Skip to main content

A few days ago, someone posted a diary about a claim by someone, or a group of someones, claiming to be Anonymous. It contained references to many things I did not understand and I took to the Google in hopes of shedding some light on the matter. Do not worry, I unconvered no conspiracies. However, I thought I would share with everyone what I did find. The more information we have, the better able we will be to judge unsubstantiated claims in the future.

In the interest of not further conspiracy theories, I am not linking to the diary which prompted the following questions.

What was Orca?

Project Orca was the name of a high-tech get out the vote effort created by the Romney campaign. It belonged specifically to the campaign and not to the Republican Party.

"The entire purpose of this project was to digitize the decades-old practice of strike lists. The old way was to sit with your paper and mark off people that have voted and, every hour or so, someone from the campaign would come get your list and take it back to local headquarters. Then, they'd begin contacting people that hadn't voted yet and encourage them to head to the polls. It's worked for years." 1
The project envisioned poll watchers equipped with smart phones. The volunteers would note who came into vote using a web based application that they could access with their phones. After logging into the website, they would be able to access a list of all the eligible voters in the precint. After each individual voted, the watcher would change that person's status from "not voted" to "voted."
"At campaign headquarters in Boston, other volunteers will be taking all the information sent in by those working with Project ORCA and combining it with consumer data the campaign has purchased about individuals. They will use the data to organize last-minute campaign efforts, including social media outreach, phone-banking and traditional door-to-door visits." 2
Over 34,000 volunteers3 were recruited for this effort which failed miserably on election day. A similar project named Houdini failed for the Obama campaign in 2008 while another, somewhat simpler, effort named Gordon was executed by the Obama campaign this year.4

Why were people suspicious of Orca?

Beyond the fact that it was created by the Republicans, I couldn't find any reason.

How does the voting technology work?

According to Douglas W. Jones, a computer science professor at the University of Iowa and an expert on voting technology, in real world situations, the accuracy of most methods of voting is similar, which is about one error in every 10,000 votes. "Increasing spending on elections could improve security, accuracy and ballot design. But jurisdictions try to run elections on the cheap, Jones says, so machine makers operate on thin margins and there is little money for testing."5

In the 2012 elections Ohio used a combination of optical scan and direct recording electronic (DRE) voting systems. The specific machines used varies from county to county. They are Premier Elections Solutions'(formerly Diebold) AccuVote and AccuVote TSX, ES&S' iVotronic, Model 100, DS200 and AutoMark and Hart Intercivic's eScan and eSlate.6

Hart is the company about which the rumours regarding Mitt Romney's son Tagg have circulated which have been deemed false by Snopes. "That close a connection between the Romney family,  Romney campaign contributors, and a provider of voting systems may raise some eyebrows, but it doesn't establish any direct ownership link between Tagg Romney and a provider of voting systems."7 The former Ohio Secretary of State, Jennifer Brunner, a Democrat who conducted a study of election security8, said that it didn't "look good." However, she also said, "Because we did the study, we were able to put into place a very comprehensive set of procedures to ensure that everything works as it should.”9

The Hart Intercivic eScan was used in only two counties, Hamilton and Williams, and is an optical scan voting system that retains a paper ballot marked by the voter.10 According to the Cleveland Plain Dealer, "Both counties use a paper balloting system in which results are tallied by scanners made by Hart InterCivic. All programming of the machines, diagnostic testing, and vote tabulation is done by elections staff in each county and no vote tabulation is done over the Internet, county election board representatives say. The paper ballots are there as backup and can be recounted with Democratic and Republican party representatives on hand."11

The DREs used in Ohio were equipped with a voter verifiable paper trail. Neither the DREs nor the optical scan are connected to a network.

How are the votes tabulated after the election?

The vote totals for the individual machines are stored on PCMCIA memory cards or similar media.

"Immediately after polls close, poll workers must count the number of electors who voted as shown on the poll books and account for all voted, spoiled and unused ballots. The poll workers also must cause each DRE voting machine or precinct count optical scanner, whichever is used in that precinct, to print results tapes of votes cast on that device.

After the precinct election judges complete the reconciliation process described below and certify the results, they must place all ballots, memory cards or cartridges, poll books and signature lists in containers provided by the board of elections and seal each container. They must transmit at least one copy of the certified summary report along with the containers returned to the board of elections."

At the county board of elections, the memory cards are placed in a device that reads the cards. The device is connected to a computer which is not connected to the internet.
"One copy of the election results from each precinct must be posted outside the polling place at the completion of vote-counting. After the county officials determined the result of the official canvass, they must post the certified declaration of the results in a conspicuous place in the board office for at least five days.

