[updated January 21, 2006] I was
one of ten people present at the "hack" of the Leon County,
Florida voting system, which took place on Tuesday, December 13,
2005 around 4:30 in the afternoon at the county elections
warehouse. Leon County's voting system is the Diebold Accu-Vote
OS 1.94w (optical scan).
Leon County Supervisor of Elections, Ion Sancho, authorized a "test" of
his Diebold voting system to see if election results could be altered
using only a memory card. Harri Hursti (photo at right), a computer
programmer from Finland, who has been working with Black Box Voting, facilitated the test and it has come to be known as the "Harri
is a description of that hack and its significance for our nation,
which I hope will correct much of the misinformation circulating
regarding this event.
select which voting machine to use for the test, Ion drew a serial
number of one voting machine from a container holding all the serial
numbers of all the Leon County machines.
the test took place at the elections warehouse, all the voting machines
were already stored there and the one machine, whose serial number was
selected, was located and brought into the warehouse office, where it
was plugged into an electrical outlet (so it could operate!). It was not networked to any other machines. We checked the serial number of the machine against the serial number that Ion had randomly selected.
Harri had programmed the memory card that morning, in his hotel room, using
an off-the-shelf crop scanner. I drove Harri in my car from the hotel
to the warehouse. When we arrived, Harri was asked to stay outside the
warehouse office where the central tabulator is located, so that there
would be no question about whether he had had any access to the central
tabulator. When the randomly-selected voting machine was brought into
the warehouse office, all of us went into the warehouse office except
Harri, whom we could see sitting in a chair on the other side of a
plate glass window separating the office from the rest of the
Ion had given ONE Diebold memory card to Hursti.
Bev Harris and Kathleen Wynne of Black Box Voting
were also present at
Ion ran a complete mock election. He had had actual paper ballots pre-printed with the following question:
"Can the votes on this Diebold system be hacked using the memory card?"
There were two possible answers: "Yes" or "No," with an
oval to the left of each answer to be filled in by the voter.
was conducted as in a normal election. Ion first printed a "zero tape"
(a poll tape from the machine that is supposed to show that nothing has
been altered before the election begins). This was the first step in
the hack --the zero tape showed zero votes for both the "Yes" answer
and the "No" answer, even though Harri had altered the memory card
and votes had been subtracted from one answer and added to the other
answer. Harri used the interpreted (executable) code to cover up the
fact that he had changed the vote counters.
eight of us voted, filling in the oval on our paper ballot. Six of us
voted "No," the election could not be hacked. Two of us voted "Yes,"
it could be hacked. Then, one by one, we inserted our ballots into the
voting machine. Ion checked after each voter to make sure that the
counter on the machine was counting properly as each ballot was
inserted. So, we ended up with an accurate count of 8 ballots cast on
the screen on the front of the voting machine. Then Ion placed an
"ender card" in the machine to end the election and printed the poll
Instead of two "Yes" votes, the poll tape showed seven "Yes" votes.
Instead of six "No" votes, the poll tape showed one "No" vote.
Harri did not just flip the votes, as he wanted to show how easy it was to change the totals completely.
that point, Ion Sancho's technician, TJ, said, "Well, that doesn't
prove anything because the printer template can be changed." (And that
is true. The poll tape can be made to read anything at all, which was
proved in an earlier test on a Leon County op-scan in May of 2005, when
the poll-tape was made to say, at the bottom of the tape, "Is this real
or is it Memorex?")
responded to TJ that they were taking this to the next level and that
he wanted TJ to upload the memory card to the central tabulator. TJ,
who had quite apparently been talking to the Diebold reps, said he
didn't want that to happen because he didn't know if Harri might have
planted some kind of virus on the memory card that would infect the
central tabulator. Ion then explained to TJ that, just an hour
earlier, he had obtained permission from the Leon County Council to
replace the Diebold system. That meant that the Leon County Diebold
system would never be used in any election again, and thus Ion said it
was all right to upload the memory card to the central tabulator. (The
irony here, of course, is that Diebold would worry about a virus being
planted on this particular memory card! What about all the thousands of
people around the country who have access to memory cards...doesn't
Diebold worry about one of them
planting a virus? And the second irony is that ITA testing is supposed
to catch these security vulnerabilities and yet Diebold claimed to be
worried about a security exploitation by Harri Hursti AFTER all ITA
testing had been completed).
TJ became convinced that it was all right to upload the memory card,
which he did. And there, on the central tabulator screen, appeared the
altered results: Seven "Yes" votes and one "No" vote, with absolutely
no evidence that anything had been altered. It was a powerful moment
and, I will admit, it had the unexpected result for me personally of
causing me to break down and cry. Why did I cry? It was the last
thing I thought I would do, but it happened for so many reasons. I
cried because it was so clear that Diebold had been lying. I cried
because there was proof, before my very eyes, that these machines were
every bit as bad as we all had feared. I cried because we have been so
unjustly attacked as "conspiracy theorists" and "technophobes" when
Diebold knew full well that its voting system could alter election
results. More than that, that Diebold planned to have a voting system that could alter results. And I cried because
it suddenly hit me, like a Mack truck, that this was proof positive that our democracy is and has been,
as we have all feared, truly at the mercy of unscrupulous vendors who
are producing electronic voting machines that can change election
results without detection.
