Voter Fraud on ES&S, it happened

Some of you may know, or not, that I have reviewed voting machines for the state of Ohio. I was a part of the EVERSET project, and our goal was to evaluate the voting machine vendors for Ohio, and in particular, the team I was a member of reviewed ES&S (the largest vendor in the US). You can read our report, but I can summarize, there were many problems. Scariest of all, was a systemic risk of viral propagation between election cycles, either beginning at a polling station by an individual voter or by an insider at a precinct. We also found problems as simple as a screen recalibration attack, where the touch screen doesn't allow a voter to select candidates in a region of the screen.

We could never be sure that the attacks listed, or for that matter any attacks, have been perpetrated in the wild, but now, an indictment has been filed in Kentucky about voter fraud occurring in elections dating back to 2002. Specifically, these elections used ES&S voting machines. The alleged conspiracy included many actors, but what interests me the most, was how they perpetuated their fraud.

The iVotronic, the DRE machine produced by ES&S, has a big red "Vote" button. Normally, the button does as it says, casts a ballot. However, there is another mode of operation where a voter selects their candidates and presses "Vote" which navigates to a review ballot screen where votes can be changed. After reviewing the votes, the voter presses "Vote" once more (or an on screen indicator) to actually cast the ballot. Seems simple enough, but slightly counter intuitive.

Well, the defendants allegedly abused this system by lying to voters about what happens after they hit the "Vote" button for the first time. They told them that it actually cast their ballot, when in fact, they were in the review sceen. The voter would then leave the voting booth with the review screen displayed, and an attacker would enter the voting booth and 'correct' the vote to the candidate of their choice.

From the indictment:

Obiect of the Conspiracv
2. The object of the conspiracy was to deprive the aforesaid qualified voters of their federally secured right to vote and to have their votes given full force and effect, by misleading them regarding the operation of a voting machine and then changing the votes that they selected, in order to secure the election of the candidates supported by the Defendants and their co-conspirators.
Manner and Means of the Conspiracy
3 . It was part of the conspiracy that the Defendants and their co-conspirators agreed to take advantage of voter unfamiliarity with new voting machines by misleading voters as to the mechanics of casting their votes once they were selected.
4. It was part of the conspiracy that WW serve as the Democrat election judge in the Manchester Precinct. It was further part of the conspiracy that CW serve as the Republican election judge in the Manchester Precinct. Both WW and CW were instructed by Defendants Freddy W. Thompson and Charles Wayne Jones to tell voters that when they had pushed a button labeled “Vote” that their votes had been cast, when, in fact, that function merely provided a review screen of the voter’s selections in each race, and that the further step of pushing the “Cast Ballot” button was required. This review screen gave the voter the opportunity to change any candidate selections prior to casting the ballot.
5. It was part of the conspiracy that when the misled voters left the voting booth after pushing the “Vote” button, WW and/or CW entered the booth, changed their votes to candidates selected in part by Defendant Russell Cletus Maricle and cast the ballot by pushing the “Cast Ballot” button.

That is quite an elaborate scheme. These dopes also allegedly intended to buy votes and also infiltrate precinct election headquarters, for each party.

8. It was part of the conspiracy that the Defendants discussed and agreed to buy votes also during the early voting of absentee voters in favor of “the slate.” This plan involved having Defendants William E. Stivers, William B. Morris, and Debra L. Morris pay absentee voters for their vote and then sending them to Defendant Charles Wayne Jones who was acting as operator of the voting machine at the Clay County Clerk’s Office. Voters who sold their votes were given a mark or otherwise told to signal to the Defendant Charles Wayne Jones by Defendants William E. Stivers, William B. Morris, or Debra L. Morris and, based upon the mark andior signal, Defendant Charles Wayne Jones would cast their vote for “the slate.”
9. It was part of the conspiracy that the Defendants discussed and agreed that in order to implement the method of corrupting the voting process described above, it would be necessary to cause to be appointed as precinct workers for both major parties persons who were in the conspiracy. It was further necessary that their assignment to respective precincts be coordinated so that no one outside the conspiracy would be in place to observe their actions.

I am glad they caught them. Now I hope they are found guilty.

But on a meta-level, I find this conspiracy particularly interesting. For starters, they did not take technical advantage of the defaults in the voting software. Instead they abused the GUI. The review screen is a good thing, a voter should be able to change their vote before final cast, but this simple extra step inspires the attack. It required no technical skills at all.
Instead, they lied about what the review screen meant. In effect, they were able execute an attack that we described technically, where you hijack the voting machine to display correct voter intent, but change the recording internally or on the paper printout. I actually like their attack better, it is clever, but it does rely on the naivety of the voter.

