OMG!!!! Diebold's Election Software Uses An Access Database

as its back-end. Folks, I hack into programs through its back-end databases for a living. Hell, any child can hack into an Access back-end.

At the county office, there is a "host computer" with a program on it called GEMS. GEMS receives the incoming votes and stores them in a vote ledger. But in the files we examined, which were created by Diebold employees and/or county officials, we learned that the Diebold program used another set of books with a copy of what is in vote ledger 1. And at the same time, it made yet a third vote ledger with another copy.

Apparently, the Elections Supervisor never sees these three sets of books. All she sees is the reports she can run: Election summary (totals, county wide) or a detail report (totals for each precinct). She has no way of knowing that her GEMS program is using multiple sets of books, because the GEMS interface draws its data from an Access database, which is hidden. And here is what is quite odd: On the programs we tested, the Election summary (totals, county wide) come from the vote ledger 2 instead of vote ledger 1, and ledger 2 can be altered so it may or may not match ledger 1.

http://www.scoop.co.nz/mason/stories/HL0307/S00065.htm

I cannot believe it...

Most "smart" programers rename the Access file extension to fool the users - like mydata.dll instead of mydata.mdb

This is the entry level lead-in to Black Box Voting... an easy primer.

http://cronus.com/electionfraud

Enjoy :)

It's possible to encrypt an Access database and make it virtually hack-proof. But of course the Diebold programmers weren't smart enough to do that.

You can create another Access database and copy over it. It's really that simple. I do this all of the time.

There is security built into Access databases that can prevent you from being able to do that. Problem is it is hard to use so hardly anyone ever does because they just don't know how.

can change the election as well. You don't even need to open access up.

......open "MS Notepad" and type in a 5 or 6 line VBS script file, save it as a .vbs file, and double click on it to change the results with out a trace of how or when it happened. The machine doesn't even need to have MS Access loaded.

All the required hooks are built into the OS. :scared:

If they new what they were doing, they could easily keep people from being able to do this on an Access database.

it is done on purpose. Besides 3 seperate set of books is for fraud.

Yes they keep 3 set of books in the tabulatioon database. They can be linked or delinked depending on the race you want to rig.

Very poor design.

23 count Embezzler installed a computer system then proceeded to steal @450k from the law firm he installed in for.

This system is designed for fraud. He is in financial trouble again so I wonder if he is selling the real secrets and if so for how much?

on Topic A with Tina Brown

Access of Evil

It's either SQL or Oracle. I work in IT, and Access is considered a joke. It's a "starter" database designed for beginners. People use this at home to keep track of their inventory, not to track friggin presidential votes!

How many years have you been working in IT? I'm guessing you just graduated high school.

And it's used in almost every major corporation. I've never come across one that doesn't use it somewhere. (Been in the business over 20 years)

It's a very useful front-end to SQL Server on the back end. Clients can do some stuff locally, some linked to the SQL Server and they print LOTS of reports that would be difficult to do in any other program - since the macro, form and report capabilities together make it possible to write a front-end pseudo-application that's easy to use, hard to break and easy to modify.

I would NEVER use it for data storage. NEVER. It's just not secure and is not a robust database solution for anything more than a local contact list or something equally "Excel" like.

Using it for the vote is so stupid one would have to question either the sanity of the systems engineer, his stupidity, or perfidy, and I'm close to certain it's the latter in this case.

Swiftboat Veterans for Bush

JFK - Drop Bush Not Bombs! - FUCK BUSH
http://brainbuttons.com/home.asp?stashid=13

There is plenty of things wrong with access.

It is not secure. I cracked one that was encrypted and pw protected when the consultant who designed disappeared.
It is not designed as an enterprise database.
It is inefficent and does not support integrated rollbacks and transactional logging.
No major backup software vendor makes a access hot (OFA)agent.
DB2 or Oracle are the industry standard for critical data.

Sorry to go geek but access is dog shit.

It is not secure. I cracked one that was encrypted and pw protected when the consultant who designed disappeared.

As I explained previously I agree the "database password" feature in Access is easily cracked - any script kiddie can download a utility from the net to do it for them. But there is more powerful security built into Access that is not hackable, it's just too difficult for people that know very little about Access to use.

It is not designed as an enterprise database.

Depends upon what you want to use it for.

It is inefficent and does not support integrated rollbacks and transactional logging.

This is not a requirement for every enterprise application. In fact most of the enterprise applications I make do not require this even when I use server-based databases. This would definitely not be a requirement for stand alone voting terminals that only track running vote totals - it would require like 100 times the storage capacity.