Beyond this, however, what is the real significance of the
"Harri Hursti hack?" There are several answers to that question.
The Significance of Harri's Hack
First of all, the
Hursti hack reveals only one
vulnerability in an almost unlimited number of potential flaws or
vulnerabilities in electronic voting systems (both op-scans and DREs). However, the Hursti hack is individually significant because the flaw it exposed is a planned vulnerability in the system, not something that is accidentally there. It had to be PUT there (programmed) on purpose.
For Diebold to claim innocence about this would be absurd. It would be
like saying you didn't know your garage had a door while you were
standing there holding the garage door opener. Or, because this
security vulnerability is so huge, it would more accurately be like
saying you didn't know your house had a garage at all!!
something like 95% of computer scientists agree that electronic voting
machines (op-scans and DREs) have an almost infinite number of
potential flaws or vulnerabilities, the Hursti hack shows, above all,
THE IMPORTANCE OF HAVING PAPER BALLOTS for an independent confirmation
of machine results. The beauty of paper ballots is that they are completely independent of any machine,
unlike the printer paper trail. Therefore, they provide a
true independent, manual audit of machine results. Paper ballots are
also the only electronic voting method that eliminates, almost
completely, any question about voter intent because the ballots are
voter-generated, filled in by the voter's own hand, thus eliminating
the need for a voter to confirm his/her choices on any printer-issued
receipt. Paper ballots are the only way to have a fail-safe
election with any electronic voting machine. You must have paper
ballots and you must manually audit (count) a portion or all of those
ballots in every election.
The ONLY evidence in the Hursti hack that could discredit his alteration of results were the paper ballots themselves.But
these ballots can only be useful if they are actually counted after
an election to check against the machine count. The Hursti hack shows
clearly that there must be an independent paper trail that can be
manually audited to confirm (or discredit) machine results.
The hack exposes a serious electronic voting flaw, but then,
ironically, re-instates optical scan as the only electronic voting method that provides truly independent, manual audit
A National Defense Issue
is another aspect of this hack that is of vital importance to our
nation. Harri and Dr. Thompson explained to me that there are 3 levels
of computer attack (and please remember that electronic voting systems are computers, whether they are networked or not).
One, called a "script kiddy," is the most primitive and can be copied
by a novice from an internet site and then be used to create a virus or
hack a computer or a computer system.
Two is more sophisticated and is the level at which most viruses,
worms, Trojan horses and hacks are conducted, often by "casual hackers"
who, for whatever reason, enjoy conducting "electronic break-ins" into
Three is called a "Nation-State" attack. A Nation-State attack is a
highly sophisticated, heavily funded electronic attack by a foreign
country, a foreign operative, a terrorist group, organized crime, or a
political group or operative within our own country. In other words, a
Nation-State attack could be mounted by any well-financed group that
would benefit from sympathetic candidates being placed in powerful
positions or by certain agenda(s) being implemented, or by any group
that wants to gain political or financial advantage or wreak havoc on
told me, and Dr. Thompson confirmed, that Harri's hack was Level One
(the first, primitive level), and could have been done by an 8th grader
with some basic information. They explained to me that the voting
machines in this country are so vulnerable that they cannot even
withstand a Level One attack, much less a Level Two or a Nation-State
country spends billions of dollars on national defense, and yet we have
a gaping hole in our national security through the widespread use of
completely vulnerable, electronic voting machines. Counting paper
ballots is not a step backwards. It is a vital component for the
security of our elections and our protection against a "bloodless coup"
or the overthrow of our government through our elections system.
It seems inconceivable, yet is all too possible, that such an
electronic attack could occur without detection, as did Harri's hack on the Leon County voting system.
paper audit trail is, as almost all computer scientists agree (except
for those who are the equivalent of tobacco company doctors who stated
for years that smoking was fine for your health), absolutely necessary
to preserve our democracy, and paper ballots are the fail-safe audit
trail (as long as those ballots are manually audited and are guarded
like the gold in Fort Knox).
is not something that can be delayed until next year or until the next
decade. Whatever investment has been made in DREs must be re-evaluated
in the same way we re-evaluated the exploding gas tanks of Ford
Pintos. Just as Ford knew, but never disclosed for years that people
were dying from the exploding tanks, the voting machine companies know
their machines are completely vulnerable. There is too much at stake
to trust machines that have been proven to be untrustworthy. We must have paper ballots, and we must have them now. To do less, with the knowledge we have, would be to sacrifice our
democracy for the sake of convenience. It is not important that our
elections be convenient, but it is vital that they be accurate, secure
and verifiable. Otherwise, why hold elections at all?
Sancho had the courage to test what should have been tested by our
federal government. He should be hailed as a national hero for exposing
a breach in our national security the size of the Grand Canyon. But no
quantity of such tests can find or expose the infinite number of
electronic flaws, malicious or otherwise, that are possible in these
systems. The day may come when these systems can be made secure, but
that day is not now nor is it in the forseeable future.
a time for courage, and for leadership. Our country's officials must
guard our freedom as they have been elected to do and choose auditable,
verifiable voting systems, based on paper ballots, that will defend our
nation from an all-too-possible "electronic Pearl Harbor."
Comment on This Article
You must login to leave comments...
Other Visitors Comments
You must login to see comments...