Saturday, August 21, 2010

Are they playing Pacman with your vote?

Alex Halderman's group managed to get hold of some old Sequoia AVC-Edge voting machines, and without needing to tamper with the tamper-evident seals reprogrammed them to play Pacman.

Sequoia AVC-Edge voting machines are DRE (that's Direct Recording Electronic -- not digital rectal examination, which is perhaps equally pleasant). This means that the only way they capture a vote is electronically: if something goes wrong with the machine, there is no independent evidence of how the voters wished to vote. (This is in contrast with optical scan voting technologies where the voter, for example, fills in a bubble sheet, which is scanned in for ease-of-counting, but which also provides an independent, auditable, debuggable record of the vote.)

Halderman writes,
"The original election software used the psOS+ embedded operating system. We reformatted the memory card to boot DOS instead. (Update: Yes, it can also run Linux.) Challenges included remembering how to write aconfig.sys file and getting software to run without logical block addressing or a math coprocessor. The entire process took three afternoons."
There are three significant points here:
  1. It doesn't appear to be terribly technologically difficult to reprogram the machine. I'm sure that having worked out the process in 3 afternoons, it would take them about half an hour to run the same reprogramming process on the next machine.
  2. It is possible to do this reprogramming in an undetectable way -- i.e. without messing with the tamper evident seals.
  3. Given that the machine is DRE, vote tampering cannot be independently detected or recovered from.
Voting machines are often left on their own in unsecured locations. A motivated attacker in a district that uses these machines could prepare a vote-stealing program in advance, access the machine briefly, and load the program. Without leaving any noticeable evidence. A forensic analysis of the machine would probably detect the program, but without any obvious tampering, who'd bother? And by then, the damage might already have been done -- forensics after election day would detect the possibility of tampering but would not get back what the votes should have been.

I just explained this to Sidharta in about 5 minutes. He totally got it. How come most of our electorate doesn't?

Posted by Dawn at 11:39 AM

Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)