Personally, I'm surprised that electronic voting wasn't run side by side with conventional voting. It would've doubled the time for the voter - but it seems the only way to compare results for accuracy. I think we'd agree that new voting machines should be as, or hopefully more bulletproof than the current machines. This doesn't seem to be the case. Here's an excerpt of a few of the internal problems (GEMS stands for Global Election Management Systems bought by Diebold)
· MS-Access allows unlimited tampering with the elections data.
· There's also an easy way to defeat the GEMS Admin password.
· The audit trail has been left wide open to the point of uselessness. Even if it wasn't, alterations that are done in Access never make it to the GEMS audit log anyways - the log items are CREATED by GEMS, not by Access.
· Therefore, the only reason you'd need to tamper with the GEMS password by copying the password from a new datafile is if you wanted to check your dirty deeds in the GEMS program. Somebody who knows GEMS inside and out will never have to do that - they only need alter the data in MS-Access.
· There's one other issue we didn't get into, as it's more complex than I wanted to do for this article: the actual vote data is duplicated internally, and GEMS makes requests to each of the two tables for different purposes. In accounting terms, it's a "double set of books" problem (which is a hallmark of fraud). Basically, if you ask for countywide totals, that's pulled out of one data file, while precinct-by-precinct data comes out of another - and GEMS never checks to see if the two match, or informs the GEMS console user that this is happening. But in Access, you can alter the vote tallies in the one GEMS uses for countywide queries and so long as you take away the same number of votes for one candidate as you give another (to keep the total number of votes correct), there's no way to tell. Here's the critical part: if you're an honest elections officer and you "smell a rat", the first thing you do is spot-check some precincts. And you'll get honest numbers. Only by printing out the totals from each individual precinct one at a time, adding them on a hand calculator and comparing to the countywide total would you realize there's a problem - and you still wouldn't understand why, because nowhere in the GEMS program or documentation (see also the GEMS user manuals in PDF form included) does it say there's "two sets of books". (SEE ALSO Bev Harris's report on the "scoop" site, first URL at the very beginning of this document for more info.)
Here are some of the external issues -
So why did Diebold set up the Alameda County GEMS computer with numbers that would make it compatible to share the general Alameda County network system!? Which in turn is connected to the Internet?
Granted, hacking into GEMS this way from the Internet (outside of the Alameda County "firewall") would be difficult. Not so difficult from inside mind you, like at the County Supervisor's offices.
Still, if the danger is from Diebold itself, while this sort of security flaw is intolerable, it's not that useful. By entering in through the modem pool wired right to the GEMS box, Diebold could hack every single customer county, on an automated basis.
from - http://www.equalccw.com/dieboldtestnotes.html
It appears this guy is going to hack as much of it as he can to prove his point. Good luck. I don't say that as sour grapes (although stories like this make me wonder - http://money.cnn.com/2004/08/30/technology/election_diebold/?cnn=yes) - but what's done is done. If these machines have security holes - I say ditch'em - no one should have a question in their mind about their vote being tallied correctly.
