Computer ballot outfit perverts Senate race, theorist says

And the winner is....our CEO!

  • alert
  • submit to reddit

5 things you didn’t know about cloud backup

Updated Imagine the perversion of democracy that could occur if an officer of a company that makes computerized vote tabulators and touch-screen balloting gear were to run for the Senate in a state where his machinery is used. Surely, the potential for a sneaky, electronic form of ballot stuffing would be considerable.

Let's consider US Senator Charles Hagel (Republican, Nebraska), who once served as Chairman of McCarthy Group Inc., a company which owns, you guessed it, Election Systems & Software (ES&S), an outfit that makes roughly half the voting machines in the United States, including those used in Nebraska where the company is conveniently headquartered.

Current McCarthy Group Chairman Michael McCarthy is Hagel's campaign treasurer, or was as recently as December 2002, according to a story from The Hill. "Hagel currently owns a stake in ES&S, and previously served as chairman when it was named AIS until March of 1995," the story says.

The report is concerned with Hagel's possible influence in Congress to mandate just the sort of kit that he and his partners have been selling for years:

"Hagel's unrecorded stake in the voting systems company poses an apparent conflict of interest on election reform issues. Three companies, including ES&S, stand to make large profits from election reform legislation enacted last year by Congress. Many precincts around the country are expected to upgrade to optical scan and touch-screen voting machines as a result of recently enacted election reform. 'There's the potential for a real gold rush for federal voting equipment manufacturers,' said Doug Chapin, director of Electionline.org, a clearing house of news on election reform sponsored by the Pew Charitable Trusts."

The super scary part

While the Hill article is concerned with Hagel's possible failure to report his financial interest in a company that stands to gain from his legislative activities -- which in itself is bad enough -- we shouldn't be surprised to hear from others who've spotted the Trilateral Commission's fingerprints all over this bit of monkey business.

Indeed, Hagel did exceptionally well in his Senate race -- far better than anyone had anticipated, especially his opponent

Enter one Bev Harris, Bev is the co-owner of Talion, a do-it-yourself public relations company for low-budget go-getters. Bev is "a CEO with 20 years experience in corporate marketing, publishing and management," her bio explains.

She is convinced that Hagel stole the Nebraska Senate election through some manner of digital chicanery, and even has a book coming out to prove it. The book, "Black Box Voting: Ballot-Tampering in the 21st Century" has its own promotional Web site, throughout which Bev has sprinkled tantalizing nuggets of pseudo-evidence.

The site is chock full of juicy quotes from people no one's ever heard of, along with an interlarding of legitimate news that support her thesis only if one first accepts the postulates and innuendo she's trading in.

For example, the Hill story about Hagel's reluctance to report his interest in ES&S supports her implication that he used his influence over the company to doctor the election results, but it does this only so long as we already believe that he used his influence over the company to doctor the election results. Otherwise it's a garden-variety conflict-of-interest story about a guy who might be in a position to push legislation handy for his bottom line.

Another of Bev's scoops involves Diebold Election Systems, which seems to have two very serious problems. The first is -- well, let Bev tell it:

"'Technology transfer for updates!' This is among the benefits in the Diebold PowerPoint sales presentation given to the State of Georgia. Easy updating -- too easy, apparently."

OK, so what does that mean? I wasn't able to find this PowerPoint presentation on Bev's site, but it sounds like Diebold is offering to transfer technology, like source code, say, to loyal customers. Bev makes it sound like some kind of absurdly insecure automatic update feature, so as to link it to her next revelation.

And that revelation is that Diebold had been maintaining an insecure FTP server which permitted anonymous logins. On this server were important files for company personnel and perhaps partners to play with.

"The AccuVote files, however, were freely shared and sometimes snagged from the FTP and e-mailed to election workers and technicians. Files on the FTP site included hardware and software specifications, election results files, the vote-counting program itself, and "replacement files" for Diebold's GEMS vote-counting system and for the Windows software underlying the system. In fact, anyone with a modem could have hunkered over a computer to download, upload or slightly change and overwrite the files on Diebold's FTP site," she says.

That's a major security stuff-up by anyone's reckoning; but there's no evidence that the files were slated for use in a production system or that they would have escaped the company's verification efforts if they were to be so used. But in Bev's fertile imagination and knack for inuendo the two problems merge subtly into one, and she raises concern that the presumed auto-update feature and this lousy FTP server are somehow going to converge to ruin election results.

The implication is that users are going to be FTP-ing in for hacked files thinking they're getting an update. Only there's no evidence that an auto-update feature exists. There's only Bev's suggestion that a reference to "technology transfers" on a slide show that we can't find means that one does exist.

"If you want to tamper with election results, you either want to change the program or change the data file. That is why the program files, which control how the votes are tabulated, and the data files, which contain the actual vote count, should not be available for swapping back and forth like recipes on a cookbook site," she warns.

Admittedly, she raises good questions about the wisdom of computerized ballot counting and vote casting. A lot can go wrong, surely. It's just that good questions and solid evidence are two entirely different things. In the end, all we have here is an ambitious PR bunny with a book to plug telling us that if you first accept her postulates without skepticism, her evidence becomes rock solid.

It works for her. How does it work for you? ®

Black Box Voting Author replies
Bev Harris takes issue with the above article

Related Link

A rather balanced assessment of the risks in e-voting

Secure remote control for conventional and virtual desktops

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
JLaw, Kate Upton EXPOSED in celeb nude pics hack
100 women victimised as Apple iCloud accounts reportedly popped
Rubbish WPS config sees WiFi router keys popped in seconds
Another day, another way in to your home router
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
prev story


Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.