Firmware Manipulations on an Optical Scan Voting Terminal

Total Page:16

File Type:pdf, Size:1020Kb

Firmware Manipulations on an Optical Scan Voting Terminal Taking Total Control of Voting Systems: Firmware Manipulations on an Optical Scan Voting Terminal Seda Davtyan Sotiris Kentros Aggelos Kiayias Laurent Michel Nicolas Nicolaou Alexander Russell Andrew See Narasimha Shashidhar Alexander A. Shvartsman Voting Technology Research Center and Computer Science and Engineering Department University of Connecticut, Storrs, CT 06269, USA fseda,skentros,aggelos,ldm,nicolas,acr,andysee,karpoor,[email protected] ABSTRACT chines by presenting a detailed case study focusing on the The firmware of an electronic voting machine is typically AccuVote Optical Scan Terminal (AV-OS) that is widely treated as a \trusted" component of the system. Conse- used in the US elections. Our investigation demonstrates quently, it is misconstrued to be vulnerable only to an insider the possibility of an array of firmware manipulation attacks attack by someone with an in-depth knowledge of the sys- against the AV-OS that are characterized by their low cost tem and access to the source code. This case study focuses (<$300) and the fact that they were developed without on the Diebold/Premier AccuVote Optical Scan voting ter- any access to hardware specifications or the source code of minal (AV-OS) that is widely used in the USA elections. We any software running in this system. By virtue of being a present three low level manipulations of the above voting ter- firmware modification, our attacks are totally immune to minal's firmware resulting in divergence from its prescribed cryptographic integrity checks or any other type of auditing operation: (i) the first bestows the terminal with a powerful procedure (aside from an auditing procedure that inspects memory card dumping functionality, (ii) the second enables the firmware itself, which is a type of audit whose impor- the terminal to leak the ballot details through its serial port tance is strongly underscored by our work). thus violating voter privacy during the election, (iii) the fi- Our results include three firmware manipulations applied nal third firmware manipulation is a proof of concept attack to the AV-OS. Our first manipulation equips the voting ter- that swaps the votes of two candidates thus permanently minal with a powerful memory card dumping functionality. destroying the election outcome in an undetectable fashion. The second firmware manipulation leaks the ballot contents This demonstrates the extent to which the firmware of the through the serial line when a voter scans his/her ballot. AV-OS can be modified with no insider knowledge or access Finally, we present a proof of concept malicious attack to to the source code. illustrate the dangers of trusting un-audited firmware. The Our results underscore the importance of verifying the third firmware alteration is capable of swapping two elec- integrity of the firmware of electronic voting terminals ac- tion counters thus permanently destroying the outcome of companied by sound auditing procedures to maintain the any election that relies solely on the machine counts. candor of the electoral process. We also note that this work We note that this work is performed solely with the pur- is performed solely with the purpose of security analysis of pose of security analysis of AV-OS and to assist in the audits AV-OS, and the first and the second firmware manipulations of elections conducted using AV-OS systems. The various we describe serve a dual purpose in assisting the techno- firmware manipulations find a dual purpose in the auditing logical audits of actual voting procedures conducted using process and the basic techniques developed herein are useful AV-OS systems. tools that can expedite the auditing procedures for voting terminals. Optical Scan Security Vulnerabilities: There are two 1. INTRODUCTION major types of electronic voting equipment: Direct record- Frequently, the firmware component of a proprietary com- ing electronic (DRE) machines and optical-scan (OS) ma- puting system is misconstrued to be vulnerable only to a chines. An important benefit of the optical scan technology technical insider attack by someone with extensive resources, is that it naturally yields a voter-verified paper audit trail an in-depth knowledge of the targeted system, and access to (VVPAT)|the actual \bubble sheet" ballots marked by the source code and/or hardware specifications. In this work, voters that enables hand-counted audits and recounts. De- we challenge this assumption in the domain of e-voting ma- spite the paper trail benefit of OS terminals, three major issues serve as the motivation of this paper: First, OS ma- chines, such as the AV-OS terminal, have a loadable soft- ware component containing information about the election Permission to make digital or hard copies of all or part of this work for and candidates. Such software presents opportunities for at- personal or classroom use is granted without fee provided that copies are tacks [5,2,8] and should be audited. Second, OS machines not made or distributed for profit or commercial advantage and that copies may occasionally make errors when reading ballot sheets, as bear this notice and the full citation on the first page. To copy otherwise, to indicated by hand-counted audits [10,9]. Such audits are republish, to post on servers or to redistribute to lists, requires prior specific performed randomly in some states and may be triggered permission and/or a fee. SAC’09 March 8-12, 2009, Honolulu, Hawaii, U.S.A. by a tightly contested race. Unfortunately, such audits are Copyright 2009 ACM 978-1-60558-166-8/09/03 ...