Easter Eggs and Voting achines

Letter submited to US commission on ballot machines (voting@nist.gov) Sept 18, 2004
( see also my other submission on this.. Ballot Certanties).

First, I will start with a general description of 'easter eggs':

An easter egg is a quirk, explicitly written into a program by its creators. it's usual intent is just to be funny or to allow developers to have their name in the program, or both. Other times, it is just an added 'trick' in some games to get extra points, an interesting piece of equipment etc.

An easter egg is triggered by the user doing something 'weird'.. something that you would not normally expect that a user would do in the normal use of the program, OS or game. As such, it is unlikely that you will find an easter egg unless somebody else who already knows tells you how to find it.

an architectural equivalent to easter eggs would be the stereotypical 'secret passage', where you have to press on two seemingly innocuous panels, and/or pull on a statue to cause the door to open.

Technically, an easter egg is not named as such, unless it is harmless, but the techniques used to create one can be turned to far more nefarious uses.

An example of an easter eggs available on the Palm Pilot series of PDAs can be found at http://www.g4techtv.com/techtvvault/features/31801/Palm_Alternatip_Palm_Easter_Eggs_pg3.html

(( go ahead! try it, if you have a palm pilot,,, )

Other easter eggs are available at the above-listed site.


Although it is, in theory, possible to activate an easter egg by accident, it is very easy to design the activation sequence such that it is highly unlikely that someone would find it in the normal course of using the program.

For example, there are also easter eggs in such common programs as Microsoft Word, Excel, and Front Page. you and your colleagues probably have thousands of hours between you on those programs without ever having happened upon their easter eggs.

Now, the way in which Easter eggs apply to the voting system is this:

Although easter eggs are (by definition) harmless, the methods used to trigger easter eggs can be used to bypass normal security. Such features are normally referred to as 'back doors' or 'trojan horses (trojans)'. Trojans are, almost by definition, hostile. Backdoors. on the other hand, may be inserted by the manufacturer with more benign intent. Benign intent might include maintenance, diagnostics or monitoring.activities. an original benign intent, however, doesn't prevent a backdoor from being misused. Nor are all backdoors necessarily created with benign intent.

Consider, for example, if something similar to the Palm Pilot Easter egg was installed on a Diebold box, but instead of just displaying a silly image, it brought up a menu which allowed me to chose which candidate gets most of the votes. It would be all but impossible to find such an easter egg by just testing a binary. It would be mathematically impossible to prove that such an easter egg did *not* exist in a given binary.

To give an indication as to the difficulties in testing for such an 'easter egg' consider that it would be very easy to also insert code which would disable the easter egg for en hour each time it detects a pattern of usage symptomatic of the system being tested.

Although other people have found code infrastructure in some of the current electronic vote machine which would most useful for vote-cooking, I have no evidence that complete vote-cooking code is present in these machines at this moment, I think that the above text should make it clear that they cannot produce definitive proof that there is *NOT* such code.

It does not take a whole company to compromise a piece of voting software. In a large and complex piece of software built under high-stress conditions, one rogue programmer could effectively hide the code for a long time, and/or only introduce or enable it in last-minute patches

Given that it definitely IS possible to include and hide hostile code in vote registration an counting software, the question is: Are we willing to bet our democracy and freedom on the HOPE that nobody will succumb to the very real temptation and opportunity to do so? Furthermore, are we willing to lay our freedom and rights at the feet of the kinds of people who would most probably succumb to such a temptation?


My Home Page Powered by  awp-hosting.comâ„¢
Stephen Samuel (samuel@bcgreen.com)