by Pokey Anderson
January 10, 2005
This article has been
expanded and updated.
Please see the new edition.

Imagine sitting in your favorite easy chair with a remote control, and being able to just push EJECT and get George Bush out of office. Or, let's say you're on your laptop, and you can dial up a regime change.

"Hmm," you say, "I'm feeling like blue today. Blue is a nice color. I think I'd rather have Kerry for president." Let's say you're up late, it's November 2nd, you see that Kerry is losing in Ohio, and you say, "the HELL with that!" So, with your laptop, you dial into the tabulator for, let's just say, 41 of 88 counties in Ohio. And, you switch 14 votes per precinct from Bush to Kerry. Voila. Kerry wins.

Could that happen?

Or, um, the other way around -- Kerry is winning, and someone dials in and changes a dozen or so votes in each of roughly half the precincts in Ohio, and VOILA, Bush wins Ohio. (A flip of a dozen votes in 5000 precincts would result in a net change of 120,000 votes in Ohio, more than the current margin separating the two candidates.)

Remote control of elections? Science fiction, right? Start playing the Twilight Zone music? Not exactly.

DIEBOLD - Hack Testers Waltz In

Let's look at a test that was done for the State of Maryland on the Diebold equipment. The testers used actual Diebold election equipment and, after a week's study, attempted to hack and manipulate it. The newspaper report said they were nearly "giddy" with their success.

"One guy picked the locks protecting the internal printers and memory cards. Another figured out how to vote more than once - and get away with it. Still another launched a dial-up attack, using his modem to slither through an electronic hole in the State Board of Elections software."

The team was able to remotely upload, download, and execute files with full system administrator privileges. Results could be modified at will, including changing votes from precincts.

"My guess is we've only scratched the surface," said Michael A. Wertheimer, who spent 21 years as a cryptologic mathematician at the National Security Agency.

As a bonus, the team of test hackers from Raba Technologies was able to change votes and exit the system without a trace of their visit. Slick!

The State of Maryland head of elections read the report, and promptly issued a press release. I couldn't make this stuff up; here is what Linda Lamone said, "To this date, there has never been an election compromised. The findings in the SAIC and RABA reports both confirm the accuracy and security of Marylandís voting system and procedures as they exist today." And, Maryland bought the Diebold electronic voting machines.

DIEBOLD - A Dedicated Line

Not only is the software of major voting machine companies secret, but so are their contracts with counties. A curious Diebold contract stipulation came to light though, in a public hearing of the Voting Systems and Procedures Panel that advises the California Secretary of State. (California Voting Systems and Procedures Panel, April 21, 2004 , p. 106 and p. 68.)

Panel member TONY MILLER read aloud a portion of Diebold's contract with Kern County:

'The vendor, Diebold, must provide one dedicated voice-grade line in the server room for exclusive use by DESI {Diebold Election Systems} as a modem support line directly connected to server. Line must be a number that does not go through a switchboard so that after-hours work can be conducted whenever necessary.'

TONY MILLER: "It sounds pretty scary from a lay person's point of view. ...It sounds like you're giving the keys to the kingdom to a vendor, which even though you're not doing it, you say right now --"

ANN BARNETT {Auditor-Controller-County Clerk of Kern County, CA.}: "That would only be true if we were to hook it up, and we have not.

So, a dedicated line between Diebold and the county's election system that would be connected 24 hours a day? This gives new meaning to Diebold's company motto, "We Won't Rest."

Earlier, Miller had asked the then-president of Diebold Election Systems, Bob Urosevich, about the contract provision, called Rider O.

TONY MILLER: Would that be a customary provision in your contracts?

BOB UROSEVICH: I'm not -- I don't understand the question, I guess. ...I apologize, I guess, for the delay. I guess I can't answer the question, because I have no knowledge of it.

While Diebold is one of the largest voting machine companies in the nation, it only counts votes in two of Ohio's counties. Most Ohio counties are counted by ES&S or Triad.

TRIAD - Just Phone It In

Let's look at Triad. Triad is a tiny, family-owned operation based in Xenia, Ohio. Triad runs the tabulation software that counts 41 of Ohio's 88 counties. Standard punch card readers read the ballots, then the Triad software kicks in to tabulate the counties. Triad also runs voter registration in 53 Ohio counties.


PHOTO of the Triad Governmental Systems, Inc. global headquarters.

