Wednesday, April 15, 2009

And Kentucky's Election Thieves Win the Prize

... for being the first, presumably, to commit documented voting-machine fraud. Congratulations!

The fraud is actually kinda slick and exploits two key points of weakness: a difference between what the printed instructions say and what the system actually does, and people's unfamiliarity with a system they use maybe once or twice a year, a system of which they have no real under-the-hood understanding. The gist of the attack was this:

1) There are different types of voting machines used by the same vendor. Some of the machines, manufactured by Omaha-based Election Systems & Software, use the "cast vote" button as the last step in the process. Other machines of the same model family (the "iVotronic") use "cast vote" as the second to last step in the process. In these machines, which were used in the fraud, the cast-vote button prompts the user to confirm.

2) The documented instructions for the second group of machines was written for the first group. The written instructions voters saw told them that cast-vote was the final step, even though it wasn't.

3) It was an inside job. After the voter pressed the cast-vote button -- which they were explicitly told by both the machine's written instructions and by in-on-the-scam polling-place officials was the last thing they needed to do -- but left before pressing confirm, a polling-place worker slipped into the booth, "corrected", shall we say, the ballot, and then confirmed, making the worker's vote the official vote recorded by the system.

There is one way, and only one way to do electronic-voting right: The voter MUST leave with a hard-copy receipt of their vote. That, of course, doesn't matter if voters are told by corrupt officials that they don't need receipts or that the machine doesn't give them. But keeping people inside the system from subverting the system is the eternal challenge of security, and the receipt system requires that *all* workers of a given polling place be in on it. If only one non-rogue worker tells voters to not leave without their receipt, then this fraud cannot take place.

No comments:

Post a Comment