Dominion voting systems in Canada – A diverge Media investigative Piece

Dominion voting systems in Canada

First things first, we need to prove that Dominion voting systems are used in Canadian elections. Although they are not currently used in Federal elections, they can be trialed by an elections officer at select locations. It is unclear how many were trialed during the last Federal election, but Diverge Media has reached out to Elections Canada for an answer on the topic. Dominion tabulators are used however in the municipal and provincial elections.

“Dominion Voting Systems is Canada’s largest election system provider. Its systems are deployed nationwide, though it has never been used in a federal election.[31] Currently, Dominion provides optical scan paper ballot tabulation systems for provincial elections (this is in Dominions ImageCast Evolution or ICE tabulator), including Ontario and New Brunswick. Dominion also provides ballot tabulation and voting systems for Canada’s major party leadership elections, including those of the Liberal Party of Canada, the Conservative Party of Canada, and the Progressive Conservative Party of Ontario.” – Wikipedia on Dominion voting systems

“In June 2018, Elections Ontario used Dominion’s tabulator machines for the provincial election and deployed them at 50 percent of polling stations.”

Problems in the systems

Now that we’ve established that the tabulators are being used in Canada’s provincial (50% of electoral districts) and municipal elections, lets discuss some of the issues that have been pointed out in Dominion staff reports, and source code reviews of the tabulators.

ICE Source Code Vulnerability Review
“The following potential vulnerabilities were found within the ICE source code base:
SQL Statements
“Five instances of SQL statements that hold the possibility of being injected into were observed within the ICE source code base. It was noted, however, that these statements are inside private functions and can only be accessed by appropriate function calls. As a result of the placement of the SQL statements in question, the level of access required to take advantage of this potential vulnerability would be that of a Vendor insider, someone with great knowledge of, and access to, the voting machine design and configuration.”

From Dominion Voting Systems Staff Report

Here’s what we found on SQL injection;

SQL injection is one of the most common web hacking techniques. SQL injection is the placement of malicious code in SQL statements, via web page input.”

What is malicious code?

According to techopedia.com malicious code is “code causing damage to a computer or system. It is code not easily or solely controlled through the use of anti-virus tools.” It goes on to say “malicious code does not just affect one computer. It can also get into networks and spread. It can also send messages through email and steal information or cause even more damage by deleting files.

https://www.eac.gov/sites/default/files/voting_system/files/Usability%20Study%20ImageCast%20Evolution%20%28ICE%29.pdf

strcopy had 44 instances of use in Dominion systems

“It was noted that 44 instances of the “strcopy” function are being used. It is recommended not to use strcopy as it does not protect against out of bounds issues.”

What does strcopy do?

Char *strcpy(char *dest, const char *src) copies the string pointed to, by src to dest.” SRC is the string to be copied, (think string of information) and dest is the destination to send the info to. Meaning this function allows someone to copy the information and send it to the destination. I am working to confirm what this all means with a software expert – but essentially I believe someone could copy a string of votes and send to the destination (vote folder) with this function. – tutorialpoint.com


Another point of concern in the staff report review was the use of the memcpy function. According to the report “It was noted that six instances of the “memcpy” function are being used. Use of the memcpy function is prone to buffer overflow.” – Dominion Staff report

What does the memcpy function do?

“The C library function void *memcpy(void *dest, const void *src, size_t n) copies n characters from memory area src to memory area dest.”

What are N characters? “n − This is the number of bytes to be copied.” In essence the information to be copied.

So essentially this function allows the user to copy information (n characters) from the src (string of info) to the destination. This could mean someone with malicious intent, and understanding could use this information to copy information (potentially votes) to the destination file?

Dominion Staff Report

More on this below.

What is buffer overflow?

“Buffers are memory storage regions that temporarily hold data while it is being transferred from one location to another. A buffer overflow (or buffer overrun) occurs when the volume of data exceeds the storage capacity of the memory buffer. As a result, the program attempting to write the data to the buffer overwrites adjacent memory locations.” – imperva.com

How do hackers exploit this?

“Attackers exploit buffer overflow issues by overwriting the memory of an application. “If attackers know the memory layout of a program, they can intentionally feed input that the buffer cannot store, and overwrite areas that hold executable code, replacing it with their own code.” This is on par with our previous expose of the Dominion voting systems.

Its worth noting that although those tied to these systems claim exploiting these security flaws would require “insider knowledge” this is entirely misleading as the tabulator manuals are available for public consumption online. Also anyone with a decent knowledge of coding who was dedicated to learning the manual could potentially use this information to change information within the system.

What is strcmp function do?

It “compares the string pointed to, by str1 to the string pointed to by str2.” Based on the information received a person with inside knowledge could have the return values of these strings changed to return a preferred outcome – i.e. potential to change information from a vote that you don’t like. If string 1 = this candidate, return value = to other candidate. I’m waiting to confirm this information with an industry expert.

Source code security issues

In a report going over the source code, the company Freeman, Craft, McGregor group found 29 security issues in the source code. Below is a slide show showing all of those issues.

Addressing the “has to be done by knowledgeable insider” argument

Talking with a someone who specializes in encrypting software, they had this to say “why would you ever use this a system with all these potential security risks anyways?” It doesn’t make sense to use a system with so many potential areas for people to hack and manipulate the data – especially for something as important as voting. Go back to paper ballots – count them by hand and quit complaining. The saved time isn’t worth the risk tradeoff that must be absorbed.

Diverge Media is an independent Canadian media company dedicated to bringing you the stories that matter. We do not receive any funding from the federal government – and never will. If you would like to support us, please do so by donating through the form below – merch is coming soon.

Diverge Media Donation

$
Personal Info

1.00
Diverge Media Donation
Terms

Donation Total: $20.00

Published by Greg Staley

Greg Staley is a husband, and a father to 3 beautiful girls. He is a concerned citizen who is closely watching his government's actions through critical thinking, and assessment of all qualified and relevant data. He believes in going to the Primary sources of data at all times if possible.