How to: Do Election Fraud, Steal Elections or Fix a Vote
Part 2 Targets and Methods for manipulating elections.
DRAFT, NOT YET FINISHED
Here is an analysis of vote manipulation for stealing elections as a security process, this is part two, Who does vote fraud and motivation is part 1. A real life example of holes in optical scanner voting is described in Ramsey County Minnesota Public Elections Test.
As described by Bruce Schneier in the book "Secrets and Lies" security has at least two sides, the attacker and the defender, and the attacks can be analyzed by target selection, analyze target, access target, attack target, avoiding detection and escape. On the other side is protection, attack detection, reaction to attack and remediation of damage. In this section I am looking at the election process as targets of security penetration with the goal of compromise of fair elections.
Distribution vs Centralization in Elections
An election is complex in the USA, there are no set ways of conducting elections, every state has different laws and rules, equipment and social processes. In fact, almost every county can have differing methods of voting and is a locus of decision making for large parts of the election process. One result is a lack of standards for elections including voting eligibility, counting procedure and recounts, district mapping, absentee balloting, provisional balloting, election equipment and procedure, reporting results, etc. As with any security problem with a myriad of target types the methods of manipulation are many and varied and can be fine tuned to a few critical units. This lack of standards has serious security implications. There are over three thousand counties in the USA and many voting process targets, such as counting absentee ballots, can be attacked differently in many locations which makes detection of attacks and protection from attack very difficult. Add to this that target selection has been made easy with the application of cheaply available technology and equally cheap public data. A simple PC and a database program or spread sheet is enough technology to sort targets by vulnerability or effectiveness for attack. Public available data files such as public voting records from the Secretary of State, ( about $45 for the data set from the State of Minnesota, ) and the US Census are enough data to fine tune a set of targets figure out vulnerabilities and organize subsets of targets by method of attack. Lack of standards and cheap availability of target selection technology points to an increase in vote manipulation in the USA.
On the plus side is that the distributed responsibility and processes of the elections makes it difficult to control or attack centrally. 100% voted for the ruling party is an unlikely scenario with over 3000 counties and 50 states counting the vote totals, setting voting eligibility and procedures. Of course, no one needs 100%, just 50% plus one vote. The centralization of voting lists under state vs county control, the counting of votes with electronic voting procedures is eroding the distributed nature of voting and inserting many central points of attack in the process.
A possible solution is an improvement to standards for such things as voter eligibility, registration, counting, recounting, voting procedure, reporting results, district mapping, and other issues while keeping the distributed responsibility for implementation and counting at the county level. This may drop the target variability for similar processes, making protection and detection of attack on the voting process easier with fewer types of targets available, yet keep widely distributed powers in the process, making central manipulation difficult. Supposedly HAVA, the Help America Vote Act was ment to be a means of setting some national standards, yet as now implemented seems to add some very nasty compromises to the voting process.
MORE AT:
http://www.tc.umn.edu/~hause011/article/Vote2.html