No major backup software vendor makes a access hot (OFA)agent.

I don't see how this is relevant.

DB2 or Oracle are the industry standard for critical data.

Again the voting terminals are not designed to keep track of every ballot. Such data is not "critical". Oracle or DB2 would be overkill and a waste of money on voting terminals.

Last year I had the opportunity to talk to one of the people (now retired from that and on to something else) who developed Access.

I thought I was in big trouble for all the Access bashing that had gone on.

Instead, this person was upset and amazed that anyone would use that DB for a voting system. Could not believe anyone would even contemplate it, it wasn't designed for it, etc.

The point that you can use it is a bit irrelevant. It's still not the right tool for the job- and this person supported that viewpoint.

I maintain and design systems that organize and track millions of componets of a line of manufactured products. A multi billion dollar operation. I deal with all types of databases. Access is by far the least resiliant. mysql is a ok choice, Oracle or db2 even better.

Access is a joke, it runs on lowend x86 equipment and is not designed to handle millions of distributed records. Oracle can be run locally and then transmitted to a source. This data is critical and the systems should be treated like they were transacting fed wire transfers. Every ballot has to be assigned a unique id and validated and recorded.

If you use access for anything other than a small business to track inventory, it is not acceptable. SQlServer is a minimun standard, this is per microsoft, we are a multi million dollar client. more than 20 users and a half mil of records time to upgrade. horses mouth. I will not even mention record locking issues.

Rollback logs and hot backups allow data to be protected while it is being written. You do not have to run an oracle db on every machine to use their format. named pipes or odbc will do. Every site should have a "server" that is on apc and that links up to a main database mirrored to at least two different locations. Access can not even come close to running in the distributed environment it would require to handle validating and merging records from god knows how many places. This is one of those things that should be done "overkill" to prevent any doubt of foul play, and to reduce the chance of a fuckup.


The lottery systems, ATMs, and betting institutions do not use access because it is not designed for this type of use. This should be build to the standards of the nasdaq or nyse, I doubt this app could pass basic SOX compliance.

paper ballot for me..

The applications you describe are not comparable to the Diebold systems. The Diebold voting machines do not contain millions of records. They do not have to handle multiple concurrent users. Record locking is not necessary. They are not distributed. Every ballot is not transmitted to a central database in the GEMS system, only vote totals. Rollback logs and backups are unnecessary - the chance of any individual machine hosing its database is vanishingly miniscule, and not worth the expense. There is no record merging going on. As designed they are not comparable to lottery systems and ATMs, not should they have to be.

Unlike you I'm not a Microsoft-hating computer geek who sits in a dark room all day doing nothing but babysitting one huge database that I am religiously devoted to so I think everyone who doesn't use a multi-million dollar computer system for their grocery list is a loser script kiddie. I design and program many very different typesand sizes of programs with different hardware, software, and cost requirements for many different companies. Every solution takes into consideration a cost-benefit analysis. A giant, expensive database system is not required for every project. Access databases are a perfectly valid tool for some of these projects. In fact my company consistently gets contracts because we bid far under what other companies do who have the same illogical attitude that you have.

Sounds like it's right up your alley.

Swiftboat Veterans for Bush

JFK - Drop Bush Not Bombs! - FUCK BUSH
http://brainbuttons.com/home.asp?stashid=13

That was before I was with my current employer anyway, so I have no idea, but I don't think they even thought of it. Now that you all have got me riled up though I'm considering developing a voting machine system of my own. :evilgrin:

I have written access programs for small business in the mid ninties and have since upgraded the backeng to sqlsqerve because it is better.

I see some of your points but disagree on others. This should be distrubuted and it should be bulletproof, cost should not be factored here since if voters do not feel secure using it, nationwide problems can happen. Can you imagine a revote due to some server crapping out and loosing voting data.

The machine should use microcode, like computer controlled hospital equipment and log data to a local server running a UNIX operating system and an enterprise database. Preferrably on a satalite uplink, this is how lottery systems and pay at the pump work. The data should be secured ad multiple datacenters that are physically hardened.

This should be given the "respect" of an application that handles money or controlls nuclear weapon launch systems. It is that important.

If you write it write it in C or C++ so it can be compiled to run on big iron.

Hate to be old school but the reality is if you want something done correct and fast you use maneframes. Spec p690's and IBM's z line of servers. The databases should feed to machines on that order of power. They should be running IBM shark or EMC connectrix disk systems that are 5 times redundant and allow for hardware level backup of hot files.

and it crashes even if you just sneeze.