$5.00. time consuming and may themselves be error prone [10, 11]. ground. The proof of concept attacks illustrate the dangers The third issue concerns the firmware, the software compo- of trusting un-audited firmware and show the importance of nent that implements the basic functionality and typically verifying the integrity of the firmware of EVMs accompa- resides in the internal memory of the terminal. Generally, nied by sound auditing procedures to maintain the candor the firmware of voting machines is trusted implicitly. In of the electoral process. some cases the firmware source code is inspected by inde- pendent experts [8,6] to ensure that it behaves as expected, 2. THE AV-OS ELECTION SYSTEM however, to the best of our knowledge, the actual firmware The AV-OS election system is comprised of two compo- binary code is currently not audited. nents [3]: the AccuVote Optical Scan voting terminal (AV- In [5], the authors describe a general architecture that OS) and Global Election Management System (GEMS). characterizes special purpose trusted computing devices such The AV-OS terminal is a computing device responsible as the AV-OS voting terminal. Recall that a system like the for accepting ballots and tabulating the results of the elec- AV-OS is composed of both software and hardware compo- tion. The functionality of the terminal is determined by nents. From the security viewpoint, the key features are the the firmware loaded into a single Erasable Programmable components that are accessible or easily replaceable from Read Only Memory (EPROM) residing inside the terminal. outside the system, namely, the software components. The The AV-OS voting terminal described in this paper contains main theme in [5] (as well as in most previous research) cen- the firmware version 1.96.6. The major hardware compo- tered around the vulnerabilities and security issues of the nents include an 8MHz microcontroler which emulates an AV-OS voting terminal that relate to the machine's propri- Intel 80186 processor, 128K RAM chips, an optical scan- etary language, called AccuBasic, used for reporting election ner, a dot-matrix printer, LCD display, serial communica- results. For the most part, previous work assumes that the tion port, built-in modem and a removable 40 pin EPSON firmware of the AV-OS terminal is a trusted component of memory card. An analysis and discussion of the contents of the system, a point from which we depart in the present the memory card is presented in this paper. work. GEMS is the ballot design and central tabulation system. Contributions: We present three manipulations of | in It is installed on and operated from a conventional PC. essence attacks on | the AV-OS firmware. First we imple- GEMS consists of several databases that include the data ment a new diagnostic memory card dumping function of and ballot layout corresponding to the precincts participat- the terminal; in particular, we develop a firmware manipu- ing in the election, and the bytecode that determines how lation that expedites the memory card dumping functional- the tabulated results are printed. This data is transferred ity of the AV-OS terminal; our modified firmware exhibits a via the serial communication port to the memory card kept sixfold speedup of the total dumping time. This firmware in the AV-OS terminal. manipulation was performed to assist in the auditing of the contents of memory cards but can also be instrumental in 2.1 AV-OS Software Components launching an attack against the voting terminal since the The behavior of each AV-OS terminal is determined by memory card stores all the sensitive information regarding the firmware and the memory card contents. the election and expedient access to this information can be essential to an attacker. The second manipulation tar- Firmware. The main software component of the AV-OS is gets vote privacy: our modified firmware \leaks" through its firmware, executable code kept in a 128K 32 pin EPROM the serial port the actual contents of a voters' ballot. The chip (M27C1001) and responsible for all the functions pro- dual purpose of this firmware manipulation is assisting in vided by the machine. The EPROM is electronically pro- the hand-counted audits of the election outcomes.
