By Tony Bridges
DEMOCRAT STAFF WRITER
June 04, 2005
All it takes is the right access.
Get that, and an election worker could manipulate voting results in
the computers that read paper ballots - without leaving any digital
That was the verdict after Leon County Elections Supervisor Ion Sancho
invited a team of researchers to look for holes in election software.
The group wasn't able to crack the Diebold system from outside the
office. But, at the computer itself, they changed vote tallies,
Sancho said it illustrates the need for tight physical security, as
well as a paper trail that can verify results, which the Legislature
Black Box Voting, the non-profit that ran the test and published a
report on the Internet, pointed to the findings as proof of an
elections system clearly vulnerable to corruption.
But state officials in charge of overseeing elections pooh-poohed the
test process and dismissed the group's report.
"Information on a blog site is not viable or credible," said Jenny
Nash, a spokeswoman for the Department of State.
It went like this:
Sancho figured Leon County's security could withstand just about any
sort of probing and wanted to prove it.
He went to one of the most skeptical - and vocal - watchdogs of
election procedures. Bev Harris, founder of Black Box Voting, had
experience with voting machines across the country.
She recruited two computer-security experts and made the trip to
Tallahassee from her home in Washington state three times between
February and late May.
Leon County is one of 30 counties in Florida that use Diebold optical
scanners. Voters darken bubbles on a sheet of paper, sort of like
filling in the answers on the SAT, and the scanners read them and add
up the numbers.
So the task was simple. Get in, tamper with vote numbers, and get out
They made their first attempts from outside the building. No success.
Then, they sat down at the vote-counting computers, the sort of access
to the machines an employee might have. For the crackers, security
protocols were no problem, passwords unnecessary.
They simply went around them.
After that, the security experts accomplished two things that should
not have been possible.
They made 65,000 votes disappear simply by changing the real memory
card - which stores the numbers - for one that had been altered.
And, while the software is supposed to create a record whenever
someone makes changes to data stored in the system, it showed no
evidence they'd managed to access and change information.
When they were done, they printed the poll tapes. Those are paper
records, like cash register tape, that show the official numbers on
the memory cards.
Two tapes, with different results. And the only way to tell the fake
At the bottom, it read, "Is this real? Or is it Memorex?"
"That was troubling," Sancho said.
Leon County more secure
In Leon County, access to the machines is strictly controlled, limited
to a single employee. The memory cards are kept locked away, and
they're tracked by serial number.
Those precautions help prevent any tampering.
"You've got to have security over the individual who's accessing the
system," Sancho said. In fact, "you've got to have good security and
control over every step of this process."
The trouble is, not every county is as closely run.
In Volusia County, her group has found what they think was memory-card
tampering during the 2000 election. More than 16,000 votes for Al Gore
Harris said her research turned up memos - obtained from the elections
supervisor's office - that blamed the failure on an extra memory card
that showed up, and disappeared, without explanation.
She believes that was an attempt to change the outcome of the
election, but one carried out clumsily. The test in Leon County proved
it was possible, if done by more experienced computer programmers, she
So what does the Department of State say?
Nash, the spokeswoman, said that the Diebold systems were designed to
be used in secure settings, and that, by giving the testers direct
access to the computers, Sancho had basically allowed them to bypass
In other words, not much of a test.
Except that the security experts were given only as much opportunity
as any other election worker would have. Less so, considering that
Sancho did not provide them with passwords or any other way to
actually get into the programming.
As for the exact vulnerabilities that Harris reported - and Sancho
confirmed - Nash said no one from the state could comment, since they
hadn't been present at the test.
She added later that Sancho could request help from state certifiers
if he had concerns, but had not asked yet.
To read the entire report, visit www.BlackBoxVoting.org.
Ion Sancho, supervisor of elections, will post a summary of the test
results this weekend at www.leonfl.org/elect/
Attend the Black Hat Briefings and
Training, Las Vegas July 23-28 -
2,000+ international security experts,
10 tracks, no vendor pitches.