Besides they are charging millions of dollars for these systems. You would think they could afford something a little more robust that friggin Access.

From, http://calafia.com/access/uses.htm :evilgrin:
Suggested uses

* Skeet shooting
* Floor tiles
* Return to providers for reuse
* Recycle as building material
* Collect so many as to create a gravity well and collapse the universe

Actual uses

* Reformat for reuse
* Drink coasters
* Donate to charity
* Table levelers (slide one under a wobbly leg)
* Use CDs for Christmas ornaments
* Frisbees
* Collectors items

"Best use I ever found for these disks besides reformatting them might be to re-tile my bathroom if I get enough of them :)" --Norman, 2/23/96

Now that I want to see!

"I have found that they make great coasters and are a talking point, eg. ‘Why would you use disks for coasters? Won't they get ruined?’ !!" --Andrew, 2/22/96

"I plan on making Christmas ornaments with them. Then I can say, "CD (see the) ornaments?" People have accused me of being a sick puppy. Anyway, glue them back to back and put some string through the middle and viola, cheap, easy, kids projects! ....Hey, Maybe Martha Stewart could find a use for them. Does she have an E-mail address?" --Casey, 2/21/96

And I use them every day.

Access is adequate for this application. A server-based RDBMS would be a huge waste money on a stand alone voting terminal machine. It's only poor programming that makes the Diebold machines vulnerable. That wouldn't have been alleviated by the choosing a different database.

And I bet Google followed! ;-)

Thanks Al! :evilgrin:

pluses + lighter footprint
minuses - easy to enter. Saw a guy run a simple utility to grab the password. Crashes. Locks up. Easily corruptable.

Access is not Election quality by any means.

LA county San Diego...Big counties are apt to lockup because of the amount of data. Access is crap!

with no problem. Anyway from what I've seen of the Diebold software it doesn't keep a record of every vote, it just keeps running totals.

2.5 million voters are expected to show up this fall.

Add the many different ballot styles, multiple races and the database becomes complex quickly.

by polling place (sometimes over a thousand polling places per county)

Each polling place by race and ballot question

Each race and ballot question by candidate or choice selection

and further subdivided by absentee votes, challenge votes, early votes

this is hundreds of thousands of records, coming in lickety-split over dozens of modems simultaneously.

Bev

Even as you describe it, with running vote totals that's only one main table database record per polling place. The "subdivisions" you mention are just different fields in the same record. So at most we're talking about thousands of records. ("field" and "record" are very precise terms in relational database terminology - perhaps there is some communication confusion here.)

I read about the GEMS code many months ago when it was first leaked out, so maybe my recollection is spotty, but IIRC it was not storing a separate record for every ballot cast. Probably by design since they maybe were concerned about voter privacy issues, or maybe it was just so it would be impossible to do recounts on them.

P.S. Welcome back Bev! I haven't seen you around here for a long time.

Pima County, or San Luis Obispo, I can't remember which:

The vote database, which is only partially voted in the copy I have, contains over 300,000 individual lines. These are both small counties. Take that times 10 for Los Angelos or Mesa County.

When a county is bigger, you don't have more votes per line item, you have more line items, because precincts remain relatively small. And, in the case of King County, we have something like 800 different kinds of splits, all have to be broken out separately.

These databases are big honkin' things. Have you looked at a live vote database from a big county?

It is true that each individual vote does not appear as a line item, but there are many line items with just a few votes.

Even if it does keep track of every ballot cast, at the most the database would have one record per voter, plus some small overhead. If there was really a problem with using Access on the voting machines it there would be a noticeable degradation of performance as each voter was added, long before you would experience anything like the database crashing. And anyway from what I've seen of the GEMS system the voting machines only transmit the vote totals when they are to be tabulated, not every single vote which would take many hours for each one.

"If it was properly designed."

It's NOT properly designed!

Well, check that. It is exactly properly designed, if you want to rig an election:

1. It is designed to make password replacement a simple matter of cut and paste

2. It is designed so that anyone can erase or alter the audit log in 2 seconds.

3. It is designed so that you can create a hidden, completely different set of votes by decoupling two tables with a 2-digit code

4. It is designed so that you can't log in changing users, but everyone has to go in as "admin" because you have to actually close GEMS, exit, then re-enter to come in as a new user. This is not done, of course, because votes are flowing in pell-mell all through the evening, so all the users are logged into the (erasable!) audit log as the same person.

