Programmer Built Vote-Rigging Demo for Florida Politician

Syre writes "therawstory reports that a programmer named Clinton Curtis says in a sworn affidavit (mirror) that he developed prototype vote-rigging software at the request of then-Florida state representative Tom Feeney. The affidavit has been turned over to the House Judiciary Committee, of which Feeney is now a member. Should we call for inspection and disassembly of all the voting machine code to see if it contains any of these secret vote tampering functions he was asked to include in his prototype?" A follow-up interview is available. A point to emphasize: he's not making any claims of actual fraud occurring in the Florida elections.

Hmmm

Goverments have been overthrown for less than this.

Bev Harris comments

See comments from Bev Harris of BlackBoxVoting on this here:
http://blackboxvoting.org/#feeny [blackboxvoting.org]
and why this may be disinformation here:
http://onlinejournal.com/Special_Reports/120604Mad sen/120604madsen.html [onlinejournal.com]

Don't get your panties in a twist too fast

Legitimate things like this go on all the time. It is commonly referred to as "white hat" hacking, as we all know. That may not be the case here, but it sounds more to me like the programmer is disappointed with election results and wants to pretend he's a whistleblower.

Re:Don't get your panties in a twist too fast

it sounds more to me like the programmer is disappointed with election results and wants to pretend he's a whistleblower

Yes, but he's sworn under affidavit. I say we put an end to this quickly by disassembling the code to see if it's true. If it is true then this is something every American should be concerned with -- Republican, Democrat, Libertarian, Green, or Anarchist.

Re:Don't get your panties in a twist too fast

Yes, but what has he sworn under affidavit? That he built a prototype? That he built a prototype, and the guy who asked him to intended to use it? Or that he built a prototype and it was used in the election?

If the politician in question wanted a prototype built to show how easily it could be done - to show how insecure electronic voting machines are - doesn't that make him one of the good guys?

The key point in this story isn't that vote tampering happened (if vote tampering actually did happen, I will retract this statement!), but rather that any politician can buy a custom vote-tampering package for the next election. Now how good do all those promises of E-voting security look?

Re:Don't get your panties in a twist too fast

Yes, but what has he sworn under affidavit? That he built a prototype? That he built a prototype, and the guy who asked him to intended to use it? Or that he built a prototype and it was used in the election?

From the affidavit (bolding theirs):

She immediately stated, "

You don't understand, in order to get the contract we have to hide the manipulation in the source code. This program is needed to control the vote in South Florida." I was shocked that they were actually trying to steal the election and told her that neither I nor anyone else could produce such a program. She stated that she would hand in what I had produced to Feeney and left the room with the software.

Of course, why you'd tell someone what you intend to do is beyond me. No one seems to come off very classy in this business. You'd also figure that if they were that free with their information, surely there'd be more people around to corroborate this guys story if it's true.

Re:It's completely possible

"You don't understand, in order to get the contract we have to hide the manipulation in the source code. This program is needed to control the vote in South Florida." I was shocked that they were actually trying to steal the election and told her that neither I nor anyone else could produce such a program.

Guess the programmer never heard of Perl, eh?

Heh. Actually, a more interesting way to hide the malicious code would be to do as Ken Thompson did with Unix [ic.ac.uk].

Ken Thompson's 1983 Turing Award lecture to the ACM revealed the existence of a back door in early Unix versions that may have qualified as the most fiendishly clever security hack of all time. The C compiler contained code that would recognise when the "login" command was being recompiled and insert some code recognizing a password chosen by Thompson, giving him entry to the system whether or not an account had been created for him.

Normally such a back door could be removed by removing it from the source code for the compiler and recompiling the compiler. But to recompile the compiler, you have to use the compiler - so Thompson also arranged that the compiler would recognise when it was compiling a version of itself, and insert into the recompiled compiler the code to insert into the recompiled "login" the code to allow Thompson entry - and, of course, the code to recognise itself and do the whole thing again the next time around! And having done this once, he was then able to recompile the compiler from the original sources; the hack perpetuated itself invisibly, leaving the back door in place and active but with no trace in the sources.