Recommended publications
  • Electoral Systems, Direct Recording Electronic Voting Machines
    Abstract This article explores the assemblage of voting: electoral systems, Direct Recording Electronic voting machines (DREs), ballots and ballot booths, and the central role of secrecy. Its aim is to argue that the contemporary political subjectivity of deliberation is intimately tied up with this assem- blage. Based on ethnographic research, this article shows how controversies around DREs can reveal the ways in which the very possibility for delibera- tion is tied to the structure and implementation of these machines. It argues for a new approach to deliberation that includes debate, participation and co-construction of the technical systems whereby we vote, as well as those where we express opinions. Towards an Anthropology of Deliberation Christopher M. Kelty 1 October 2008 1University of California, Los Angeles, Department of Information Studies and the Center for Society and Genetics) introduction A political scientist, a cognitive scientist, and a computer scientist walk into a room. What sounds like the beginning of a bad joke|something about the anxiety of requiring the word \science" in the job title|was actually a class that I participated in, in the Fall of 2006, called \Election Systems, Technologies and Administration" (see Fig 1). The class combined approaches from cognitive science, political science and computer science{but it wasn't necessarily an attempt to combine them into a coherent approach. Rather voting and elections were subjected to an array of approaches, as the course description made clear: \how individuals interact with technology," \how technologies are engineered to be secure and accurate" and \how the social aspects of voting fulfill democratic goals for elections." These approaches covered human factors engineering, human- computer interaction and cognitive models of information processing, com- puter security research, election outcomes analysis, voting behavior and so on.
    [Show full text]
  • Black Box Voting Ballot Tampering in the 21St Century
    This free internet version is available at www.BlackBoxVoting.org Black Box Voting — © 2004 Bev Harris Rights reserved to Talion Publishing/ Black Box Voting ISBN 1-890916-90-0. You can purchase copies of this book at www.Amazon.com. Black Box Voting Ballot Tampering in the 21st Century By Bev Harris Talion Publishing / Black Box Voting This free internet version is available at www.BlackBoxVoting.org Contents © 2004 by Bev Harris ISBN 1-890916-90-0 Jan. 2004 All rights reserved. No part of this book may be reproduced in any form whatsoever except as provided for by U.S. copyright law. For information on this book and the investigation into the voting machine industry, please go to: www.blackboxvoting.org Black Box Voting 330 SW 43rd St PMB K-547 • Renton, WA • 98055 Fax: 425-228-3965 • [email protected] • Tel. 425-228-7131 This free internet version is available at www.BlackBoxVoting.org Black Box Voting © 2004 Bev Harris • ISBN 1-890916-90-0 Dedication First of all, thank you Lord. I dedicate this work to my husband, Sonny, my rock and my mentor, who tolerated being ignored and bored and galled by this thing every day for a year, and without fail, stood fast with affection and support and encouragement. He must be nuts. And to my father, who fought and took a hit in Germany, who lived through Hitler and saw first-hand what can happen when a country gets suckered out of democracy. And to my sweet mother, whose an- cestors hosted a stop on the Underground Railroad, who gets that disapproving look on her face when people don’t do the right thing.
    [Show full text]
  • How Electronic Voting Companies' Proprietary Code Ruins Elections Andrew Massey
    Hastings Communications and Entertainment Law Journal Volume 27 | Number 1 Article 6 1-1-2004 But We Have to Protect Our Source: How Electronic Voting Companies' Proprietary Code Ruins Elections Andrew Massey Follow this and additional works at: https://repository.uchastings.edu/ hastings_comm_ent_law_journal Part of the Communications Law Commons, Entertainment, Arts, and Sports Law Commons, and the Intellectual Property Law Commons Recommended Citation Andrew Massey, But We Have to Protect Our Source: How Electronic Voting Companies' Proprietary Code Ruins Elections, 27 Hastings Comm. & Ent. L.J. 233 (2004). Available at: https://repository.uchastings.edu/hastings_comm_ent_law_journal/vol27/iss1/6 This Note is brought to you for free and open access by the Law Journals at UC Hastings Scholarship Repository. It has been accepted for inclusion in Hastings Communications and Entertainment Law Journal by an authorized editor of UC Hastings Scholarship Repository. For more information, please contact [email protected]. "But we have to protect our source!": How Electronic Voting Companies' Proprietary Code Ruins Elections by ANDREW MASSEY* I. Introduction .................................................................................. 234 II. Voting Systems and Open Source Code .................................... 236 A . V oting System s ............................................................................. 236 B . O pen Source C ode ....................................................................... 238 III. Proprietary
    [Show full text]
  • Chapter 08-Talion
    Company Information 63 This free internet version is available at www.BlackBoxVoting.org Black Box Voting — © 2004 Bev Harris Rights reserved. ISBN 1-890916-90-0. Paperback version can be purchased at www.Amazon.com 8 Company Information (What you won’t find on the company Web sites) If anything should remain part of the public commons, it is voting. Yet as we have progressed through a series of new voting methods, control of our voting systems, and even our understanding of how they work, has come under new ownership. “It’s a shell game, with money, companies and corporate brands switching in a blur of buy-outs and bogus fronts. It’s a sink- hole, where mobbed-up operators, paid-off public servants, crazed Christian fascists, CIA shadow-jobbers, war-pimping arms dealers — and presidential family members — lie down together in the slime. It’s a hacker’s dream, with pork-funded, half-finished, secretly-programmed computer systems installed without basic security standards by politically-partisan private firms, and pro- tected by law from public scrutiny.” 1 The previous quote, printed in a Russian publication, leads an article which mixes inaccuracies with disturbing truths. Should we assume crooks are in control? Is it a shell game? Whatever it is, it has certainly deviated from community-based counting of votes by the local citizenry. We began buying voting machines in the 1890s, choosing clunky mechanical-lever machines, in part to reduce the shenanigans going This free internet version is available at www.BlackBoxVoting.org 64 Black Box Voting on with manipulating paper-ballot counts.
