Re: How do you audit a GEMS machine?

From: Ed Kennedy <ekennedyx_at_yahoo_dot_com>
Date: Fri Jun 17 2005 - 23:27:49 CDT

Hello Dick:

I suspect it would be easier to rig the GEMS machine than you think. We've discussed on the list how a typical DRE can be easily subverted by having a time or event sequence dependent Trojan inserted into the software code. I don't see why a similar thing couldn't be done for a machine running GEMS. Based on Black Box Voting's description of the Acuvote scanner having memory cards with programs resident in the card memory, I think it would be even easier for some sort of vote shifting routine or just a trigger for a Trojan, be resident on the memory cards and picked up upon the necessary reading of the card by the GEMS machine. Upon the 'close out' of the voting aggregation the Trojan would erase itself leaving no trace. A check sum or other program modification check ran before and after the election process would not be likely to show up.

In my limited poll working experience, it not unusual for a polling place votes to not completely reconcile with ballot counts, scanner tapes and signature book counts. It is often only necessary for malware to just shift a few votes at each polling place to change an election outcome. Given the more or less inevitable level of errors in a process as complicated as an election, this sort of vote shifting could easily be nearly undetectable in the 'back ground noise' random errors of the election process and be very difficult to catch.

Call me discouraged.

-- 
Thanks, Edmund R. Kennedy
Always work for the common good.
10777 Bendigo Cove
San Diego, CA 92126-2510
USA
I blog now and then at: <http://ekennedyx.blogspot.com/>
Also, I've got a web site at <http://geocities.com/ekennedyx/>
  ----- Original Message ----- 
  From: Richard C. Johnson 
  To: Open Voting Consortium discussion list 
  Sent: Friday, June 17, 2005 12:10 PM
  Subject: Re: [OVC-discuss] How do you audit a GEMS machine?
  Ed,
  This is a tough one, but if you can run sample memory cards with known content through the GEMS machine to verify that the samples register properly, well, that is better than nothing.  Anybody who seriously wants to rig the election through the GEMS machine would have to alter it in a way not detectable by processing sample memory cards.  Still, this setup is an abomination--I thought California law prohibited such things.
  Best wishes for a clean election,
  -- Dick
  Ed Kennedy <ekennedyx@yahoo.com> wrote:
    Hello:
    Here in San Diego County we use Diebold GEMS machines to read the memory card from Diebold Acuvote scanners.  Generously assuming that the scanner cards generally reflect what went under the scan heads ,how would a Poll Watcher audit the aggregation of votes on a GEMS machine?  We've got a mayoral election coming up here in the City pretty soon so I'd appreciate some quick answers or at least pointers to where I might find this information.
    -- 
    Thanks, Edmund R. Kennedy
    Always work for the common good.
    10777 Bendigo Cove
    San Diego, CA 92126-2510
    USA
    I blog now and then at: <http://ekennedyx.blogspot.com/>
    Also, I've got a web site at <http://geocities.com/ekennedyx/>
    _______________________________________________
    OVC discuss mailing lists
    Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
------------------------------------------------------------------------------
  _______________________________________________
  OVC discuss mailing lists
  Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org

_______________________________________________
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Thu Jun 30 23:17:09 2005

This archive was generated by hypermail 2.1.8 : Thu Jun 30 2005 - 23:17:11 CDT