Diebold Voting Systems Grossly Insecure

Several well-known security researchers have examined the code for Diebold's voting machines (which we last mentioned two weeks ago) and produced an extensive report (pdf). The NYT has a story on the report, which cuts to the bone: 'Our analysis shows that this voting system is far below even the most minimal security standards applicable in other contexts. We highlight several issues including unauthorized privilege escalation, incorrect use of cryptography, vulnerabilities to network threats, and poor software development processes. For example, common voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal.'

Ah-ha!

[grub]

voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal.

Were they testing these in Florida a few years ago?

Re:Ah-ha!

Were they testing these in Florida a few years ago?

No, they were using a ballot designed by the Democratic Party, home of such paragons of fair voting as Richard Daley Sr., Tammany Hall, and "Landslide" Lyndon Johnson.

Re:Ah-ha!

[Mr+Teddy+Bear]

YAY! Now I can finally get Mickey Mouse to take a state!

Or another one: Maybe with this installed Perot could have had a chance! :-P

Re:Ah-ha!

[Glonoinha]

Dammit, that's a bug.

Unlimited voting was supposed to be restricted to the elite voters that have insider privileges.

Expect a patch.

Re:Ah-ha!

[perdelucena]

Maybe you should try those ones. Weve been using those in Brazil for almost a a decade. Software code can be evaluated by independent institutions, and as far as I know it does not run Win32. Last elections the whole country used voting machines (no manual votes) And weve got the result (>100,000,000 in few hours).

Re:Ah-ha!

[Patrick13]

Reporter: One voter, 16,472 votes -- a slight anomaly...?

Black Adder: ...The number of votes I cast is simply a reflection of how firmly I believe in his policies.

From the Black Adder

Re:Ah-ha!

I have a gift for you:

</a>

Re:Ah-ha!

[Clockwork+Apple]

Yeah that "Tammany" Guy really pissed me off. Oh wait, Who was he(she) again?

Re:Ah-ha!

Yeah! It would make up for the trucks of votes in NM and Arizona that the Dems destroyed. Hmm....

Re:Ah-ha!

[Entropius]

Mickey Mouse already has a senate seat... what state is Fritz Hollings (D-Disney) from again?

Re:Ah-ha!

[bobbuck]

Voter fraud is so easy to stop. Put elections on tax returns.

Re:Ah-ha!

[DeltaSigma]

Didn't that article say they use WinCE, which some would say is worse...

Re:Ah-ha!

[CleverNickName]

For example, common voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal.

Pick your favorite, and moderate as needed:

• Now that's power to the people!
• Darn those pesky 'common voters!' Elections would be so much easier without them!
• Yes! Finally! We 'common voters' can live like Kennedys!
• Yes! Finally! We 'common voters' can live like Bushes!
  
• $Mayor.Quimby

(of course, the *truly* funny thing to do would be to moderate this as 'redundant.' Get it? I slay me.)

Re:Ah-ha!

[neves]

But the software code (of a brazilian company) is closed source. Just some technicals of the political parties had access to it. In the middle of the counting the most voted candidate had his result changed from millions to a few thousand votes (looks like an integer overflow). You can't trust a closed system.

Re:Ah-ha!

[NecroPuppy]

South Carolina.

I wish I was back there to help un-elect him.

Re:Ah-ha!

[Mistlefoot]

Yeah. And the odds of my being audited increase or decrease based upon whom I voted for?

You cannot attach the name of the voter to the ballot and expect free votes.

Re:Ah-ha!

Were they testing these in Florida a few years ago?

Funny? Try flamebait. I take personal offense at your allegations that the only reason Al Gore got so many votes is due to electronic voter fraud.

Re:Ah-ha!

[Entropius]

Wouldn't help. In elections having a clue is only a force-multiplier, not a force in itself... the only real force in elections is money... and Hollings has too much of that for anyone to beat him, sadly.

Re:Ah-ha!

[Clockwork+Apple]

The poke wasnt about spelling, I just thought it was funny to see a large group of people (Tammany Hall) lumped in with the list of the single individuals. It just seemed (to me anyway) like the poster thought that Tammany Hall was a "person". I am sure that the poster knew what they were saying, I just read it in a diffrent way I guess.

But you may be right, I could be an ignorant puke, but I am not an Anonymous Coward.

Re:Ah-ha!

[John+Harrison]

You know things have gotten crazy when Brazil's election system is being held up as a model for others to follow.

This is a country in which you are forced to visit the polls. You can always vote "branco", but you have to show up.

O Brasil e' o pais do futuro, e sempre sera'.

Re:Ah-ha!

[ba_hiker]

Do we really want our voting machine to record some sort of voter id (to ensure uniqueness) and our vote?

Re:Ah-ha!

[lazn]

(of course, the *truly* funny thing to do would be to moderate this as 'redundant.' Get it? I slay me.)

Ask and you shall recieve.

==>Lazn

Re:Ah-ha!

Yeah our system is not perfect. It misses the sometimes...

Re:Ah-ha!

[d3faultus3r]

Actually during Jeb Bush's election they were tested. Though they might have been another just as insecure brand. I think the Democrats tried to sue over that. The Republicans gave most of the contracts to Diebold which may have influenced the existence of those bugs.

Re:Ah-ha!

[SatanicPuppy]

Fritz is only leaving office the same way Strom went...Feet first.

Don't let the D fool you, he's about as conservative as they come.

And for the record, I think there are too many puppies in this thread. =P

Re:Ah-ha!

[PetoskeyGuy]

One Voter, 16,472 votes...

You think they would notice someone has been behind the curtain a little too long.

Re:Ah-ha!

[UberGeeb]

They say, one voter can make a difference.

Re:Ah-ha!

[Warped-Reality]

If you don't cheat on your taxes, maybe it wouldn't matter if you get audited. Besides, I don't think the people going through thousands of tax forms are going to really care about who YOU voted for.

Re:Ah-ha!

Yes.

Re:Ah-ha!

Let me guess, you've never been audited.

Let's say you're a law-abiding citizen and make no active attempt to cheat on your taxes.

With the complexity of the tax code, auditors will still find things that you did wrong. And they'll make you pay.

And even if they don't, just going through the expense (time, effort mainly) of proving yourself innocent is a hassle.

Re:Ah-ha!

[Degrees]

You missed the point. The winner of the office cares who voted against him. And it is in his best interest to crush his opponents. Tax audits are only one form of harassment. It can go a lot further. In California, we recently got government programs in the schools, for student job placement. Vote for the wrong guy, and your kid gets a crappy job.

Vote for the wrong guy, and the local officials suddenly realize that your business was issued the wrong zoning permit by mistake. Vote for the wrong guy, and the police show up on your front door, in front of your neighbors, arresting you for a bogus charge of child molesting. Sure, whomever filed the charge may have told a lie, and the government will later say 'oops, sorry.' But will you ever get your reputation back? That damage to your reputation could very well cost you that job promotion you were expecting.

>>>>

The 7 Vital Principles about Government

by Harry Browne

It's easy to think sometimes that a new government program, law, or regulation could cure a pressing social problem.

Whether it's a desire to end abortions, keep the wrong people out of the country, make your city drug-free, stop corporate frauds, crack down on criminals, or make health care more accessible and less expensive, you can imagine how the right new law could make everything okay.

But when you get that kind of thought, I hope you'll remember the seven principles that apply to _all_ government programs -- not just the ones you oppose.

The Principles

1. Government is force.

Every government program, law, or regulation is a demand that someone do what he doesn't want to do, refrain from doing what he does want to do, or pay for something he doesn't want to pay for. And those demands are backed up by police with guns.

You expect that force to be used only against the guilty. But we can see how the Drug War, the foreign wars, asset forfeiture, the Patriot Act, and other government activities have used force just as often against the innocent -- people who have not intruded on anyone else's person or property.

In fact, government force is used more often against the innocent than the guilty, because the guilty make it their business to understand the laws that apply to them and stay clear of them. Meanwhile, the innocent, thinking they've nothing to fear, suddenly find that they've innocently violated laws they never heard of.

2. Government is politics.

Whenever you turn over to the government a financial, social, medical, military, or commercial matter, it's automatically transformed into a political issue -- to be decided by those with the most political influence. And that will never be you or I.

Politicians don't weigh their votes on the basis of ideology or social good. They think in terms of political power.

3. You don't control government.

It's easy to think of the perfect law that will stop the bad guys while leaving the good guys unhindered. But no law will be written the way you have in mind, it won't be administered the way you have in mind, and it won't be adjudicated the way you have in mind.

Your ideal law will be written by politicians for political purposes, administered by bureaucrats for political purposes, and adjudicated by judges appointed for political purposes. So don't be surprised if the new law turns out to do exactly the opposite of what you thought you were supporting.

4. Every government program will be more expensive and more expansive than anything you had in mind when you proposed it.

It will be applied in all sorts of ways you never dreamed of.

When Medicare was initially passed in 1965, the politicians projected its cost in 1992 to be $3 billion -- which is equivalent to $12 billion when adjusted for inflation to 1992 dollars. The actual cost in 1992 was $110 billion -- nine times as much.

And when Medicare was enacted, Section 1801 of the original law specifically prohibit

here we go again

[NGTV13]

So, can't someone who knows what they're doing write some of these things? This is exactly why jon q public is afraid of things becoming 'technology rich'

Re:here we go again

[NGTV13]

and to that end, as we say here in chicago, vote early, vote often...

Re:here we go again

I totally agree. I believe that this is a perfect opportunity for a university to step up, and say 'Here is a secure system that we have designed. Here is the source code. It runs on linux, on a regular PC. Its 100% secure.'

Re:here we go again

[Thud457]

Can't we come up with some system like in "Minority Report" where voters could vote by dropping a wooden ball with the candidate's picture and name laser engraved on it into some sort of clear plastic pneumatic tube? That would be kewl!!

Re:here we go again

FYI: You misspelled "necessary" in your sig.

Re:here we go again

[bjtuna]

Try actually researching the subject and you'll realize there are terrible privacy concerns with the very idea of electronic voting.

Re:here we go again

[I(rispee_I(reme]

It amazes me that so many people view a compromised vote-counting machine as a problem, when the vote itself was compromised long ago when corporate dollars became more valuable to our so-called representatives.

Re:here we go again

[edverb]

A good place to start researching said privacy concern/ballot tampering is Black Box Voting

Diebold accidentally left the AccuVote source on an open FTP site (whoops), which is available here, and Black Box Voting is asking for programmers to review and evaluate the code.

Re:here we go again

Yes, someone who knows what they are doing can write voting software.

Other than those who can now rewrite Diebold software...

http://sourceforge.net/projects/free/
http://sourceforge.net/projects/ssvoting/

Re:here we go again

[astar]

A little information from the state of Washington, county of Pierce, regarding the Diebold software. I phoned the auditor's office about this and got a call back from the elected Pierce County Auditor herself. In this county, she is in charge of elections. Now her office in in the process of selecting an electronic voter system as mandated by the feds. She gets to select from four approved systems. The systems are approved by a state commission. The state commission is charged with evaluating the software for security. Diebold is approved and is one of the finalists in this county.

It seems to me the state commission is broken. I have a call in to a person associated with this commission on the technical side, asking for comment. I also sent the pdf to the local auditor at her request and I made a phone call to the local newspaper. I am hoping this story has legs and is covered generally.

If you think also that this story might have legs, make a few phone calls and stir the pot. Software selection is probably going on where you live, since this electronic voting requirement is mandated by the feds.

Re:here we go again

It amazes me that so many people view a compromised vote-counting machine as a problem, when the vote itself was compromised long ago when corporate dollars became more valuable to our so-called representatives.

Seems like a bad idea not to consider it a problem.

The fix isn't to throw in the towel.

So it's only a matter of time

[Hayzeus]

till I ascend to the Governorship of Louisiana. Start reaching into your pockets, now folks -- Big Daddy's open for Bidness!

Re:So it's only a matter of time

[markt4]

Start reaching into your pockets, now folks -- Big Daddy's open for Bidness!

And how would this be different from every other Governer the state of Louisiana has had for the past 150 years?

Re:So it's only a matter of time

[NOLAChief]

He's replacing a thousand dead voters with one live one. Here's to efficiency! :-P

*sigh*

[Ummagumma]

You would think, with all the qualified unemployed software engineers out there, they could at least hire a few...

Re:*sigh*

[Kierthos]

Hell, with a couple of the unqualified ones, they might have a better system....

Although, truth be said, I'd love to see a system where they allow unlimited voting, but only a microscopic percentage of the voting public knows about it. You know, the wrong people. The kind who would "write-in" Johnny Depp as governor....

Kierthos

Re:*sigh*

[Trolling4Dollars]

That would make our election system a lot like Slashdot. Especially where trolling is concerned. No matter. That's what Scalia was in the 2000 elections anyway. ;P

Re:*sigh*

[Suidae]

Do you mean to say that you think that all of the flaws were mistakes?

I fully expect that some of them were intended as 'features' that would only be available to a select few.

If the devices aren't fully open, don't trust them.
If the devices are fully open, don't trust them.

Re:*sigh*

[ls-lta]

We've got our futures to think about. This programming gig is only going to last so long, my future? Politics!

Re:*sigh*

[(startx)]

There's the problem. All the truely qualified software engineers are not unemployed. If you have the skills to back up what's written on your resume, there really is no problem finding a job. It's the people who went to 2-year tech schools during the bubble or leared "java in 21 days" and now expect 70,000/year that can't find a job.

Re:*sigh*

[kannibal_klown]

I take it you haven't been unemployed too recently. Fortunately, I'm still employed right now, but I can see the writing on the wall. Our department has been doing some machete-style slashing of the budget, and has been letting A LOT of IT people go (programmers and technicians). And those they let go were great at their job.

A bunch of people at work were saying the SAME THING YOU ARE. They said their skills were current, had qualifications, and were good at their job. Now, it's 3 months later and they're still outta work.

Sure, I know some people (from elsewhere) that got jobs reasonably quick, but that's because they KNEW SOMEONE on the inside, or had some high connections. I'm not being bitter, they've admitted it to me.

Some people with jobs or in school tend to think that everything is fine-and-dandy for people so long as they know their stuff and look hard. But those people are usually the first to start freaking out that they can't find jobs.

It's a cliche, but in today's market it's not what you know, but who you know.

Re:*sigh*

[cduffy]

It's a cliche, but in today's market it's not what you know, but who you know.

I can agree with that. The startup I work for is starved for qualified coders -- but half of what we seem to hire these days are people with unremarkable skills who are old friends with our VP of Engineering. He'll personally vouch for the qualifications of each and every one of them, though.

*sigh*.

Re:*sigh*

[stefanlasiewski]

Very good point.

In fact, Diebold laid off a good number of their QA, code integrity staff and software developers in late-2001/early-2002, when this product was under heavy development.

Re:*sigh*

[nelsonal]

If voting were like slashdot

Ladies and Gentlemen... THE PRESIDENT OF THE UNITED STATES... the Goatse guy.

Re:*sigh*

[Gannoc]

There's the problem. All the truely qualified software engineers are not unemployed. If you have the skills to back up what's written on your resume, there really is no problem finding a job. It's the people who went to 2-year tech schools during the bubble or leared "java in 21 days" and now expect 70,000/year that can't find a job.

You're completely wrong.

Re:*sigh*

[admiralh]

Right. Tell that to the 40-year-old computer scientist with 15+ years of experience and a huge chunk of their life invested in CS who has been unemployed for a year, because their skill set wasn't the exact right match to get past HR.

Not everyone fits your stereotype.

Re:*sigh*

[Karhgath]

That's exactly what is happening with my dad. 15+ years of experience in databases, analysis and programming, but he's been unemployed for nearly 2 years. Every interview he goes to has about 5 to 20 people of about equal skills looking for the job. The IT industry is a harsh place right now.

Re:*sigh*

[Lumpy]

If you have the skills to back up what's written on your resume, there really is no problem finding a job.

done even have a clue do you....

It's not what you know.... it's WHO you know.

Please oh please get that stuffed in your head. your skills mean nothing when you are against someone that knows the manager and is marginally workable... god help you if he/she is related to the manager/ceo/whatever....

Re:*sigh*

[leeet]

Duuuude, 70k? Oooaahh, whatever dude, you're so, just like way under paid dude. Where are your expectations man?

I won't take anything under a totally cool 100k dude.

Chill out man, 70k... geee....
BTW, I learned java *AND* MSCE (whatever) in toootally insane 14 days dude. Top that!

Re:*sigh*

[stefanlasiewski]

All the truely qualified software engineers are not unemployed. If you have the skills to back up what's written on your resume, there really is no problem finding a job.

Sorry, but that's bullshit. Have you been unemployeed recently? You are aware that the economy is in one of the worst states it's been in since the Great Depression?

There are many qualified people who have trouble finding jobs.

I know a number of well qualified people in a number of sectors who have trouble finding work. This includes Java engineers with over 6 years java experience, Unix admins with 10+ years experience, telecom folks, production managers, office managers, etc. Most sectors of the economy are suffering.

Finding a job depends on networking-- who do you know that can help you get a job. Technical skills are very secondary.

In the SF Bay Area, we're flirting with a 10% unemployment rate in the tech sector. 25% of residents in the Bay Area have been laid off in the last several years. Average job search lasts 8 months.

That is caused by more then the "java in 21 days" problem that you suggested.

Re:*sigh*

[pmz]

All the truely qualified software engineers are not unemployed. If you have the skills to back up what's written on your resume, there really is no problem finding a job.

No, this really isn't true. Sending a resume to a company is like playing the lottery, due to the rediculous number of resumes they are getting, many of which are from perfectly competent people. Without a genuine personal contact within the company (relative, friend, former co-worker, etc.) the chances of getting noticed and interviewed is probably one in hundreds or one in thousands.

Even people who have 4 year degrees from well-respected universities, have excellent references, and have solid work experience are having trouble getting interviews. Also, there is still tremendous amounts of "religion" in IT (from all sides), where interviews can go extremely well or very badly, depending on how well a person meshes with the interviewers' own bigotry or often-fallacious preconceptions of what makes a person good at whatever the job is.

And, to be on topic, the "engineers" behind the Diebold system are very likely very young and hired at nominal entry-level salaries. All the mistakes mentioned are probably due to the "engineers" learning about the technologies they are using the week before employing them. Their project environment is probably one, where three years later and three years more experienced they look back and think, "I got paid for that?!?"

Re:*sigh*

[spoonyfork]

Sure, I know some people (from elsewhere) that got jobs reasonably quick, but that's because they KNEW SOMEONE on the inside, or had some high connections. I'm not being bitter, they've admitted it to me.

*sigh* indeed. There are many, many, many different reasons why someone could be hired over someone else. One such reason is having someone on the inside who can vouch for them. I wouldn't be where I am today if I hadn't done my fair share of "networking" starting back in college. For potentially equally qualified applicants, having someone on your side on the inside counts for an awful lot in most places. And that's just entry level. How do you think people rise to the top.. dumb luck and good resume?

Don't be bitter because someone else is willing the play the game a step further than you are. Step up to it and start networking with people.

Re:*sigh*

[red+floyd]

Yep. Laid off after 19 years. Finally got a job a few weeks ago (after four months).

Re:*sigh*

[Thud457]

"THE PRESIDENT OF THE UNITED STATES... the Goatse guy."

Better than the Coke/Pepsi choices offered up by the parties now!

I'm sure GOATSE guy is at least not disqualified from being commander-in-chief by being uncontridedly AWOL.

Re:*sigh*

[stefanlasiewski]

While there are obvious problems with this method, 80% of people get jobs through networking.

And to be honest, if you interviewed unknown people who saw your posting on Dice, many of them would also have unremarkable skills that may not be obvious in an interview. A technical test is only so effective. Personal skills are even harder to find out during an interview.

At least if the VP of Engineering vouches for these people, you know they did a decent job and have reasonable person skills. At least in his eyes.

Coding skills can be learned. People skills are much harder to learn.

Re:*sigh*

And, to be on topic, the "engineers" behind the Diebold system are very likely very young and hired at nominal entry-level salaries.

You are probably right. I know several of the senior engineers who got laid off.

Diebold wanted to save money. Therefore, fire the expensive senior engineers, and hire cheap fresh-out-of-college students.

Re:*sigh*

[kannibal_klown]

I'm not bitter, because a) there's nothing wrong with it, and b) I still have a job.

I merely added the "bitter" part of the comment because I mentioned the "not the what, but who" philosophy to someone, and they said "only bitter morons that can't find work say that." And on the other side, I've heard from someone say "anyone with an iota of skill can easily find a job in programming."

Meanwhile, most of the people I know that recently got jobs was because they were internally recommended by a friend/relative within the company. I say "Good for them!"

I only hope the connections I've made work out for me if/when the axe falls.

Re:*sigh*

[Carnivorous+Carrot]

> BTW, I learned java *AND* MSCE (whatever) in
> toootally insane 14 days dude. Top that!

Intellectual child.

After being up for 24 hours working on my final project for 3D interactive graphics (way back in 1988, before there were "libraries" and cards to do all the work for you) my Pascal interpreter was crashing because the program was just too big. I got permission for a 1-day extension from the instructor, and spent the next 36 hours converting it to C, learning C in the process. Got it in just before 5 pm, and got 108 out of 100 points, second highest grade in the class, and only one other (a team of TWO) got 109 points. This was at U-M, Ann Arbor, not Queedunk U, by the way.

So, as good as you are, look up. You see that giant up there, peeing on your head?

Re:*sigh*

I'm not agreeing with the OP, but this is certainly not the worst economy since the great depression, at least from an employment perspective. Here are the unemployment statistics from the Department of Labor Bureau of Labor Statistics. Unfortunately, they only go back to 1948, but there are quite a few years in there where unemployment has been worse. The peak was in January 1983 at 11.4%.