The optical scan county surveyed reported that “[t]he election report is printed and given to everyone who wants it” and that “all pages of the report are posted on the front window of the Election Office.” One of the DRE counties surveyed reported that the unofficial statement of votes cast is posted on line on election night, and can be picked up in hard copy the next day, and that official results are posted on the website 10 days later and are similarly available in hard copy. The other DRE county reported that the canvass report and machine totals are posted “outside [the] office before they leave” and that the results are also posted on line."12

Ohio is one of only six states that CountingVotes.org ranks as "good", the highest category they have.13

Could the Ohio vote be hacked?

First, let's establish some terms.

What Is Hacking?


"Computer hacking is broadly defined as intentionally accesses a computer without authorization or exceeds authorized access."14
In my imagination, and my imagination is not very original in this instance, our evil genius anti-hero is sitting in a darkened room, a glowing screen lighting his face as he types madly on a keyboard. Tap, tap, tap. "Access Denied." His brow knits. Tap, tap, tap. Presto! We're in! He's broken the code!

In reality, the code that's most often broken is a human one. Most hacks are done with "social engineering." You manipulate someone into giving you his or her login information or entice them to unwittingly download a malicious bit of code.15

Many examples of hacking voting machines that I could find involved physical access to the machines. For example, in one demonstration of a machine's vulnerability, the hacker takes a phillips screwdriver and unscrews the cover. He then removes a panel which contains a circuit board. He alters the circuit board and then replaces the panel. After the end of the demonstration, the following words appear on the screen: "A Voter Verified Paper Record would detect this attack!" Remember, the machines in Ohio have voter verified paper records.16

Another example of "hacking" a voter machine was reported by the Brad Blog. He refers to it as low tech an example of social engineering. Election workers waited until a voter walked away without realizing that his or her ballot was not cast because the voter failed to press "confirm vote" on the touch screen. After the voter walked away, the election workers changed the vote. The election officials are now serving time in a federal prison.17 Although technically it fits the definition of hacking, because the criminals had unauthorized access to a machine, it is far from what most of us would call hacking. According to the FBI, the officials also engaged in plain, old-fashioned vote buying.18

In 2006, ArsTechnica published an article entitled "How to Steal and Election by Hacking the Vote." It's a detailed examination of the various vulnerabilities inherent and the different ways the vote can be rigged. In the conclusion the writer states, "If you wanted to steal an election, the best place to drop a bad apple would be at the operating system vendor." In other words, "buy off. . . an individual programmer with access to the right window manager libraries."19 Somehow, I suspect that's easier said than done.

Are there ways of hacking the machines that don't involve physical access?

Since none of the machines involved are connected to a network, the answer appears to be no.

Well, this has all been rather fascinating, but it doesn't fit into the description of what "Anonymous" claims to have done.

What are the rats going through tunnels into the server?

A few basics, and I hope the technophiles among us will forgive me if I try to explain it in the simplest terms I can manage. If you connect two machines that can communicate you have a network. Connecting more than two or three machines directly would get messy. Routers are machines whose main function is to connect multiple machines, this can include computers, printers and other routers, as well as other things. You can think of routers as intersections that don't do much other than forward the communications. A router probably connects your home network to the internet. You can think of the internet as a lot of small private networks joined together.

In the case of the internet, the communications are sent in chunks called packets. You can think of these packets as envelopes with an adress written on them. Routers recieve a packet, check the address. If the address is on its network, it sends it to the machine to which it is addressed. If not, it sends it to a closer router.

A server is a computer that performs a particular function. It "serves" a "client."  Most people are probably most familiar with the term from web servers. You're probably all too familliar with the message that the Daily Kos servers are down, which always seems to happen when you're jonesing for some political news. So when you clicked on the link to this diary, your computer put a message asking for a particular web page in an envelope addressed to the DKos Server. The message went from router to router until it arrived at the right place. The DKos Server put the source for the web page into an envelope (they're actually called frames) addressed to your computer.

Rats are remote access tools. It allows someone to control a system remotely, that is without physical access. It should be remembered that the computer, or other machine, being controlled needs to be connected to a network to which the person using the remote access tool has access. If you're familiar with GoToMyPC or PCAnywhere, you have a good idea about how it works. A few years ago, when I couldn't find affordable space in the city where I lived, I was able to locate manufacturing equipment in another city and operate it remotely in this manner. It was as if I was using the pc that was directly, physically connected to the equipment. Remote access software can be serepticiously installed on a computer.

Okay, before we get to tunnels, I'm going to have to explain one more thing. The packets are really envelopes within envelopes. Once your machine recieves the packet, it opens the envelope and finds another envelope which tells your machine which program to send it to, in this instance to your bowser, but it could be your email client or one of those "apps." There are more layers than that, but the important thing to understand that there are envelopes within envelopes, more typically described as layers upon layers.

