

She said tapes of precinct totals are posted at each polling place. These tapes are brought in to be compared with totals from the central computer. Mullins said the state randomly selects 5 percent of the precincts in the county. “We have to recount them after the election,” she said. Votes are totaled by precinct.

Here is what Harris and her colleagues learned about the operation of the GEMS software: “…It turns out that the GEMS passwords can be easily bypassed, and the audit logs can be altered and erased. Worse, the votes can be changed without anyone knowing, including the officials who run the election.”

How is such a thing possible? GEMS runs on a Microsoft Access database. The votes are stored in a ledger built into the database. Most legitimate accounting systems allow only one set of books, otherwise the possibility of fraud is paramount.

Harris commented: “In the files we examined, we found that the GEMS system contained three sets of ‘books.’ The elections official never sees the different sets of books. All she sees is the reports she can run: election summary totals (countywide totals), or statement of votes cast (precinct totals). She has no way of knowing that her GEMS system uses a different set of data for the detail report (used for spot checks) than it does for the election totals. The Access database, which contains the hidden set of votes, can’t be seen unless you know how to get in the back door—which takes only seconds.”

In accounting software, data tables automatically link up to prevent back-door entries. With GEMS, however, when you input that 2-digit code in the right place, you can disengage the data sets, so the system will pull information from a combination of real and fake votes, and you can change things as you wish. The table of tampered totals need not match precinct by precinct tallies.

Harris said: “This way, it will pass a spot check—even with paper ballots—but can still be rigged.” The machines we use produce a paper record.

Her investigations found the MS Access database is not password protected and can be illegally entered simply by double-clicking the vote file. Harris said she saw unpassworded access to the latest GEMS system in one county election office.

The double set of books appeared in the software on Oct. 13, 2000, right after Jeffrey Dean was hired by Diebold as senior programmer and vice president of Research and Development. His access to this programming is documented by internal memos from Diebold, according to Harris.

She said that for four years, anyone knowing how to initiate the extra books has been free to use or sell this information to anyone they choose.

Jeffrey Dean’s police records show he is a convicted embezzler and is being prosecuted for restitution of $500,000. Dean, himself, said he is vulnerable to blackmail because of this. His embezzlement arrest, according to records, resulted from “sophisticated” manipulation of computerized accounting records. They also show he took the money to pay blackmail because of a fight he was in, in which a person died.

“So now we have someone,” Harris said, “who’s admitted that he’s been blackmailed over killing someone, who pleaded guilty to 23 counts of embezzlement, who is given the position of senior programmer over the GEMS central tabulator system that counts approximately 50 percent of the votes in the election, in 30 states, both paper ballot and touch screen.”

Diebold not only hired this man for a key position, but did nothing to rectify the security problems when they were discovered. Elections were run on this system for more than three years, with no way to know what the real vote totals were.

Wally O’Dell, president of Diebold, has said in a fund-raising letter of Aug. 14, 2003 that he intends to deliver the 2004 presidential vote in Ohio to President Bush.

Harris made this observation: “Some election officials claim that their GEMS central tabulator is not vulnerable to this back door, because they limit access to the GEMS tabulator room, and they require a password to turn on the GEMS computer. (That is what supervisor Mullins stated.) The problem is this: once that computer is open and running GEMS (on election night, for example), that password doesn’t much matter. Votes are pouring in pell-mell, and they aren’t about to shut that computer down until hours later, sometimes days later.”

Harris also learned that you don’t even need the Microsoft Access database to edit the election. Hugh Thompson, a computer security expert, showed all you need to do is open any text editor, type in a 6-line Visual Basic Script, and the election is yours.

With all these problems that can crop up with Diebold machines and their central computing system, Harris recommends taxpayers use consumer protection laws to demand the local government drop Diebold and refund the money paid to that company.

More information on this matter can be found at:

Enjoy The Rock River Times? Help spread the word!