    [Show full text]
  • Black Box Voting Report
    330 SW 43rd St Suite K PMB-547 Renton WA 98055 425-793-1030 – [email protected] http://www.blackboxvoting.org The Black Box Report SECURITY ALERT: July 4, 2005 Critical Security Issues with Diebold Optical Scan Design Prepared by: Harri Hursti [email protected] Special thanks to Kalle Kaukonen for pre-publication review On behalf of Black Box Voting, Inc. A nonprofit, nonpartisan, 501c(3) consumer protection group for elections Executive Summary The findings of this study indicate that the architecture of the Diebold Precinct-Based Optical Scan 1.94w voting system inherently supports the alteration of its basic functionality, and thus the alteration of the produced results each time an election is prepared. The fundamental design of the Diebold Precinct-Based Optical Scan 1.94w system (AV OS) includes the optical scan machine, with an embedded system containing firmware, and the removable media (memory card), which should contain only the ballot box, the ballot design and the race definitions, but also contains a living thing – an executable program which acts on the vote data. Changing this executable program on the memory card can change the way the optical scan machine functions and the way the votes are reported. The system won’t work without this program on the memory card. Whereas we would expect to see vote data in a sealed, passive environment, this system places votes into an open active environment. With this architecture, every time an election is conducted it is necessary to reinstall part of the functionality into the Optical Scan system via memory card, making it possible to introduce program functions (either authorized or unauthorized), either wholesale or in a targeted manner, with no way to verify that the certified or even standard functionality is maintained from one voting machine to the next.
    [Show full text]
  • Security Evaluation of ES&S Voting Machines and Election
    Security Evaluation of ES&S Voting Machines and Election Management System Adam Aviv Pavol Cernˇ y´ Sandy Clark Eric Cronin Gaurav Shah Micah Sherr Matt Blaze faviv,cernyp,saender,ecronin,gauravsh,msherr,[email protected] Department of Computer and Information Science University of Pennsylvania Abstract EVEREST was the first major study of ES&S voting sys- tems, despite the system’s popularity (ES&S claims to be This paper summarizes a security analysis of the DRE the world’s largest e-voting systems vendor [1], support- and optical scan voting systems manufactured by Election ing more than 67 million voter registrations with 97,000 Systems and Software (ES&S), as used in Ohio (and many touchscreen voting machines installed in 20 states and other jurisdictions inside and outside the US). We found 30,000 optical ballot readers present in 43 states [4]), and numerous exploitable vulnerabilities in nearly every com- only the second comprehensive study that examined all ponent of the ES&S system. These vulnerabilities enable components – from backend registration systems to fron- attacks that could alter or forge precinct results, install tend ballot casting – of any electronic voting system. In a corrupt firmware, and erase audit records. Our analysis ten week period, our seven-member team was tasked with focused on architectural issues in which the interactions analyzing the nearly 670,000 lines of source code that between various software and hardware modules leads to comprise the ES&S system, encompassing twelve pro- systemic vulnerabilities that do not appear to be easily gramming languages and five hardware platforms1.