5. It is designed so that the totals, the results, are pulled from a separate vote table that isn't even the real votes, and can be completely different. This means it is designed to pass a spot check on the detail (report is pulled from correct votes) while altering the results.

6. It is designed so that you can't do "adjustments" like correcting an error, so that instead, you have to actually erase the original vote data and replace it. This covers up errors, and is a dreadful accounting procedure.

7. It is designed to be fraud-friendly.

So, since you have very good knowledge of why this program is NOT properly designed, how about this:

Download it.
Learn the hack.
Demonstrate it to your nearest Diebold county official.
Ask them what they're going to do about it.

Thanks, looking forward to your help!

Bev

due to multi users.

Or do you?

Access is a joke for serious programmers.

BTW, Diebold says it DOES keep a record of every vote. They claim they can print them out at the end of an election.

And if there's any state or locality out there not DEMANDING that individual votes be kept, they're crazy. Of course, that's what Diebold wants, but not to make life easier, not by a long shot -- to make the theft less easy to track or discover or even suspect.

Wake up, Philosophy. You're on the wrong side. (Or did you know that already?)

I could make a voting system using Access that would work perfectly and would be hack-proof and you all would have nothing to complain about. B-)

Access is a legitimate programming tool with legitimate "serious programmer" applications. If any of the programmer/analysts who work for me refused to use it on a project for which it was the best and most cost-effective solution, just because they think it is a "joke", I would fire them for being an idiot and wasting my time and money.

You may be right that the individual voting machines do record every vote. But AFAIK the GEMS system only transmits and tabulates vote totals, so you never run into the situation where millions of records are in any single Access database.

Could you make a system that couldn't be compromised with inside access?

(Didn't think so).

It's an auditing problem, not a computer problem.

We have 3,066 counties, and more township divisions that that. Each has a central tabulator. Each has 3-6 people with permission to sit at that terminal. That's up to 20,000 people, not including remote access through telephone modems, and of course we give the phone numbers to the modems to hundreds of thousands of poll workers.

Can you really control inside access from tens of thousands?

Wow, you're good!

Bev

A system can be designed, using properly secured and encrypted Access databases, that does not require any of these people to have administrator access to the databases, or grant them permission to alter or even view any raw data in the databases.

The password feature was put in because the good security was too hard for the average Access user to figure out. A real programmer would never use the password feature in Access if they really cared about the security.

For more on Referential Integrity. :(

And it hasn't been turned off, in fact its an important part of almost every relational database (although it goes by other names), not just Access.

If you're really interested in MS Access security, look up "user-level security" and encryption. If a programmer uses both of those, he can make a hack-proof Access database.

Los Angeles, for example, has 2.5 million people voting on dozens of ballots questions, each with multiple choices. And they need the whole thing processed quickly.

I think -- correct me if I'm wrong -- that this presents problems when you are also trying to encrypt and unencrypt data.

Also, "user level security" seems to mean having the county put in a password in order to get into the tabulator computer. Problem with that is that it is already open during all vote counting. They have votes streaming in on dozens of modems for hours at a time, and they have to keep GEMS and the central computer open.

They have multiple people with permission to access the computer during this time and (for added ridiculousness) the GEMS database can't change users without closing, and they can't close it while it's receiving the votes. Therefore, everyone who touches the computer is called "admin."

Bev

There's only one person on one voting machine at a time. Each just keeps track of running totals on ballot responses. IIRC the GEMS software then correlates and sums up the running totals data received seperately from each machine. It doesn't care about individual ballots.

User-level security as implemented in Access could have been used by the programmers to control the access permissions between the GEMS application executable and the database. This would prevent anyone from just grabbing the database and opening it without using the GEMS program. The GEMS program could further require more user validation to get authorized access to enter data into the database. And Access encryption is not really protocol based - it is simply a method where the Access database file is encrypted so someone can't read or edit anything in it with a hex editor, bypassing the database engine.

.....as certified (or NOT as the case may be!) by the ITA. :evilgrin:

You can bring up all the 'hypothetical' situations you want. Let's stick to the actual code used in the elections. :)

I'm a professional database programmer. I use many databases, including Access. I think you need to review what exactly "referential integrity" is.

......as it now exists in the machines before sounding off about what the Diebold programmers 'shoulda woulda coulda' done. :evilgrin:

I'm just pointing out that just because they implmented an Access database poorly doesn't mean that they shouldn't have used Access in the first place, and this "referential integrity" issue you brought up is a red herring because you do not appear to know the actual definition of the term.

