The Bishop and the Butterfly: Murder, Politics, and the End of the Jazz Age

    Serious election fraud in Kentucky.

    Here's a little gem from last week.  Not as important as a total spaz over .001% of the financial industry bailout funds going to people who were *gasp* in the financial industry when it collapsed, but significant none the less.  So, before it is no longer topical, for your corruption tracking pleasure:

    via BradBlog:
    Five Clay County officials, including the circuit court judge, the county clerk, and election officers were arrested Thursday after they were indicted on federal charges accusing them of using corrupt tactics to obtain political power and personal gain .... According to the indictment, these alleged criminal actions affected the outcome of federal, local, and state primary and general elections in 2002, 2004, and 2006.
    This was quite the operation.  It involved two distinct parts.  The first was an early voting scheme where they bought votes outright...
    It was part of the conspiracy that the Defendants discussed and agreed to buy votes also during the early voting of absentee voters ...

    Voters who sold their votes were given a mark or otherwise told to signal to the Defendant Charles Wayne Jones by Defendants William E. Stivers, William B. Morris, or Debra L. Morris and, based upon the mark andior signal, Defendant Charles Wayne Jones would cast their vote for "the slate."

    the Defendants discussed and agreed that in order to implement the method of corrupting the voting process described above, it would be necessary to cause to be appointed as precinct workers for both major parties persons who were in the conspiracy.

    They informed these voters to ask for assistance from selected precinct workers who then took them into the voting booth and selected the votes for them.
    As if that was not bad enough, they also recruited poll workers to flat out steal people's votes by giving incorrect instructions for using the county's electronic voting machines.
    It was part of the conspiracy that WW serve as the Democrat[ic] election judge in the Manchester Precinct. It was further part of the conspiracy that CW serve as the Republican election judge in the Manchester Precinct. Both WW and CW were instructed by Defendants Freddy W. Thompson and Charles Wayne Jones to tell voters that when they had pushed a button labeled "Vote" that their votes had been cast, when, in fact, that function merely provided a review screen of the voter's selections in each race ...

    It was part of the conspiracy that when the misled voters left the voting booth after pushing the "Vote" button, WW and/or CW entered the booth, changed their votes to candidates selected in part by Defendant Russell Cletus Maricle and cast the ballot by pushing the "Cast Ballot" button.

    Now there is apparently some debate if the electronic voting machines used were a significant factor in helping to facilitate the crimes. ArsTechnica points out:
    Remarkably, the vote manipulation technique here was essentially an exploit of a simple UI design flaw, and involved no computer skills at all on the part of the alleged perpetrators. ... Most of the charges outlined in the indictment [PDF] are for old-school, non-electronic crimes like racketeering, extortion, mail fraud, and so on.

    But even the e-voting part, believe it or not, was incredibly low-tech and didn't involve any of the well-known exploits documented for the ES&S iVotronic machines that were used.

    ...Clearly, no audit--mandatory or otherwise--would've caught this fraud, because it relied on the best and most reliable tool in the hacker's arsenal: good, old-fashioned "social engineering."

    ...This entire incident says less about the perils of e-voting than it does about human nature, but this isn't to say that the e-voting vendor is entirely off the hook. ...Better documentation for the public and better UI design would've probably thwarted this particular fraud.
    I think this misses one important point.  Having the step of generating a paper record and providing the voter with a reciept from the machine also would have been a significant deterrent in this case.

    But this incident also highlights two other interesting realities with electronic voting.  First, technologists tend to seek out and protect against the esoteric and most high-tech exploits.  It is interesting that in this case a proven exploitable system was employed, but it's documented dangers had no bearing on the fraud the machines were used to accomplish.

    The other interesting reality is that we are so focused in on the high-end dangers that "lesser" shortcomings in the systems are not necessarily identified as security risks.  This shows that in addition to hard-core hackability, the security profiles of these machines needs to be examined in terms of the actual human interactions and the flows of the user interfaces.

    In any event, I think it is fair to say the vote stealing portion of this would have been more difficult if not impossible were it not for the electronic voting machines. Regardless if the exploit was based on high-tech methods or because the design created a window of opportunity; the fraud simply would not have been possible with a paper ballot.

    The original BradBlog posting is well worth a closer look ... especially some of the comments from KY voters who give some really interesting background.

    Now ... back to your regularly scheduled freakouts.