    [Show full text]
  • Voting System Failures: a Database Solution
    B R E N N A N CENTER FOR JUSTICE voting system failures: a database solution Lawrence Norden Brennan Center for Justice at New York University School of Law about the brennan center for justice The Brennan Center for Justice at New York University School of Law is a non-partisan public policy and law institute that focuses on fundamental issues of democracy and justice. Our work ranges from voting rights to campaign finance reform, from racial justice in criminal law to presidential power in the fight against terrorism. A singular institution – part think tank, part public interest law firm, part advocacy group – the Brennan Center combines scholarship, legislative and legal advocacy, and communication to win meaningful, measurable change in the public sector. about the brennan center’s voting rights and elections project The Brennan Center promotes policies that protect rights, equal electoral access, and increased political participation on the national, state and local levels. The Voting Rights and Elections Project works to expend the franchise, to make it as simple as possible for every eligible American to vote, and to ensure that every vote cast is accurately recorded and counted. The Center’s staff provides top-flight legal and policy assistance on a broad range of election administration issues, including voter registration systems, voting technology, voter identification, statewide voter registration list maintenance, and provisional ballots. The Help America Vote Act in 2002 required states to replace antiquated voting machines with new electronic voting systems, but jurisdictions had little guidance on how to evaluate new voting technology. The Center convened four panels of experts, who conducted the first comprehensive analyses of electronic voting systems.
    [Show full text]
  • SYNOPSIS Black Box Voting Has Filed a Formal Letter of Complaint and Request for Investigation with the United States Dept
    330 SW 43 rd St Suite K – PMB 547 Renton WA 98057 A national 501c(3) nonpartisan nonprofit SYNOPSIS Black Box Voting has filed a formal letter of complaint and request for investigation with the United States Dept. of Justice Office of Antitrust and with the Federal Trade Commission. CONTENTS: 1. THE COMPANIES 2. MONOPOLY MAP 3. HORIZONTAL MONOPOLY: HERFINDAHL INDEX 4. VERTICAL MONOPOLY: a. MONOPOLIZATION AND CONCEALMENT OF ESSENTIAL PROCESSES FROM END TO END b. VERTICAL MONOPOLIZATION THROUGH LOCK-INS FOR SERVICES AND PRODUCTS 5. OUR RESEARCH SHOWS A PAST HISTORY OF ANTICOMPETITIVE BEHAVIOR 6. REGULATORY AND COST OF CERTIFICATION STRUCTURE AFFECTS ANTICOMPETITIVE ENVIRONMENT 7. THE ELECTION ASSISTANCE COMMISSION, THE TECHNICAL GUIDELINES DEVELOPMENT COMMITTEE, AND PROPOSED FEDERAL LEGISLATION 8. REVOLVING DOOR BETWEEN REGULATORS, PUBLIC OFFICIALS AND VENDOR PERSONNEL 9. ACTUAL OWNERSHIP NEEDS TO BE INVESTIGATED AND DISCLOSED 10. HISTORY OF ANTI-COMPETITIVE PRACTICES: EXAMPLES 12. HISTORY OF THE EFFECT OF LACK OF COMPETITION: LOW QUALITY, SLOWDOWNS, POTENTIAL SHUTDOWN OF ELECTIONS 13. COMPLAINT THAT THIS ACQUISITION IS A MONOPOLY, SHOULD BE PROHIBITED UNDER THE CLAYTON ACT, TITLE 15 U.S.C. § 1-27 et. al. APPENDIX A: PARTIAL UNRAVELING OF OWNERSHIP TRAIL ON ES&S This research is the culmination of seven years of work by Bev Harris and the Black Box Voting team. We also collaborated with Florida Fair Elections Coalition, a former DoJ investigator, voting rights scholar Paul Lehto, the Election Defense Alliance and others in preparing the evidence. The Honorable Eric Holder Attorney General United States Department of Justice 950 Pennsylvania Avenue Washington D.C. 20530 Letter of Complaint - Request for Investigation Re: Federal antitrust concerns Asserted under the Clayton Act, Title 15 U.S.C.
    [Show full text]
  • Black Box Voting Report
    330 SW 43rd St Suite K PMB-547 Renton WA 98055 425-793-1030 – [email protected] http://www.blackboxvoting.org The Black Box Report SECURITY ALERT: July 4, 2005 Critical Security Issues with Diebold Optical Scan Design Prepared by: Harri Hursti [email protected] Special thanks to Kalle Kaukonen for pre-publication review On behalf of Black Box Voting, Inc. A nonprofit, nonpartisan, 501c(3) consumer protection group for elections Executive Summary The findings of this study indicate that the architecture of the Diebold Precinct-Based Optical Scan 1.94w voting system inherently supports the alteration of its basic functionality, and thus the alteration of the produced results each time an election is prepared. The fundamental design of the Diebold Precinct-Based Optical Scan 1.94w system (AV OS) includes the optical scan machine, with an embedded system containing firmware, and the removable media (memory card), which should contain only the ballot box, the ballot design and the race definitions, but also contains a living thing – an executable program which acts on the vote data. Changing this executable program on the memory card can change the way the optical scan machine functions and the way the votes are reported. The system won’t work without this program on the memory card. Whereas we would expect to see vote data in a sealed, passive environment, this system places votes into an open active environment. With this architecture, every time an election is conducted it is necessary to reinstall part of the functionality into the Optical Scan system via memory card, making it possible to introduce program functions (either authorized or unauthorized), either wholesale or in a targeted manner, with no way to verify that the certified or even standard functionality is maintained from one voting machine to the next.