Year Annual
1950 5.21
1955 4.37
1960 5.54
1965 4.51
1970 4.98
1975 8.48
1980 7.18
1985 7.19
1990 5.62
1995 5.59
2000 4.00
2003YTD 5.97

Is unemployement higher right now than it has been? Yes. Is it particularly high? No. Here's the real reason it's getting so much attention:

### June 2003 Data ###
7.9% Construction
7.0% Manufacturing
6.9% Wholesale and Retail Trade
5.5% Transportation and Utilities
6.4% Information Industry
4.0% Financial Activities
8.5% Professional and Business Services <-----<<
4.4% Education and Health Services
8.6% Leisure and Hospitality *
5.9% Other Services Industry
6.9% Agricultural and Related

* I chalk this one up to the war and hype about the need to "buckle down" in this economy.

Re:*sigh*

No....who you know can get you a job, but its still what you know that keeps you your job.

Re:*sigh*

[leeet]

There is not enough money on this planet to pay me for a Java or MCSE certification. Yuk... I don't code Java, I don't do Windowz neither...!

Re:*sigh*

[stefanlasiewski]

but this is certainly not the worst economy since the great depression, at least from an employment perspective.

It may not be the worst, but it is among the worst. Employment is only one aspect of measuring the economy's performance. There are a number of factors. Employment is down, forcasts are down, personal debt is up, federal debt is up, 2001 was a recession. From my perspective, things are pretty bad. I know that for some people, things are going fine.

The unemployment statistics you state are nationwide. Unemployment in California is approximately 8%, and has gone UP or remained stable almost every month for the last couple years. In the Bay Area is higher, and unemployment in the Tech sector of the Bay Area is even higher.

No time to find the link now. Sorry.

Some people may say "Don't like it? Move!" I own a house here, my wife has a stable job, I have roots in the area, family in the area, and I want to stay. Long term this will probably be a great place to stay. Short term, it hurts.

Re:*sigh*

[jafac]

I was laid off last September, and was able to find a job within 60 days, (making much less). The ONLY reason I got that job was due to contacts. My boss liked my resume, and really needed someone in my position, but the whole company is in a hiring freeze. So my boss hired me, pulled some strings, but if I had had to get the resume through their HR, it would have been shitcanned.

Since then, I've applied for every position I've seen open up, and I've been spamming my resume at every local shop that hires geeks. The only responses I've gotten were to say that they could not afford me.

I've also hit up other contacts I know who are local, and more often than not, they tell me that their company is in trouble, and they want to know if my company is hiring, if I could hook them up.

In my opinion - it's BAD. Very BAD.

Re:*sigh*

[Migrant+Programmer]

Intellectual child.
(bragging snipped)
So, as good as you are, look up. You see that giant up there, peeing on your head?

I'm sorry, that's just too funny. Combined with your complete missing of his joke, it's just too much! Peeing on his head! Har har har! Who's the child again?

Or maybe I missed your joke too. Ho ho ho! You sure got me!

Re:*sigh*

Read the article.

Diebold, based in North Canton, Ohio, is best known as a maker of automated teller machines. The company acquired Global Election Systems last year and renamed it Diebold Election Systems.

This product was designed and developed by GES in Canada, not in North Canton.

Re:*sigh*

[5KVGhost]

Sure, I know some people (from elsewhere) that got jobs reasonably quick, but that's because they KNEW SOMEONE on the inside, or had some high connections. I'm not being bitter, they've admitted it to me.

Oh my God! They KNEW SOMEONE! That's not exactly the earthshaking admission you seem to think it is, friend.

Say I have three equally qualified applicants for the same job, virtually identical as far as their resumes go.

From personal experience I know Applicant 1 to be a highly motivated, adaptable employee who works well with both non-technical and technical users. His coding skills are current and his work is widely admired.

Let's say that I also know Applicant 2. Unfortuantely I know him as an unreliable and frequently absent employee. Many of the things on his resume are exaggerated or simply untrue.

Applicant 3? Never met the guy. He's qualified, but lacks any distinguishing qualities that make him preferable to Applicant 1, who's a sure thing.

Who would you hire?

Re:*sigh*

[admiralh]

You do of course realize that the Reagan administration changed the way "discouraged" workers were counted, or rather no longer counted in the unemployment figures.

And another interesting tidbit from your data is this:

4.0% Financial Activities

Now we know why Greenspan and the rest of the big money crowd are so confident about the ecomony. They still have jobs.

If we can save money shipping 70K IT jobs offshore, think how much shipping off those 1M+ CEO jobs will save!

Re:*sigh*

[AbbyNormal]

Maybe they should try India .

Re:*sigh*

in California is approximately 8%, and has gone UP or remained stable almost every month for the last couple years.

Except for this report which indicates that unemployment in CA is actually ~6.7% (and hasn't even been within 0.5% of 8% since July 1996 [7.6%]). In fact, things aren't that bad right now compared to the crunch in 1993 when unemployment in CA was over 10%!

Listen, I live in CA too (the bay area even!). Luckily, I am employed. My live-in girlfriend is not, so it affects me too. I agree that things are tough in the educated job market, moreso in the high tech market. My argument is that unemployment is not totally out of whack from where it has been for years. It's just that it has shifted from blue collar to white collar (and a vocal, Slashdot-poster type market). It sucks that anyone has to be unemployed, but the big news isn't that unemployment is up-- it's that white-collar unemployment is (I>really up.

I never said that you should move. Lord knows, my neighborhood in San Francisco gets more empty every week (great for rents, though!). But if you choose to stay, you have to recognize that it's a choice. I don't I'd be too happy if my girlfriend asked me to move to India or China or wherever else white-collar jobs are headed these days.

Re:*sigh*

[ryanvm]

That's what happens when you have projects done by the lowest bidder. We see this kind of stuff A LOT in government.

Re:*sigh*

[ebh]

It's not what you know.... it's WHO you know.

Actually, it's not who you know, it's who knows you.

I've gotten to know quite a few of the more famous and powerful names in this business over the years. Theoretically, they should be ideal sources for job leads and recommendations. OTOH, the half-life of a business relationship is about six months, no matter how closely you worked together in the past.

Some of the people I have not maintained contact with, so at this point, it's doubtful they could pick me out of a police lineup. Reestablishing contact, should I need to do so, would be through one of those difficult, embarrassing "Remember me?" calls or emails.

Moral: Always keep networking, even when you're happily situated.

Re:*sigh*

[91degrees]

Sure, I know some people (from elsewhere) that got jobs reasonably quick, but that's because they KNEW SOMEONE on the inside, or had some high connections. I'm not being bitter, they've admitted it to me.

It's true (although knowing stuff helps as well) When I got laid off, the company I worked for arranged a couple of sessions with an outplacement agency. I was told that the majority of jobs were through networking. Can't remember the exact figure, but the advice is ask people who have jobs if they know people who might be in a position to offer you a job. Typically you need to find a friend of a friend of a friend who knows of a vacancy.

Still, an aggressive assault on the job market and a willingness to relocate will yield results. Worked for me at least.

Re:*sigh*

[kannibal_klown]

If you read my child-post, you will say I have no problem with it. I'm just saying a lot of people don't realize it. Some people I know think it doesn't matter or doesn't play any part in the process.

Re:*sigh*

[Sunnan]

Don't be bitter because someone else is willing the play the game a step further than you are. Step up to it and start networking with people.

If the problem is "competition for work requires networking efforts", then just telling people to network more won't make the problem (unemployment) go away.

To really deal with this issue, maybe we geeks need to think of starting types of organisation other than Dilbert/PHB-style corps. Maybe some for-profit programmer cooperatives run in a way that you consider fair and just, welth distributed in a way you like, everyone getting a chance to weigh in on decisions, and so on.

Re:*sigh*

HEY! Stop talking about me behind my back :^(

Re:*sigh*

but that's what happened!

Re:*sigh*

The problems with the Diebold stuff were not just coding problems. They were brain-dead design decisions. I haven't looked at all the code, but from the paper it is clear that this wasn't exactly a CMM5 shop.

It's funny -- the coding practices and such used on the space shuttle were absolute best of breed because "lives are at stake", but when it is the very integrity of our democracy, it's compile, link, and pray.

I am not intrinsically against "E-voting", but if we can spend 100 Billion per week in Iraq, maybe, just maybe, we can scrape together a couple billion to design a HW/SW voting platform that is worthy of use.

Re:*sigh*

[KC7GR]

"All the truely qualified software engineers are not unemployed. If you have the skills to back up what's written on your resume, there really is no problem finding a job..."

"Sorry, but that's bullshit. Have you been unemployeed recently? You are aware that the economy is in one of the worst states it's been in since the Great Depression? There are many qualified people who have trouble finding jobs."

At the risk of going further off-topic, I could not agree more! I've been out of work since Boeing laid me off in January. I've been scattering resumes to the wind for months, and I've only had ONE interview for an opportunity which didn't work out anyway.

I'm beginning to wonder if experience still counts for anything. Criminys, I've got 24 years worth, I've done eveything from fixing Teletype machines to maintaining statewide T1 networks to fixing radio and avionics gear, and I still haven't found a slot!

It's bad. Trust me. It's -really- bad right now...

Re:*sigh*

[aminorex]

> Coding skills can be learned.

By some people, yes.

Not by most.

Flaws still unfixed after ***5 Years***

[kryzx]

Here the bit from the article that I find most interesting. To have security flaws is one thing. To not fix them even after you know about them is another.

'But Douglas W. Jones, an associate professor of computer science at the University of Iowa, said he was shocked to discover flaws cited in Mr. Rubin's paper that he had mentioned to the system's developers about five years ago as a state elections official.

'"To find that such flaws have not been corrected in half a decade is awful," Professor Jones said.'

Re:Flaws still unfixed after ***5 Years***

[realdpk]

Let this be a lesson to all those that say full disclosure for security issues is wrong and/or dangerous. :)

Re:Flaws still unfixed after ***5 Years***

[TopShelf]

Flaws? I thought they were features...

Re:Flaws still unfixed after ***5 Years***

[Laur]

"We're constantly improving it so the technology we have 10 years from now will be better than what we have today," Mr. Richardson said. "We're always open to anything that can improve our systems."

See, they still have 5 more years to fix the bugs! Plenty of time, right?

Re:Flaws still unfixed after ***5 Years***

Let me tell you a story about Diebold.. I almost went to work for them in their North Canton, OH office in the mid-nineties. They were doing some smartcard work themselves (research) and some interested crypto projects that I thought would keep me busy. At least, that was the story I got during the interviews.

But then I talked to a low-level employee. He was worried because they kept laying off staff, then employing new people. Seems that once a project was "done" (meaning, shipped first version, wrote up your research findings, etc.) they had the nasty habit of laying off the entire team. They would literally hire a team to do a job, then fire them for each project. There was no continuity between versions of software (if there were any), and things tended to languish, while they tried to make a quick buck.

And based on what I was told, this wouldn't be the first time that one of their products was wholly insecure from the get go. Don't get me started on their ATMs piss-poor security features from that time. Things just didn't get fixed until someone got screwed.

PS. I turned down their generous offer of employment.

Re:Flaws still unfixed after ***5 Years***

[pmz]

'"To find that such flaws have not been corrected in half a decade is awful," Professor Jones said.'

I'm not suprised by this at all. Problems, even very big glaring problems, get stuck in software early on due to naive design decisions, but they persist due to management's unwillingness to either admit the problem is there or put forth the resources to start again from scratch. The result is software that doesn't deliver, cost five times more than if they had started over, and everyone involved feels dirty for having been a part of it.

Re:Flaws still unfixed after ***5 Years***

Ok, can anyone say after me:
FIRST we get democracy working in the US,
THEN we help others with their issues.

I say "Call in the UN Election Officials" and
do a recount.

Yeah, yeah - i know I'll be modded as Troll :-(
Just hesitate a little, and take the time to think this idea through, will you?

Re:Flaws still unfixed after ***5 Years***

This is interesting to me because it strikes me as compartmentalized developement like the CIA. Teams are re-hired to upgrade the software deliberately to keep them in the dark about what they are upgradeing upon. Keeps vulnerabilities secret since programmers work on a need to know basis and flaws are buried by previous employees.

Does it really matter?

[Lord_Dweomer]

Security flaws or rigged voting procedures...either way someone will be able to alter the election.

Re:Does it really matter?

[isotope23]

and if that doesn't work, there is always a "non-precedent" setting ruling by the Supreme Court..... lol

and no I'm not a Dem

Re:Does it really matter?

[augros]

but only dems say "lol" on slashdot.

Re:Does it really matter?

Yeah, cause conservatives don't know what the acronym LOL stands for... :-)

Re:Does it really matter?

[eyeye]

But theres nothing easier than doing

UPDATE results SET candidate1votes = candidate2votes +1000;

Well...DUH!!!

[Pig+Hogger]

Who in his right mind would trust a closed-source voting system whose binary executable image is not verifyable by CRC???

Re:Well...DUH!!!

[Asprin]

Why would you trust the CRC?

google

[gokubi]

story

Well what did you expect???

[advocate_one]

they run on Microsoft operating Systems...

Links/mirrors

[mjmalone]

pdf in case of slashdotting

google link

Re:Links/mirrors

actually i don't really care about karma... i just wanted to see how many people would click on my mirror and see how my server would take it :/ can't i have a little fun today?

Well yeah!

[cspenn]

You can't expect a secure voting machine! I mean, how else can [insert current party in power] rig the next election unless the machines are grossly insecure?

What, you were expecting fairness?

Re:Well yeah!

[dasmegabyte]

how else can [insert current party in power] rig the next election

Well, rigging it in a state in which your brother is governor with a supreme court your daddy appointed should be pretty easy...

Re:Well yeah!

[spruce]

Wait, let me guess - You're not a republican?!?

Re:Well yeah!

LOL!

Re:Well yeah!

[dasmegabyte]

I'm a registered republican who doesn't like loudmouths, hypocrites, idiots or liars. Which unfortunately excludes 50% of the who's who in the party today.

Re:Well yeah!

[Baudrillard]

Well, the voting machine companies are all owned by extreme rightwing conservatives. So the rigged voting machines benefit conservatives and corporate insiders, regardless of the party in power.

Re:Well yeah!

[cspenn]

Yeah, I remember when the GOP actually stood for something besides corporate profit-mongering. There was once upon a time when conservative simply meant that you tried your best to plan for an uncertain future and allowed people the right to screw up their lives.

Re:I'll just wait for the link

[securitas]

Read the story at the Atlanta Journal Constitiution or the NY Times.

Aha!

[TerryAtWork]

That explains why the L337 P4rt'/ swept the last elections....

Re:Aha!

[cybercuzco]

You mean r3P|_|61i(a|\|?

Re:Aha!

[suwain_2]

But I thought Al Gore invented the Internet. You'd think with all those m4d sk1llz, he could at least have rigged things in his favor.

Re:Aha!

Al Gore rigged the voting just as well as he did on the Internet.

Re:In other news...

[MImeKillEr]

That's just wrong.

Great

[iocat]

Not only does my district use there, but I vote in an unpopular way for where I live (Barbara Lee usually gets elected to speak for me, sadly enough). I guess I have to trust to the stupidity of the ballot workers to ensure that I am not disenfranchised in the future.

That said, hopefully publicizing the faults will lead to some upgrades to the security of the system.

interesting...

[Dorothy+86]

I didn't know Microsoft made voting machine software!

You didn't read it here first

[ansak]

Anyone who's even briefly perused comp.risks, even before the post-US-Election-2000 debacle, wouldn't be the least bit surprised by these conclusions.

Scottie's Law strikes again (from Star Trek III): "The more they back up the plumbing, the easier it is to stop up the drains." The simpler the voting system (the less mechanical, electronic, electro-mechanical etc. etc.) is the less open it is to fraud (both officially and unofficially perpetrated) or error (both innocent and culpable).

One more reason I'm glad to live in Canada...

Re:You didn't read it here first

Pfth! Did "Scottie" happen to share this wisdom while flying in a friggin spaceship?

Trust me, for every reason you are glad to live in America Jr...err...Canada, there are at least 5 reasons I'm glad you do too.

Re:You didn't read it here first

What, so that there is more room for you to move around in your trailer park, you banjo-playing cousin-marrying monkey?

Re:You didn't read it here first

[scowling]

I love watching Americans get pissy when anyone suggests that any aspect of another country is superior to the American way.

Smells like...victory.

Re:You didn't read it here first

[qwertme]

I live in Canada too, but our system sucks even more... look now, the next Prime Minister has aleready been crowned, no voting necessary

Re:You didn't read it here first

[scowling]

Join the Liberal Party. Go to your local riding association. Elect a riding president who supports Copps. Send that delegate to the leadership convention.

A couple of hundred people per riding is all it takes.

Re:You didn't read it here first

[qwertme]

Maybe, but it doesn't make sense that I have to join a political party(I guess I have to pay also) to be able to vote for our next leader...

Re:You didn't read it here first

[ansak]

No, our system isn't perfect. But whatever problems we have, silly reliance on voting machines that suffer from emergent fallibility isn't one of them.

Never mind Copps. One politician from the old-guard parties is just as suspect as the next. I'd like to see the end of voting from fear: Bring on Proportional Representation! Bring back the (pre-Confederation) glory days of a minority government with the (significant) balance of power held by a bevy of Independents!

That kind of legislature might actually argue things on their merits rather than bandying about slogans designed to whip up frenzies of enthusiasm and panic.

Re:You didn't read it here first

[qwertme]

There is an interesting article about LiquidDemocracy over at K5

Re:You didn't read it here first

Never mind Copps. One politician from the old-guard parties is just as suspect as the next. I'd like to see the end of voting from fear: Bring on Proportional Representation! Bring back the (pre-Confederation) glory days of a minority government with the (significant) balance of power held by a bevy of Independents!

Not if Italy is anything to judge by. You just get the Government of the Month club. France isn't much better.

Instead of all or nothing, split the seats with 1/2 of them elected by proportional representation and the other 1/2 by first-past-the-gate. You'll get better minority representation, more opportunity for differing views to be heard (and new parties to form) without paralyzing your government by removing the possibility of a majority when things clearly need to get done.

Re:You didn't read it here first

[scowling]

That's the only real disadvantage of a parliamentary system. You don't elect your leader directly, but at the same time, he does have to be elected into his own riding, as does his cabinet.

It's not like the US, where the president has carte blanche to name whomever he wants into cabinet positions.(*)

But consider that in the US, there's no effective way to choose who the president is, either. Just as Paul Martin is a shoo-in as next Liberal leader, Bush is a shoo-in as the next Republican candidate. Just as we can't choose (without paying to join he party) to vote for Shiela Copps as PM, Americans can't choose (without paying to join the party) to vote for some other Republican candidate for president.

Sure, one can write him in as a candidate, but that's so ineffective as to be a non-issue.

(*) Actually, the Prime Minister can put anybody in the country into a ministerial position, just as can any Premier of any province with their own cabinets. In practice, however, this is a really bad idea and has been done a scant half-dozen times in the last century. Premier Dosanjh did this during his term as BC Premier, placing the (unelected, non-MLA) Ed John into the role of Ministry of Children and Families. This has been considered widely to be one of the reasons behind the fall of the NDP government in BC.

Re:You didn't read it here first

No one is superior to or more important than anyone else. There is no enemy.

Re:You didn't read it here first

[Cecil]

If that ... not-so-honourable name goes here ... gets in as Prime Minister, I'm leaving. As if the Liberal party isn't uselessly mired in trivial issues already, check out some of the amazing stuff that the wonderful Ms. Copps has done for us:

• Unilaterally deciding to close the only emergency landing airport in the Rockies. For our own safety.
• She is not only obsessed with flags she also lies about them

She is some sort of hybrid of fanatical patriotism and rabid neo-hippie 'save the animals, save the children, save everyone from themselves' bullshit. Having her lead the government seems like a ridiculous idea.

I consider her proof that something is in fact wrong with the air in Hamilton. (not only directly, but also in the fact that everyone there keeps re-electing her). Try driving over the Burlington Skyway sometime with your windows down. You'll see what I mean.

Re:You didn't read it here first

[scowling]

Now, see, I think the flag thing is a reason to support Copps.

Whereas I see Martin's love of moving money offshore to be a reason to keep him out of public office.

Different strokes, I suppose.

But at least the CA will never run the country. Ever. That's something to be thankful for.

Re:You didn't read it here first

[Nimey]

Scottie's Law strikes again (from Star Trek III): "The more they back up the plumbing, the easier it is to stop up the drains."

ITYM "The more they overthink the plumbing, the easier it is to stop up the drain".

Re:You didn't read it here first

[Cecil]

I am Albertan, and I am still glad the CA will never run the country. The de-Canadian-Alliance-ified PCs are looking rather acceptable though. ;)

Feature?

[fraudrogic]

For example, common voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal

Diebold Salesman: "This is a feature, an unintentional extra for your customers!"

Voting problems

[Casisiempre]

There are always voting problems. You can fairly easily falsify paper ballots too with $100 worth of equipment. It is even easier in those areas (like Oregon) where all voting is done through the mail. Although there is no excuse to allow known bugs to stick around, there most likely will always be bugs/flaws in whatever method you use for voting.

CBN2004

[blowhole]

Cowboyneal for office!

Reporter: "Mr. Neal, under what platform are you running?"
CBN: "Redhat Linux 9"
Reporter: "..."

Re:CBN2004

[qtp]

Although the RedHat platform is the prefered policy for the Large corporations, the left leaning lobby seems to support the Debian ideology.

Other inerest groups, including the Anarchists and the Willingly Unemployed Caucus, have called for "More Slack", but this reporter has been unable to determine any consistant policy in the Slackware platform.

In other news...

Re:CBN2004

Yeah, but what about Loom?

Re:CBN2004

[pmz]

Cowboyneal for office!