Access is a beginner's database. I work for a very large company in the IT department. Access is great for college projects and keeping track of your inventory, but it was never intended for million record databases. And it has no security compared to Oracle or SQL. Also, referential integrity? It may have nothing to do with security, but it's damn important. It's what prevents someone from voting twice. I'd say that's important.

......I would think that being able to audit entries to the db would be a form of security. What do I know. Ya learn sumthin' new every day. :)

I've been doing it for over 10 years. I'm the head of the IT department for a small company. I've used every version of Access since version 2.0 (they're on I think version 10.0 now), on dozens of projects, and I'm even Microsoft certified in it. It's by no means a "beginners database" - there are many situations where it is a better and more economical choice than larger server-based solutions such as Oracle or SQL Server (both of which I'm also an expert in). Access is a perfectly valid choice for use as a database in stand-alone voting terminals. Oracle would be overkill in these.

As I explained above, GEMS will be using only thousands of records - certainly not "millions", and not even hundreds of thousands.

Access does have some very good security, but the Diebold programmers apparently chose not to use it.

And referential integrity does not keep someone from voting twice - I think you need to look up the definition again.

...that Access is not nearly as bad as people are making this out to be. I use SQL and Access all day and each have good points over the other.

I like being able to create an Access database, compress it, and email it to someone. Just drop that puppy in a directory and it's ready for prime time. No attaching, encryption issues (create an SQL database on a FAT32 system and modify it on an NTFS system and see what happens. HINT: Encryption hell), or SQL hogging all your resources.

I like being able to use the memo field for lots of field data without having to use BLOB routines to get it out (unlike the SQL text field). Contrary to what some have said, I still use Access databases at a couple car plants in Detroit to track oil fills and crap like that. 100s of thousands of records and it doesn't burp. And for the person who said he/she cracked a password protected database, that's newsworthy. I mean BIG TIME newsworthy. You've managed to do in short order which mathematically shouldn't be able to happen in a million years (assuming lower and upper case characters were used along with number and special characters). I look forward to your publication specifying how you did it.

Microsoft Access has nothing to do with the perceived problem. Crappy design and simple negligence (not changing default passwords, etc) has everything to do with it and it has nothing to do with the database.

Here's a Google search for Access, database, hack, 564,000 hits should find you what you're looking for.

Here's a nice roundup of Access security from Government Security.org

http://www.governmentsecurity.org/articles/IsDatabaseSecurityanOxymoron.php

<Snip>

Is Database Security an Oxymoron?
By Mary Chipman, Contributing Editor, Access-VB-SQL A

Microsoft Access workgroup security appears to be robust because it uses a strong encryption algorithm. However, encryption remains secure only while the decryption key remains secure, and this is where Access/Jet is vulnerable.

How Access security works
The way Jet security works is that users, group, and password information is stored in a workgroup file (MDW), and permissions are saved in the database file (MDB) and mapped to the security IDs (SIDs) of the users or groups in the MDW file. For users to work with an Access database, they need file permissions on both the MDW and MDB file. Attackers can gain physical possession by simply copying the files and carting them off to hack away on at their leisure. No matter how superior the key is, if it's physically accessible, and the attackers have the skills and the motivation, they'll crack it.

Relying on Access security is like hiding your house key in your yard. If a thief gets over the garden wall and has unlimited time and a fervent desire to get into your house, he'll find the key, even if you've cleverly hidden it under a lawn dwarf behind dense bushes inside a maze. The key might be safe if you embedded it in concrete and buried it under the fountain, but then you wouldn't be able to use it yourself. There are already companies and products out there that can hand you an administrative user name and password from any MDW.

<More>

In the very next sentence in that article, the author (whom I've met personally BTW) goes on to explain how to properly use Access security so that it cannot be cracked as the introduction rhetorically describes.

Those Diebold programmers know exactly what they're doing -- all the lax security is INTENTIONAL. Upthread you said something like "not a very good design." Nooooo, that's incorrect. It's a VERY good design if you want to steal an election.

GET A FUCKING CLUE!!

The original poster seemed to be defending the Diebold programmers by blaming the inadequacies of the system on Access.

we should vote absentee with paper ballot until the end of our days. Period.

they are still counted and tabulated on the above referenced software.

Pen, Paper and a day off to count the election...

People use Access to keep a database on their home inventory. I know of not one professional company that would ever consider using Access. It is friggin unbelievable.