Tunnelling is a concept that was developed to send a packet over an incompatible means of transmission. Let's say you wanted to send an item to my cat, who does not typically get the mail. You could put it in a package addressed to me. It would look to all the world like a package intended for a human. When I opened it, I would find the outside marked "For Baby" and I would deliver to my cat for you. That's probably a lousy analogy, but it's the best I could think of. I most often see tunnelling mentioned in references to virtual private networks, for privacy and security and as a way around a firewall. Since the message from "Anonymous" specifically mentioned firewalls, let's tackle that one next.

Knowing next to nothing about security, I had to look this up. Don't worry folks I have a firewall installed on my computer. I just wasn't exactly sure how it worked. I'm sure other people on the site will be glad to correct me if I get things terribly wrong. In order to keep your network safe from intrusion by unwanted visitors, every point in your network that has access to the "outside" needs to have a firewall. There is probably one on your computer. They are usually on routers as well. They are usually filters that examine packets and only allow ones of a specific type.

Okay, so I get the sense that someone is talking about accessing remote access tools installed on a server through a tunnel. However, since we have already established that the Ohio servers were not connected to a network, it is not possible to hack the vote in this manner.

So, what was that reference to OZ, the great firewall and creating and coding and all that? It sounded kind of cool.

I haven't the foggiest. Sorry, folks, I just sort of hit a dead end with that.

Well, I hope you're learned something. I've learned quite a lot about how elections are run in Ohio and much less than I had hoped about hacking. Interestingly, a CalTech/MIT study on voting had this to say:

"De-emphasize standards for security, aside from requirements for voter privacy and for auditability of election outcomes. While testing for minimal security properties is fine, expecting ITAs to do a thorough security review is unrealistic and not likely to be effective. Instead, statistically meaningful post-election auditing should be mandated. (“Audit the election outcome, not the election equipment” (Stark and Wagner 2012))."20

References

In 2010, Gizmodo published a list of every voting machine in America.
http://gizmodo.com/...

  1. Business Insider: Romney Project Orca Disaster
  2. Huffington Post: Mitt Romney's Project Orca
  3. Washington Examiner: In Boston Stunned Romney Suppoerters Struggle to Explain Defeat
  4. Slate: Orca vs. Gordon: A battle of election day poll monitoring systems
  5. How Voting Machines Work: Taking apart the various voting machines used in the U.S., Scientific American
  6. Ohio Secretary of State: Voting Systems
  7. Snopes: Tagg Romney and Voting Machines
  8. Ohio Secretary of State: Project EVEREST: Evaluation and Validation of Election Relatded Equipment Standards and Testing
  9. MSNBC: Jennifer Brunner: Tagg Romney's Stake in Voting Machine Company Doesn't Look Good
  10. Verified Voting: Hart InterCivic's eScan
  11. Cleveland.com: Ohio Voting Machines
  12. Counting Votes: 2012 A State by State Look at Voting Technology Preparedness
  13. Counting Votes
  14. U.S. Legal: Definitions: Computer Hacking
  15. Washington Post: In Cyberattacks Hacking Humans Is a Highly Effective Way to Access Systems
  16. Popsci.com: How I Hacked Electronic Voting Machine
  17. Brad Blog
  18. FBI: Louisville Press Releases
  19. ArsTechnica: How to Hack an Election
  20. Cal Tech - MIT Voting Technology Project: Voting: What Has Changed, What Hasn't and What Needs Improvement
EMAIL TO A FRIEND X
Your Email has been sent.
You must add at least one tag to this diary before publishing it.

Add keywords that describe this diary. Separate multiple keywords with commas.
Tagging tips - Search For Tags - Browse For Tags

?

More Tagging tips:

A tag is a way to search for this diary. If someone is searching for "Barack Obama," is this a diary they'd be trying to find?

Use a person's full name, without any title. Senator Obama may become President Obama, and Michelle Obama might run for office.

If your diary covers an election or elected official, use election tags, which are generally the state abbreviation followed by the office. CA-01 is the first district House seat. CA-Sen covers both senate races. NY-GOV covers the New York governor's race.

Tags do not compound: that is, "education reform" is a completely different tag from "education". A tag like "reform" alone is probably not meaningful.

Consider if one or more of these tags fits your diary: Civil Rights, Community, Congress, Culture, Economy, Education, Elections, Energy, Environment, Health Care, International, Labor, Law, Media, Meta, National Security, Science, Transportation, or White House. If your diary is specific to a state, consider adding the state (California, Texas, etc). Keep in mind, though, that there are many wonderful and important diaries that don't fit in any of these tags. Don't worry if yours doesn't.

You can add a private note to this diary when hotlisting it:
Are you sure you want to remove this diary from your hotlist?
Are you sure you want to remove your recommendation? You can only recommend a diary once, so you will not be able to re-recommend it afterwards.
Rescue this diary, and add a note:
Are you sure you want to remove this diary from Rescue?
Choose where to republish this diary. The diary will be added to the queue for that group. Publish it from the queue to make it appear.