Or Christian Broadcasting Network, which is much more frightening. If anyone would think it is morally justifyable to fix an election to push their agenda, it would probably be religious goons like our friends at CBN. 2004 newspaper: "Only 30 million people go to the polls, yet GWB wins by 84 million votes!"

Re:CBN2004

CBN: "Redhat Linux 9"

By the time the election rolls around (November) that platform will be outdated.

This is a surprise?

[SoCalChris]

Any time there is a system, someone will be able to break or hack it. Especially a closed system that isn't open to scrutiny.

At least with the current voting system, while you're there you see everyone being handed 1 ballot, and turning in just 1 ballot. You see the ballot go in the sealed box. There's no secret about what your vote is doing, and no confusion about whether the vote was cast or not, or if anyone is turning in multiple ballots.

Re:This is a surprise?

[binaryDigit]

Any time there is a system, someone will be able to break or hack it. Especially a closed system that isn't open to scrutiny.

That's a load of whoie. The fact that the source was opened or closed doesn't mean squat in this case. The problem is that the "customer" knew about these security issues long ago, but yet they allowed their vendor to continue with those massive defects and then they deployed these systems with these massive defects. It is not at all uncommon for software like this to require the vendor to supply their source to the customer, for any number of reasons, one being security audits. The fact that the voting agencies involved allowed to crap to continue is the true problem here. After all, we're not talking about some software project that takes hundreds of engineers and millions of dollars to produce. There is no excuse for this level of incompetence, closed or open source.

Re:This is a surprise?

At least with the current voting system, while you're there you see everyone being handed 1 ballot, and turning in just 1 ballot. You see the ballot go in the sealed box. There's no secret about what your vote is doing, and no confusion about whether the vote was cast or not, or if anyone is turning in multiple ballots

Just curious, but where are you from? For much of the USA, the paper ballot is no longer used and hasn't been for a long time.

Re:This is a surprise?

The 5 years that I have been voting, both Los Angeles and Orange County, Ca have used paper ballots that you punch a hole into. I believe they are the same type of ballots made famous by Florida, except we punch our ballots on one side of the paper instead of the middle.

When I go to vote, I stand in line to check in, and then I'm given a paper ballot based on the party I am in. Then, I go punch hole in the ballot using their machine. When I'm done, I take my ballots to the polling official, who tears the receipts from the top part of each ballot. I keep the receipts, and he places my ballots in a locked box along with everyone elses.

Open Source?

[chundo]

Time to start a viable open-source voting-machine project. These guys started something promising, but it looks like development has ceased. Anybody know of a decent, active open-source electronic voting system?

-j

Re:Open Source?

[lfourrier]

Time to start to understand that no voting-machine project, open-source or not, is viable.
The requirements, differents from country to country and from state to state, are so complex (observable, anonymous, comprehensible and trustable by someone with an IQ of 70, trustable even if you trust no one, but, at the same time preventing you to prove to anybody how you voted ) that I still have to see a proposal better that the french system with plexiglass clear voting boxes, and open to every voter manual counting. And if you want, you can pass the whole day at the poll station to check everything.
Even if there was an open source solution, the many technics we can imagine to have a running program different from the published one are so numerous. And for what gain ? To be able to have final result at 8 PM, instead of 4AM the next day ?

Re:Open Source?

[Suidae]

It really ought to be pretty darn simple. I'm talking no more than a few weeks of full-time development by experianced engineeres.

Hardware-wise it should support a write-once type memory chip for recording votes. I don't mean flash RAM that a good hacker could alter, I mean fuse memory that cannot be altered (without extraordinary equipment and knowledge) once written.

It should also have to support printing a paper ballot that is viewed by the voter. The voter would not review his choices on screen, he would be required to read the paper ballot to verify the vote, then match a random glyph on the paper to one on the screen to approve the vote (he has to look at the paper to get the glyph, so he's more likely to actually review his vote).

Initial counts would come from the memory chip, recounts would be done off of the paper ballots (which would be formated such that the same encoding could be read by machine or human).

Everything should be traceable back to the specific voting machine from which it came (heck, you could even have the machine use a combination of GPS and accelerometers to record the coordinates and time when the vote was cast).

Given that an overly complicated system would probably actually be a detriment, i wouldn't be suprised at all to see some opensource versions.

Re:Open Source?

[TrollBridge]

"These guys started something promising, but it looks like development has ceased."

Something shiny outside must have distracted them.

Re: your sig - Howard Dean would turn the United States into another Gray Davis California, only with an additional 240 million people to share the misery with.

Re:Open Source?

[Suidae]

And for what gain ? To be able to have final result at 8 PM, instead of 4AM the next day ?

No, no, so Big Media can post realtime results in each state, and run commentary about how voting will go in the next timezone over. This way when the polls close in the Mountain timezone (GMT+7 IICC), all the people in the Pacific timezone will know if they actually need to go to the polls and vote.

Preferably all the machines will dump each vote to a website so that we can see the actual numbers at each precinct in near realtime.

Re:Open Source?

[Patrick13]

Okay so who's going to port the "Hot or Not" code to run on these Diebold voting machines.

Re:Open Source?

[HiThere]

You mean he's sold out to Enron too?

Re:Open Source?

[tompoe]

It's the only way to bring our Right To Vote into the Digital Age. Proprietary precludes voter verification, voting system subject to public scrutiny. Take away voter verification [ballot in a box] and hand-counted recount capability, and there's absolutely no reason, whatsoever, to bother going to the voting booth. Of course, Bush knew that when he rammed the Help America Vote Act of 2002 down our throats. Open Studios is using the local access tv station facilities to make a tv show about Our Right To Vote. Hope a lot of others do too, or at least get a copy of ours to show in their community.

Re:Open Source?

[lfourrier]

Different countries, differents systems.
In France, we have oversee teritories, that can have finished voting 4 hours before it begin in the main land. But their results are secrets as long as every poll station is not closed (for national consultations, local does not have same restrictions). All we have is post vote pools, and they have repetedly demonstrated their imprecision. But the fact we vote on sundays explain perhaps why people don't seem to avoid voting at all cost (except when the weather is very nice ;)

Re:Open Source?

[Evan]

Yep. See Alan Dechert's page for some information. They're going to create a mockup in Python (coming soon to sourceforge) in order to be able to demo the system. They have the theory completely worked out, now they are doing the software.

Re:Open Source?

paper and pencil

Re:Open Source?

[Rich0]

I could write such a program in BASIC in 15 minutes. Sure, it wouldn't look pretty, but it would work.

Prompt for who to vote for.
Once all votes are selected, display them to the screen and ask for verification.
Once verification is obtained, print to an attached printer behind a plexiglass window. Ask user to verify printout.
Once verified, cut loose the printout which falls into a ballot box. Record votes in array in RAM.

You don't need fancy write-once memory or any of that Jazz. The printer is as write-once as you can get. Make it a slow, noisy printer too - so if somebody hacks it to start churning out ballots it is REALLY obvious.

When the election is done, select 5% of the machines at random and do a full count of the paper ballots as a check against the digital tallies.

At any time a candidate meeting some criteria can contest the digital count and ask for a full count of the paper ballots. Those paper ballots were 100% audited by the voters themselves, and since they are software generated they contain no invalid votes.

If you want to make the interface user-friendly using touchscreens and graphical displays, more power to you. However, you don't need fancy gadgetry to secure an election - just good common sense and some procedures which can't be hacked en masse. If somebody falsifies a dozen votes somehow they might get away with it. But if somebody tries to stuff 10,000 ballots or more they'll probably get caught. And they'll probably need to bring in conspirators as well, which always does you in.

Forget the fancy circuitry. People can understand paper falling into a box. It is REALLY hard to hack too. Keep the digital count to make CNN happy, but make the paper the official record.

Re:Open Source?

[aebrain]

And for what gain ? To be able to have final result at 8 PM, instead of 4AM the next day ?

How about to allow the visually-impaired for the first time in their lives to cast a secret vote? There are other reasons, not quite as compelling: How about to allow the use of multiple languages on the ballot form? How about to allow a more complex voting scheme than "first past the post", say, optional preferential with Robson Rotation, or modified Dhont, or any of the others that are plausibly more "fair"?

Re:Open Source?

[lfourrier]

didn't you ear about braille alphabet?
having a poll station with many* registered blind or visually-impaired peoples, provided with doubly marked (classic and braille) paper ballots permit to have them vote secretly, without the need of a complex system.
The easiest the system, the more trustable it is.

*the only case a paper ballot can be non anonymous is when all voters in some identifiable group cast the same vote (and there is no null/void vote). Having a big enough group in order to avoid that can require the regrouping of people with a special voting procedure. Another solution is to have all ballots doubly marked, everywhere.

As for more fair systems, let's assure first that the poll record correctly, accuratly, and without manipulation the response to the question asked to the elector. Once the measuring instrument is ok, we can try to ask differents questions.

Yay!

[JanusFury]

It says in the article that this company makes ATMs. I think I'm going to go get some free money.

Re:Yay!

[ewhac]

Nope.

You see, Diebold's customers for ATM machines -- the banks -- have a vested interest in making certain that no money leaves their hands that isn't supposed to. Even their internal practices and procedures assume the employees to be untrustworthy. So the banks obviously gave Diebold a requirements document that ensures that no money leaves an ATM that isn't supposed to.

OTOH, Diebold's customers for voting systems -- the Republicans (yeah, I know, cheap shot, so sue me) -- have a vested interest in keeping their positions of power. Hence, the requirements document Diebold got from them was very likely bereft of any security considerations whatsoever.

Or, to put it another way: "Follow the money."

Schwab

Re:Yay!

Well the ATM's will be secured, you can count on it. I mean, this isn't some petty "(s)election" or something. A security hole in the ATM's could impact the holy bottom line!

Re:Yay!

[tlex42]

Exactly. Refer above to mention of Greg Palast's work.

A quote from his site:

The Florida Republicans wanted to block African Americans, who largely vote as Democrats, from voting. In 1999 they fired the company they were paying $5,700 to compile their felony "scrub" lists and replaced them with Database Technologies [DBT], who they paid $2.3 million to do the same job. [DBT is the Florida division of Choicepoint, a massive database company that does extensive work for the FBI.]

ChoicePoint is an amazingly qualified company to do this kind of work. If florida had wanted them to give accurate results (like their contract said), they would have. The FBI doesn't pay for crap work

So follow the money.

sigh.

I don't know, maybe a person who would use CRCs to verify anything in a hostile environment?

Not suprised

[Plug1]

Considering the fiasco that was the Presidential election can anyone say that they are suprised? This company will make alot of money serving the special interests of some political party. By making it insecure they insure that politicians will again be able to steal the vote from the people, with all the real evidence of this being reported in the British press. Your votes mean nothing even moreso now.

Re:Not suprised

[Thoguth]

Since when is the New York Times part of the British press?

Re:Not suprised

[Rethcir]

Good thing your queen was so fairly elected! Go suck a crumpet.

Re:Not suprised

[Plug1]

Their Prime Minister was.

Re:Not suprised

Okay, I've about had ENOUGH of people whining about the 2000 Presidential election. NO, I AM NOT A REPUBLICAN AND I DID NOT VOTE FOR BUSH.

Let's face facts here, shall we? Those whining are almost certainly Democrats who voted for Gore. Almost nobody else cares. Those whining do not have an adequate understanding of the federal elections process in this country.

First off, the popular vote (which doesn't matter as much as the electoral vote, but we'll get to that):

Voters break up like this: there's the people who will always vote Democrat, and the people who will always vote Republican. If the election were decided on this basis alone, the vote would come out almost exactly 50/50 in any given election year.

Next, you have the third party voters. This fluxes a bit more, attracting more and more "swing" voters every year. More about the swing voters later. These voters, at this time, make very little difference, other than when third parties manage to attract a lot of "swing" voters. Other than that, their vote counts for basically nothing until such a time when the majority of swing voters start voting third party candidates. THEN it will get interesting.

Now, the last category are the swing voters. In a federal Presidential election, these are the ONLY VOTERS THAT MATTER. Everything else is MOOT. If you always vote Democrat, or always Republican, you basically don't even count unless there is a situation with low voter turnout for one of the parties. This almost never happens in a Presidential election, particularly not one as highly contested as the 2000 election. The swing voters vote whichever way their mood strikes them at the time. They're a very fickle bunch, too.

What does this mean for 2000? The swing voters were polarized. Half voted Democrat, half Republican. What does this mean? Well, generally in such a fickle population, sociologists generally take this to mean that the group hated BOTH candidates. It is statistically likely that each swing vote for Gore was really a vote against Bush, and vice versa.

What does this mean for the popular vote? Your party should have picked a better candidate. Your candidate was teh suck. Sorry, dem's da breaks.

But what does all that that I talked about the popular vote amount to? Not much. Because the popular vote doesn't decide a Presidential election at all really. It's the electoral vote.

And the electoral votes in Florida could have as easily gone for Bush, EVEN IF THE POPULAR VOTE SHOWED THAT GORE WAS THE WINNER. Generally speaking, the each electoral college member votes the way their 'constituency' voted in the popular vote, but this is NOT NECESSARILY THE CASE. The electoral member can vote any way he or she wants, really. And if you don't like that, tough cookies.

So what have we leanred to day kids? That the actual ballot counting episode in Florida amounts to a HILL OF BEANS. Nada. Zilch. Zero. Get over it.

This public service announcement brought to you by "The Association of People Who Really Know What's Going On" (TAPWRKWGO)

Thank you.

I'm sure GW

[asv108]

Will encourage all States to do a trial run of these machines for the 2004 election.

Re:I'm sure GW

Maybe, but voting is NOT a federal responsibility, it's a state one.

Re:I'm sure GW

[asv108]

I know thats why i used a key word encourage instead of demand. Perhaps you should read comments a little more carefully before doing a hasty reply. Hypothetically speaking, he could have a republican congressman introduce a bill that would remove federal state funding X if a state did not have electonic voting in testing. This would never happen with a 2004 timeframe, but it is possible so saying the states control voting is a little far fetched, the federal government can just punish any state that does not fit their vision .

Re:I'm sure GW

[cascadingstylesheet]

I'm sure GW ... Will encourage all States to do a trial run of these machines for the 2004 election.

Why - he actually won. It was the robot guy who wanted to use voting uncertainy as a tool.

Re:I'm sure GW

[BigBadBri]

No - but Diebold are apparently working on electronic Supreme Court Judges just in case.

Re:I'm sure GW

I suppose that's why Dubya got the fewest popular votes and was appointed president by the Supreme Court--because the "robot robot" was so vile and cunning?

Re:I'm sure GW

I know thats why i used a key word encourage instead of demand. Perhaps you should read comments a little more carefully before doing a hasty reply. Hypothetically speaking, he could have a republican congressman introduce a bill that would remove federal state funding X if a state did not have electonic voting in testing.

Pushing an obviously 'not ready for prime time' solution would be a great idea. Maybe your posts should be a little more intelligent in the first place, oh and take the tinfoil hat off while your at it.

Here's an article

[Tarindel]

that I ran across a few weeks ago: http://www.cronus.com/electionfraud

It IS interesting to note how many dollars have flowed between Diebold and the Republican party...

Re:Here's an article

[kmac06]

Oh come on.

If you really think there's a possibility that a company making voting machines puts in a systematic change in votes, you better go put that tinfoil hat back on. Hackers, maybe. Poll workers, maybe. But the manufacturer? Just because a website claims it is so doesn't make it true.

Re:Here's an article

[pmz]

It IS interesting to note how many dollars have flowed between Diebold and the Republican party...

Actually, it was simply a matter of a Republican party official accidentally getting an extra $234 million from a Diebold ATM one afternoon...

Re:Here's an article

Is your post a joke? Think about it. If a party wanted to take power but knew they couldn't do it by popular mandate, they would resort to a number of underhanded tacticts. Aquiring control of the voting machines is one of the more crass and obvious ways to gain power. What better way to control the voting machines than to control the hardware and software?

What is troubling is that the voting machine companies are owned and operated by extreme right-wing republicans who have known connections to the national republican party, either directly or through massive money transfers. Does this prove election fraud? No, but only an idiot would say that it's nothing to worry about.

Wow...

[mhayenga]

Their security there sounds a lot like their security here at UT...

For example, common voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal

The vending machines here around campus (using a diebold system) were used by almost 600 students to get "free" food... In an audit they detected it... Full text here

Re:Wow...

[replicant108]

Some good links here: http://www.whatreallyhappened.com/vote_fraud.html

Re:Wow...

[hey!]

Which makes a good point: the key to fraud detection is the ability to audit. The students were detected and identified using a routine audit.

If the voter has no way of confirming that his ballot actually represents his intent (i.e. a printed ballot), there is no way any audit can confirm that an election result is valid.

Of course this is probably preaching to the choir: the stupidity of using purely electronic voting machines is probably abundantly clear to 99.9% of the people who read slashdot. The real question should be how to we convince everyone else?

Old Saying

[DogIsMyCoprocessor]

Never ascribe to malice anything that can be explained by stupidity.

Some people, in comments widely circulated on the Internet, contend that the company's software has been designed to allow voter fraud. Mr. Rubin called such assertions "ludicrous" and said the software's flaws showed the hallmarks of poor design, not subterfuge.

Re:Old Saying

[Suidae]

If you were a very savvy person designing a voting system, and you wanted to build in backdoors, would you make them look like a very clever backdoor, or a really stupid mistake?

Re:Old Saying

[DogIsMyCoprocessor]

Knowing that very savvy people (like us Slashdot readers) would be on to the ploy of making the hole look like a really stupid mistake, I'd stay one step ahead and make it look like a very clever backdoor.

Re:Old Saying

[HiThere]

How does this explain the report that an error reported to him 2 years ago hadn't yet been fixed?

Re:Old Saying

[Angst+Badger]

Never ascribe to malice anything that can be explained by stupidity.

It's more than just stupidity; as the article notes, some of these problems have been known -- and left uncorrected -- for five years. It may not yet rise to the level of malice, but it certainly qualifies for utter laziness and gross negligence.

If this were a medical device whose flaws were causing patient deaths and the manufacturer knew about it for five years, stupid would be a rather mild word for the manufacturer.

On the other hand, stupid does at least begin to describe a company like Diebold which is opening itself to the possibility of a class-action suit on a scale that would make the tobacco settlements look like pocket change if it is ever demonstrated that their machines screwed up a presidential election.

Re:Old Saying

to which I must offer Mark's corallary:

"Unless it can be shown the incompetance is in hiding the malice."

Re:Old Saying

ya' know I have hard time deciding if this notion is malicious or just plain stupid.

Where are the experts?

[Nomd]

So where is the good system that follows good software development processes and implements cryptography correctly? Certainly such a system is worth the experts in the field investing in it.

It sounds like we assigned the implementation of America's voting system to the members of the short bus.

The wonders of technology

[Muhammed+Absol]

It's amazing how quickly we went from having to make entire ballot trucks disapear last election to merely having the same voter from the bush family vote several times. 2004: election year of the vote box spammers!

Re:The wonders of technology

And amazingly enough, in Chicago, long dead democrats are still determined enough to vote in every election.

Look at the bright side

[Gzip+Christ]

In practical terms, this means that elections will go from being controlled by corporations to being controlled by script kiddies. Cool! CowboyNeal for president in 2004!

Poor choice of words

[PontifexPrimus]

"This is an iceberg that needs to be hacked at a good bit," Mr. Neumann said, "so this is a step forward."
Isn't that a rather poor choice of words when talking about program code? And is hacking an iceberg permissible under the DMCA?

Re:Poor choice of words

[Lord_Slepnir]

And is hacking an iceberg permissible under the DMCA?

As long as you don't use a cargo ship to distribute ice cubes in a Pier-to-Pier Network

Re:Poor choice of words

I think the word 'hack' is a hint that an interesting election is coming up. The Dibold Ftp server discovered during the last election has been backed up around the world and analyzed in Sweeden. They've discovered and reported all accross this internet on how to get into their software, access the ledgers through Microsoft Access, (of which two copies are made and the original tally is not the one used for the final total). There is no numbered audit trail activated in the tables and a utility is available that even allows the user to change timestamps. This is a scandal and if something isn't done about it soon then I predict some classic computer hackers are going to send a message with the next elections results that will probably translate to, "get this shit fixed". They have made this software so easy to hack into that the only problem is, where are they hiding their ftp servers, which they send their election results to via modem now? Manipulateing election results isn't just for the priveledged aristocrat anymore.

Voting using tokens?

[kevin_conaway]

I dont understand why they couldnt have some staffers sitting at a desk for people when they show up. The staffers have a box of cards (rfid tags ?) that have each person in their districts social security number. Person goes to the booth, scans their tag which says to the system, ok, 111-22-3333 is voting. The system should allow them to pick a candidate (or candidates) and then once they are done, invalidate their social number. To prevent against people from using fake socials, the system should be preprogrammed with its districts voters social numbers. Thoughts?

Re:Voting using tokens?

[tdemark]

You then have the possibility that votes may not be anonymous.

Currently, unless voting by mail, the majority of votes cannot physically be linked to an individual voter.

- Tony

Re:Voting using tokens?

[elmegil]

People are going to be suspicious that this doesn't preserve their anonymity voting.

Re:Voting using tokens?

[kevin_conaway]

Ok then, instead of coding ssns on the tokens, encode each with a unique key of some ungodly length and then reprogram the voting machines with those keys ?

Also read...

[DrCreep]

Found this a while back on

www.whatreallyhappened.com

http://www.infernalpress.com/Columns/election.ht ml

On purpose?

[DrWho520]

How can such grossly negligent design be produced by someone who wanted such a system to succeed. I do not know why someone would not want this type of system, I only proposed the possibility.

Are Diebold ATMs more secure?

[holt_rpi]

From the NYT Article:

The systems, in which voters are given computer-chip-bearing smart cards to operate the machines, could be tricked by anyone with $100 worth of computer equipment, said Adam Stubblefield, a co-author of the paper.

