Easy For Anyone To Recalibrate ES&S E-Voting Machines

Following on our earlier story demonstrating the calibration errors on ES&S e-voting machines in West Virginia, comes this report that notes the calibration controls are not protected and accessible to anyone. In other words, a pollworker or even a voter could modify the calibration to make it more difficult to vote for a particular candidate. While the overall risk may be minimal (voters would still see whether the correct candidate was highlighted), it could significantly impact voters’ confidence with the accuracy of these machines and the sanctity of the election. It’s still rather amazing how many stories we see on a near daily basis concerning how badly these machines are built.

TheOldFart (profile) says:

Problem solved agest ago.

You can’t just lock them up after they’re calibrated. Depending on the type of touch screen the adjustments can change for a lot of reasons. Capacitive touch screens can go out of cal just by moving/turning the machine while placing it.

I keep harping on this but casino gaming devices solved all of these voting machine security issues about 15 years ago.

The machines I designed the software used a simple, foolproof method. Since you can’t rely on the user being able to touch anything on screen (yeah they can get that far out of whack) I just used the soft reset switch. If the reset switch was held at the time the machine was powered up, it booted into calibration mode. Once the touchscreen was calibrated the only way out of that mode was to hit reset or cycle power.

The motherboard for gaming machines is in a locked metal cabinet that is keyed separately from the outer cabinet where the cash is collected from. So people who emptied coin buckets or changed printer paper could not see or touch the electronics/reset switch. Only people with an administrator key could get to that.

Simple, easy and old (like me) solutions.

Re: Problem solved agest ago.

I was just thinking about that the other day while at a casino. They have plenty of gaming machines that use touch-screen displays, and I’ve never once had one that was so wildly mis-calibrated that it didn’t play the game correctly. So, if it can be done for casino games, why can’t it be done for elections? I’d venture a guess that those casino games are way more complicated than a voting machine needs to be.

ehrichweiss says:

Re: Problem solved agest ago.

“I keep harping on this but casino gaming devices solved all of these voting machine security issues about 15 years ago.”

I was mentioning this to some friends as well. The gaming companies also went through GREAT lengths to make sure that you can’t use static electricity, etc. to turn the odds in your favor but someone a company that builds ATM machines couldn’t work out some of these simple concepts with all their years of experience.

TheOldFart (profile) says:

Re: Re: Problem solved agest ago.

One difference with casino systems is that they’re tested by third party and government agencies who are tasked with finding problems before they go into the field.

We got one machine back from testing in a Canadian province and they had hit the thing with static guns so hard and so long that they had bubbled the chromed plastic trim all over the place. The machines also had to function predictably when an entire pitcher of water was poured over them including aiming it into the cracks.

The machines have an auto-play mode for testing where they play games the as fast as they can (which in some cases is very fast)by simulating the user inputs. One state requires that the machines be plugged into a power strip that cycles the power at random intervals. The machines have to auto-play the games for at least 48 hours while constantly being subjected to both complete power failures and brownouts as well as static shocks from test guns and from ordinary cattle prods. If the accounting is off by one penny at the end of that time, big fat fail. If the statistics deviate from the expected values, big fat fail.

Each time a manufacturer fails it costs them tens of thousands of dollars re-submit the device with the errors corrected. If a single byte in an EPROM is changed it has to be submitted to testing again and if the testing authority deems a full round of tests must be performed again, off to the races it goes.

That’s what is wrong with the voting machines. There is no adversarial (in the good sense of the term) party involved. With casino gaming there are people/teams out there whose job it is to find problems and if they don’t find at least some problems they can’t justify their fees/jobs any more.

That’s actually very, very good for the gaming industry because people don’t have any reasons to distrust the machines. If they distrusted them they wouldn’t put their money into them.

I’d compare voting machines to internet casinos. Online casinos can swap out the software in real time without you ever knowing about it. Nobody has examined their code for bugs or intentional hacks and nobody has legal jurisdiction over them. Their play statistics and payouts are secret. People who give them money may as well just save the middle-man fees and burn the money. Likewise with voting machines it’s mostly just a bunch of govt types nodding their head and giving solemn sounding approvals of the devices when they have at best been minimally tested.