The talk that revealed this truly moby hack was published as ["Reflections on Trusting Trust", "Communications of the ACM 27", 8 (August 1984), pp. 761--763].

By hiding the hack in the compiler binary, and having it recognize when it's compiling the target program and when it's compiling a new version of the compiler binary, there is no way that source code analysis could detect the malicious code. All code for running elections should be decompiled and examined -- and individual voting machine binaries should be audited to make sure that they are the same as the analyzed binaries. There is absolutely no excuse for not requiring this kind of check by all civil agencies that operate elections.

Cheers,
Craig

Example:

I think I remember an episode of MacGyver where he overthrew a violent dictator with a rubber band, 2 bottle caps, and some navel lint.

Beat that.

Re:Hmmm

"Only in countries where the populace still has some balls. The Ukraine is a current example."

I come from Ukraine. You not say Ukraine weak. Ukraine is game to you?! How bout I take your little board and SMASH IT!!!

Re:Hmmm

Give it up and realize you are dealing with a mentality that is utterly, absolutley, 100% convinced that their ideology is The One Truth(TM) and because of this, there can be only two reasons they didn't win:

1- A majority of people are too stupid to comprehend The One Truth(TM).

2- The Forces of Evil® (also know by their common name: Republicans©) who wish to destroy The One Truth(TM) formed a giant, secret conspiracy and overthrew the will of the people.

Wow!

Voting fraud... If Florida??!! What is this world coming to?

Something's Fishy

Something about this story bothers me. If Curtis has been involved in a long running dispute with Feeney ranging back to 2002, why would Feeney have anything to do with him? I mean, this would not be the first example of foolishness in politics, but it would certainly be the dumbest.

Perhaps Feeney was trying to set Curtis up?

M

Up Up Down Down Left Right Left Right B A Start

Presto, the Republican wins!

Oh, come on!

This isn't just a dupe of a previous story... it's not just a dupe of the top story... it's a dup of an incredibly outrageous story [slashdot.org] that makes the radical right's Clinton Suicide scandals look almost sane.

My opinion, for what it's worth, is that the right-wingers are astroturfing the 'net with outrageous vote-rigging stories. This helps ensure that the real story of the Green/Libertarian recount in Ohio [votecobb.org] won't be taken seriously. Karl Rove is probably laughing his butt off.

Obviously...

this is hardly journalism. www.therawstory.com is obviously a left wing biased publication and I would not trust it further than I would Rush Limbaugh's website. However, there needs to be a full investigation. I would like to see a little more than one person's testimony befor curcifying this guy. If the request for developing this software took place in a meeting, who else was there and what do they have to say about this?

Re:Obviously...

They're not required to validate the allegations.

Simply reporting that allegations exist and specifying that some of these allegations are in an affidavidit is responsible journalism. That there are allegations is a point of fact. When a tornado hits a trailer park, journalists are not required to look for a second opinion or go into background as to why that trailer park seems to attract tornadoes.

Let's do this rationally and carefully

This is an extraordinary claim. Extraordinary claims require extraordinary proof. Who is Clint Curtis? What is his background? Criminal history? Most importantly, what evidence does he bring to the table? Is it his word against someone else's?

Can he produce call logs? Appointment books? Witnesses? Tapes or memos? Can he demonstrate an extraordinary knowledge of voting systems in the state of Florida?

There is a troubling taint of money on this: a "$200,000 award being offered by the nonprofit group Justice through Music for proof of voting fraud..." He is claiming he doesn't want the reward; money may have nothing to do with it. But we may have a grifter going after a score, directly or indirectly, by telling people what they want to hear. I am not saying either one: we simply don't know until more facts come out.

I fully believe we have arrived at a stage in american politics where a politician (yes, sure, a Republican politician) would tamper with an election. There is already plenty of documented funny business. I'm speaking of the felon purging in FL, stop-and-search roadblocks in OH, for instance.

Let's not forget the real moral of this story, illustrated by one thing Clint says certainly rings true regardless of the rest of his claims:

"I can't believe the Democrats were stupid enough to allow [this]," he says. "I can't imagine anyone going to a bank and not getting a receipt. But yet we have our voting machines that way. It strikes me as really odd that machines like that could even exist."