Which brings me to another point, there needs to be better education for the voter (nation wide) on exactly how these machine function and exactly at which point ballots are cast. When using paper ballots: it is obvious. The ballot get stuffed into the box. When using DRE machines: it much less obvious. Educational instruction, outside the polling station, would have mitigated this attack. Unfortunately the education occurred in the polling station, and it was misinformation.

The second part of the attack was buying votes. One problem with buying votes, is that it is hard to verify that the voter voted the way an attacker intends. This problem persists mainly in the polling station. One could, for example, require the voter to mark a paper ballot a specific way, but in terms of direct recording, that is impossible. More so, it would be very difficult to go find the ballots that you purchased amongst the many legitimate ballots, and then, that process may arouse suspicion. At that point, is it really worth it?

They took a different approach, going after absentee voters. Unlike polling station voting, absentee ballots are filled out at home, and can be viewed during the marking. They can also then be handed over to the attacker once complete, and the attacker knows that their money has been well spent. The only thing left for the attacker to do is mail the ballot off.

Even more impressive, by stuffing the absentee voter box, rather then the polling station box, the attackers created a backup plan of sorts and hedged their bets. If their attack in the polling station was unsuccessful and the vote total was close, only then would the absentee ballots be counted, which they purchased. More frightening, it is hard to catch vote buying of absentee ballots because they are so rarely counted to begin with. Who knows, this kind of attack could have pre-dated voting machines entirely.

This indictment is one of the most revealing voting scams I have seen. The defendants took full advantage of the deficiency of the system, and worse, they worked from the inside. It must have been very effective. Now that we know how they did it, how do we assure fair elections in the future? I really don't know because that question is too damn hard. One thing that needs to happen is a comprehensive education for the voters about the technology they are using so that they are not deceived, but even that is really hard. For starters, this attack took advantage of a lesser used mode of the voting machine. Also, how do you know they just won't be lied to again? In terms of mitigating the purchase of absentee votes, that is even harder to stop because, by definition, there is no way to properly supervise the casting of the ballot or who casts the ballot (putting it in the mail).

So what's the moral of this story. Voting is a hard thing to get right. No matter what, their will always be ass-holes who game the system. The goal should be to stop them, but perhaps it is inevitable that fraud will occur. Focus should shift away from hacking fraud, and return to normal ol' fraud because this was a classic voter fraud scheme. Not to suggest that technical attacks will nott or have not happened, but rather, that is not the whole picture. To really fix things, every factor must be reviewed, and even then, I don't think we will get it absolutely right.

Roku, now with Amazon Video ... Who asked for that?

Over the last weekend, my Roku updated with new features. I now have access to Amazon Video on Demand. Cool, I thought, but once I started learning the details, I was much less enthused. I have been a Netflix customer for about 3 years, and the streaming videos are nice (even if I have seen most of the films) and convenient. Pair it with the Roku, and you are now cooking. Now I have the Amazon video option, which is pay as you go for either rentals or purchases, but Amazon has broken their services with DRM.

If you rent with Amazon, then you have 24 hours after the purchase until the video goes away. Your spending 2-4 dollars and you don't get more then a one night rental. This will not compete with Netflix in anyway, except for the films offered on Amazon that are not on Netflix. There are overlaps. Some films are free (with subscription) on Netflix which you have to pay 3 dollars for a 24 hour viewing on Amazon. It must be trying to compete with cable on-demand services, but they don't even come close to the new-release selection provided by Comcast.

I may be willing to rent a film from Amazon, but it is unlikely. Amazon also has purchase options, but it is riddled with DRM. You can watch the film on the Roku any number of times or online at Amazon, but you only get 2 downloads of the film and then only on a Windows machine only playable on the same Windows machine. I could understand this if the price was less then if I purchased the DVD, but it is not. Why would I pay the same price for an inferior product? What happens if Amzon's video service fails? Well, then I loose my purchases (check the terms of service) because of the stupid DRM.

I am even more surprised by the DRM choice because Amazon has been a warrior against DRM in music downloads. The choice to not use DRM is what made Amazon's music store such a success, and it basically forced other services (looking at you iTunes) to remove their DRM to keep competing. So, why would they backtrack? I don't know, but it is not a successful business model.

All I can say is that Amzon Video is not a winner, and until they re-prioritize their service, they have lost a potential customer. Fix your service!