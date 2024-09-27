On the 18th of May, 2003, Maria Vindevogel of Schaerbeek, Belgium, found herself placed in the center of a cosmic anomaly. While Vindevogel was one of the least favored candidates, she had received more votes than was possible at the time. Belgium had been experimenting with electronic voting for a decade at this stage, but something seemed amiss. After hours of re-counting, all vote counts matched... except for Vindevogel, who was up 4,096 votes more than she should have been.

At the time, Belgium's DigiVote system was considered robust, and while bugs and other security problems were discovered following a source code analysis in 2004, none of those problems explained why Vindevogel had gone up by exactly 4,096 votes. This number actually held the key to the most likely answer; an answer that may involves cosmic rays and how computers store data.

The official explanation eventually given was that it had been caused by "the spontaneous creation of a bit at the position 13 in the memory of the computer."

A bit-flip event is the most likely explanation

A rare occurence

Before getting into voting machines and how data is stored in them, there's another pretty famous example of a suspected bit-flip that happened more recently. Super Mario 64 speedrunner DOTA_TeaBag, in the middle of a speedrun, saw Mario suddenly warp upwards while jumping. While it's not clear what the cause of this was, it's thought to have either been caused by a hardware problem or a cosmic ray. The community is divided on which of those that it was, but everyone seems to agree and understand that a bit-flip occured at that moment, whatever the cause may have been. As for why people agree that it was a bit-flip, it hasn't been reproduced since, and when you consider how a game may place the player in an XYZ space, a bit flip could cause the player's position to increase by a certain amount, which seems to be exactly what happened.

As for how bit flips work, computers store data in bits. Going back to the Belgian voting machine and the official explanation given, it's intentionally vague as it's practically impossible to tell what exactly happened after the fact. However, given the isolated nature of the incident and the audit of the source code, there are very few reasonable conclusions that don't involve a bit-flip caused by a cosmic ray.

To understand the explanation as to why 4096 votes is a telltale sign, you first need to understand how binary is read. By corresponding the "1" value to the power of 2 in the below table, you can quickly convert numbers into binary and vice versa. In the explanation given by the Belgian government, it's said that the bit at position 13 in the memory of the computer had been flipped. In this case, that would be 2^12 (as computers count from 0), which corresponds to 4096.

To understand how binary is represents decimal values, using the key above, you can convert the following binary into the number 40:

00000000 0101000

We calculate that by looking at where the '1' values are in our table, and adding those together. In this case, we add together 2^5 and 2^3, as we read from the bottom upwards.

Technically speaking, being totally accurate, the above calculation would actually be: (0 * 2^15) + (0 * 2^14) + (0 * 2^13) + (0 * 2^12) + (0 * 2^11) + (0 * 2^10) + (0 * 2^9) + (0 * 2^8) + (0 * 2^7) + (0 * 2^6) + (1 * 2^5) + (0 * 2^4) + (1 * 2^3) + (0 * 2^2) + (0 * 2^1) + (0 * 2^0) = 40 However, we have shortened it for conciseness and ease of understanding.

And the following number is 493 represented in binary:

00000001 11101101

In this case, we add 2^8 + 2^7 + 2^6 + 2^5 + 2^3 + 2^2 + 2^0. This nets us 493.

The above format is represented in two's-complement form, which uses the binary digit with the greatest value as the sign to indicate whether the binary number is positive or negative. This isn't relevant for a voting system, as negative values aren't possible, but I've shown it above so that you can see where the 0 values correspond in the table.

How voting machines protect against data manipulation, including bit-flips

There's more than just cosmic rays to worry about

Now that you understand how data is fragile in a system, it's pretty impressive to imagine how critical voting machines are and how they protect that data. There are a bunch of typical defenses that you'd expect to start things off, but then there's a lot more going on given how sensitive the data is. For example, all of the data is encrypted, ensuring that even if someone gains unauthorized access to the machine, they can't read or modify the vote data without the proper cryptographic keys. Additionally, these machines implement strict access control mechanisms, allowing only authorized personnel to handle the devices during an election. This restricts physical and digital access, preventing tampering during setup, use, or transport. These are the pretty basic protections that anyone would expect any mission-critical machine to have.

However, there's a human element to voting machines too, with audit trails making up a significant amount of their protection. Many voting systems generate a verifiable paper or digital trail, allowing election officials to cross-check the electronic results with physical records, which helps detect any potential manipulation. These audit trails are essential during post-election audits, where discrepancies can be flagged and investigated. Moreover, voting machines often use secure boot technology, ensuring that only trusted, certified software can run on the machine, preventing any unauthorized or malicious software from being executed. These audit trails are part of how the voting discrepancy in Belgium was discovered in 2003.

Finally, coming back to bit-flips, they're an especially important danger to protect against, as they can strike at random and can have no clearly discernible cause. To protect against them, many machines use ECC (Error-Correcting Code) memory, which can detect and automatically correct single-bit errors, ensuring data integrity, and it's something that you may have heard of in the context of a NAS. Additionally, voting systems implement redundancy in data storage, saving vote information in multiple locations or on multiple devices to minimize the impact of any potential corruption. By using checksums and cryptographic hashes, machines can verify the integrity of stored data, alerting the system to any unexpected changes, including those that may have been caused by bit flips.

In other words, voting machines are significantly safer today than they used to be. With US elections looming, it's normal to have questions, but thankfully all claims of voting machine fraud in the 2020 elections in the case of Dominion Voting Systems and Smartmatic have been debunked so far. While many countries don't use electronic voting because of the risk factors that they can introduce, so far, things look to be about as safe as they can be.