You must be a member of a group to use this feature.

Add a quick update to your diary without changing the diary itself:
Are you sure you want to remove this diary?
(The diary will be removed from the site and returned to your drafts for further editing.)
(The diary will be removed.)
Are you sure you want to save these changes to the published diary?

Comment Preferences

  •  Impressed with your research (4+ / 0-)

    Without doing a lot of searches myself, I concluded from media reports that it would be very difficult for widespread voting fraud to occur. But that's different than Orca not working for Romney.

    The civil rights, gay rights and women's movements, designed to allow others to reach for power previously grasped only by white men, have made a real difference, and the outlines of 21st century America have emerged. -- Paul West of LA Times

    by LiberalLady on Tue Nov 20, 2012 at 03:56:18 PM PST

  •  TNR, excellent stuff (1+ / 0-)
    Recommended by:
    FourthOfJulyAsburyPark

    Physical access, the newer iVotronic has 2 serial ports and IIRC uses flashdrives. 386 chip. Proprietary software over Windows.

    Access panels are/were often sealed by a twisty wire with metal crimped as the seal. For instance the Panel over the PCMCIA slot.

    Being intimately involved from 2005 to 2007 with the fight to prevent DRE purchases, and then passage of VVPB law in NJ, I probably have the equivalent of an Associates or Bachelors degree in voting machine technology and election law. I found the information in this diary to be accurate, or my memory is shot....

    Unfortunately this well researched and very rational diary wont get a lot of eyes, but its well done. Thanks.

    FDR 9-23-33, "If we cannot do this one way, we will do it another way. But do it we will.

    by Roger Fox on Tue Nov 20, 2012 at 06:47:39 PM PST

    •  Thanks for adding that information. My eyes went (1+ / 0-)
      Recommended by:
      Roger Fox

      bleary reading about the different machines. I was trying to keep it fairly basic. I was afraid if I got too far into the different machines no one would read it at all. That Gizmodo link at the end is pretty good if slightly outdated. Verified Voting also has information on the particular machines. Also, the report from the SOS of Ohio gives the details of all the machines that were being used in Ohio at the time it was written.

      The biggest point, at least regarding the rumour about attempts to hack the vote in Ohio, is their procedure for collecting all the memory cards and physically bringing them to the central county location. That was actually the detail that took me the longest to find. I saw a reference to it in a comment here, but I was trying to find a reliable footnote, even though personally I trusted the person who made that comment. Lots of information on the machines  themselves and not nearly as much on the procedures.

      If I recall what I read correctly, New Jersey is one of the few states that has gone entirely electronic, as has Maryland where I live. Here, we don't have the voter verified paper trail, which seems to make a big difference.

      •  Ohio statute (1+ / 0-)
        Recommended by:
        FourthOfJulyAsburyPark

        spells out procedure. No internet, memory cards, etc.

        I cited a lot of Ohio law prior to the election, in those crazy diaries devoid of facts.

        I started this group

        Photobucket

        We fought the purchase by Essex County of the Sequoia Advantage. We also lobbied heavily for the NJ VVPB law. We never got an audit feature on the VVPB Law and since the Advantage is so old, 1980 era Zilog chip, the VVPB printer needed a daughter board just to drive the printer, which would have cost $2,000.

        The state decided they weren't going to spend 2k for a printer and voided all our work. But we exposed the Advantage for a poor design.

        FDR 9-23-33, "If we cannot do this one way, we will do it another way. But do it we will.

        by Roger Fox on Tue Nov 20, 2012 at 08:10:26 PM PST

        [ Parent ]

        •  I went to high school in Essex County. (1+ / 0-)
          Recommended by:
          Roger Fox

          I spent a lot of my adult life in New York, so I've mostly used those mechanical lever machines.

          There's a lot of information of mixed quality out there. That was the most difficult part of the diary. Mostly I tried to find multiple sources for everything and pretty much ignored anything that seemed overwrought. There's a fine line between healthy vigilance and paranoia.

          Another thing I would have looked into if the diary wasn't already getting too long was the fact that Ohio's laws seemed have improved because people agitated for improvement.

          Then, I'm a practical minded person. I'll probably never make the rec list, but it sure beats talking to myself.

          •  I wrote about 130 diaries - (1+ / 0-)
            Recommended by:
            FourthOfJulyAsburyPark

            Then I made the wreck list once, and from then on about half my serious diaries make the list.

            DO the research and make it quality. Include the best citations possible.

            And post before 4pm EST.

            FDR 9-23-33, "If we cannot do this one way, we will do it another way. But do it we will.

            by Roger Fox on Tue Nov 20, 2012 at 09:25:38 PM PST

            [ Parent ]

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site