"With what we found, practically anyone in the country -- from a teenager on up -- could produce these smart cards that could allow someone to vote as many times as they like," Mr. Stubblefield said.

It would be interesting to see how worried Diebold is about fraudulent misrepresentation in its voting machines as opposed to its ATMs. I wonder aloud how vigilant they are (read: how much money they spend in a year) in each area.

Just from the above quote, this doesn't sound like the kind of security that any bank would tolerate. Is this a case of lawmakers awarding contracts under duress after being wowed by cool "tecknoligee" in order to avoid being the next "Florida 2000," or is Diebold simply a victim of its own success for having potentially higher standards for commerce than voting?

[sarcasm]
It almost seems like the authentication process to make this work would need something as stringent as, say, a National ID card...

Ooh, and we could use a Poll tax to pay for the equipment!
[/sarcasm]

Re:Are Diebold ATMs more secure?

[MImeKillEr]

"With what we found, practically anyone in the country -- from a teenager on up -- could produce these smart cards that could allow someone to vote as many times as they like," Mr. Stubblefield said

Ahh, yes. But if DirecTV has their way, posessing equipment to program SmartCards will be illegal.

Re:Are Diebold ATMs more secure?

[El+Cubano]

The systems, in which voters are given computer-chip-bearing smart cards to operate the machines, could be tricked by anyone with $100 worth of computer equipment, said Adam Stubblefield, a co-author of the paper.

"With what we found, practically anyone in the country -- from a teenager on up -- could produce these smart cards that could allow someone to vote as many times as they like," Mr. Stubblefield said.

DirecTV to Johnny teenager: "Here is a letter. We know you were going to pirate our signal with that smart card programmer you just bought. See, we have the purchase records right here. Settle with us for $3500 and turn over the card programmer or we will sue you."

Johnny Teenager to DirecTV: "Uh, I don't even own your equipment. Come on guys, really. I turn 18 early next year and I can vote in the next election, I was just going to commit election fraud."

DirecTVr: "We don't believe you. We are going to sue."

Johnny: "How about this. I will vote straight Republican and cast multiple votes for anyone supporting extended copyrights, mandatory DRM, or a stronger DMCA."

DirecTV: "We think your terms are acceptable."

Our time is upon us

[Realistic_Dragon]

Finally, the hackers can get someone they like into office. It might even mean the end of the two party system, when mysteriously 300 million (out of 210m) vote for a third party ;o)

Smart cards again, huh?

[Rogerborg]

I guess the FBI and NSA will be tripping over each other to get DirectTV's list of people who've bought card programmers. Last week you were just a potential thief. This week, you're a potential anarcho-terrorist.

Steal Elections Remotely

[foo_48120]

The only purpose to use completely electronic voting whether by voting machine or web services, is to make it easier to steal elections without the messy paper trail of paper ballots or the need to double punch those unwanted Republican ballots.

Of course there is no security. The idea is to know ahead of time at the central computers how many votes are needed so they can be added in quietly with smoothed data and not the mass stuffed ballot boxes of so many past stolen elections.

David

Diebold got the early and often part...

If they can just add a feature so the dead can vote, they can use it in Chicago.

More Importantly

[deadlinegrunt]

Can it handle malicious MIDI's?

Anyway, what's the big deal? Once an elected politician gets in office he gets a r00t kit by lobbyist. What's the rub here???

Your time scale is too short.

[sulli]

From NYT:

"We're constantly improving it so the technology we have 10 years from now will be better than what we have today," [Diebold guy] Mr. Richardson said. "We're always open to anything that can improve our systems."

Like making them non-useless?

FidoNet handled this

[TerryAtWork]

In FidoNet elections you sent in your vote with a one-time password.

The election results were sent to all voters with a list of all the passwords who voted for each candidate. You checked to make sure yours was in the right category.

This is still hackable, though, simply by custom generating for each voter a message with their vote in the correct category, but enough other passwords in the cheating candidate to make sure they win.

Whats the way to handle this properly in a world of PKI and the web?

Re:FidoNet handled this

Your vote would no longer be anonymous if it had a password attached to it.

Example:

A man comes to your house and says "Hello, I am from oranized crime. Vote this way. Show me your password. Okay. I will be back in two weeks for you to prove that you did what I said."

Alternately:

"I will give you five dollars if you vote for me. I will be back in two weeks for you to prove it, and then I will give you the money."

So there you go. This is actually already happening in Italy because people bring in 3G phones with video cameras to prove to organized criminals that they are voting the right way.

Unforgivable

[quantaman]

Elections are at basis of democracy it is essential that elections are done properly and fairly or you quickly end up with nothing but a facade, that this has occured it frankly terrifying considering the electoral process may of already been subverted in any number of countries using these systems without anybody being the wiser. If it turns out that they were willfully negligent in designing the system or even worse knew about and ignored the flaws for 5 years they should be charged with treason by every country they've sold to and if they aren't dealt with very harshly I will be rightfully suspicious...

Don't you realize that ...

[burgburgburg]

if you continue to question the legitimacy of the 2000 elections, the terrorists win? He was clearly selected.

Now turn off your computer, sit there calmly and wait for the soldiers to cart you off as the enemy combatant that you obviously are.

Re:Don't you realize that ...

[Blue+Stone]

Choicepoint.

Read all about it. [PDF] Get over that.

Re:Don't you realize that ...

[maxume]

There is still of course the matter of Jeb not neccasarily playing everything entirely fair in the time before the election, and maybe helping to skew the population of eligle voters in such a way as to maybe help his big bro out with the election. Also there is the matter of voting problems in states other than Florida. Some of which probably favored Gore(the problems helped Big Al out a bit), so it seems a bit rambunctious to go ahead and label someone questioning the election as uninformed. Perhaps attempting to consider the issues, whilst makeing a solid effort at setting the politics of the matter aside, would be a more positive use of energy?

Re:Don't you realize that ...

[Nagatzhul]

Perhaps the issues of the Democrats registering people who could not legally vote along with trying to getting the out of state military votes thrown out are also issues worth considering?

Re:Don't you realize that ...

[maxume]

Yeah, I would imagine. That's why I suggested making at least an effort to set aside politics and partisanship and whatnot. It isn't easy, but if each side refuses to even admit that they both probably did things they shouldn't have and continues to scream, red faced and pointing, about how bad and evil the other side is, no truth is going to come out of anything.

I could probably bring myself to believe that the biggest thing missing from recent elections have been a sense of sportsmanship or gamesmanship. And I mean at all levels when I say that. The candidates at least try to maintain some appearance of friendly competition, but I doubt that the really believe in the idea of 'may the best man win', and certainly not every member of the massive orginizations that are brought to bear on the elections holds such ideals. To mangle a certain saying 'You can trust most of the people most of the time, but you can't trust all of the people all of the time'. So even if both President Bush and Gore acted honorably throughout(who knows!), we still can't really ascertain what the hell happened, or just how rotten the onion really is, cause no one wants their shirt stained or whatever.

One way to actually make things more interesting again, and perhaps better for the voters would be to go back to the original system where #2 became Vice Pres., rather than having the Vice President on the ticket. It would have made a much more difficult race for President Bush if he had not had the help of Dick Cheney(especially on the hard right). Gore would have had his troubles too. Hell Lieberman might have been able to win(he was probably the most solid in an independant race), if he didn't get buried in a pile of Bush'es money...

Re:Don't you realize that ...

[cheezedawg]

Oh brother- not this again.

First, take a look at Mr Palast's website. That is not the place to go to find unbiased information about the election- Palast appears to have staked his career on attacking Bush and conservatives in general. He also has a significant financial interest in promoting his version of the story to sell his book.

Now lets talk about what really happened. Mr Palast wants people to believe that there was a vast conspiracy by Jeb Bush and Katherine Harris to keep minority and democratic voters from voting, but the facts just don't support that.

After discovering widespread fraud where several convicted felons and even dead people voted in a 1997 Mayoral election, the Florida legislature (not the Governor or Secretary of State) passed a law that called for a statewide list of convicted felons to be generated

In 1998, Elections supervisor Ethel Baxter (a Democrat) contracted with Database Technologies to compile the list (Database Technologies later merged with Choicepoint). The list had about 57,000 names on it.

According to the Florida Statute, the intent of the list was to generate as many possible matches as they could. This list was then forwarded to each county where the County Election Supervisors were required to verify the names before they took any action against the voters.

Many counties decided to ignore the list completely. However, if somebody actually was incorrectly kept from voting, by law the county election supervisor (once again, not Jeb Bush or Katherine Harris) is to blame.

If the County Elections Supervisor did validate a name as being a convicted felon, the voter was given notice well in advance of the election that their name had been removed from the voter registration, and they were given a procedure to dispute the decision.

Aside from some anecdotal evidence of minorities being turned away at the polls, there are no actual documented cases of people be incorrectly kept from voting. When the Federal Election Commission held hearings about the election, NOBODY stepped forward to claim that they were denied the right to vote.

The NAACP, who was called in to Florida to represent the minority voters, states very plainly in this settlement that the "Plaintiffs have not alleged that Defendants acted in a purposefully discriminatory manner toward any group". The NAACP also concedes that most of the changes that they requested were already implemented before they filed suit.

Katherine Harris had very little to do with any of this, and Jeb Bush had absolutely nothing to do with it. The law was passed by the legislature, the firm was hired by a democrat, and the final decision on each name on the list was made by the individual counties!

So Palast's shocking story boils down to this:
-Out of the 57,000 people on the list, an unknown number of them were not felons
-Out of that unknown number of innocent people, an unknown number actually lived in counties that decided to use the list
-Out of that unknown number, an unknown number were incorrectly verified by the County Election supervisor and removed from the voter registration
-Out of that unknown number, an unknown number didn't follow the procedure to dispute their removal from the voter registration
-And out of that unknown number, probably about 50% of them would have actually voted anyway (voter turnout)

Palast wonders why nobody else is talking about this- its because this isn't a story at all!

Re:Don't you realize that ...

[neitzsche]

Interesting to see the arbitrary rules in florida that determine who can "legally vote." Anyone who pays takes should have representation.

Re:Don't you realize that ...

Palast appears to have staked his career on attacking Bush and conservatives in general.

This sure sounds like a worthy endevor to me, and certainly something more people in this country should be doing. Bush is a liar, and conservatives are anti-democratic. Anyone who attacks these people who are destroying the constitution and trying to establish some sort of fascist theocracy in this country is doing good work in my opinion.

Re:Don't you realize that ...

- And out of that unknown number, a known number of zero complained when the Federal Election Commission held hearings about the election.

Re:Don't you realize that ...

I don't get it. Why would you pay a take? Why would paying a take give you representation? What does that even mean?

Re:Don't you realize that ...

Anyone who attacks these people who are destroying the constitution and trying to establish some sort of fascist theocracy in this country is doing good work in my opinion.

Lets talk about destroying the constitution. Can you find it written anywhere in the constitution that the minority party can block judicial nominations by simply talking so long that the Senate cannot take a vote? The constitution is clear about when a super-majority is required, and yet the Democrats are trying to force their policy through even though they clearly do not have the votes to do it. It is stunts like this that are destroying the constitution more than any single politician you may or may not agree with.

Re:Don't you realize that ...

[m0rphm0nkey]

The conservatives who created the constitution might beg to differ. And they (gasp) believed in GOD! So to your way of thinking our freedom, and the constitution you pretend to love, is the result of a toddling fascist theocracy? That damned fascist George Washington!

Re:Don't you realize that ...

I think Thomas Jefferson and Ben Franklin would have some issues with the current form of "belief in god" and how intrusive the Bush administration wants to make it.

Simply put, the separation of church and state is very, very important, and Bush and his administration are doing everything to destroy that separation that they can, from tax-payer funding of religious institutions to religious litmus tests on chairatble funding and required adoption of Christian dogma for groups receiving federal funds.

As a non-Christian in the USofA, this concerns me greatly.

Most of the framers and early presidents were not fundamentalist Christians of the Ashcroft mold, but more Diests and Humanists and Unitarians of the "Free-thinking" mold. It's one of the christian right's biggest lies that this is a CHRISTIAN country. It's not. It's a SECULAR one. It was designed to be such. There's a reason God isn't mentioned in the Constitution anywhere.

Re:Don't you realize that ...

No, let's REALLY talk about destroying the consititution. Like trying to pack right-wing religious ideologues onto federal courts without serious debate as to their judicial worthiness.

Or worse, let me just bring up not only the Patriot Act, but the proposed "Patriot II". So much for the bill of rights.

And trying to quash any dissent with "Any dissent is unpatriotic and makes the terrorists win" rhetoric is just totally against the whole point of the system of debate and democracy this country was founded on. Never mind how secretive and closed-door this current administration is.

What have they got to hide, I wonder?

Remember: Democracy dies behind closed doors.

I fail to see how any advocate of open source could possibly support this highly closed and secretive administration.

Never mind that this administration backed sodomy laws -- government intrusion into the privacy of people's bedrooms. And remember, sodomy includes blow jobs. Supporting this administration with your vote is a vote against blow jobs. Think about it.

And back to the concept of judges, we need a lot more like Breyer and Ginseburg and a lot less like Scalia and Thomas. Bush has been appointing judges that make these two backwards pricks look like shining liberals. Very scary. ANYTHING the Democrats do to block such unworthy, unrepresentative judges from federal benches is a Good Thing.

Re:Don't you realize that ...

[ChadN]

And the Republicans did it to Clinton. This is standard operating procedure (sadly).

Re:Don't you realize that ...

[gurps_npc]

Totally and completely irrelevant, considering what we know about what really happened. Below are the facts that NO one of any reputation disputes.

1) Democrats won the popular vote. All the Republicans admit this. So what, we use an Electoral college.

2) Several county that typically votes overwhelming in favor of Democrats went to Republicans. Worse, outside polls of the people resulted in clear predictions that they had voted for the Democrats. Most people believe this was an accident related to a poorly designed but officially approved butterfly ballot. If the outside polls are an accurate reflection of how people attempted to vote, then Gore would have won, even if the Republicans got the Military vote and the Democrats did not get any of the "questionable votes".

3)[b]Most importantly, all of the above is meaningless, because according to Florida state law, when their vote is close(Which you have to be an idiot not to believe), the State Legislator is REQUIRED to over-ride the statewide popular vote and declare who gets their Electoral College.[/b]. Hell, that's 1/2 the reason why we use an Electoral College in the first place. This would surely have given Bush the Presidency, but probalby would have got them fired come their own personal re-election campaign. They refused to do, allowing for a bunch of legal shennanigans that were ridiculous.

The only real shame is that the Republicans Legislatures were too scared to over-ride the state wide vote and stand up and say "We don't care what the vote says, we vote for Bush." They were a bunch of cowards, who made a laughing stock of this great country.

Re:Don't you realize that ...

[grondu]

The conservatives who created the constitution might beg to differ. And they (gasp) believed in GOD! So to your way of thinking our freedom, and the constitution you pretend to love, is the result of a toddling fascist theocracy? That damned fascist George Washington!

As the Government of the United States of America is not, in any sense, founded on the Christian religion; as it has in itself no character of enmity against the laws, religion, or tranquillity, of Mussulmen [Muslims]; and, as the said States never entered into any war, or act of hostility against any Mahometan nation, it is declared by the parties, that no pretext arising from religious opinions, shall ever produce an interruption of the harmony existing between the two countries.

(Article 11, Treaty of Peace and Friendship between The United States and the Bey and Subjects of Tripoli of Barbary," 1796-1797. Authored by American diplomat Joel Barlow in 1796, the treaty was sent to the floor of the Senate, June 7, 1797, where it was read aloud in its entirety and unanimously approved. John Adams, haven seen the treaty, signed it and proudly proclaimed it to the Nation.)

Re:Don't you realize that ...

[whatch+durrin]

Thank you.

Re:Don't you realize that ...

[ConceptJunkie]

Wipe the spittle from your mouth, please.

Re:Don't you realize that ...

[summernot]

1) Democrats won the popular vote.

We can't determine who won the popular vote, because all the ballots weren't counted. The idea of a popular vote is meaningless when we employ the electoral college system. We can't even really say who got how many total votes, because we don't have a total. Once a candidate gets a statistical majority, the state stops counting. So Texas, for example, probably had 49% of the ballots not counted, because Bush probably was chosen on the first 51% of the returns (an extreme example not representing actual numbers, but you get the idea). Since military votes are often the last ballots reviewed (or not, as the case may be), we could expect to see a Republican's votes tic up as the night wears on, if we counted all the votes.


2) Several county that typically votes overwhelming in favor of Democrats went to Republicans. Worse, outside polls of the people resulted in clear predictions that they had voted for the Democrats. Most people believe this was an accident related to a poorly designed but officially approved butterfly ballot. If the outside polls are an accurate reflection of how people attempted to vote, then Gore would have won, even if the Republicans got the Military vote and the Democrats did not get any of the "questionable votes".

First, those who Democrats claimed were confused by the ballot didn't vote Republican by mistake -- they voted for 3rd party candidate Pat Buchanan. It's interesting that the DNC hired a telemarketing agency to do a push poll even before the election had ended to introduce doubt in voters' minds. In order for them to get this all set up, they would have had to have determined that the ballot might be confusing prior to the election. And yet they stayed quiet until the results started to come in and were closer than they would have liked. This indicates to me that this was a strategy they kept in their back pocket to use if the need arose. They decided it was needed and utilized the call center and the media to germinate the seed.
Second, Democrats only contested the results in three counties that were heavily left wing and that also were notorous for election corruption. If they were truly concerned about the results, they would have demanded a statewide recount. The fact that they insisted on only recounting the three counties indicates that they weren't interested in objectivity; they were just looking for a way to make the results tip in their favor.


because according to Florida state law, when their vote is close(Which you have to be an idiot not to believe)

Actually, there needs to be a specific margin determined. If the results for each candidate are within, say, 1% of each other, the legislature must decide which side goes to the electoral college. The law gives a specific number -- not just "close". I forget what that margin was, but, as I recall, Bush was ahead by enough that the decision could not go to the legislature. This is one of the reasons why the Gore team insisted that only the Miami/Dade/Broward counties were re-counted -- and why they pushed for the recounters to be lenient in their treatment of the ballots (dimpled chads in their favor, etc). Not only did Gore have to find more votes than Bush but he had to overcome that margin to keep the legislature from overriding the election results.


I don't belong to either party. My own view is that Gore's team tried to bend the law in their favor when they didn't get the results they wanted, starting with the push polls, and continuing to focusing only on three extremely liberal counties, imposing delay (which allows room for corruption). Along with the history in these counties of corruption swaying elections toward liberals, I see this as a case of desperate hair splitting straw grasping and some under-the-table action. I see Bush more in the defensive position. For this reason, I don't buy the argument that Bush "stole the election."

Re:Don't you realize that ...

[m0rphm0nkey]

I don't believe I mentioned anything about christianity. It was the hint that all religious conservatives (and there are religions full of conservatives (mahometian even) that have no pivotal messianic figure) have it in for whatever version of freedom the author supports, and must therefore be fascist, that I took issue with.

I believe that all men are endowed by their creator with certain inalienable rights, wether they believe in a creator or not. It's the belief that a birthright of a variety of freedoms may be expected that is the cornerstone of both freedom and (as outlined in the constitution) our attempt at democracy. I've often stood for the rights of the weak without stopping first to ask if either the agreessor or the victim believed in either a creator or the constitution. The authors of the Diebold faults stand for the rights of (myself included unfortunately) the tehcnically weak in the same fashion.

In the past and present our freedoms have most often been supported with the lives of people who believed (wether associated with a specific religion or not) in a creator and it's endowment of rights. To obliquely sugest that the growing rows of tombstones in arlington cemetery are by and large the graves of fascists is at best Un-American, and as antithetic to the freedoms you obviously enjoy as fascism truly is.

I applaud the exposure of the flaws in the Diebold sytem. While the current system of electoral votes has good and bad points it's obviously on it's way out, and something more like the stated goals of the Diebold system than it itself is may be necessary to the integrity of the expressed will of the people. While I have some technical skills they are certainly insufficient to the task of those who exposed these flaws. Thank you. Your continued curiousity is as good a protector of American freedom as any army will ever be.


"My Adoration of the Author of the Universe is too profound and too sincere. The Love of God and his Creation; delight, Joy, Tryumph, Exaltation in my own existence, tho' but an Atom, a molecule Organique, in the Universe, are my religion."
John Adams

Re:Don't you realize that ...

The people who launched the American Revolution and who created the US Constitution could hardly be described as "conservative." That's oxymoronic!!

Revolutionary != conservative.

Re:Don't you realize that ...

Name one account where the Democrats tried to get lawful military votes discounted.

Hint: It never happened. You've been listening to too much Rush, m'boy.

Re:Don't you realize that ...

[Dun+Malg]

Anyone who pays takes should have representation

And anyone who can't spell "taxes" shouldn't vote.

Re:Don't you realize that ...

[m0rphm0nkey]

While It's true that Thomas Jefferson thought bloody revolution might be necessary every 20 years in order to maintain our liberty, and Franklin stated that we were creating a new being in the making of the American people, the leading men of revolutionary America (taken as a whole) were conservative enough to disinclude slaves, women, and American Indians (not to mention Brittish loyalists) from the list of beings with rights. I'd say the politics of our era are less conservative than theirs.

Simply being involved in a violent conflict precipitated by deeply held beliefs doesn't make someone radical, or even liberal. In fact it was simple changes in the status quo by a very poor politician and worse statesman that initiated a desire for separation that would otherwise have remained dormant. If the people of the American colonies had been given equal rights as Brittish subjects there would have been no revolution and we'd probably be celebrating our independence on July 1st (Canada day).

