Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Politics : The Obama - Clinton Disaster -- Ignore unavailable to you. Want to Upgrade?

To: PROLIFE who wrote (9778)	3/23/2009 11:18:18 AM
From: DuckTapeSunroof	Respond to of 103300

Kentucky e-voting fraud manipulated voters, not machines Six people have been indicted in a Kentucky scandal that involves rigging an election by manipulating vote totals in electronic voting machines. But the folks allegedly behind the scam relied not on high-tech hacking skills, but on old-fashioned southern charm. By Jon Stokes \| Last updated March 22, 2009 3:57 PM CT arstechnica.com This past Friday brought news of a handful of indictments of elections officials in Kentucky who are alleged to have rigged elections in 2002, 2004, and 2006 by changing votes in electronic voting machines. The group of five officials (plus one non-official) is charged with a list of crimes including manipulating the vote totals in electronic voting machines, certifying elections that they knew to be rigged, and arranging for votes to be sold. Remarkably, the vote manipulation technique here was essentially an exploit of a simple UI design flaw, and involved no computer skills at all on the part of the alleged perpetrators. Most of the charges outlined in the indictment [PDF] are for old-school, non-electronic crimes like racketeering, extortion, mail fraud, and so on. But even the e-voting part, believe it or not, was incredibly low-tech and didn't involve any of the well-known exploits documented for the ES&S iVotronic machines that were used. Voting on the electronic machines used in the fraud involves a few basic steps: 1. Go through and pick your candidates using the touchscreen 2. Press the "Vote" button that appears on the touchscreen 3. Review the slate of candidate selections one final time on a special review screen to make sure that you don't want to change any thing. (If you do, you can go back from here). 4. Actually cast your vote by pressing the "Cast ballot" button. Pages 15 and 16 of the indictment describe how the vote stealing was carried out; here's how it worked: Two of the folks involved allegedly told voters that pressing the "Vote" button would actually cast their ballot, so that they would leave the booth right after pressing it and with their ballot still uncast. So when voters left the booth after pressing "Vote," these two guys would go into the booth behind them and change their votes before casting the final, now altered ballot. Clearly, no audit—mandatory or otherwise—would've caught this fraud, because it relied on the best and most reliable tool in the hacker's arsenal: good, old-fashioned "social engineering." This entire incident says less about the perils of e-voting than it does about human nature, but this isn't to say that the e-voting vendor is entirely off the hook. Better documentation for the public and better UI design would've probably thwarted this particular fraud, but then again, the fraudsters might well have figured out another low-tech trick for stealing votes. If the folks actually running the process are determined to be corrupt, there isn't much you can do. Among the six people indicted were a circuit court judge, two elections officers, and a county clerk. The conspiracy was apparently bipartisan, and looks to have been aimed more at increasing the personal fortunes of the co-conspirators by placing them in local positions of influence than at enhancing any one national party's standing. Further reading * The Kentucky local paper has an article on the charges. * The BradBlog was on the story first.