|
Edited on Tue Oct-12-04 10:01 AM by BevHarris
And "guys" is in the generic sense, meaning people of both genders.
Hope this isn't too "techie" for the DU board nowadays. I anticipate that some 40 million votes will be counted via a modem setup almost identical to the following, in Nov.
We are talking about the central tabulator here, the machine that receives incoming votes from all the polling places, plus counts the absentee votes, for both paper ballot (optical scan) and touch-screen systems.
The Diebold system is set up with RAS. Following are details from a small county in Florida, and this county official is very helpful and forthcoming. We have observed similar answers in very large areas who are more uncooperative. While I don't see this man's county as a huge target for vote manipulation, I'd like to know how vulnerable you computer folks think the setup described would be in a larger, more critical election area.
Can you comment on attack points for the following, a situation where the county elections supervisor is confident his system cannot be penetrated through telephone line modems:
(In response to public records request)
MY QUESTION: CAN SOMEONE SPEAK TO THE ISSUE OF "ONE WAY" MODEM CONFIGURATION?
The phone line we use for election night reporting is just that: an unpublished, dedicated line used only for incoming calls to interface between our GEMS server and our Accu-Vote precinct tabulators. Nothing is plugged into the line itself until election night when the modems, configured to receive incoming calls only, are plugged into it.
AND HE ALSO SAYS THIS:
The modems used to transmit election results are internal components to the Accu-Vote. I assume for the purposes of this request, you are more so interested in the modems used to receive election results into the GEMS server on election night
The public records request asks about who has passwords, username, phone numbers.
BASIC SETUP:
You might note my use of “modems”and then my reference to one “line.” Allow me to elaborate. We have a bank of 5 modems, but all incoming calls on election night come through a main line with one number, and that number is configured by Sprint to roll down to another number if a busy signal is detected.
The location of this line is separate from where the GEMS server usually resides (my office), because on election night the server is wheeled out into a publicly-viewable area before any results transmissions take place.
Our central tabulation server is not networked, not even with a dial-up connection, at any time other than election night. AS TO WHO KNOWS DIAL-IN NUMBER, PASSWORD, USERNAME: Only three people in our organization know, or have a need to know, the modem access number to our central tabulation machine. Since no dial-up access is configured, there are no “accounts” or “passwords” to keep a list of. Those people are: - Chief Deputy and Elections Services Manager – responsible for programming the elections and operating the tabulation equipment on election night – Warehouse Foreman – responsible for testing precinct phone lines for election results transmittal – Administrative and Records Manager – responsible for payments to Sprint for said phone line Now, it can obviously be assumed that someone at Sprint must know the phone number, but as they neither know, nor care what the line is used for, I won’t belabor the point.
NOTE THAT ANYONE WHO SEES THE PHONE BILL CAN GET THAT NUMBER, AND -- THOUGH HE SAYS JUST ONE PERSON PAYS THE BILLS, IN MOST COUNTY OFFICES, I DOUBT THAT THEY PUT MUCH SECURITY AROUND OUT-OF-DATE FILED INVOICES. HE ALSO HAS THIS TO SAY ABOUT DIEBOLD:
Nobody, I repeat, nobody at Diebold Election Systems has our election results phone number. We are not dependant on any vendor, especially election systems vendors. All of our ballot layout and design is done in-house by me and while our returns are coming in telephonically, it is only my hands on the GEMS server keyboard with the canvassing board looking over my shoulder.
I'LL NOTE THAT OUR OBSERVATION OF ELECTION NIGHT OBSERVERS IS THAT THEY HAD ABSOLUTELY NO CLUE WHAT THEY ARE LOOKING FOR. MOSTLY THEY GATHER AROUND EVERY TIME RESULTS COME IN AND THE INTERIM REPORTS ARE PRINTED.
I'LL GIVE YOU MY TAKE ON THE FOLLOWING, BUT WANT ANY COMMENTS YOU HAVE: On election night, incoming calls are monitored through the upload screen and because we have the luxury of only having 52 precincts, each precinct number is checked and double-checked as it comes in by me and at least 1 member of the canvassing board. Any superfluous calls to this line would be detected almost immediately. As soon as all precincts have reported in, the modems are switched off and subsequently unplugged.
THE MONITORING HE DESCRIBES IS DONE THROUGH THE GEMS INTERFACE. HERE'S WHAT IT LOOKS LIKE: - A PANEL SHOWS EACH POLLING PLACE BY NAME. WHILE RESULTS ARE UPLOADING A GREEN ARROW APPEARS.
- WHEN THE MODEM IS "STUCK" OR HAVING SOME UNDEFINED TROUBLE OR TRYING WITHOUT SUCCESS TO HANDSHAKE, A YELLOW CIRCLE APPEARS.
- WHEN THERE IS NO ACTIVITY, A RED ICON APPEARS.
IN THIS CASE, FIVE PRECINCTS AT A TIME MAY BE LIT UP WITH GREEN OR YELLOW, BECAUSE HE HAS FIVE MODEMS WHICH OPERATE SIMULTANEOUSLY.
WE KNOW OF COUNTIES WITH UP TO 7,000 PRECINCTS AND AT LEAST 48 MODEMS GOING SIMULTANEOUSLY. (IN KING COUNTY, THE YELLOW CIRCLES WERE WINNING FOR HOURS AT A TIME, ON PRIMARY NIGHT.)
Now, I have two questions about this. 1) Since all you are doing is looking at GEMS, would you really know if an infiltrator modemed in? I am not assuming the attack would be for the purpose of mimicking a precinct upload. If I were doing it, I'd go for taking over the desktop or I'd upload a virus, like that shown by Dr. Herbert Thompson at our demo, which shaved votes in GEMS.
2) Does the frequency of these connectivity glitches concern you? There are many, many internal memos from Diebold where support techs mention that the modems stay connected too long, and in effect, refuse to hang up after the vote data is transmitted. Sometimes the modem light goes on (yellow) indicating there is a problem with connectivity, but it ID's itself as a specific polling place.
And, as mentioned above, in King County at one point 100% of the precincts showing activity were lit up with yellow circles and error messages. The messages varied.
Oh, by the way: He says username and password is not an issue. On some Diebold systems, as I understand it, the username and password is programmed into the transmitting voting machine.
His county is small, and apparently doesn't use techs. Most counties do have "rovers" or techs or temps (called "contract employees"). We observed two Diebold support people in King County during the primary election, and their internal documents indicate that they'll be providing support for 600 counties in Nov. I assume that techs will have modem access information.
Thanks for any insights.
Bev Harris
|