By todays political standards many of these men would (and rightly so) be considered quite conservative. Though I'm guessing the floor of the house would be considerably more interesting if some of them were present. I think beatings in and about the capitol buildings were not uncommon. Not to mention the occasional duel.

Re:Don't you realize that ...

[Bj�rn]

This list was then forwarded to each county where the County Election Supervisors were required to verify the names before they took any action against the voters.

One county, Leon, did. And in Leon, of 694 names only 34 were ineligible voters.

After being sued by NAACP, ChoicePoint's DBT agreed to settle and thus avoid class-action claims. DBT removed 50 000 names from the list. However Harris has refused to return their civil rights. Oh, and here is an interesting statement. ChoicePoint's vice president James Lee called the BBC in February 2000 and said, that the state "wanted there to be more names than were actually verified as being a convicted felon." .

Re:Don't you realize that ...

[cheezedawg]

One county, Leon, did. And in Leon, of 694 names only 34 were ineligible voters.

Right- that was the exact intent of the list. Cast as wide of a net as they could to include any possible matches, then let the county supervisors sort it out. The legislature thought that would make it less likely that a convicted felon would slip through.

After being sued by NAACP, ChoicePoint's DBT agreed to settle and thus avoid class-action claims. DBT removed 50 000 names from the list.

The 2000 election was the first big test of the 1998 law, and after they saw how flawed that method was, they changed it.

However Harris has refused to return their civil rights.

If you are talking about convicted felons, then its not Harris's job to return their civil rights. Florida is one of around 10 states that doesnt let convicted felons vote, and Harris was bound by those laws on the books. Interestingly enough, just yesterday Florida changed some of their policies regarding felon voting rights.

ChoicePoint's vice president James Lee called the BBC in February 2000 and said, that the state "wanted there to be more names than were actually verified as being a convicted felon."

Uh, of course. Again, that is completely consistent with the stated purpose of the list, which was to generate as many hits as possible. Being on the list just meant that the county officials had to look into your status. If they couldn't verify that you were a convicted felon then nothing happened. That is a crappy way to do things, but that is what the legislature decided in 1998.

Re:Don't you realize that ...

[Nagatzhul]

ClueX4: It did happen. Over seas absentee military votes don't have post marks due to being delivered through military mail first. The Gore campaign made sure that any ballots that didn't have post marks were discarded..... until a judge forced them to include those ballets again, if another recount was called for. I don't listen to Rush, but you might want to try CNN or Yahoo yourself. It was heavily reported on both sites.

Re:Don't you realize that ...

Bravo! Nice post.

Re:Don't you realize that ...

[MntlChaos]

what is conservative now was liberal then. non-bourgouise vote? WHAT? == conservative then let all the men vote == liberal then let all the men vote == super conservative now

The one problem they mention...

[webster]

If the voting terminal was able to ensure that each voter only voted once, then there would be even less of a secret ballot than there is now. While such assurances could be built without compromising voter annonymity, it almost certainly would not be. If you don't think ballot secrecy is important, just consider the time when Ann Coulter is president. Voting against her agenda would be treason.

Better to handle the multiple voting issue outside the machine.

Re:The one problem they mention...

[tsg]

Secret ballots are overrated. I say record everyone's name and how they voted and publish it in the newspaper the next day. It would be trivial to verify that your vote was actually counted correctly and to verify that everyone on the list was actually registered.

Screw this secrecy shit, take responsibility for your vote.

That would require that the polling places ...

have that new-fangled invention, electricity.

Since that won't be happening for few years yet, I'll still be Governer!

Wow...

[trainsnpep]

Considering the stories we've had in the past few weeks, this article can be summed up in three words: Sounds Like Microsoft...

But on a more serious note, how did Diebold get the contract in the first place? How can we be sure now that when they do fix the problems mentioned in the report they don't introduce more. Our election system is backwards enough. Do we really need to give more chances for crooked results?

Electronic voting a solution to a non-problem

[So+Called+Expert]

Paper ballots are receipts as well as ballots. Electronic voting needs to either provide third-party accountability or stay in the lab. Period. Luckily, nobody has ever tried to tamper with voting results

Solution?

[Aluvus]

If the system is insecure, why not have someone boost its ego?

Chads == Pointers ??

[SkiddyRowe]

If recounts came about due to a close race, would they count dangling pointers?

Does that mean...

[packethead]

For example, common voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal. ...we can all cast our votes for Linus.

Dimpled smartcards?

[Anonymous+MadCoe]

Maybe punching holes in smartcards would be a nice thing to try.

And the big two parties said

[BoomerSooner]

The Green Party couldn't win. My ass, we're going to win now!!! (Or the socialist candidate I got 96% for in that who to vote for quiz!)

Secondhand experience

[cybermace5]

A couple years ago, some guys I knew in school were testing voting machines as their senior project. Basically they did every possible thing they could think of, to see how idiot-proof the machines were. Card in backwards, different speeds, bumps, button-mashing, etc.

Actually I think they were only allowed to test machines from two out of four companies. The companies were quite rude about the idea of some external group testing their machines. They would not provide a machine for testing, and actually forbade them from finding one of their machines elsewhere and testing it. They were threatened with legal trouble if they performed an "unauthorized" test and released the results.

They probably had good reason to be so wary. On one of the other machines at least, I believe you could vote twice by zipping the card through quickly or something. I don't recall exactly what you had to do, but it apparently wasn't difficult to learn or accidentally come across.

No Surprise Here!

[mildness]

NDAs must have expired by now so...

Almost exactly 20 years ago Chase Manhattan Bank tasked my buddy Charles (?) and I to hack thier Diebold branch alarm system.

To our surprise it used a simple lookup table. The mainframe would poll a branch asking about a specific alarm. The server located at the branch would respond with a code for "OK".

THE SAME CODE EVERY TIME!

We cut the telco lines and alligator clipped our TRS-100 (way cool early laptop) and using a BASIC program did a look-up (which my partner wrote a coolie algorithm for), responded "Everything's OK Here!", and went to lunch.

After screwing off for several hours we told our managers that we had spoofed thier branch alarm system.

They traveled to Diebold who swore up and down how great thier encryption was. The Chase guys slid our report across the table and watched the Engineers turn white as ghosts as they read it.

HAHAHAHAHA What a bunch of dumbasses!

The Moral of the Story: Don't trust your security vendors.

Cheers! (:-{)}

Bill

Re:No Surprise Here!

[LostCluster]

True security is impossible. Just can't happen, don't pretend you've done it. Real security is a matter of how hard can you make it to violate the system, and how hard can you make it to cover up any violations.

In the case of any voting system allowing extra votes, that should be able to be solved by a simple external checksum. If there's more votes in any race than people who passed through the doorway, you've got a problem.

Re:No Surprise Here!

[pmz]

If there's more votes in any race than people who passed through the doorway, you've got a problem.

What about changed votes?

For every problem solved, there lies another one in hiding...

Re:No Surprise Here!

[Rich0]

In Florida we already knew we had a problem.

The question is what do you do about it.

You need a system that spots extra votes as soon as they start showing up, not two days later when the voters are all gone.

Unless of course you want to allow re-votes.

You see why a Republic is more efficient?

[Rogerborg]

In a democracy, we'd have to go to the expense of counting the actual votes. In our brave Republic, our leaders save our tax money by deciding in advance who will win and how many votes they'll get, so we can get back to our bread and circuses. God save the Ki- President!

DMCA

[nebaz]

So if I point out the flaws in this voting machine do I go to jail (reverse engineering & circumvention) and forever lose my right to vote? (several states do not allow ex-felons to vote)

This is SUPPOSEDLY Diebold code, not verified!!!

From the PDF:

We only inspected unencrypted source code that we believe was used in Diebold's AccuVote-TS voting terminal [Die03] (the "AVTSCE" tree in the CVS archive). We have not independently verified the current or past use of the code by Diebold or that the code we analyzed is actually Diebold code, although as explained further in Section 6.1, the copyright notices and code legacy information in the code itself are consistent with publicly available systems offered by Diebold and a company it acquired in 2001, Global Election Systems. Also, the code itself built and worked as an election system consistent with Diebold's public descriptions of its system. We concluded that even if it turned out that the code was not part of a current or past Diebold voting system, analysis of it would be useful to the broader public debate around electronic voting systems security and assist election officials and members of the public in their consideration of not only Diebold systems, but other electronic voting systems currently being marketed nationwide and around the world. We did not have source code to Diebold's GEMS back-end election management system.

As designed!

[Spackler]

Does anyone else get the idea that this is exactly how they wanted it to work?
Even if they thought it was fully secure, some geek would find a way to exploit it. How can they fix an election in a secure system? Make it bad, and scrap it quickly, before the 04 elections.

George Bush, or my wife's bush. Both have the same right to be running this country right now. (don't get excited Al, if I compare George to the front hole, you are the other hole in the back)

About your sig...

[arcadum]

That is a great quote... was it spoke by Hawking?

necisary != necessary

Re:About your sig...

[NGTV13]

yeah, it is, but I do need to learn to spell, thanks

So...

[cK-Gunslinger]

Some people, in comments widely circulated on the Internet, contend that the company's software has been designed to allow voter fraud. Mr. Rubin called such assertions "ludicrous" and said the software's flaws showed the hallmarks of poor design, not subterfuge.

They're not evil, just stupid!

Just sent this to Congressman Boucher

[SnappingTurtle]

I just sent the technical paper to Congress Rick "One of the Few With a Clue" Boucher. Here's my email:

Dear Rep. Boucher:

I'm sending you the attached paper concerning serious flaws in an electronic voting system that is becoming increasingly popular in our country. I'm very concerned that if this system becomes widely used, we will have even worse voting problems than we had in Florida a few years ago.

From time to time you and I have discussed the value of open source software vs. closed source software. The issue of electronic voting could not underscore the difference more. It appears that Diebold has allowed itself to fall prey to the worst problems of closed-source software, and we may all pay the price for it.

Please look over the attached document and bring it the attention of your colleagues. I know that we were all ashamed by the situation in Florida in 2000 and we do not want to see it made even worse.

Miko O'Sullivan
Constituent

Re:Just sent this to Congressman Boucher

That's pretty annoying, having to slip in Open Source evangelism. Jeez, just notify the guy of the problem, and when someone asks how to fix it THEN you discuss options.

I enjoy and dabble in Open Source, but I'm getting sick of people going out there and making us as annoying as Jehovah's Witnesses.

Is Open Source the issue here? No. Bad voting machines is the issue. Bragging about how you're trying to whore Open Source out to the government...annoying and doesn't impress anyone.

Pure Speculation

[TrollBridge]

What's so 'interesting' about their little observation? Their implication that Republicans rigged the Georgia election is based purely on baseless speculation, and is absent of any facts to support their claim. After reading that, I had a hard time taking anything else in the article seriously.

Re:Pure Speculation

based purely on baseless speculation

What an odd turn of phrase.

This sounds like a victory for the 'little guy'...

[JessLeah]

...but in practice, it could simply be used as an argument FOR centralized, online voting. Please note that the current e-voting system currently in testing is Windows-specific... this could end up being a very bad thing. ("To vote, you must run one of the following operating systems: Windows 2000, Windows XP, Windows ME, Windows 98. Other systems are not supported on www.evote.gov at this time. We apologize for any inconvenience this might cause...")

I KNOW I'm paranoid, but still...I like to think long-term.

not exactly a surprise

[73939133]

We have already known for a long time that ATMs are badly flawed as well when it comes to security. Even the basic technology is completely outdated and insecure: magnetic strips with four digit pins are just an abomination when it comes to security. The solution has been for banks to deny the problem, blame customers, and pass on any losses that result from fraud that they can't blame on customers to other customers.

So, does it come as a surprise that companies that can't produce minimally secure ATMs can't produce minimally secure voting machines either? Blaming Floridians for "hanging chads" (talk about a broken user interfaces) clearly was only the beginning.

If we want secure voting machines, ATM manufacturers are the last people to go to because they already have proven to be incapable of handling computer security. The only thing they seem to be able to do is make big, heavy metal boxes and pretend that that constitutes "security".

Re:not exactly a surprise

[kmac06]

When a bank loses money due to a fraudulent ATM transaction, they pay for it. Yes, the customer pays for it in an abstract sense, but you know what I mean.

If the bank thought they could save money by upgrading ATMs, they would do so, and pocket the extra money. Obviously they don't think so.

Re:not exactly a surprise

[73939133]

If the bank thought they could save money by upgrading ATMs, they would do so, and pocket the extra money. Obviously they don't think so.

That is all very true, but that doesn't make it any better. To the bank, an occasional $2000 fraud isn't a big deal--it's a little money added on to some fees, maybe they lose the customer that was defrauded, and putting a secure ATM infrastructure in place would indeed be much more expensive. But to the person losing $2000 and spending hours on the phone trying to get the money back and trying to restore their good name, the loss is much bigger than the financial loss to the bank. That is what makes the bank's attitude so callous. In fact, banks should face stiff penalties when fraud does occur so that their financial objectives are brought in line with the harm they cause; then, they would fix ATMs.

For voting machines, the situation is even worse: there is little or no auditing or verification possible, either for individuals or auditors, and nobody loses money from misregistered votes. So, if the ATM vendors reason the same way for on-line voting as they do for banking, the kind of reasoning you applied, then they really don't care at all about security. And that's just what we are seeing. And that is exactly the reason why ATM vendors are completely unsuitable to handle these things: they have already demonstrated that they will optimize for profit, not for security. For creating on-line voting systems, we need organizations that are dedicated to security, not profit maximization.

Re:not exactly a surprise

[elpapacito]

Everything in your message makes sense to me, except the last statement that seems to overlook a _very_ important problem: there is no need for an online voting system. Remember the rule, "if it isn't broken, don't fix it " ? Paper voting has worked for many years, surely not without organizational and optimization problems, but it worked. Clearly the weakest link is , again, the human link. Voters can be bought, but that's considered "fair" by someone... election officials can be bought, but it involves , for instace, corrupting 10 people instead of one who is 1) well inside the security organization 2) knows all the weakness of the system 3) knows how to destroy electronic trails. With the incredible amount of power and money being involved in any election, any person can be corrupted in seconds, but corrupting 100 or 1000 people is much much harder and dangerous.

Re:not exactly a surprise

[73939133]

there is no need for an online voting system. Remember the rule, "if it isn't broken, don't fix it " ?

But it is broken: voting is too labor intensive, counties don't have the money, and, as Florida shows, consistency is also lacking.

I think the solution is to use paper-based electronic voting: ballots are simple, nation-wide standardized, machine-readable pages of letter-sized paper, and they are scanned and verified on the spot, in the presence of the voter. If everything is OK, the ballot gets dropped into an archival box, if not it gets destroyed and the voter gets to try again. That approach is cheap, it's easy to use, and it's auditable. It also avoids the traditional problems with paper ballots, that people may make ambiguous marks, because those get rejected by the reader right away. Hardware costs per station are under $1000, and software development is pretty simple.

Paper 1.0

[LostCluster]

I think all of the electronic voting systems have taken it all too far. What they should be doing is creating a nice glossy touchscreen interface that is clear and easy to read, to allow people to create a PAPER BALLOT that is properly marked. The ideal printout would both be human readable and machine readable for easy counting and recounting. Let physical, rather than technical security processes make sure that people put only one ballot into the box that counts, and voters can have unlimited attempts at trying to get the paper ballot to say what they wanted to say.

Re:Paper 1.0

[Rich0]

Agreed. Make the paper ballots OCRable, but you don't actually have to OCR it unless there is a recount. The voting machine can always keep its own count as well to display on CNN.

But having the official tally on simple media like paper is critical. Hacking ballot boxes is a lot easier to spot than hacking computer code...

ATMs and Voting

Now only if the same development team designed their ATMs I'd be sitting on a beach in the Carribean right now. After all, if you can make an unlimited number of votes, why not an unlimited number of transfers/deposits... Hmmm I think I'll deposit $10,000 (don't want to tip off the IRS too fast) again and again and again.

In Canada -- Old Fashioned with a Twist

[dl248]

I don't understand the rationale behind casting "virtual" votes. How can you go back and audit the votes? How do you ensure reliability and security?

In Canada whenever I have voted, I have put an "X" in the appropriate spot beside the candidate or question I'd like to vote for. Sure the voting card is then fed (by an elections official) through an automated counter, but the powers that be can always go back and recount the votes, either manually or using the automated counters.

Using this system the results are usually known within a couple of hours of the polls' closing time, and there are no hanging or dimpled chads -- or the possibility of the public at large messing with the system (other than spoiling one's own ballot).

What is wrong with this system? I can't really find too much to complain about -- old fashioned voting cards coupled with technology to speed the counting process.

Re:In Canada -- Old Fashioned with a Twist

[wkjel]

I've only seen the scanners used in municipal elections (Toronto). AFIK, votes Federal elections are still counted by hand, all within a few hours. You're right. There is nothing wrong and plenty right with this system.

Pull a microsoft...

[Epistax]

Don't tell anyone about the problems, then when it becomes known you have infinite votes, call it a feature.

Also introduce a talking chad to help you vote, and notify you when it looks like you're writing a letter.

No, the SC said that ...

[burgburgburg]

allowing recounts would cause people to question the legitimacy of the election of the person they had selected as the winner of the election.

Scalia logic: No batteries necessary.

Dear DirectTV...

[metrazol]

Concerning your recent letter threatening legal action, I didn't buy my smart card programmer to steal DirectTV service...

I bought it to steal an election.

Thank you.

Re:Dear DirectTV...

[fishdan]

FUNNY. Exactly the same thing I thought when I read it.

Someday they will learn

[fmachado]

I know it's been mentioned lots of times. But I can't resist:

Brazil voting system Just Works (TM). Ask Mexico, they used it last elections. Ask Paraguai. Ask here in Brazil. We have more than 100 million voters and still can give results in a matter of hours. And the system is highly secure. Not that I endorse the multitude of problems our political system has, only the voting system (technologically) is very well done.

Flávio Machado

difficult

[rebelcool]

The interface would be the most difficult part to do. It's something that truly needs alot of research and input from ALL of the public, not just a few guys sitting around their computers.

Off the top of my head, here's people that the interface would have to take into account:

The illiterate, or very low reading ability.

People with limited sight.

People with limited or no english reading ability.

People with no experience with electronic interfaces of any sort. Even touch screen, or simple buttons may be confusing for many.

Those who distrust the computer system to accurately record their vote. Some kind of print-out system is a must.

In essence, before such a system should be put into use, it should be tested (perhaps with mock elections of sorts) with people who fit all these descriptions, to figure out how to make a system the easiest and most accurate to use.

Re:difficult

[SirGeek]

The illiterate, or very low reading ability.
Replace "buttons" with pictures of the candidates.

People with limited sight.
Replace "buttons" with REALLY BIG pictures of the candidates.

People with limited or no english reading ability.
Replace "buttons" with pictures of the candidates.

People with no experience with electronic interfaces of any sort. Even touch screen, or simple buttons may be confusing for many.
Then the cities will need to have a "test" system hooked up at the main desk where the people who take your name/etc. are required to explain the system to all voters and get a signature that it was explained.

Those who distrust the computer system to accurately record their vote. Some kind of print-out system is a must.
Then for each bank of systems, it prints out a summary line for the most recent X (where X is the # of terminals) voters voted, then a running total

Re:difficult

[DunbarTheInept]

The illiterate, or very low reading ability.

Who can't use current paper systems.

People with limited sight.

Who can't use current paper systems.

People with limited or no english reading ability.

Who can't use current paper systems.

There is no need to try to make the computer voting system perfect *except* in its reliability and counting. For other problems such as you mention, the solution has nothing to do with the system used - it is a high level solution (like having someone else help you with your vote, JUST like they have to do today with paper systems.)

DMCA prevented full research into code

[asmithmd1]

The researchers here took on a daunting task and they were crippled by the DMCA

we decided to limit our research to only the files that were publicly available without any further effort, in part due to concerns about possible liability under the anti-circumvention provisions of the Digital Millennium Copyright Act.

Why shouldn't voting machines be open source? Who approved these machines?

Beating a dead horse

[stefanb]

But why is it that the tried-and-true paper ballot must be replaced? If most (if not all) countries in Europe can find enough volunteers and monitors to sort and count the ballots, why isn't this possible in the US? Or even pay these people?

improving

"We're constantly improving it so the technology we have 10 years from now will be better than what we have today"

These guys definately deserve $56 million contracts.

Well, duh

[b-baggins]

The more you overwork the plumbing, the easier it is to clog up the pipes.

The punchcard and bubblesheets are still the best way to do this sort of stuff.

Our problem is, we don't push for the idea of responsible exercise of our franchise.

paper-based electronic voting

[73939133]

I think voting by touch screen is wrong. Electronic voting should be paper based. That is, ballots should be simple pieces of paper that are marked clearly by pen and immediately stuck into a reading machine. The reading machine complains if there are any inconsistencies with the ballot so that the voter can go back to correct them. The paper itself is retained to allow auditing and, in narrow elections, recounting.

Paper-based electronic voting is easy to use for voters, requires far less equipment than other electronic voting, is fully auditable, and is less prone to user error than either traditional paper-based voting or touch-screen voting (neither of which really provides a double-check of the votes).

There is no way to do it securily.

[Convergence]

This is a computer programmed by invisible software. The only record of a vote is a little counter in the guts of the computer program. There is absolutely no way to make it secure. Any system that records votes directly electronically is wide open.

The only difference is who can commit vote fraud. Now anyone who walks up to the machine can commit vote fraud. Even if all of these bugs fixed, large classes of vote fraud remain. The only difference would be that any random person on the street couldn't cheat. However, any custodian would still be able to re-image the drive. Any programmer at Diebold would be able to embed a trapdoor. In short, anyone with exclusive access to open the machine can cause it to cheat. And this 'best case' is only if they fix all of the bugs.