    [Show full text]
  • Appendix a I Appendix A: Compendium Of
    Appendix A i Appendix A: Compendium of problems, continued from Chapter 2 (Footnotes for this section located in “Footnotes: Chapter 2”) September 1986, Dallas, Texas: The number of voters changed on various report printouts, but votes for individual candidates remained the same. The problem was attributed to a computer-programming error. Note the date on this report: Officials have been expressing concerns about computerized vote- counting for nearly two decades. “With paper ballots, I can make the numbers add up ...” said Assistant Texas Attorney General Bob Lemens. “We are running into much tougher problems here.” Texas Attorney General Jim Mattox said the computerized vote-counting clearly has the potential for fraud. “I can’t send a reasonably good programmer to look at this system and determine that it is properly tabulating the ballots,” Mattox said. 72 November 1988, Hillsborough, Broward and Dade counties, Florida: A dropoff was observed in Senate votes from the previous general election, but only in counties that used computerized vote-counting machines. Counties without computerized vote-counting showed a 1 percent dropoff, while counties with computerized voting showed a dropoff of 8 percent. “Something stands out there like a sore thumb,” said Michael Hamby, executive director of the Florida Democratic Party. 73 November 1989, Lima, Ohio: Representatives of Sequoia Pacific, makers of the voting machine software for Lima, failed to appear as requested, and election results were delayed until someone could work out the programming error and recount the votes. Nobody was quite sure how many races were affected, but the mayoral race and the school board races were in question for nearly a week after the election.
    [Show full text]
  • Trust Between the Electorate, the Establishment, and Voting
    85 T h e J o u r n a l o f T e c h n o l o g y S t u d i e s One Man One Vote: Trust between the Electorate, the Establishment, and Voting Technology Laurie Robertson Election Day 2004: A voter arrives in per- token with an official who escorts the voter to son to a polling location, which although a tem- the hallowed machine with allows him to per- porary setup projects an image of impartial form the holy rite of democracy – voting. integrity. Bland signage, temporary tables, vot- Ordained election officials protect the integrity ing machines and other election paraphernalia and sanctity of the machines and space through- turn a school gymnasium or a civic center into a out the day and it is these officials who perform sacred space. Upon entering the polls a voter the all-important, but private ceremony, of the approaches a table where a series of rituals tally and report of the votes. After this official (e.g., appropriate identification, verbal affirma- sanctification, the results are publicly ordained tion of name and residence) verify his or her and once again the “voice of democracy has registration and identity. After the officials per- spoken.” form a mysterious rite with the poll book, the voter is provided with a sacred token, be it a Of course, voting realities are much messier paper polling pass or a DRE smart card, and is than this idealized account promulgated by the admitted to vote. The voter exchanges the sacred electoral establishment.
    [Show full text]
  • Black Box Voting Ballot Tampering in the 21St Century
    Chapter 13 Black Box Voting Ballot Tampering in the 21st Century by Bev Harris with David Allen Edited by Lex Alexander Cover Art by Brad Guigar This work is licensed under a Creative Commons License with the follow- ing additional provisos: 1) You must place the text: "If you would like to support the author and publisher of this work, please go to www.blackboxvoting.com/support.html" on the same page as the download, or on the first or last page on which the PNG images appear. 2) The notice: "This book is available for purchase in paperback from Plan Nine Publishing, www.plan9.org." Must appear on the download page or on the first or last page of the PNG images. If you have any questions about this license or posting our work to your own web site, call Plan Nine Publishing at 336.454.7766 259 13 Practical Activism “MoveOn should take this issue on.” “What about contacting the ACLU?” “Have you thought about calling Bill Moyers?” “Congress should launch an investigation.” All great ideas, but they are missing something. Taking back our vote is not something we can depend on others to do for us. Our ability to control our own voting system is one of the most important issues there is, therefore it requires that we apply the top talent we have. Nothing less will do. This job needs you. What are we fighting for? Simply this, and we must accept nothing less:We want voting systems to produce voter-verified paper ballots, and those ballots must be considered the legal record when used for recounts and audits.
    [Show full text]