Democracy in Action: Confessions of a Diebold Hacker

By Jim Catano

Little motive, no means, but definite opportunities.
democracyinactionMotive, means, and opportunity. It’s the time-honored trifecta for detectives. If a crime happens and I have all three, they add me to the list of suspects. OK, I confess, the title’s a tease. I didn’t really hack the state’s new, high-tech voting system. I only meet the third qualification…opportunity. But more on that later.

Of course, I can’t really say I completely lacked motive. As a progressive living in the reddest of the red states, there were several races…most really…I’d rather have seen go the other way, but not enough to risk jail time.

But let’s talk about “means.” There’s much discussion about how vulnerable the Diebold voting machines are. It’s argued that a talented techie could override the security protections of the memory cards where votes are recorded and alter them using a laptop computer or Palm Pilot. In other states, voting machines not equipped with backup printers are even more susceptible.

Do I personally have such advanced technical “means”? Alas, no. The state’s Diebold machines are unhackable by me…at least without accomplices.

So motive and means may be out, but that leaves opportunity. Did I have a real opportunity to effect this election through skullduggery? Well, Utah citizens, can you handle the truth? You’re darned (or “damned,” if you’re OK with that. It’s a reference to the film “A Few Good Men”) right I did.

You see, last month I was a poll worker and could have easily done some serious damage to the electoral process. I had no idea it was so easy, but it is.

For starters, Salt Lake County hired me and never once verified who I was. I contacted the clerk after hearing that poll workers were in short supply. I signed up by email, and I never had to prove my identity. Not once. Not to enroll. Not during two training sessions. Not when I signed the oath of office. Not even when I showed up at the polling place was I ever asked to produce a single shred of ID. I could have been the world’s most notorious hacker, and Salt Lake County would have thought Citizen Jim was there toiling away safeguarding the vote.

This gets better. I was asked to be an “alternate” and to staff a short-handed polling place that could be anywhere in the county. On Election Eve, I was emailed my assignment to a west side elementary school.

I arrived, introduced myself, and got to work as the “TST” or “Touch Screen Technician;” the keeper of the Diebold kingdom. I had sole possession of the key, supervisor’s access card, and security code to set up and monitor all eight voting machines, clean their screens, and change printer paper.

With such access, it would have been possible for me to misuse the machines without my co-workers, who were all good and conscientious people, knowing that I was doing any illegal tampering. Had I been inclined, for example, to access the memory cards, I could have covered up the beeps that are generated during the process with a complex ring tone on my cell phone. That would have been relatively easy to pull off during hectic times when the others were all occupied with voters.

Had I been the polling station manager, I’d have had even more opportunity to make nearly untraceable mischief. After the voting ends, managers take all memory cards, printouts, registers, and manual ballots to a collection point. And, believe it or not, they do this completely unaccompanied. They’d have an hour or two or possibly more of full, unencumbered, access to everything. I’m really not kidding.

Had I been a hacker and also a manager, I could have changed every ballot and printed a new backup if I had the right equipment. I could have even cast ballots for no-show voters and altered the books to make it look like they did vote. A few easily duplicated replacement seals, labels and a plastic bag would be the only supplies required for such a crime.

Finally, it wouldn’t have been all that difficult to have access to the voting machines themselves, either the night before or the night after the elections. They were delivered on Election Day Eve. We set them up in the school library which was certainly not a high-security zone. Custodians, administrators, teachers, librarians and others have keys to such places.

After the election we took down the machines and stored them in the school nurse’s office. Again, certainly not Fort Knox. Access to the machines themselves would have been no great hurdle either. According to Mike Moulton, a Salt Lake locksmith with 30 years’ experience, the “ace” type round locks are an old technology that can be easily picked. I could have even made an impression of the key by rolling it onto a piece of putty from which to make a duplicate.

In fairness, the opportunity loopholes discussed here were not Diebold problems. Increased security would nullify much of the potential for fraud. The state or county might consider a few sensible changes.

•    Improve training for workers. It was too short given the complexity of the new systems.

•    Workers should be IDed and their backgrounds checked.

•    A critical position like the Touch Screen Technician could be randomly assigned just prior to Election Day.

•    The TST and manager should witness all critical steps like securely affixing the security seals to printer canisters. Currently, the real labels could be set aside and switched for bogus ones that could then be replaced with the original palmed ones after some post-election tampering.

•    Store the equipment more securely at the polling places both before and after the elections.

•    The machine keys, supervisor access card, and security codes should not all be in the hands of one person.

•    Two poll workers should carry out any tasks where there’s potential for abuse, such as installing and removing memory cards or loading and changing printer paper..

•    Finally and most critically, voting materials should be split up and returned to the county after the election by two workers in separate cars perhaps with a police escort.

As much as I’d like to claim otherwise, voters typically preferred the Diebold machine to a punch card. I’m personally skeptical about why it costs $3,000 yet offers far less “unhackability” than terminals developed by and for the government of India that cost a tenth as much.

Of course, in the American tradition of $400 military toilet seats and no-bid contracts to rebuild Iraq, overpriced voting systems that don’t really enhance security are maybe just another “quasi-crime” involving government purchasing. Motive, means and opportunity anyone?  u

Jim Catano is a freelance editor and marketing and personal consultant. He enjoys cycling, hiking, swimming, vegan living (on alternate days), tantra and, he says, tilting at windmills.

This article was originally published on November 30, 2006.