Thats not a lot better. Even the writers of the paper couldn't make a cheat-proof DRE voting program. If an adversary controls the hardware, they control the software. Fundamentally, any non-trivial computer system is not trustworthy; any system whose security depends on a computer should be transformed where the security no longer depends on the correctness of the computer.

For instance, the only nominally trustworthy computer voting scheme is to have the computer be nothing other than a super-intelligent pencil. The voter uses the computer which prints out a paper ballot. The user observes and confirms the paper ballot is correct, then the ballot is dropped into a box. The computer may record results, but as the computer is untrustworthy, those results are untrustworthy. Now, the security and trustworthyness of the computer doesn't matter.

Every security researcher, including the authors of the paper advocates this scheme, but they are ignored by election officials. This includes the two professors who authored the paper, Peter Neumann, and Douglas Jones from the NY Times article, Rivest---the R in RSA--- and hundreds of others.

See: http://www.verifiedvoting.org/index.asp

This is a secure voting system. Brazil has it (and at a tenth the price). Any system without a printer requires 'trusted hardware' in an adversarial environment. Control the hardware, control the election.

Re:There is no way to do it securily.

All electronic voting machines should not only be open-source and peer-reviewed, but should also produce a well documented paper trail for use in verifications and recounts.

Re:There is no way to do it securily.

[Lux]

What about secure coprocessors running open-source software?

There are still issues involved there, particularly with the loading of the coprocessors. (Distribution of the coprocessors shouldn't be an issue because they can prove their identity if the loading is done correctly.) But I would argue that if one threw enough money and effort at that single step, it could be made open and secure as well.

The other issue is the terminal between the coprocessor and the user. It seems to me that as long as the (correctly implemented) smartcard the voter uses authenticates itself to the coprocessor, and the coprocessor authenticates itself to the smartcard, the worst a hostile terminal can do is deny service... so long as the smartcard itself accepts the input from the voter and not the terminal. :)

Voting systems are a huge bag of worms, but I'm confident that they can be done right... maybe not in the foreseeable future, but someday. :)

-Lux

Re:There is no way to do it securily.

Is there a way that a voter could verify that the voting machine's software had not been tampered with?

Maybe not every voter would know the password, have the keycard, have the CD, or be able to read the hash on the receipt. But if any voter could do it, tampering with the machines would be more dangerous.

Re:There is no way to do it securily.

[DavidTC]

There's no way to present such a hash or prove the system is secure without, duh, using the system.

It is absolutely 100% flat out impossible for someone who does not have complete access to a box (including disassembling it and putting the HD in another box) to verify that someone hasn't tampered with it.

Of course, that's assuming that there was 'tampering' and not some sort of delibrate design flaw that would allow people with certain knowledge to untraceably abuse the machine. That would be the way to do it.

Printing human readable ballots is the only way to design a secure voting system, full stop. The put in their choices, it prints a ballot, and they either put it in the 'vote' box or the 'shred' box. If it was wrong, it's shredded, and they vote again. If it's right, that vote is the vote that's counted.

I'd like to see more than open-source

[roystgnr]

Because, needless to say, even if your election officials publish source code for voting software, it's still a bit tricky to be certain that said voting software is actually what's running on the voting machines.

I'd like to see a really verifiable election process; check out http://www.vreceipt.com/ for an example system, which makes it essentially impossible for anyone to change or not count your vote. (It doesn't seem to prevent votes from being added, but that's a much easier problem to solve in meatspace, just by making sure that the number of ballots a polling place's computer submits matches the number of people an observer saw entering the booths)

Some criticisms off base...

[SiliconEntity]

This is a good analysis, but I think a few of the criticisms are off base.

First, a number of the supposed weaknesses they present are not actually exploitable; all of the ones relating to the file systems on the voting machines, for example. They offer no proposals for how an attacker could get access to these file systems or alter the files. It's not like he can just stick in a floppy and get it to run his favorite hacking program. As long as these are closed systems running the designer's software, there is no need for file system protection.

Second, many of the smart-card related attacks present far-fetched scenarios for how a hypothetical attacker could discover the weakness. This is a common flaw among such analyses; working with 20-20 hindsight, the researchers attempt to put themselves in the shoes of an attacker who doesn't have access to the source code but who always guesses right about how things work. It is far-fetched at best to propose that someone could cut the cable to the smart card reader in the voting booth, install some kind of monitoring device, inspect the protocol between machine and card, and then go home and use the data to deduce how to manufacture forged cards. Yet that is exactly what the authors suggest.

In truth, the real weaknesses of the system are the implicit assumption that the source code would be kept secret. Security through obscurity works only as long as the obscurity is maintained. If the code is leaked or stolen, these assumptions are violated and the system becomes insecure.

In this context, then, the real question is whether this is a true and up to date representation of the code that is implemented in the machines. One question I had was if so, why they weren't able to validate any of their assumptions about how poll workers were trained to operate the machines by referring to training manuals or at least verbally contacting some workers. At this point it seems to be entirely hypothetical whether this code is actually being used in any current voting machines, and therefore whether the attacks presented would actually work in the field.

Re:Some criticisms off base...

[Convergence]

Even if the code were rewritten by by a dozen expert faculty members and PhD's, it would still be insecure. Any insider would still be able to throw an election. Sure, a member of the public might not have a copy of the source code to analyze, or might not be able to have direct filesystem access to the drive. However, what protections exist to prevent an insider who does have such access from commiting election fraud?

A system whose security perimeter is such that every insider is capable of breaking the overall system is still an insecure design.

Sure, they could fix all the bugs; this would prevent the public from trivially cheating, but it wouldn't keep insiders from cheating.

Re:Some criticisms off base...

[Sanction]

I think you are missing the point on attackers. The machines are stored somewhere, transported, set up, etc by people in a position to access the filesystem directly, and to monitor the machine/card interface. The people interested in voter fraud on a large enough scale to influence an election will have no trouble at all doing anything they wish to the hardware to find out how it works. Heck, they will probably just buy one to play with.

No encrytion used to smart card

[asmithmd1]

From the Johns Hopkins report

the
terminal sends a cleartext (i.e., unencrypted) 8-byte password to the card and, if the password is correct, the card believes that it is talking to a legitimate voting terminal. Unfortunately, this method of authentication is insecure: an attacker can easily learn the 8-byte password used to authenticate the terminal to the card (see Section 3.3), and thereby communicate with a legitimate smartcard using his own smartcard reader.
Furthermore, there is no authentication of the smartcard to the device. This means that nothing prevents an attacker from using his own homebrew smartcard in a voting terminal.

They use the security through marketing technique, "It uses smart cards it must be secure"

Not surprising, it is Diebold after all

[st0rmshad0w]

After over 5 years having to deal with Diebold in a variety of applications I'm not at all surprised. Every time I talk to their tech people they blame everything on the wiring. Sheesh.

Voting Machines = easy vote fraud.

[nlinecomputers]

Your joke made me laugh. But the sad thing is that it is the whole point of voting machines.

A paper ballot and a pen is the only form of ballot I trust. And if they don't count the ballots AT THE POLLING PLACE in plain view of the public BEFORE they ship them off to the court house you can't trust the result.

Paper ballot boxes get tampered with all the time. A machine that most people couldn't understand is NOT going to make voting less prone to fraud. If I can't take apart the machanical voting machine to see if it works correctly and I can't look at the code of a computer program and see if it works correctly then why SHOULD I trust it?

We allready had a major election full of obvious vote fraud(On both sides. Bush was just better at it THIS TIME. Gore was just as crooked just not as effective.) Voting machines are just one more way to cloud the issue. A voting shell game run by slick con men.

DEMAND paper ballots! Demand that votes be counted and posted AT THE POLL. Any thing else is a sham!

Re:Voting Machines = easy vote fraud.

[Sique]

A paper ballot and a pen is the only form of ballot I trust. And if they don't count the ballots AT THE POLLING PLACE in plain view of the public BEFORE they ship them off to the court house you can't trust the result.


Are you trying to tell me, that in the U.S. the votes don't get counted in the polling place for each voting district in the open public?

Silly me to think it would be a prerequisite for a democratic election to have a local public control how the votes are counted. But on the other hand: We surely have to learn from the U.S. how to screw up a simple thing like an election by trying to automatise everything.

Yes I know you can also screw up while trying to vote with paper and pen. That happens. If it happens to you just write on the paper "INVALID VOTE" after miscasting your vote or if you think your vote could be missinterpreted because you didn't know how to make a cross at the right place. At least you know it's only you who screwed up your vote.

Re:Voting Machines = easy vote fraud.

[drooling-dog]

I remember hearing shortly after the Florida fiasco that a truckload of ballots got "lost" overnight en route to a counting station only a few blocks away. Then, later on in the storm that ensued, no one talked about it anymore. Thereafter people (especially Republicans) talked about "hanging chads" as if the voters who cast "spoiled" ballots were stupid and thus not worthy of being counted. But this is just the kind of "spoiling" that can be accomplished long after the ballot is actually cast. I've always wondered what the statistics were on the ballots that didn't complete their quarter-mile journey until the next day...

Re:Voting Machines = easy vote fraud.

[Just+Some+Guy]

Demand that votes be counted and posted AT THE POLL.

One problem: record low voter turnout. Imagine that you're the only person who can be bothered to vote; do you really want the local election commission knowing how you voted?

OK, granted, that's a silly extreme. However, I live in a state with many counties with tiny populations. I can imagine that the local sheriff is also the election coordinator, and given twenty people in the town with 19 of them at the Blue Party fundraising picnic, I'd hate to have said sheriff know that I was the only one who voted for the Orange Party candidate. Throwing my vote in with the 500 others from the county seems to provide a better measure of anonymity, for better or for worse.

I'm a pretty staunch Republican in a predominantly Republican city. Still, I'd hate to be the sole Communist Party Of America or Green supporter in a small place and be afraid to vote because it could be traced back to me so easily.

Re:Voting Machines = easy vote fraud.

[c13v3rm0nk3y]

But this is just the kind of "spoiling" that can be accomplished long after the ballot is actually cast.

Furthermore, it is my understanding that the voting machines used can be set to either reject a vote if it is spoiled (and let the voter try again), or to silently eat it. One of the main criticisms of the the Florida debacle was that there is evidence that the machines in certain areas were tuned to silently eat marginal votes. In effect, some counties threw away votes, where others allowed the voter another chance.

Just as a digital system is no guarantee of voter security, it is obvious that the current system is also open to abuse. As you state, even the current voting system is vulnerable even if we are sure the votes are actually "good".

The difference is current systems have problems that are (probably) well-known. This new digital system looks like a recipe for disaster unless security and fail-over is built in from the start.

Re:Voting Machines = easy vote fraud.

Oh come on, it wasn't "hanging chads" that the Republicans had problems with, it was the inconsistent counting methods from county to county. The Democrats were also trying to count chads that had a mark or dimple, but otherwise intact. As an aside, did you see the story about Gore's lawyer being formally accused of ethics violations (July 19th, 2003 story)? Gore Lawyer Accused of Ethics Violations

Re:Voting Machines = easy vote fraud.

[SpryGuy]

That's not a problem. It would be one way to encourage higher voter turnout. The people who DO vote will want others to vote as well, so their individual vote isn't too obvious. They'll be more likely to remind friends and family members, as well as people they know won't vote exactly like them (for, after all, a unanimous vote would make it pretty obvious, right?)

Re:Voting Machines = easy vote fraud.

[SpryGuy]

I'm a pretty staunch Republican

I have to ask why?

Most of the time, when I ask why, people go on about smaller government or something. Yet under the last three Republican administrations, not only has government expanded grossly, but the deficit has balooned out of control. Under the last Democratic administration, the government actually shrank (in size and influence) and the budget was not only balanced, but a surplus was generated so that the massive debt could start to be paid down (thus relieving the cost of interest payments, thus eventually allowing the government to get to a place where taxes could be even lower).

So it seems that a libertairian-ish fiscal conservative shouldn't be voting Republican, because Republicans obviously cannot be trusted with this country's finances, and are obviously going completely power-hungry. I mean, just look at the Patriot Act and Patriot II, and imagine that kind of power being in, oh, say, Hilary Clinton's hands (or whatever other 'liberal' you despise and consider an enemy).

The funny thing is, Bush and his administration reprepresent almost exactly the opposite of what most of my Republican friends say they value. So why do they support him so blindly? I have no idea.

I personally don't understand how anyone with a brain can be a "Staunch Republican" myself, because I look at their platform, and all I see is a bunch of greedy power-hungry people trying to maintain their power while keeping everyone else down. The Republican motto seems to be "I've got mine! Fuck you!" It seems to demand maximum meddling in the life of the individual, while demanding almost no oversight or regulation of powerful corporations. It seems to want to destroy the separation of church and state, destroy public schooling, enforce arbitrary Christian doctrine in the courts and in law, and seems to be just generally very short-sighted and arrogant in its outlook and philosophy.

This is why I'm voting for Dean in 2004, and why I'm encouraging everyone I know. What's amazing to me is how many Republicans I know are considerign Dean. The fiscally responsible, moderate social policies and his position of putting the power into the hands of THE PEOPLE rather than the government or the corporations, really resonates with a lot of folks across the Political Spectrum.

Re:Voting Machines = easy vote fraud.

[Just+Some+Guy]

Yet under the last three Republican administrations, not only has government expanded grossly, but the deficit has balooned out of control. Under the last Democratic administration, the government actually shrank (in size and influence) and the budget was not only balanced, but a surplus was generated so that the massive debt could start to be paid down...

I could turn that around and say that under the last three Democratic congresses, not only has government expanded grossly... Under the last Republican congress, the government actually shrank...

At any rate, I don't know many people who blindly follow Bush. I think he's made a few bad decisions, but I believe in his overall direction.

I think that you're looking at Republican philosophy from a different angle than I am:

• We want to stay out of the lives of individuals as much as possible - even pro-life members (who see the issue as revolving around the right of the child to live, not the ability of government to oppress women, and don't let anyone tell you otherwise).
• We believe that some people do in fact have a bad lot in life, but that it is beyond the ability of the government to improve an individual's circumstances beyond temporarily keeping them from starving to death. I personally know homeless people who chose to be homeless because they dislike the responsibility of having to be at work every day to earn rent money. One of them is one of my best friends, going back to junior high, but I can't help him, and neither can the government.
• Corporations are, at the root of it, owned by people. Some Republicans (not necessarily me) believe that heavy regulation of corporations is tantamount to the unconstitutional restriction of individual rights. Look at it from this angle; what if you were the CEO or president of a large company. Wouldn't you want to do what you think is best for your business?
• Despite the media's cries, noone wants government to establish a state religion. We don't. Really. Neither do we want the government to restrict the free practice of individual religious beliefs just because a person happens to be inside a government-owned building.
• Destroy public schooling? The NEA's already done it! Fact: our public schools suck and something needs to be done. Fact: study after study after study refutes any link between money spent and learning. Fact: Federal oversight (Department of Education) has failed miserably. Republicans want to give individual parents the ability to send their kids to the school of their choice, just like wealthy people can do right now. We also want to get the Federal government out of the classroom so that teachers can actually teach and not worry about some arbitrary national agendas.

As far as the "anyone with a brain" comment, try this experiment: listen to a conservative debate a liberal on any arbitrary subject. Count how many times the conservative says "I think" versus the number of times a liberal says "I feel". Seriously, try it. It's interesting.

Basically, Republicans don't want to take from anybody else, and we don't want our stuff taken from us. That's it. We believe in personal responsibility and personal reward. Everything else pretty much boils down to that.

For a more in-depth (and much more entertaining) take on the subject, go out and buy one of Rush Limbaugh's books (from a used book store - then you won't be paying him or his publisher). Read some of it. See if it makes any sense to you. If so, then welcome to my world. If not, cool, at least you know why we think the way we do.

Re:Voting Machines = easy vote fraud.

[whatch+durrin]

Who the fuck cares?!

The parent wasn't trying to convince you to vote Republican, he was just trying to make his point about anonymous voting.

Take your campaigning somewhere else.

Re:Voting Machines = easy vote fraud.

I caught a study at one point (don't remember where or when), that tracked the state of the economy over all of the presidential terms. The study showed that the economy did best with a democratic president and republican congress. Close after that was a republican president and democratic congress. Far behind that was, democrat/democrat, followed closely by republican/republican.

In *ALL* cases, the economy did better during a term in which the president was not from the same party that controlled congress at the time, and the worst results were when we had republicans completely in control of the government. Oddly enough, the Clinton & GW terms did nothing to change the results of the study.

It might just be that when the Pres & Congress get along too well, there's nobody to hold back on the waste they both generate.

Re:Voting Machines = easy vote fraud.

[SpryGuy]

We want to stay out of the lives of individuals as much as possible

Uh, then why the support of sodomy laws? I think you have the right ideal here, but from all I've seen, the Republicans (especially those currently in power) have no such intentions. They want to enforce what people believe and how people behave. And don't forget Santorum's very strong remarks that not only is there no right to privacy (thank god the Supreme Court disagrees!) but that the government has an OBLIGATION to regulate what goes on in the privacy of people's bedrooms.

We believe that some people do in fact have a bad lot in life, but that it is beyond the ability of the government to improve an individual's circumstances beyond temporarily keeping them from starving to death.

That's a demonstrably false statement of course. I find most Republicans utterly fail to acknowledge the simple fact that many people are born or develop severe mental illnesses or physical disabilities, and that many times these people do not have families to fall back on. A social safety net is required in any sort of civilized society. Republicans seem to just want to put anyone who isn't perfect out on an ice-floe to die of neglect and starvation. How compassionate.

Corporations are, at the root of it, owned by people.

But alas the reality of history seems to show that huge corporations have no desire to take into account local populations or the 'little people' (even their own workers) when it comes to their chasing of the all mighty dollar. I'd rather there be some protections in there for the individual. Most Republicans seem to want corporations to be completely unfettered in their ability to destroy the lives of locals and workers in order to return the maximum profit to shareholders (which are by definition people already of wealthy means). It seems very, very regressive to me. A form of class warfare.

Despite the media's cries, noone wants government to establish a state religion.

Again, I think the evidence proves you wrong here. The right wing Christians are fully in control of this administration. You again but need to look to Santorum's statements that his particular religious dogma (against homosexuality and sodomy) be enshrined in federal law. Ditto Ridge's desire to enshrine his particular religion's idea about marraige (i.e. the anti-gay marraige constitutional amendment proposal). And look at all the right-wing christian judges Bush is trying to pack the court with... the ones that make the "ten commandments" judge in Alabama look like a pluralistic liberal.

"Destroy public schooling?"

Yes. The "No Child Left Behind" unfunded mandate is irreversably destroying Public Schooling in this country. And I feel it is by design, because examining the bill, no other outcome would be possible. And it dove-tails quite nicely with the Bush administration wanting vouchers to try and get tax-supoprted religious education going in this country. Or corporate-sponsored private schools. Either one scares the hell out of me, and should scare you as well.

Republicans don't want to take from anybody else

Another assertion unsupported by actual facts. And that was the basis of my entire previous message: that the IDEAL of "Republican" has been lost and is virtually nowhere to be seen in this current "Republican" administration. The libertarian, fiscal conseravtive, smaller-government sort of Republicanism doesn't seem to exist in the GOP right now. At all. Thought they're still trying to pretend it does to keep all the GOP faithful in line.

And do NOT suggest that idiot Rush Limbaugh. He's "for entertainment value only", IMHO. Any time he discusses a topic I have personal knowledge of, I hear him spewing completely twisted half-truths and outright lies. He is NOT one to get any information from, and I find him utterly and completely vile. I think you should pick up "Rush Limbaugh is a Big Fat Idiot" before you ever recommend that guy to anyone else. Because he's just plain *wrong*.

Re:Voting Machines = easy vote fraud.

We want to stay out of the lives of individuals as much as possible - even pro-life members (who see the issue as revolving around the right of the child to live,

Remember that after your wife is impregnated by ugly, fat, stupid, criminally insane, non-whateveryourraceis, fuckwits. Keep telling your wife that as she is reminded of the experience everyday for the rest of her life and especially during her labor pains while she squeezes the spawn of satan from between her thighs. Tell the kid that when he hits puberty and turns out like his genetic father and blows your head off so he can steal eighty dollars from your wallet to go buy some crack. You limbaugh-lovers need to get it through your heads that you have no right to enforce your outdated religious views on others. Keep your hands off our bodies!

Re:Voting Machines = easy vote fraud.

Your were the product of rape? Tough break, kid.

Re:Voting Machines = easy vote fraud.

[Firethorn]

Most of that identifies more closely with Libertine...

Re:Voting Machines = easy vote fraud.

Care to back up any of your OPINIONS with FACTS. You are just as bad as the guy you replied to. He was saying Republicans are for this and you are saying "Nuh-uh" and not giving any proof other than your "That's a demonstrably false statement" baloney.

And i wouldn't bring up anything Franken wrote to contradict Rush unless you are going for a fight extremism with IDIOTIC extremism angle. That guy is 100 times worse than Limbaugh (and that's pretty bad). Franken is beyond sane at this point he used to be funny but now he is just a sad nutcase.

Re:Voting Machines = easy vote fraud.

[Dun+Malg]

it is my understanding that the voting machines used can be set to either reject a vote if it is spoiled (and let the voter try again), or to silently eat it.

What? "Eat it" as in like "shred" or "destroy"? What kind of crap is that? What possible reason would there ever be for even making a ballot tabulation machine capable of destroying ballots? Where do you get your "understanding"? Got any links?

Re:Voting Machines = easy vote fraud.

No, the point was that using Rush to back your arguments is *exactly the same* as using Franken to back your arguments. Franken is no worse than Rush, on any level, period.

Re:Voting Machines = easy vote fraud.

You should check out this site, I think:

Republicans for Howard Dean

Re:Voting Machines = easy vote fraud.