Blackboxvoting.org doubts story

Blackboxvoting.org has a story [blackboxvoting.org] regarding why this story sounds like disinformation.

A busy guy

he developed prototype vote-rigging software at the request of then-Florida state representative Tom Feeney.

And did he do this before, or after, he typed up the Bush National Guard memos?

From BlackBoxVoting.org

Why the Feeney vote-rigging story sounds like disinformation

ABOUT DISINFORMATION: Like a good lie, it has elements of truth. Trouble is, the truth doesn't relate to the nuts and bolts of the story. For example in the Tom Feeney vote-manipulation story, people are documenting relationships between Tom Feeney and Yang, and between the writer of the story and other scandals, but so far the evidence presented does not back up the vote manipulation story itself.

DISINFORMATION IS DANGEROUS TO THE CLEAN VOTING MOVEMENT: Black Box Voting is finding real evidence consistent with fraud. We are even finding, in one of our investigations, evidence consistent with a systemic, or widespread breakdown in security, possibly exploited. Getting the facts is tedious, unexciting work, consisting of auditing and personal interviews, and it takes time. Many Americans want a magic bullet, a single shot that will blow the lid off everything at once.

That's risky. If the mainstream media continues to be bombarded with stories that sound credible, but aren't, when the real thing comes down the pike it will be ignored.

While MSNBC's Keith Olbermann and I had a run-in last week, I agree absolutely with Olbermann's earlier critique of the Madsen homeland security story, and this new Madsen story is just as weak. Most of both Madsen stories are bait and switch.

While real journalists "write tight" and include only the information directly relevant to the topic, Madsen wanders all over the place, recapping unrelated information from real news agencies, piggybacking onto their credibility, with only the most tenuous ties to what he is actually trying to prove. Analyze the meat of the story, taking out all the loose references to other stories, and Madsen's work gets very weak indeed.

Here are questions raised by the Feeney vote-manipulation story:

1. One of the most significant problems is that, while Clint Curtis describes a technique of writing a program, he never mentions HOW he supposedly got this program into the voting machines.

2. A second significant problem is that several of the Florida counties used different software in 2000 than they do now, and that various Florida counties use different manufacturers and different systems. Writing one program that would tamper with ES&S punch cards and Diebold optical scans at the same time is somewhat unrealistic. The questions this raises are these:

a. Which specific counties was this software supposedly used in for 2000, 2002 and 2004? Actually, from reading both the affidavit and the Madsen article, there is no evidence it was used anywhere.
- Madsen does a bait and switch when he discusses Volusia County. He starts by saying it is Feeney's district, and then actually goes on to report a story broken by Black Box Voting in October, 2003, about minus 16,022 votes for Bush in Volusia -- which appears to have nothing to do with the Feeney story. What systems was his vote rigging program for? Which manufacturers?

3. The techniques used to program a vote-rigging system in the Madsen article don't actually match the techniques in the affidavit by Clint Curtis, and neither one makes much sense. It's a simple matter to re-map a touch-screen to flip votes, and you don't need a special program for it. Simply switch the candidate ID numbers and it's done.

4. Most political shenanigans are not conducted by the candidate himself, but by operatives. It is certainly possible for a politician to hold several meetings in which he commits a felony in front of several witnesses, but that's not usually how it is done. A more common technique is an envelope full of cash left in a drawer of an operative, with at least one, sometimes more, buffer layers between the operative and the politician.

Clint Curtis says Feeney himself had meeting after meeting to directly discuss election rigging software. Could happen, certainly, but this seems unusual.

5. There are some statements that don't hang together from

About Ray Lemme, the dead Inspector General

There really was a Raymond Lemme, and he did work for the inspector general of the Florida Department of Transportation, and he's dead. He got a brief "memorial" on page 57 of this FDOT annual report. [state.fl.us]

That's all that comes up in Google. Can anyone find out more? A "suicide" of an inspector general staff member of anything is inherently suspicious.

Stuff like this doesn't help.

Do they mean this fella? [justaflyonthewall.com]

I saw this link a few days ago. Unfortunately he removed much of his more hilarious tin-foil hat content. The guy would actually do screen prints of sorta-related newspaper stories, then black out the names to make it look scandalous.

