Case Study: It Takes Just Seven Seconds To Steal An Election

Electronic voting machines - how risky is "too" risky?

When electronic voting machines first rolled out, many people were skeptical.  To be sure, some of that was the result of fear regarding the “new,” but not all of it was.  Some was the direct result of understanding that anything electronic could be tampered with and it turn out to be extremely difficult to prove anything happened.

Over and over again, voters were told that there was nothing to fear.  We were told the machines were secure and that we could trust the process.

Now, we have proof that it’s not as secure as we might like to think.

From Politico:

When Princeton professor Andrew Appel decided to hack into a voting machine, he didn’t try to mimic the Russian attackers who hacked into the Democratic National Committee’s database last month. He didn’t write malicious code, or linger near a polling place where the machines can go unguarded for days.  Instead, he bought one online.
[…]

In early January 2007, the county of Buncombe in North Carolina advertised for sale on the Internet auction site govdeals.com several Sequoia AVC Advantage voting machines. There were 136 machines sold, in lots of 10 machines, 4 machines, and 5 machines, for a total of 18 lots.

The auction site GovDeals.com is, apparently, meant for federal, state, and local governments to sell surplus equipment. Any person can qualify to bid on and purchase equipment through this site.

[…] “Registering to bid at GovDeals.com is just like registering to bid on e-bay–no questions asked except name, address, e-mail, and telephone number. The government had no information about me or my motives in obtaining the voting machines at any time before or after the auction and delivery of the voting machines to me. I paid for the machines by cashier’s check. I had these machines shipped to me in Princeton by commercial carrier.

With a few cursory clicks of a mouse, Appel parted with $82 and became the owner of an ungainly metallic giant called the Sequoia AVC Advantageappel -avc2, one of the oldest and vulnerable, electronic voting machines in the United States (among other places it’s deployed in Louisiana, New Jersey, Virginia and Pennsylvania).

“On February 3, 2007 I examined the machines. The machines arrived in operating order. The machines, originally sold to Buncombe County in 1997 for $5200 each, appear to be almost identical to machines used in Mercer County, New Jersey, where I vote.

To get to the motherboard of the machine, I just opened the back door with the key (that came with the machine) and unscrewed 10 screws that hold in place a sheet-metal panel. Although I used a key to open the lock, the lock itself is a fairly simple one: I watched a Princeton University student pick the lock of my machine in about 7 seconds. Then, I was surprised at how simple it was for me to access the ROM memory chips containing the firmware that controls the vote-counting. Contrary to Sequoia’s assertions in their promotional literature, there were no security seals protecting the ROMs. Indeed, I found that certain information in the “AVC Advantage Security Overview” (from Sequoia Voting Systems, Inc., 2004) was untrue with respect to my machine.

This manufacturer’s document states:

“The vote counting instructions in each voting machine are written into integrated circuit chips during the manufacturing process. These chips are incorporated into each machine’s circuit boards. Access to the machine should be limited by administrative procedures and is also limited by the physical design of the machines. Design features include door locks and a numbered seal on the CPU cover.”

I found this to be incorrect, with respect to the machines delivered to me. I did not have to remove any seals, whether of tape, plastic, or wire. The sheet-metal panel covering the computer circuit board is the only component I found that could possibly be described as a “CPU cover”, and it had no numbered seal. (If there ever was a numbered seal holding the CPU cover down, then Buncombe County’s technicians would have to remove it and replace it every time they change the four AA batteries on the motherboard!)

The AVC Advantage (voting machine) can be easily manipulated to throw an election because the chips which control the vote-counting are not soldered on to the circuit board of the DRE. This means the vote-counting firmware can be removed and replace with fraudulent firmware.”

Are you picking up on this? You can thank us later…assuming you can still sleep at night.

Professor Appel sums it up like this:

Like the purchasers of all the other lots sold by Buncombe County, I am now at leisure to examine the contents of the firmware on the ROM chips, and to modify it. If I had the inclination to cheat in an election (which I do not) I could prepare a modified version of the firmware that subtly alters votes as the votes are cast, with no indication of the alteration made visible to the voter. I would write this modified firmware onto new ROM chips. Then, if I had access to one of New Jersey’s voting machines (for example, in an elementary school or firehouse where it is left unattended the night before an election), I could open the door of the machine, unscrew 10 screws, replace the legitimate ROM chips with my own fraudulent ones, reinstall the cover panel with its 10 screws, and close the door of the machine.

Technology is great.  Eventually, the voting process was going to have to be switched from paper ballots — which have their own voting issues as we saw in 2000 — to something else.  Electronic voting was the logical choice.

However, the companies that have developed many of these voting machines clearly haven’t taken seriously the integrity of the machines, and expending very little effort in keeping our elections fair and honest..  Pick a lock, pop out unsoldered chips as easily as a cell phone battery, replace with your own.  Mere seconds of work, and it could theoretically be enough right there to upset the entire electoral process.

Realistically, it would take more than one machine, but it wouldn’t take as many as some might think.  A handful of swing state districts in a close race could change the entire outcome of a national election.  Think of how close the Bush/Gore election actually was.  Now imagine someone having the means and desire to sway it like this.

Here’s a scrollable PDF of  Appel’s affidavit (describing his purchase of these machines) for the Superior Court of New Jersey in the New Jersey Voting Machines Lawsuit.


Photo Credit:  Lorelyn Medina/123rf
Photo Credit: Princeton.edu (Alex Halderman)
Photo Credit: Ion Chiosea/123rf
Share:
Share on FacebookPin on PinterestTweet about this on TwitterShare on LinkedInShare on Google+Share on RedditDigg this
In this article

Join the Conversation

Join the Conversation

1 comment

  1. Crooked Hillary Reply

    ‘When Princeton professor Andrew Appel decided to hack into a voting machine, he didn’t try to mimic the Russian attackers who hacked into the Democratic National Committee’s database last month.’

    Has this been proven or is it still just more Democrat propaganda/lies? Julian Assange pretty clearly insinuated that recently-murdered DNC operative Seth Rich was the source.

No widget found with that id