[Just+Some+Guy]

There tends to be quite an overlap. I like a lot of the Libertarian platform, although they have a few positions I just can't get behind.

If we had a voting system, I would consider voting for Libertarian candidates if I could make my vote revert to a Republican candidate in the event that the Libertarian didn't win.

Re:Voting Machines = easy vote fraud.

[c13v3rm0nk3y]

What? "Eat it" as in like "shred" or "destroy"? What kind of crap is that? What possible reason would there ever be for even making a ballot tabulation machine capable of destroying ballots? Where do you get your "understanding"? Got any links?

• http://www.gregpalast.com/detail.cfm?artid=217&row =1
• http://www.commondreams.org/views/121400-108.htm

These are only a few references I've run across, but I'm most familiar with Palast's reporting of what happened in Florida (and perhaps other states). You can also try a Google search on "voting machines problems".

The implication is clear: some districts can adjust the voting machines so that more improperly marked votes can be considered spoiled, and are not counted. As in "destroyed". Other districts can set things up to give the voter another chance so that the vote is counted. The real crime appears to be that these districts can be sharply statistically defined in terms of race or party affiliation.

Re:Voting Machines = easy vote fraud.

You mean SCO's lawyer, as AFAIK he no longer represents Gore.

Re:Voting Machines = easy vote fraud.

[mink]

Franken is however better thn Rush L. on so many levels or at least he can make you laugh and maybe think, something I dont get from Rush L.

Re:No, the SC said that ...

[forel]

It's quite scary, I think, that this was modded "Insightful."

It's quite scary, also, that this is true. Though if I had been there, I would have had a good laugh at the SC saying that, because the idea is just so damn ridiculous. What's wrong with the citizenry questioning the legitimacy of the election? The people have a right to.

CERTIFY CERTIFY CERTIFY!

[blair1q]

Whoever bought this system is malfeasant.

It's clear no certification was done at all.

Unsafe Languages

[wackysootroom]

I read and enjoyed the paper, but I was disturbed by one thing. The author(s) kept bringing up the fact that the system was coded in C++ - an "unsafe" language, then suggested that the system should be written in Java or C#.

I've always thought that the only thing that made C++ "unsafe" was unsafe programming and design principles, something that, according to the paper, the Diebold system is littered with.

The bottom line is that the authors should not have bothered to evangelize Java and C# and instead focused more on how they could have made the C++ code "safe". If the primary flaw is design, then no language could save this code from the pits of insecurity.

DMCA in action!

[bigberk]

From the report:

A large amount of the other data made publicly available was protected by very weak compression/encryption software known as PKZip, which requires a password for access to the underlying work. PKZip passwords are relatively easy to avoid, and programs for locating passwords for PKZip files are readily available online. Moreover, passwords that others have located for these files have been freely available online for some time. Nonetheless, we decided to limit our research to only the files that were publicly available without any further effort, in part due to concerns about possible liability under the anti-circumvention provisions of the Digital Millennium Copyright Act.

Now that's kind of funny, isn't it? You have here a system which everyone agrees should be inherently secure. The developers use extremely weak (PKZip) passwords to protect some of their work, probably the more important components. Researchers can not break the password, however, because they will violate the DMCA.

On the other hand, criminals, terrorists, and anyone else who wants to corrupt the voting process can easily break the password and discover how to mess up the voting.

Now that's the DMCA in action, protecting your freedom! Oh yes, the DMCA is going to be just excellent for technology research and innovation.

No wonder Republicans keep "winning" elections!

No paper ballots. "Just push the button, and the smart computer man will tell us who won."

Hooray!

No win32?

[Koyaanisqatsi]

The voting machine, running Microsoft?s Windows CE operating system, is extremely easy to navigate

I would rather have an open-source app running on a open-source OS.

Wow.

[golrien]

That's less secure than the Slashdot poll system!

Do something about it!

[thinmac]

I just checked out the EFF's website, and they have a page where you can read a letter they've prepared about the security of electronic voting systems and the need for open source in that area, sign a copy electronically, and have it sent to your representative. Personally, I'm going to send paper copies, but I can damn well gauruntee that all my representatives in both the House and Senate will be getting copies.

The page is right here. Let the people who can make changes in this area know that this is important!

Re:Do something about it!

[aebrain]

As this post showed, there's an open source system running on an open-source OS, compiled by and open-source compiler, available on the web. That's already been used in government elections. I figure that if I keep on saying this, the message will get through.

Anything is insecure

"The people who CAST the votes decide NOTHING. The people who COUNT the votes decide EVERYTHING."

I beleive it was Stalin who said this.

Point is, even if EVERYTHING was SUPER SECURE, the human being who either develops the software, or reports the results is the WEAKEST link in the chain.

Liar, liar

As the media recounts showed, if all the counties were recounted by hand, according to existing Florida law, Gore won.

You have obviously never read Bush vs. Gore, but then again, why read when you can listen to the Savage Weiner?

Re:Liar, liar

Gore not only won a majority of the recount scenereos, he won EVERY scenereo where the "Will Of The People" was the primary consideration.

Just for the record.

Re:Liar, liar

[cheezedawg]

If its "just for the record", then at least get your facts right.

http://www.cnn.com/SPECIALS/2001/florida.ballots/s tories/main.html

Gore most definately did not win a "majority" of the recounts. In fact, he only won under one scenario, and that was if they counted every single "overvote" that included Gore as a vote for Gore. However, this is not a legal count under any interpretation of the law.

he won EVERY scenereo where the "Will Of The People" was the primary consideration.

I think you are confusing the "Will of Al Gore" with the will of the people.

Re:Liar, liar

The Will Of Half The People.

You might remember that the election was rather close, so half the people did vote for Bush.

(And I'm certain that all of us discussing this did indeed vote, as nobody who did not vote would dare complain.)

Re:Liar, liar

[aminorex]

What you say is true, as far as it goes, but it does not go far enough:

You discount the 54,000 people illegally prevented from voting.

Re:Liar, liar

[cheezedawg]

You discount the 54,000 people illegally prevented from voting.

Heh. Check out my other post in this thread. In short, there weren't 50,000+ people illegally prevented from voting.

Re:Liar, liar

Um, the only way Gore won was if they counted ballots with more than one vote as a vote for Gore, but those ballots were not legal votes. So according to existing Florida law, there was no way for Gore to win.

Re:Liar, liar

Uh, that article doesn't list all the recount scenereos used and the results of them. I assure you, Gore on the majority of the recount scenreos. This is on record.

Re:Liar, liar

Fewer than half intended to vote for Bush. More people intended to vote for Gore than for Bush.

And after three years of this yahoo in power, I'm sure many of those Bush voters are regretting it right now.

I'm voting ABB in 2004: Anyone But Bush. Because Bush has been the worst president this country has has in the last hundred years, easily. His lies make Clinton look like a fsking Boy Scout.

Re:Liar, liar

I just don't understand how people like you get so blinded by partisanship.

When Clinten was elected in 1992, conservatives couldnt believe it. They swore up and down that Clinton would be voted out in '96 because the public would realize what a huge mistake they had made. That didn't happen.

Now liberals can't believe that Bush was elected, so they are swearing up and down that he will be voted out in '04 because the public will realize what a huge mistake they made. I doubt that will happen either.

If you really think that Bush is the worst president that this country has had, take a step back and ask yourself why? Spiteful partisans like you are unable to think rationally anymore. Let me give a summary of what I think your arguments are and why they are invalid:

You think Bush cheated the election or that the supreme court just appointed him President, but everything he did during the election mess was according to existing law.

You think that Bush is stupid, but that just shows that you will buy into whatever the media tells you. Never mind that he got a graduate degree from Harvard and was a successful businessman (and no, his dad didn't help him graduate from Harvard- his dad was a Yale man)

You think that Bush ruined the economy, but the economy started its decline in mid 2000 (months before the election). In fact, Bush's first fiscal budget did not go into effect until the summer of 2001, and by that time we were officially in a recession (before Bush even had any influence on the economy)

You think that Bush sucks up to corporate scandals like Enron and Worldcom, but in reality all of those scandals predate Bush's presidency. Enron donated just as much money to the Democrats as they did to the republicans. And the democrats showed that they weren't much better with McAuliff and Global Crossing.

You think that Bush didn't do enough to prevent 9/11, but there were several attacks under Clinton's watch as well, and most of 9/11 was planned and prepared before Bush got into office as well. And don't forget that the Sudan offered Bin Laden to Clinton after we suspected Bin Laden in the bombings of the embassies in Africa and the first WTC bombinb, but Clinton didn't act on it.

You have read some FUD opinion piece about the PATRIOT act and you think it is destroying the American way of life, but you don't realize that everything that required a Judges approval before the PATRIOT act still requires it after, but the only difference is that some debilitating restrictions on law enforcement have been removed.

You blame Bush for the DMCA even though Clinton signed it into law, and the DMCA closes some pretty important loopholes in copyright law anyway

You think that Bush lied about Iraq and their weapons capabilities in his 14 month "rush" to war, but you don't realize that President Clinton made the exact same claims about Iraq throughout his presidency. In fact, 1998 presidential candidate John Kerry said that we should invade Iraq because of their WMD, but now he is critisizing Bush for doing just that.

You think its a big deal that Bush said that British intelligence thought that Saddam might be looking for Uranium in Africa during his State of the Union address, even though British intelligence still stands by that claim.

You think that Bush's tax cuts are only going to help the rich, but you fail to realize that you have to pay taxes in order to get tax relief. But Bush has been arguing to give the upcoming $400 child tax credit refunds to low income families that didn't even pay any taxes anyway because he wants to help them out.

How did I do?

Re:Liar, liar

[gaderson]

But, if you look through the Florida law on election results you will find that an "overvote" is perfectly valid (aka "Will Of The People.")
That's why all the Media reports said that Gore didn't win, because if you only look at the 'controversial' counties, and you don't follow Florida election law for overvotes he wouldn't get enough votes to win.
'Every scenereo' is counting the overvotes, which is the law. The Florida Election
Just think what would happen without a paper trail to give a real account.

Re:Liar, liar

Question- did you have a straight face when you posted a link to democrats.com to "prove" your point?

OH MY GOSH! GORE REALLY WON BY 46,446 VOTES!

Re:Liar, liar

Well, if we are allowed to post slanted, partisan articles, why not try this one on for size?

Re:Liar, liar

If it is "on record", then please provide some proof. And please note that links to democrats.com or bushsucks.org are not acceptable.

Diebold not secure...

diabolically?

*ba-dum ching!*

Belgium had a mysterious bit inversion...

[dglaude]

Belgium is having 43% of the population voting using computer (not at home) and magnetic card.
On 18 May 2003 we had a mysterious and spontaneous bit inversion on the vote result ElectronicVotingRandomSpontaneousBitInversion.
This problem was not explain by the code poor quality: AvailableVotingCode
Believe it or not, but maybe by cosmic ray did strike the counting computer during election day: RandomSpontaneousBitInversion.
I have documented and translated a few document in English for internationnal reader, you may want to check ElectronicVoting.
Belgian can get more information in french from VoteElectronique. or PourEva.
Trust me... never trust a computer or a computer expert for election result.

... allows the voter to cast unlimited votes

[fulldecent]

And this year's voting turnout is: 500%

For those of you who think e-voting is simple:

[bjtuna]

The author of this paper, Dr. Rubin, taught a class at Johns Hopkins University this past spring called Security and Privacy in Computing. I was lucky enough to be in this class. The semester-long project was to design and implement a prototype electronic voting system that solved the problem of "remote poll sites". Basically, the State of Washington had commissioned Dr. Rubin to deliver a system whereby a voter could cast his vote at ANY voting station in the state, and not have to go to his specific poll site. This sounded great: you wouldn't have to lose a day of work so you could vote at the local high school... you could vote at the little kiosk near your office.

Unfortunately the idea doesn't work. The reason is that you would need every kiosk (or polling station) to be connected to some sort of network in realtime in order to retrieve ballots, cast votes, and update voter status. The problem with this is that you have now created a network that is vulerable to DoS attacks. It wouldn't matter how you structured your network for performance... the minute someone snips a wire at any given kiosk, you have two choices:
1) make that kiosk unavailable for voting
2) still accept votes at that kiosk, but cast them provisionally.

#1 is dangerous because now I could cut the wires at EVERY kiosk I could find (or packet the network, or whatever) and bring the election to a halt.

#2 is dangerous because the more kiosks I bring down, the more ballots will be cast in which the voterID (which reveals his name, etc) is tied to the ballot. Loss of voter anonymity is unacceptable in American democracy.

So what happens if you just leave all the kiosks offline and give them all a copy of the master voter registration db? Now you've opened yourself up to voter fraud: you could go from kiosk to kiosk, casting multiple ballots as yourself. If you stuck with voter anonymity, and each of those ballots were cast anonymously, how would the final tallying system know that you cast duplicate ballots? How would it know which to throw out?

I'm told Dr. Rubin's grant from the State of Washington was eventually rescinded, I suspect because there's no good way to solve this problem, as well as a few others which I will not go into detail about here.

I have described this problem in the following other Slashdot posts:
http://slashdot.org/comments.pl?sid=61340&cid=5769 144

http://slashdot.org/comments.pl?sid=61875&cid=5801 851

Re:For those of you who think e-voting is simple:

[prizog]

Local storage on the kiosks should be encrypted with a public key, for which the corresponding private key is stored at the central server.

Re:For those of you who think e-voting is simple:

[bjtuna]

Local storage on the kiosks should be encrypted with a public key, for which the corresponding private key is stored at the central server.

That may be a good method of authentication and security but it does nothing to solve the problem I outline above, which has nothing to do with security and everything to do with privacy.

Re:For those of you who think e-voting is simple:

[prizog]

Actually, it does solve some of the privacy problems -- it means that, when the local machine is offline, nobody can gain access to anyone's vote. The only thing they can learn is that the person voted. Of course, the central server still knows who voted how. But the central server is run by the same people who run the local servers: the government. If the government wants to know how you voted, they'll just rig the local servers to store that data.

Re:For those of you who think e-voting is simple:

[dpuu]

So what happens if you just leave all the kiosks offline and give them all a copy of the master voter registration db? Now you've opened yourself up to voter fraud: you could go from kiosk to kiosk, casting multiple ballots as yourself

Seems to me that you'd solve this problem by pre-distributing some form of physical token that a voter uses to enable their vote to be cast. Ensure that the casting of the the vote and destruction of the token form an atomic operation. Want to be high tech? Use a smart card.

Re:For those of you who think e-voting is simple:

[bjtuna]

then you are trusting the distribution authority (government, probably) to destroy the association of token->voter after the tokens are distributed. This is no different than having the machines store an encrypted ballot and tie it to a token and have the tally function destroy the tokens after resolving duplicates.

Compare these trust issues with our current "only vote at your designated poll site" system. You simply can't vote twice right now, and thats the way it should stay.

Re:For those of you who think e-voting is simple:

[nial-in-a-box]

Why can't we just keep all the kiosks offline and then sync with the central database in a closed network or by CD at the end of election day? Sure, this requires votes being tagged with a voter ID, but if you simply use some sort of unique identifier, perhaps along the lines of a hash key, anonymity can be protected. There is no reason that the system should need to know any actual information about any particular voter. Therefore, someone can go and cast as many votes as they like all day (though this is obviously illegal) but only their first vote would be counted.

This system is essentially just as susceptible to violations of voter privacy as current systems, since there is no practical way to absolutely guarantee privacy with any of the current systems (as far as I know). I do agree that there are still issues with this system, but I do not agree that it is impossible. Voter registration could give voters a unique ID that is not used anywhere else but for one election. The real problem with this system is more overhead overall.

Not to bring in conspiracy theories, but why would politicians want to make it that much easier for people to vote? That means they have to work that much harder to make sure people are voting for them.

I believe that we will see more development along these lines, and there is potential for some sort of system to be used in the future. Based on voting related events in the past decade and the current state of computer security, however, I wouldn't expect anything like this any time soon.

Re:For those of you who think e-voting is simple:

[nial-in-a-box]

Talk of smart cards brings up another aspect to this: this system would be much more expensive to develop and maintain than our current system. Distributing smart cards and building, setting up, maintaining, and collecting kiosks would be extremely expensive (in local government terms), especially in the short term. Our current governments are not really looking for returns on investment many years down the road, and by the time the system may actually make sense financially, it will be time to upgrade and the cycle starts again. This is mainly speculation on my part, but from my experience with a county election department, the simplest things cost local governments a lot.

Re:For those of you who think e-voting is simple:

Surely point 2 is what happens whereever a paper ballot is cast. Basically a check is made during official counting to make sure people have not cast their vote more than once.

I fully appreciate the issues of e-voting but there are compromises already made in national elections so one should take those into account before saying it can't be done.

Many countries, such as the UK and New Zealand, also already compromise on voter anonymity. Legislation allows election officials to trace a fraudulent vote and remove it from the count.

Re:For those of you who think e-voting is simple:

[bjtuna]

urely point 2 is what happens whereever a paper ballot is cast. Basically a check is made during official counting to make sure people have not cast their vote more than once.

You are mistaken; that is not what happens at all. You can only cast your ballot at your local polling station because that is the only place that has your registration information. Once you register to vote at the desk, they mark you as "voted" and they won't let you come back. If you went to another polling station, they wouldn't have your registration information so you can't vote. One voter, one vote.

I fully appreciate the issues of e-voting but there are compromises already made in national elections so one should take those into account before saying it can't be done.

But evoting would only add new compromises without solving any of the old ones.

Many countries, such as the UK and New Zealand, also already compromise on voter anonymity. Legislation allows election officials to trace a fraudulent vote and remove it from the count.

Those countries are not the United States. There is a longstanding assumption that the concepts of liberty underlying the US Constitution include the right to a free, anonymous electoral process. I am truly sorry that such freedom does not exist in the UK or New Zealand.

Re:For those of you who think e-voting is simple:

[DavidTC]

When did 'network' become 'run over the internet'?

It's entirely possibly to design a network that cannot have DoS. The most obvous way is to not use the fucking internet.

Re:For those of you who think e-voting is simple:

[bjtuna]

When did 'network' become 'run over the internet'?

Don't ask ME... you're the one that said it, not me. I don't care if the network is public or private, they're both vulnerable to DoS attacks. Denial of Service could include someone snipping the wires, kicking out a power cord, climbing a telephone pole to fuck with the copper, or messing with a satellite dish.

I swear to god, Slashdot is just chock full of ... eh, I don't even wanna get started on it.

Re:For those of you who think e-voting is simple:

[DavidTC]

That is not a DoS, that's just an attack. If you call that a DoS, you have to start calling bank robberies DoS, or driving a truck into a polling place a DoS.

Maybe you should check the actual defination of 'denial of service'. To deny someone service, you have to leave the physical infastructure intact, and instead deny their ability to use the service over said equipment.

Usually this is done by denying them a usable network, but it could be stretched to include standing by a pay phone and airhorning everyone who tries to use it. It cannot be stretched to include 'breaking shit', that's just vandalism.

Re:For those of you who think e-voting is simple:

[Degrees]

Thanks for the post, it was good. For this:

So what happens if you just leave all the kiosks offline and give them all a copy of the master voter registration db? Now you've opened yourself up to voter fraud: you could go from kiosk to kiosk, casting multiple ballots as yourself.

I remember an image of the day at The Cellar Honduras prevents voting fraud which might solve this problem. Actually, the problem it solves occurs today in many elections. This biggest problem with it, the people who are going to whine about the mess. It will probably take a massive scandal before Joe Citizen would be willing to agree to this.

This explains the Republican congress and senate

[HanzoSan]

I thought it was kinda strange for republicans to have all these easy landslide victories suddenly.

Interesting.

What about post-election auditing?

[Angst+Badger]

When I was in the eighth grade, our computer teacher wrote a voting program in BASIC to run on our Apple IIs. One of my classmates exploited a security hole (okay, he pressed CTRL-C) in order to examine the source code. He found that our devious computer teacher had written the program so that a vote for Reagan counted as 1.5 votes, and a vote for, um, Mondale or whoever it was, counted as .5 votes.

So this raises the question -- what's to keep unscrupulous officials from rigging an electronic election? And equally importantly, what technologies and procedures are in place to detect vote fraud after the fact? Analog elections involve a fairly solid system of observers to prevent fraud. It's not perfect, but it usually works. In an electronic election, who will verify the validity of the code in the first place, and after the election, who will check each and every machine to make sure it hasn't been tampered with? I mention each and every machine because only one machine would be necessary to completely skew the numbers in any given precinct.

Re:What about post-election auditing?

So this raises the question -- what's to keep unscrupulous officials from rigging an electronic election?

People who who get suspicious when a sum of integers ends in a fraction.

Download the code

[utunga]

This is the same software that was actually used in the 2002 Georgia elections.

With suggestions, post Florida 2000, to further expand the roll of electronic voting in the next presidential election, this could be an issue of some concern. You can download the source code ('borrowed' from an ftp server left accidentally open by Diebold) and decide for yourself.

Re:Download the code

[utunga]

OK lame to reply to my own post.. but...

Apparently, a last minute flood of absentee military votes was enough to flip the Florida result in Bushs favor (I mean, all other fraud known and not know notwithstanding).

Seems to me if they do implement this 'vote electronically and transmit over the internet' system the it might be the vote riggers idea of an ideal voting system. Note espeically that unlike other attempts to compromise voting this system is not limited to one-state-at-at-a-time type attacks, just compromise it once (OK so you have to be an insider, say at the Pentagon) then inject votes, almost impercitbly to tip the scales of the election in only the key states.

I'm not saying this happened last time in Florida, but we better watch out in case it happens next time, because if that happens, bye bye Constitional Democracy.

Not sure if military types (being mostly poor and black, but carrying guns) tend to vote mostly republicrat or demicon.

