Question for computer geeks...

If a GEMS server that was used to tabulate votes was somehow "acquired", would there be a way to prove fraud? Are the original votes anywhere on the hard drive?

For instance, I can write a document in Word, then delete it. That document file is gone for the normal computer user, but I have heard that unless you reformat the hard drive there is still a section that holds that info. Wouldn't the same hold true for Access files?

Real databases have rollback logs. I do not know what Access has but probably not .

With proper forensic techniques, you can even recover data that's
been recorded over on a hard drive... but if care is taken by the
hacker, all traces of the hack can be erased completely.

Signs of a hack would be seen when checking IP addresses logged by the modem, which I assume a good hacker could cover up. What I mean is whenever you save a file on a C drive, as far as I know it's there, even if you delete it, until you actually defrag it. Could a hacker defrag a hard drive?

if you call modem to modem, there wont be any IP connection, unless a PPP / slip protocal would be starting.
but i dont think, (and for what reason?) a tcpip connection was made.
then again i could be wrong
just my 2 cents :)

I am pretty sure they are going using a anonymous software where it would delete any sign of the original IP source.

which is the next best thing to a degauss and destroy (which is what
a tempest facility requires). If I was hacking the vote (or anything
else)... I would plant my software that does the hijacking, record
only "votes" that have already been changed (the original vote never
hits anything other than RAM), I would then SCRUB the ram by writing
over it with random bits (just to make sure), and, after the fraudulent
results are recorded somewhere and certified, then restore the software
to the original, find all of the disk sectors where my software might
have resided (paging files, original place hack was inserted), and
do a security erase consisting of rewriting those sectors with
different patterns of bits multiple times. Finally, I would put
some random looking (but plausible bits - like copies of other
original files) on the sectors where my hack existed (this is AFTER
the security erase of those sectors).

And there ya go. No way to trace, no way to prove that a hack
even occurred without going to every voter and asking them how they
voted and matching the results of the re-vote with the "official"
vote.

How hard is this? Not very.

I figure whoever was doing this had to act really fast. After all, they had to make the numbers make sense (which we know they didn't always do) and I don't think they could have done it all at once (though in some counties it looks like they did in big chunks). If they wre scrambling, could they have done all you said that often in the time alloted?

executed throughout the actual vote.

I don't think the BBV machines do "intermediate" or partial
returns or reports.

Which is why the exit polls versus "actual" counts were so surprising.

It's not that easy, but believe me, a LOT of people are working on it. A real "fraud audit" is a lot different than a recount, check blackboxvoting.org for details. :hi:

on edit: Not as easy to actually get the votes back, but rather to detect the fraud.

I do a lot of work with MSAccess and it is an extremely limited program. No default logging at all. It keeps data pretty primitively in its tables so I'm fairly certain that any overwritten value is gone forever.

At some point they have to save to disc right? I can't imagine during election night that these numbers were only in RAM.

Microsoft Access creates a binary file (*.mdb) for each database you create. When you open the database file a (*.ldb) file is created. That file is used for handling locks. In most instances the ldb is created when the database is open and then deleted when the dabase is shutdown.

The database was never intended for use in robust systems such as an election vote counting system.

The ldb file might accidentally give away unauthorized access but it's a long shot. If the database was already open (like with the regular diebold application) and the second user had different share permissions for the partition the file is on the ldb file might contain user information about the second user.

The bottom line is you'd be more likely to find unauthorized access through something within windows before you would Access or an artifact of Access.

The Microsoft Access database is a single file, every time anything changes the old data is permanently lost. No backup is made, no change log exists. I don't know of any way to rollback the file itself to a previous state.

Microsoft Access is a great tool but is not for use in applications where security is of high importance. Diebold needs to answer for its choice of this DBMS and explain how its security was ensured.

The only way, as far as I know, to verify the numbers that come out of the GEMS system's database is to crosscheck the actual paper records that were used to generate those numbers. Where paper records do not exist (paperless touchscreens) you are S.O.L.

Even where paper records do exist, they may not be adequately secured and as a result are compromised.

using various forensic techniques. However, it may not even be necessary to go to those lengths. You might want to just look at the built-in audit feature of the GEMS system first and see if there is any "strange" activity (for example a blank period in the audit log), or manipulation of votes. If this evidence exists, one might then look to pursue more involved techniques.

because it is not like a deleted file. The file acts as a container for the data. The data is overwritten within the file.

They are able to extract previously deleted information fromm a hard drive because it is not really deleted (until a refrag). When you delete the file you are actually deleting a pointer to the file. The data remains on the hard drive until something else is written on top of it.

For Access there is not a deleted file. It's changes within a binary file.

Everyone talks about these guys as if they were intelligent. Rove, Diebold, etc...

I disagree. They are arrogant and they don't think they'll get caught becuase they believe the public is too stupid to figure it out.

And they have reason...not stupidity, but basic human goodness. Most people just couldn't believe the George and Co. would steal an election. They expect and use that assumption to just openly steal the election.

This arrogance was true of the Nixon guys as well. Geeze, Nixon kept tapes of himself ordering the paying off of the Watergate burglars! He kept them.

I don't think GW or Rove or Diebold or the hackers are smart at all. I think we'll find plenty of evidence left behind.

If these folks were James Bond slick, you would never have heard "I promise to deliver Ohio to Bush in 2004" and Bev wouldn't have found tapes in the trash. These guys are not super-slick brainiacs, they are thugs.

Have faith.

Sloppy hacking the modern equivalent of the Nixon tapes...interesting idea.

There IS that type of arrogance about them that almost predicts a "Waterloo." In fact, ironically enough, the day after his third debate loss, Bush visited Waterloo, Ohio. I think they definitely left 'fingerprints.':think:

Or at least none on election night.

What is much more likely is that a pre-written script was uploaded to all of these tabulators that "worked in the background" and either deleted itself after election night or stayed behind. If the latter happened, then it is solid evidence. I think BBV may be working on that right now.

It's ok, I know you really didn't mean it THAT way.

The original votes are made by the voter putting a mark on a piece of paper, or, in the case of touchscreens, the voter making contact with an intended area of the screen in order to elicit an anticipated response from the machine.

Anything beyond that is merely a machine generated interpretation, in accordance with the instructions the machine has been given. This, of course begs the question - is the vote in the memory of the touch screen machine, or is it on the hard drive of the GEMS machine, or both?

One of the unfortunate things about GEMS is the use of the Access compress and rebuild (I think that's what it's called) capability to eliminate all flagged-for-deletion records in the database. That's what they call 'back up the election'. Of course any monkeying around that HAS left a trail (precious little does) gets erased in the process.

So, to answer your question, NO the original votes aren't stored on the hard drive, BUT there MAY well be other tracks left behind, as others have alluded to.

HG

I wonder if we could get hold of the same type of model used in elections? It'd be interesting to see if any modifications had been made to the O/S or if certain security holes had been left open. I'd also like to see if they have any kind of wireless communication devices in them.

How would one go about buying one of these machines? Or is it completely impossible for a private individual to do so?

where they had found four voting machines left behind in a bar. The SOS (I don't remember the state) claimed they were not theirs. He said they were submitting the serial number to try to determine whose they were. Then he had an interesting defensive quip at the end saying but you can buy one on e-bay. Haven't checked it out but you might be able to buy one on e-bay.