After the Nov. 2 election and before the recount in Ohio demanded by the Green and Libertarian parties, Triad made some changes, adjustments, or re-programming -- whatever you want to call it.

Triad's Brett Rapp says the company did this to all its 41 counties.

"Prior to recount, when the SOS announced the recounts should commence, all counties get guidelines, what's included on reports. All reports that are produced for this recount only show the presidential race. In order for the machine to show that, there has to be a change made to tabulation reporting, tell the machine only to report the presidential totals. We wanted to make sure -- not just in Hocking, in all our counties. We helped them prepare the recount to make sure, counties had set up properly. ... The computer system? Has a report file that shows all of the offices and issued that are programmed. We had to make a change for the report file to show that it would only display the presidential race."

--December 2004 interview with Triad President Brett Rapp and Triad Vice President Dwayne Rapp, by Evan Davis and Terri Taylor.

Green Party observers add some information for two counties.

Fulton County, Ohio
"The Director for Fulton told me that Triad is able to reprogram the computer to count only the Presidential ballots by remote dial-up."

2004 Ballot Recount: Observer Report
Cobb - LaMarche Ballot Recount Reports by County
December 19, 2004: Report by Green Party County Coordinator

Van Wert County, Ohio
"When asked if Triad had serviced the machine, the deputy director and a board member stated that they had serviced the machine over the phone via modem on December 9th."

2004 Ballot Recount: Observer Report
December 21, 2004: Report by Green Party Observer

Okay, let's see what one of Triad's vice presidents has been working on. Cheryl Bellucci, a VP at Triad, posted memos online seeking technical assistance.

I have my connection set up in my Project, but how do I access the Remote View?

From: Cheryl Bellucci
Date: Tue 01/25/2000 at 08:44 AM

Can anyone point me to a good ODBC {Open Database Connectivity} example? Specifically, I want to retrieve data from an Access database through VFP6.0.

From: Cheryl Bellucci
Date: Friday 21 Jan 2000 at 14:03 PST

I have a VFP6 {Visual Fox Pro 6} application that reads/updates a series of Access MDBs through Remote Views stored in DBCs {Database Connectivities}.

From: Cheryl Bellucci
Xenia, United States
Version: Visual FoxPro 6
Date: March 18, 2004

So, Triad made changes to the vote counting software for its counties (nearly half the counties in Ohio) in preparation for the recount. Observers in two counties report that they were told Triad made the changes remotely, by modem. A Triad VP uses an application that "reads/updates" databases through "remote views." The database software appears to be Microsoft Access, which is well-known for its lack of security features.

But -- don't worry, Triad says no one should worry about technicians changing anything in the software for elections, because the tech will leave a note inside the computer as to what was done.

That's sounds a little like David Beirne, public relations officer for the County Clerk for one of the nation's biggest counties, Harris County, Texas. At a meeting of the local chapter of the League of Women Voters, Beirne was cornered by skeptical citizens. The citizens said they weren't satisfied with "faith-based" elections or paperless electronic voting; they wanted verifiability and authentic recountability. "Well. It's ALWAYS been faith-based elections," Beirne sniffed.

This sort of remote, unsupervised connection greatly concerns Ellen Theisen, co-founder of Voters Unite.org and a software technical writer for twenty years:

"People don't understand how much you can do with software, computers, connectivity -- it's not controllable."

Her group campaigned for paper ballots as an emergency measure to try to prevent a non-verifiable election in November.

So, did someone sit back with a laptop and a modem and make remote changes to election computers in Ohio, before the election, during the election, before the recount, or during the recount? Did they access tabulators run by Triad? Diebold? ES&S? Was it an insider? An outsider? Or were the everything-but-the-kitchen-sink obstacles thrown at the Ohio voters enough to throw the election without any remote electronic piracy?

Did we have a mock election?

It's only control of the most powerful country on the planet. Would someone really try to STEAL that? What if it was easy, remote, and there was almost no likelihood of discovery or punishment?

Do you think we should find out?

Pokey Anderson is an investigative journalist who helped research "Power Failure: The Inside Story of the Collapse of Enron," by Mimi Swartz with Sherron Watkins. She co-hosts Sunday Monitor, a weekly news and analysis program on KPFT-Pacifica Radio in Houston. She may be reached at: Pokey at kpft.org.