Slashdot Mirror
Inside Electronic Voting Machines
Alien54 and several other people wrote in about a couple of stories published in a New Zealand webzine: an examination of an electronic voting system, and some less interesting political speculation about it. Diebold voting systems are in fairly wide use, and apparently provide zero security to keep election officials from writing in whatever election totals they want.
It should be required that machines use open-source code, and some mechanism be provided for public inspection of the machines to verify the code hasn't been altered, some sort of checksum mechanism.
The short story is that they were all very flashy and glitzy, but all had severe problems with security and/or usability. We eventually decided to run a pilot program in last year's off-year election and try out 5 of the most promising machines in a real-world election. The final winner will be used across the state in 2004.
No more hanging chad, but I think we are going to have a whole new set of problems to deal with.
Any computer data can be quickly and easily changed. The best solution I can think of is to print out two paper receipts for each vote, one to go to the election commission (for manual recounts) and one to go to the voter. Each receipt would contain a random code which the voter could then type in on a web site to verify their choices have not been changed. Of course, most people wouldn't bother to verify, but it only takes one person to catch vote fraud.
"Freedom means freedom for everybody" -- Dick Cheney
The only solution I can suggest for an all-electronic voting system would require extensive use of cryptography. Every voter would have to register a public key and every vote would be cryptographically signed. This would require a database of public keys outside of any political influence and it would also require that voters keep their private keys secure, both of which are enormous problems.
Given these drawbacks, an antequated punchcard system doesn't seem quite so bad...
The US military wants to make sure that US servicemen/women overseas can vote. That's not a bad thing and there is a US law that requires this.
But there is a bad thing - the system they are promoting runs on MS Windows - including Win 95/98 - using Internet Explorer (5.5 and up) and Netscape.
Somehow they have in their minds that if they run HTTPS and require anti-virus software that the machines will be secure enough so that votes made through those machines won't be buggered.
Oh, and did I mention that the voter registration occurs through the same machines and same web-browser/https mechanisms?
Seems to me that this is a recipie for disaster - I don't consider any operating system safe from tampering, particularly none of the MS products. And these machines will likely be shared by many people, configured by DHCP (itself a security risk), perhaps with programs being loaded over insecure nets from insecure file servers, and crossing the internet via web proxies, "transparent" web caches, WCCP, and who knows what else.
This could make Florida 2000 look like a picnic.
Their article is interesting, but a bit misguided IMNSHO. First they harp on the three sets of ledgers. Well what's the big diff. They say that this somehow allows more leeway to fudge, well actually it doesn't. The fact is that you have to know that there are three sets and exactly which sets of reports get their data from which sets (a very lame attempt at security thru obscurity?). Having a single ledger means that you only have to go to a single place to mess with things.
But the biggest problem with there report is that they spend a lot of time talking about essentiallly one issue, that the tables are available for anyone with the password to edit and manipulate. There doesn't seem to be any type of tiered access and because they use access, a TRUE audit trail can not be created.
I would think that a voting system would be important enough to warrant the extra time to create a custom DB that audits absolutely everything to a file/table that can't be touched by anyone but the app (e.g. only the app can add rows and rows can never be deleted). I assume that Diebold was able to use Access because it made their bid lower and the company that actually had a decently secure system was underbid.
I smell a voter's lawsuit, oh to be a lawyer.
Vote tallies have been different from exit polling in recent elections (that's one of the reasons people were looking at Palm Beach County), and what has it gotten us? Besides, in 2002 we had almost no exit polling because of the convenient demise of the Voter News Service. Exit polling is hardly a solution to flawed electronic voting systems.
Fortunately, as someone who has served as an election judge (working the polls) in Minnesota, I can tell you that these concerns are a little overblown. We use the optical scan machines here, and we submit the precinct detail report (list 1 for those who read the article) to the county electronically and in paper format (3 copies). Additionally, we have all the paper ballots that were filled out by the voters carefully stored in the machines during the voting period, and then mailed to the county in sealed envelopes and signed by all the election judges.
Not only is the written process pretty fail-safe, but I worked an election where there was a discrepancy between our ballot count (kept as people vote) and the machine count at the end of the day. We hand-counted all the ballots (they were bubble test style, so no hanging chads or dimples) to make sure the count was accurate. Even if someone had hacked the voting machine, there was little chance for them to bust into the voting machine to steal or alter the ballots.
Additionally, although some nefarious person could hack the machine, I have no idea when they would. Most polling places have a team of election judges present from the time the machine is unlocked until after the results have been transmitted. Judges are not supposed to linger near the voting machine for any length of time. Certainly it's important to implement appropriate safeguards in the software (such as the automatic numbering system that was disabled for the log file), but chances of election fraud due to machine tampering are pretty darn low.
Under capitalism man exploits man. Under communism it's the other way around.
It doesn't have to be the Republicans themselves. Just people who would benefit from them being in power.
It may interest you to check campaign contributions from executives at Diebold. They seem to like to give quite a bit of money to the Republicans. Just a quick taste:
Walden W. O'Dell
Chairman of the Board, President and Chief Executive Officer, Diebold
2/14/01 $2,015.00
RNC REPUBLICAN NATIONAL STATE ELECTIONS COMMITTEE
12/17/97 $1,000.00
VOINOVICH FOR SENATE COMMITTEE
1/30/01 $3,950.00
RNC REPUBLICAN NATIONAL STATE ELECTIONS COMMITTEE
8/16/01 $500.00
VOINOVICH FOR SENATE COMMITTEE
12/17/97 $1,000.00
VOINOVICH FOR SENATE COMMITTEE
6/30/00 $1,000.00
DEWINE FOR US SENATE
Yes, Diebold and ES&S are both closely tied to the Republican party, and have been for a long time. If you look at their campaign contributions for the last election, you will see that everyone that gave, gave only to the GOP.
Chuck Hagel still owns stock in ES&S's parent company. He has won every election that used ES&S machines to count the votes.
photosMy Photostream