So far this year I've completed three projects that use Access databases, and only two that use SQL Server. I wouldn't want to work for a company that refuses to use Access because they think it is only for beginners. It means they haven't done their homework and they're wasting money.

Is that it allows laypeople to write software without really knowing what they are doing. I worked on a project a couple of years ago where I had to go in and rewrite this CRAPPY Access database set up by someone who didn't know jack. I don't mind working with it, but this person really screwed up the electronic records and I had to go back to the hard copies of the information to rebuild the database. It was a looooong summer, reading all these virtually identical files and entering in the info.

But it doesn't seem to be any weaker than any other Microsoft product, IMHO.

Any jackass can start dragging and clicking while the app throws together sloppy table structure. I will not even get into reporting. I've seen one user using access to hit an oracle database on a 36 way p690 with 256 gigs of ram(2 million dollar machine), slam the machine with a sloppy piece of access borne sql. It was caching to tape. This is extreme but makes a point. He didn't have clock quota because he was supposed to be smarter than that. I posted above, I earn my living with large data systems. This does not even come close to passing muster at a corporate level.

This involves merging data from multiple points into a single (in its self stupid) big database.

Access is designed for small business, vets office to keep inventory. We deal with microsoft with a partner level of support. They don't recommend it for more than a half to a mil. records and no more than 20 users.

It does not create rollback logs, you can't back it up hot, and is not designed to run on high end risc hardware in a distributed mode. That is what it will take to make this work. Doing this correctly is one of the most complicated IT systems I can imagine. I deal with databases with billions of records and many thousands of tables. Complex is the understatement of the year.

Access is in no way able to handle this volume of data and remain stable, nevermind secure and auditable. If it cant meet those criteria it should be dropped.

It should operate like the nasdaq, lottery systems, and betting systems. It is critical and should be done right or nat at all.

rig the Diebold system, that is.

Hell, any child can hack into an Access back-end.

Bev

...if they allow people the time alone with a GEMS computer to hack into and change an election, imagine how easy it is to stuff ballot boxes!

Heck, my FOUR year old can do that!

Predominately republican district? No problem...I'll just have my daughter pee all over the paper ballots since nobody is paying attention!

.....server, type in a very short .vbs script, save it as such and then double click it to change hundreds or even thousands of votes, then it would be to smuggle in hundreds or thousands of extra pre filled in ballots. In fact, with up to 48 modems attached to a GEMS Central Tabulator and the phone numbers known to hundreds of poll workers, you don't even necessarily have to 'go there'. :)

...why do that? Why not just stick a replacement database on a USB flash stick (a very large Access database will compress to about a 10th of it's size) and overwrite?

Hey, I got it!! Why vote at all?

If nobody is paying attention and as you people are implying - there are no controls - why not just make up a number as a poll result and send it in?

Why not expose the fraud, organize concerned people and take back control over how our elections are conducted and the results tallied? :shrug: :evilgrin:

*

We were stunned, when we began doing public records requests for the log of who had access to the central tabulator, that they not only don't log it, they don't even write down the names. From 3 to 6 people per county have permission, and some of them are temps that have not been background checked. And you can melt down the election in 6 seconds.

On election night, the place is chaotic -- reporters, candidates, campaign managers, and all this time you're supposed to be running disks from GEMS to the Internet machine. Yes, we've been able to document all kinds of strange access to the tabulator. And this can be done so quickly, and with such subtlety, that you could probably have a room full of people and no one would notice what you just did.

Watch the demo. Better yet, download it and show some of your local officials.

what alphabet blocks are to Shakespeare novels.

"Shakespeare novels"? I mean, point taken but um, I hate to tell ya...

But we have enough people out of work in this country to hire 50,000 paper ballot counters, with another 25,000 paper ballot verifiers....Computers are not secure enough to entrust the election to.

that is my preference.

I would have all the problems with the US Army fixed in six months, and all the problems with the US Government fixed in two years...but thank you guys.....

This was virtually the first damning fact about these machines that came out, what, a year and a half ago. I'm not a hacker, but my wife is a very high-end one, and when I mentioned this fact at a USENIX party a year ago June, when only DUers and Dinkin seemed to be interested in this whole subject, the guffaws could be heard across town. Some very expensive single malt went spewing out of not a few noses at the news.

And of course the key thing, back then, the real punch line: It was Access with the (notoriously inadequate) security features turned OFF.

If it's microsoft, it's already been hacked


jesus we are screwed here in Ohio