His demonstration program is underwhelming. You could make the same kind of thing to show any program could be trojaned.

Don't get me wrong, the e-voting situation is crazy and needs substantial reform, examination, and a general fixin'. But this guy is just another conspiracy guy trying to sell a book. [amazon.com]

Stuff like this does NOT help address the real problems in e-voting.

Please

Support the bills already in the House and Senate that will fix this, instead of fantasizing about how the 2004 election was "stolen" (it wasn't).

A frequent charge levied after the 2000 election was voter disenfranchisement and ballot spoilage due, in large part, to antiquated, malfunctioning, or broken mechanical voting equipment. Legislation was introduced guaranteeing a minimum standard for the equipment and processes associated with voting in all jurisdictions. Since we are living in the 21st century, electronic systems were specified. $3.9 billion was set aside under HAVA to replace all mechanical punch card systems with electronic systems by 1 January, 2006. The goal is to ensure a consistency and fairness in the appearance and operation of the voting systems, both for voters and local election officials.

After the 2000 presidential election, Congress passed the Help America Vote Act of 2002 (HAVA) [fec.gov]:

To establish a program to provide funds to States to replace punch card voting systems, to establish the Election Assistance Commission to assist in the administration of Federal elections and to otherwise provide assistance with the administration of certain Federal election laws and programs, to establish minimum election administration standards for States and units of local government with responsibility for the administration of Federal elections...

The putative reasoning for going with electronic systems was likely that since we have managed to design accountable and reliable electronic and computing equipment for the management of our power, medical care, money, etc., it likely was more or less assumed by the legislature that such accountable systems could also be applied to voting.

A bill has been introduced to amend HAVA. H.R.2239 [loc.gov] and its twin Senate counterpart S.1980 [loc.gov], discussed further here [verifiedvoting.org], will amend the Help America Vote Act such that there is "a voter-verified permanent record or hardcopy" attached with each and every ballot cast by every voter, and that "any voting system containing or using software shall disclose the source code of that software to the Commission, and the Commission shall make that source code available for inspection upon request to any citizen".

Additionally, the three electronic voting manufacturers already have the ability to add permanent, individual voter-verified paper audit trails to their products. Some e-voting critics make it seem like vendors are resisting. However, it is the local election boards that are resisting (as well as the slow march of bureaucracy). The e-voting vendors will build - and sell - whatever municipalities will buy.

Disclaimer: this comes from a previous post of mine on the subject

This dup is extra annoying

I've already ranted on this shitty story:

http://politics.slashdot.org/comments.pl?sid=131 90 9&cid=11014994

In a nutshell, I spent about an hour going through goolge links of a few of the people involved in this story (either posting it or writing it or making it up) the URLs are in my original post. Anyway, they all have long histories of being politically biased, and spewing liberal FUD.

some points to consider:
- Would a undetecable application that is mneant to be cross platform be written in VB?
- why would a journalist, that is former NSA, and supposedly has all these tech credentials use an AOL addres? Fine it may work, and he might like it, but an AOL email address takes away a lot of credibility IMHO. (see original reply).
- If this had any validity, why was it not brought up sooner? There were articles on it back in 2002. It seems like the main stream Dems would have been all over this two or three years ago, if they thought there was any truth to it.

What I find disturbing is that slashdot would run this story twice. Clearly every article and source is biased, a quick google search quickly verifies that fact.

So what we get here is supermarket fluff and liberal FUD. We won't tolerate MS FUD, but leftwing FUD must be soooo MmmMmm Good that we get a double dose!

Re:I think I speak for all of us...

Should we call for inspection and disassembly of all the voting machine code to see if it contains any of these secret vote tampering functions he was asked to include in his prototype?"

This infuriates me for a different reason - the lack of vision of law-makers. I cant believe voting machines are not force to have open source code. I said personally many moons ago this would happen and ... Its the only way to defraud fake conspiracy theories and protect peoples voting rights. People desserve to know exactly how their vote is being processed. Is mankind that stupid. Do we want revolutions and rebellions because people are too stupid to make voting (a fairly important task to be fair..pff) transparent, honest, whatever you want to call it..