Navigation
Topics
Log In
Log Out
:
Special Search
New Today
New This Week
Advanced Search
Tree View
Your Account
Edit Profile
Register
Forgot Password
Tools
Help/Instructions
Policies
...
|
| hursti hack / initial vote count prin... |
|
| Author |
Message |
    
taka khumbartha
Voting Rights Forum Participant
Username: Scar
Post Number: 1
Registered: 5-2011
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 29, 2011 - 6:57 pm: | 
|
i just saw 'hacking democracy' and i have a question about the hursti hack. presumably, the memory card that hursti had modified before the vote had a certain number of negative NO votes and a positive number of YES votes (i'm guessing -5/+5). why, then, when the optical scanner was first turned on, did the initial vote count for YES and NO both show 0 (zero)? thanks |
John Washburn
Voting Rights Forum Participant
Username: Johnwashburn
Post Number: 1
Registered: 6-2011
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Wednesday, June 1, 2011 - 10:30 pm: |
|
The Hursti hack is essentially two discrete hacks which reinforce each other.
The first is to use the cropscanner to write in offesting values which summ to zero. In the film it was the values +5 and -5. In a three way race: +6, -4, and -2 would work equally well.
The second hack was to get the zero report (Beginning of Day report) to lie and print zero regardless of the actual state of the memory contents holding vote totals.
When combined you get what you saw.
A lying piece of paper which conceals the corrupted initial state of the vote totals. Then, because the initial, corrupted vote totals sum to zero that initial corruption is overwritten by the normal operation of the voting machine. The well chosen initial corruption plus the normal operation offset so as to not affect the statistics:
1) Total Ballots cast
2) The sum of the votes cast within the race; i.e. the sum of the individual candidate totals.
From that point on every actor in the election chain can be as pure as the wind-driven snow and there is no outward sign that anything is amiss with the software-controlled tallying process.
I hope that helps. |
Mike LaBonte
Frequent Voting Rights Forum Participant
Username: Mike_labonte
Post Number: 607
Registered: 12-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, June 2, 2011 - 5:55 am: |
|
Aha, I have forgotten that part myself. All printing on those machines is done by programs on the memory card written in AccuBasic. The standard zero report program hopefully prints the contents of the actual tally registers. Hursti had replaced it with one that probably just printed "0" with no register lookups.
The reason Hursti made the sum of initial counts zero is so the total of votes plus blanks would match the ballot count. One fundamental machine design error was using signed integers for the counts. They should have used unsigned integers, which can not be negative. |
Charles Christopher
Frequent Voting Rights Forum Participant
Username: Ilikeinfo
Post Number: 286
Registered: 11-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, June 2, 2011 - 8:08 am: |
|
>One fundamental machine design error was using
>signed integers for the counts. They should have
>used unsigned integers, which can not be negative.
That can potentially lead to a different set of problems and issues. I'm not saying you are right or wrong, I'm just pointing out that this will not guarentee the results as you might think.
Remember, were talking fixed length registers so adding a very large "unsigned" number to a very small "unsigned" number, will result in a value identical to a subtraction do to the loss of the overflow bits. Just trying to give a simple example why variable typing solves nothing, espically if someone intends to do harm. 
There is always a pretty hard boundary condition at the start. Not checking for zeroes in the "bins" is unforgivable. Use of sums is an abstraction and thus intentionaly introduces ambiguity.
I get the desire for a simple user interface, but for all programming "initialization" is so important that one should tend to accept more complexity if predicatable results are truely the goal.
In other words, startup prints out a piece of paper that has has all critical variables listed and their values. That's compared to the expected values, and someone signs it and safes it away. This hack is in effect manipulation of that time honored and far more robust method.
In fact, this is why the laser printer sitting on many peoples desks this moment even have such features. Go into the menu and somewhere there will be a diagnostic or status printout. This is a very universal concept. That status printout of by your printed it exactly analogus to what I'm refering to for the startup on any software.
Problem definition *FIRST*, solution formulation *SECOND*.
The frog just needs to *SEE* the thermometer
Twenty-Five Ways To Suppress Truth
|
Bev Harris
Board Administrator
Username: Admin
Post Number: 11396
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, June 2, 2011 - 1:02 pm: |
|
Taka, welcome to Black Box Voting!
John, thank you so much for weighing in with your clear, concise explanation.
Mike, yes -- I confronted the certifier of the program asking why they would approve a program that enables entering negative numbers of votes. His answer was basically that since no one explicitly made negative votes against the rules, he didn't consider it a problem.
Charles, of course you are correct that eliminating the ability to enter negative votes would not solve the problem that computerized systems can always be altered by someone with inside access.
The problem with relying on systems which conceal the counting process from the public is that there are literally hundreds of workarounds to achieve a desired result, and there is no way to secure the system from its own administrator -- thus, the public has transferred its power of self-governance over to whatever government insider has access to the system.
Therefore, any really meaningful remedies need to restore public ability (and inalienable right) to see and verify the count, whether that is achieved by public hand count or by allowing the public to videotape or obtain a photocopies or scans of the ballots at the polling place. |
Mike LaBonte
Frequent Voting Rights Forum Participant
Username: Mike_labonte
Post Number: 608
Registered: 12-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, June 2, 2011 - 1:42 pm: |
|
Charles is probably right in that unsigned integers would not be more secure. If they used 16 bit unsigned integers the numeric range would be 0 to 65,535. But with common CPUs 65,535 is effectively -1 anyway, because if you add 1 to it you get 0.
It is interesting that AccuVote was certified even though it uses an interpreter and interpreted programs are stored on the cards. The rationale was that AccuBasic has no command to change values, it could only read values. Yet it prints the tape that in many jurisdictions is the only reporting of election results, and it can print anything it wants. The only read-only limitation only protects jurisdictions that read the cards electronically. |
Charles Christopher
Frequent Voting Rights Forum Participant
Username: Ilikeinfo
Post Number: 288
Registered: 11-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, June 2, 2011 - 5:13 pm: |
|
Even single chip $3 microcontrollers are up to 40 bits, bit I think you can safely assume 32 bits for most things these days. Some of those micros do floating point as well, and full 80 bit IEEE implementation.
It's all meaningless, the big CPU's and the "small" micros have blured these days.
But never take the bait that there is a way out of this issue. As Bev says, it's all about concealment.
Another little tidbit few people would ever notice. Floating point registers can have "impossible" values. That is during a calculation these values will not occur. If you initialize a register with one of these invalid values it might show as zero. If you perform a calculation with one of these values the result may be very different than you expect, and may way change with any revisions of the MPU/CPU.
Here is a link that might be of interest:
http://www.lahey.com/float.htm
If I don't want you to catch "me" you will not, or at least not be able to ever prove "my" intention. One single well place "typo", or coding "bug", and it's all over.
"His answer was basically that since no one explicitly made negative votes against the rules, he didn't consider it a problem."
If that person was a recent college grad, I believe they'd say that, and that is why they were assinged the project. If the person has reasonable level of experiance I'm calling BS.
They are called "derived requirements" for a reason:
www.aosd-europe.net/adi07/papers/baron_adi07.pdf
Problem definition *FIRST*, solution formulation *SECOND*.
The frog just needs to *SEE* the thermometer
Twenty-Five Ways To Suppress Truth
|
|
|