Re:Download the code

[shaldannon]

I think the critters you're looking for are rebumblican and dummocrat.

the insecure code

[Frymaster]

the code line that was regarded as insecure:

if(bush)
bush++;
else
bush++;

Re:the insecure code

[FryGuy1013]

really, the following would be almost as effective:

if (bush)
bush++;

Re:the insecure code

if (bush); // The extra semi is needed!
bush++;

Re:the insecure code

[_xeno_]

But the keyword there is almost.

Since I'd assume that at the beginning, bush=0; So effectively, you wrote:

if (bush > 0) {
/* */ bush++;
} else {
/* */ // Do nothing
}

Meaning that using your system, Bush would lose every election with 0 votes. (The /* */ were used as indentation because Slashcode removes added space (even in <ecode>).)

However, in the other system, every time a vote was counted (I guess), then bush would gain a vote. And based on the original code, I'd guess everyone else would too.

I think what the original poster wanted something like:

if (votedForBush()) {
/* */ bushVotes++;
} else if (votedForGore()) {
/* */ bushVotes++;
/* */ if (bushVote % 5 == 0) {
/* */ /* */ goreVotes++; // throw him a bone occasionally
/* */ }
} // third parties would require effort, and no one votes for them anyway

Er, anyway... sorry, I was bored.

Re:the insecure code

[pseudoelfling]

The convenient part is that this code is reusable for any election where a member of the Family is running.

MOD PARENT UP

[StalinJoe]

Do you mean to say that you think that all of the flaws were mistakes?

I fully expect that some of them were intended as 'features' that would only be available to a select few.

If the devices aren't fully open, don't trust them.
If the devices are fully open, don't trust them.


This is a particularly insightful comment!

It is impossible for a vendor to be unbiased, one way or the other!

Perhaps a better system would entail three or more separate voting machines, provided and linked by different vendors. No vote would be submitted until the voting results on all three voting machines matched; from that point any discrepancies have an actual chance of receiving attention.

What am I saying? Accurate vote counting leads to silly things like popular people being elected, not the most competant, like me!

And it runs on what OS?

[TheCeltic]

It runs on Windows.. another secure choice. Guess they have a long way to go.

Sampling?

[dapuk]

Assuming that the full list is available, "untampered", it may be possible to take a sample, and confirm all details, address, contact to confirm the vote cast...

If too many inconsistencies are found, detection of rigging would hopefully be easier...

Of course, this opens up even more problems - the list taken could be fixed, the persons doing the confirmations could be bribed/... etc.

Why hasn't Diebold filed for an injunction yet

[maverickbna]

Why did this paper get published, when Diebold could have filed for an injunction under the DMCA, preventing people from finding out that their system is insecure? :/

Important voting system Q&A:

[Featureless]

Q: But this is America - who would dare rig an election here?

A: The first person that thought they could get away with it.

Dems should love that!

[jav1231]

They won't have to rely on registering the dead to vote anymore! JAV

Hilariously bad.

[Bowie+J.+Poag]

Makes you wonder why they don't use ATMs as a blueprint for voting systems.

Does a voting system *really* need Windows 2000 as a base? Or any version of Windows, for that matter?

Hell, *DOS* is an overkill for this sort of application.

Re:*sigh* -- Voting system written in India?

[Bowie+J.+Poag]

Thats what you get when you outsource a $4/hr coder from a country that cant keep it's lights on. :)

Tempest in a Tea Kettle

[wdtj]

...voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal.

As an election judge for 15 years, I know of no machine that can, or that we want to do this. To do such requires that a ballot be uniquely identifiable. Not what you want in an election tabulator.

Catching multiple vote fraud is the responsibility of the Election Judges and we have multiple crosschecks and verifications to prevent this.

Sounds like some politician wants to buy machines from another company, maybe one who owes him/her some money...

Re:Tempest in a Tea Kettle

What multiple crosschecks and verifications? Please explain these multiple crosschecks and verifications and how they would avoid the undetectable multiple voting possible with the Diebold machines.

Your appeal to your vast experience as an election judge hardly restores my confidence in a system which has been conclusively demonstrated to be vulnerable to the simplest forms of fraud.

Re:Tempest in a Tea Kettle

[DavidTC]

That doesn't make any fucking sense at all.

It's trivially easy to allow people to only vote once, and it doesn't require anything at all.

All you do is give the poor slobs sitting behind a table a row of buttons, one for each booth, to reset them. Someone walks in, they get one vote, machine stops working until it's reset by the guy behind the table who IDs the people, presumably when he assigns them a booth.

What kind of stupid election judge can't figure this out?

How much?

[Skord]

Seriously, how much money does slashdot get for every NYT signup? &partner=GOOGLE, yes, I know, but It's getting rediculous. I'll just have to be one of the millions who don't actually read the article and post anyway.

That's meritocracy for ya!

Next we'll hear from you social darwinists why nepotism is actually a good thing. Why just look at the wonderful policy-making coming out of the FCC lately!

Re:That's meritocracy for ya!

[spoonyfork]

Next we'll hear from you social darwinists why nepotism is actually a good thing. Why just look at the wonderful policy-making coming out of the FCC lately!

YHBT HAND aside, you bring up a valid point but I think you missed one of mine. I'll bold it this time: for potentially equally qualified applicants having someone on your side on the inside counts for an awful lot. I'm talking about people who otherwise are already technically equal. Those with social networking skills stand out. What, among other things, do you think makes a good leader? Meritocracy yes, with a social structure.

I would be very surprised if you've ever been on the other side of the interview desk with the responsibility of finding talent to fill a position. Lots of things come into play and if someone that has credibility with you vouches for someone among a group of candidates, that makes them stand out. Call it what you want but human social organizations have been doing this for quite a while now mostly because there is value in it.

Don't whine under anonymity because you have the skillz for the job but can't break into the cliques, circles, and families of those who can Get Things Done. Do something about it.

Re:That's meritocracy for ya!

Yup, I've been on the other side and, in fact, do manage staff. I still find the acceptance of nepotism and insider 'ol-boy-network dealings a drain on efficency, both in the office and across the economy as a whole. To consider this not only normal, but good, goes against my sense of ethics and morality. And in no way does it promote meritocracy.

Re:That's meritocracy for ya!

[spoonyfork]

For some reason you and others missed a large half of my point... for equally qualified applicants. Our company needs leaders at all levels. I see networking as a large part of leadership. I find it neither unethical or immoral and it does promote meritocracy. It isn't "who you know not what you know" but "what you know and who you know". Best of luck to those that think otherwise.

Diebold software

I found the Diebold voting machine software here.
http://users.actrix.co.nz/dolly/

Guh'mint Of The Month Club

[MsGeek]

Not if Italy is anything to judge by. You just get the Government of the Month club. France isn't much better.

Guess what, folks...California is next to join the Government of the Month Club if the recall measure goes through. The Republicans jam through a recall and get one of theirs to replace Davis. Next, the Democrats start a recall drive the next day and get enough signatures from fed up Dems to recall the new guy. The recall petition has enough signatures, the vote to recall is called, the measure passes, the Dems get one of theirs in the Governor's office. Which pisses off the GOP and they start collecting signatures the next day. Lather, rinse, repeat. Welcome to suburban Roma.

The magic solution to electronic voting

[GreenCrackBaby]

Since there are so many problems relating to manual voting (dangling chad anyone), and so many security risks (real or perceived) with voting systems like the one mentioned in the article, why not combine both to achieve the best of both worlds while getting rid of the worst of both worlds...

Use an electronic machine to record your vote. You can have fancy GUI screen that display all the choices a voter has made, confirmation screens ("are you sure these are your correct chocies"), etc. When the voter is happy with their votes, they press a button and out pops a voting card with their choices filled in. Take the card and pop it in the voting box as is normal now. No ambiguous half-filled circles, no dangling chads, no worrying that data in the machine will be lost or untracable.

Re:The magic solution to electronic voting

[tsg]

Take the card and pop it in the voting box as is normal now. No ambiguous half-filled circles, no dangling chads, no worrying that data in the machine will be lost or untracable.

Just the worry that the voting box will be tampered with or "lost", the machines or people that count the votes will be tampered with or any of a number of ways to commit fraud with paper ballots.

The fundamental flaw in any voting system (electronic, mechanical, paper or smoke signals) which relies on a secret ballot is that the voter has no way of verifying the reported results actually count his vote. Even if you mail him a piece of paper then next day indicating how he voted, he can't verify the total is correct without knowing how everyone else voted, too.

If you assigned everyone a one-time voter number (which changes with every vote) that cannot be used to identify the voter and publish each number / vote pair in the newspaper the next day, you might have a shot at maintaining anonymity and verifiability. It would also make the security of the voting system itself less important since the results could be verified and indiscrepancies caught.

[ObTroll] Of course, this is all assuming that voting actually matters [d&r].

Re:The magic solution to electronic voting

[DavidTC]

The problem is that if everyone has a one time number, either you're hooking them up with IDs, or you're not.

If you hook them up with IDs, their vote can be tracked.

If you don't do that, then there's a blatantly obvious method of election fraud...just add more votes. Everyone will see their number, and it's all fine.

Note to mention assigning a number, anbd publishing how that number voted, allows election buying, so it's probably best to scrap that idea right now.

Re:The magic solution to electronic voting

[tsg]

If the voter is the only one who knows his number, it can't be tracked. The only purpose of the number is to allow the voter to verify his vote was counted correctly. Nobody else need know it. Have a sticker with two copies of the number, drawn at random. He puts one copy on his ballot before he places it in a sealed box, the other in his pocket and lets no one else see the number.

As for just adding more votes, if everyone can verify their vote is correct and that the total adds up to what was reported, then it's just a matter of making sure the number of votes is less than the number of registered voters. Except in very close elections, you would have to add a bunch more votes to make a difference. Keep in mind, the system we have now doesn't disallow adding more votes either. This would at least allow people to verify their vote was counted correctly.

You do have a point with election buying. But if buying votes is illegal, then the candidate buying the votes opens himself up to criminal risks by offering to buy votes. The risk is proportional to how many votes he needs to buy to win the election. If he doesn't need many votes, it probably isn't worth the risk. If he needs a lot, the risk is much higher that someone will turn him in.

It's not a complete solution. But as it is now, the only person who knows how he voted is the voter and he has no way of telling his vote was counted correctly. There are no checks on the vote counters whether they be machines or people. Solve that problem, and the issue of how the votes get counted becomes much simpler.

Re:The magic solution to electronic voting

[DavidTC]

If the voter is the only one who knows his number, it can't be tracked. The only purpose of the number is to allow the voter to verify his vote was counted correctly. Nobody else need know it. Have a sticker with two copies of the number, drawn at random. He puts one copy on his ballot before he places it in a sealed box, the other in his pocket and lets no one else see the number.

Tht allows vote buying/vote extortion. All they have to do is ask/demand to see your number.

As for just adding more votes, if everyone can verify their vote is correct and that the total adds up to what was reported, then it's just a matter of making sure the number of votes is less than the number of registered voters. Except in very close elections, you would have to add a bunch more votes to make a difference. Keep in mind, the system we have now doesn't disallow adding more votes either. This would at least allow people to verify their vote was counted correctly.

That doesn't make any sense. You want everyone to read the list and push a button if their vote showed up? well, find, but all you've done is delay the issue...either their 'that's my vote' is matched up with their vote, in which case you're just managed to make it non-anoynous, or it isn't, and there's no reason someone can't sit there and say 'that's my vote' fifty times. Actually, there's no reason they couldn't do that if it wasn't anonymous, either.

In short, that doesn't accomplish anything. People will just verify the extra votes.

You do have a point with election buying. But if buying votes is illegal, then the candidate buying the votes opens himself up to criminal risks by offering to buy votes. The risk is proportional to how many votes he needs to buy to win the election. If he doesn't need many votes, it probably isn't worth the risk. If he needs a lot, the risk is much higher that someone will turn him in.

That's why vote extortion is so popular. Just blackmail/threaten people into voting for you.

It's not a complete solution. But as it is now, the only person who knows how he voted is the voter and he has no way of telling his vote was counted correctly. There are no checks on the vote counters whether they be machines or people. Solve that problem, and the issue of how the votes get counted becomes much simpler.

There is, however, physical security, and that seems to work fairly well. They lock down the unvoted ballots, so it's hard to fake them, and they put the box in plain sight so it's hard to submit more than one, even assuming you managed to get extra blanks. Later, they have a lot of people watching to make sure that extra ballots don't get slipped in later, and they count the ballots from each district as soon as possible, after which it basically becomes impossible to add more.

Compare that with electronic systems, where there's no security at all...it's a blackbox system that get randomly modified beforehand, there's nothing to prevent a delibrate or accidental flaw from being used to vote more than once, and, worse of all, said vote completely vanishes from view from when it's entered to when it's counted, and votes can vanish or appear during that time and there's no way to find out. (Well, as you point out, you can come up with a system for checking if they vanish, which no system actually does, but it's impossible to check if they appear.)

Basically, physical vote security depends on the concept that all workers in a district, or all workers in a vote counting place, or whereever, will not be corrupt, or at least not corrupt in the same way,and hence they will all watch each other to make sure everything's running correctly. Electronic vote security has none of that, there are quite a few places where a single person could alter the vote.

Re:The magic solution to electronic voting

[tsg]

That doesn't make any sense. You want everyone to read the list and push a button if their vote showed up? well, find, but all you've done is delay the issue...either their 'that's my vote' is matched up with their vote, in which case you're just managed to make it non-anoynous, or it isn't, and there's no reason someone can't sit there and say 'that's my vote' fifty times. Actually, there's no reason they couldn't do that if it wasn't anonymous, either.

If Joe Smith read in the newspaper (or however it's published) that his vote was counted correctly, he need do nothing more. He doesn't have to tell anybody that it's right. He doesn't even have to tell anybody if it's wrong unless he decides to. The only purpose to publishing the vote is so the voter can verify it was counted correctly.

My point is, the voter must trust that the system is working correctly (mechanical, electronic or paper). He has no way to verify the process was correct. By allowing him to verify that a) his vote was registered correctly and b) the number of votes cast for each candidate add up to the reported totals, he no longer has to have blind faith in the security of the system. It also makes it much easier to detect errors / fraud when the outputs of the system are verifiable with the inputs.

It also does not rely on every voter checking his vote. Providing enough people check, the public can be reasonably confident in the outcome. The more errors there are in the outcome, the fewer the number of people required to catch them. The fewer the errors, the more people required to catch them, but the less damage they can do. And the more wrong votes that are reported, the more people will check.

I'm also not suggesting this as a replacement for physical security, but it does go a long way towards making sure the security is working.

Online Petition re: Computers/2004 Elections

[weetjerm]

ActForChange Petition: Stop the Florida-tion of the 2004 Election

Sponsored by Martin Luther King III and Greg Palast (author of "The Best Democracy Money Can Buy") this petition calls for a halt to computerizing the elctions until the process is shown to be resistant to manipulation, fraud, and racial bias.

Read some of Palast's book (pertinent chapters available on his website) for the hardest-hitting investigation into the 2000 Florida elections. Quite the eye opener as to how corrupt the system, irregardless of who won, actually is. The most shocking part, however, is that the main stream press, still to this day, has never picked up on any of his findings.

Us voters, Republican, Democrat or otherwise, have a responsibilty to see that our democratic process is never again misused so horribly.

Why vote for the lesser of two evils...

Vote Nixon's head in 2004!!

Quite the opposite

[coyote-san]

That's not the case at all. If anything, the opposite seems to be true locally. (Local circumstances vary, etc.) The people with experience are getting shut out, but if you have just a bit of experience with exactly the tools that they are using, you're in.

The problem is that you aren't hired by the CEO or Board of Directors, people who put the needs of the business first. You're hired by somebody who may have only been working a few years himself when he was named manager of those 21-day wonders, and one of us coming in with a solid education and a decade of diverse experience will put his job in jeopardy. These people are usually (not always) going to go with the guy who's not threatening, not the guy who can stop the company from running off a cliff.

Election-Stealing HOWTO

[ewhac]

Another bunch of guys who cobbled together a report on Diebold's laughable voting machines is available here, complete with plenty of screen shots.

Schwab

Everyone's Best Interest Coincides

[devnull17]

I'd think it would be in Diebold's best interest to get these problems corrected ASAP. If vulnerable machines are deployed in elections, someone will exploit them. The stakes in a major political election are so high that the flaws will attract enormous quantities of attention from those with less-than-morally-upstanding intentions.

What I haven't seen mentioned in this discussion yet is that many, many media organizations conduct very accurate exit polls on election days. If there is a sudden inconsistency in vote counts, it will be noticed, and it will be investigated. By the next evening, everyone in America who owns a TV will realize what's going on. I'd imagine that this would induce a bit of an uproar among the populace, and any confidence that people have in electronic voting would vanish immediately. The whole nation would immedately regress to punch-card voting, and would most likely remain there for years to come.

Which would make it kind of hard for Diebold to sell electronic voting machines.

have you read Bush vs. Gore, that's what it said

Sounds crazy, but it's true. Read the decision for yourself, the poster is accurately describing the ruling.

openbsd

Give the openbsd team ( or just theo )BIG BUCKS to make this system for you guys.

Re:openbsd

or actually make some code that doesnt have buffer overflows.. its not that hard if you audit your code and have it peer-reviewed.

There is nothing magical about Theo or OpenBSD. They simply watch what they're doing when they code.

Follow the money...

[kobotronic]

Find out who put these clowns in charge of voting. No big surprises there, as corrupt as everything else republicans come near. Perhaps you'd be surprised to learn that some western countries insist that the essential democratic act of voting and having the votes counted fairly, are sacred enough that they should NOT be turned over to some shady private organization such as Diebold, accountable not to the general public but heavily influenced by neocon money. The United States is now a banana republic. All votes processed by the inbred brother in law of El Presidente - how can it possibly go wrong?

If I were designing a voting machine

[imadork]

I'd put in all the whiz-bang effects that seem to be pervasive in voting machines nowadays -- electronic touch screens, review of your votes before they are committed, heck, it can even sing and dance for all I care.

But when the voter says that he or she is done voting and pulls the lever (there needs to be a lever for the curtain, since we have a secret ballot), the voting machine spits out a punch card with all the choices neatly punched by computer, which you physically put in the box. Or, it keeps a paper tape tally of each person's votes inside the machine.

You get just as much security as the current system (it really is just the current system, with a different front-end), and virtually eliminate the "hanging chad" problem. The different front-end will reduce voter confusion also (as long as it's well deisgned), and eliminate the "I couldn't understand the ballot" problem.

You'd still have the human element in keeping the integrity of the ballot boxes, and human beings will still be checking the lists to make sure someone isn't listed twice, but I view this as a good thing. Widespread human involvement on a local level is much to hard to hack on a large scale... you might be able to control a district or two, but it would take a lot of work to fix the election of an entire state. If voting machines become pervasive without a human element to check them, then a single flaw could affect every district that uses that particular machine at the same time.... now, that's the way to fix an election!

Re:If I were designing a voting machine

[DavidTC]

Every single person who thinks about this problem more than three minutes, and knows the slightest bit about computers, comes up with exactly this idea. (Although it shouldn't be a punch card...machines can quite easily read machine printed text nowadays.)

The fact it hasn't been implimented shows one of three things: People deciding on the system haven't thought three minutes about it, people deciding on the systemdon't know anything about computers, or people deciding on the system don't want a system that can't be tampered with.

Those are your choices: stupid people, ignorant people, or villians.

Re:If I were designing a voting machine

[surprise_audit]

and human beings will still be checking the lists to make sure someone isn't listed twice

Suppose that every registered voter was sent some kind of token - maybe just a card with some kind of checksummed voter id, maybe something more high-tech, whatever. As each voter enters the voting station, s/he "swipes" the token through a counter, or feeds it into a slot, then is given the ballot card. While s/he does whatever is necessary in the voting booth, somewhere highly visible, a big counter goes 'Ka-ching!', noting that another voter entered the station. At intervals during the day, the number of ballots actually cast is also published.

What this would achieve would be:

1) It would make it difficult for anyone to 'stuff' the ballot boxes.
2) if a truckload of boxes disappeared on their way to the count, it would be obvious
3) The voter count ought not to exceed the number of registered voters
4) Slashdot geeks all over the country would run to the polls to be the First Vote :).

Once the polls close and the count starts, everyone would know exactly how many ballots were cast, so the counters would have to make darned sure the piles of ballots for each candidate, plus the spoiled ballots, added up to that number.

This wouldn't stop votes being altered, nor would it stop someone voting multiple times using tokens forged, bought or stolen from other people, but it would be more difficult, especially if scrutineers from each party kept watch over the voter count.

Note that this is just a count of the voters, not a running tally of how they vote. Even the regularly published ballot count would be just that, a count of the ballots cast, irregardless of being correctly completed.

Re:If I were designing a voting machine

[imadork]

I think adding any sort of token to the voting process just complicates it. Votes are supposed to be specific to a person, not specific to a token representing a person.

As you mention, it will create a new problem of tokens being stolen, sold, or otherwise separated from the person who the token was intended for. Should that person be barred from voting because they lost the token? Clearly, not. So now, you still have the process of manually verifying the person's eligibility, while adding the additional problem of trying to make sure the invalid token isn't used.

Keep in mind also that the notion of a secret ballot might preclude keeping track of the votes cast under a particular token, since that could be traced back to the voter. So if you were hunting for a invalid token, the best you could do is try to stop the person with the token from voting. If the loss is reported after the invalid vote is cast, there's likely not a thing that can be done about it.

Understandable, however,

[infonography]

Of the people I worked for in the tech industry half have changed Companies or even States three or four times in the last three years. I have good solid Refs but their contact info often goes bad in a New York Minute. Even the Managers and HR staffers vanish overnight. The turnover rate of the industry clouds the good and bad alike. Then who do you have to rely on for intel about the prospect? The Commissioned Recruiter?

You want coders, your best bet is to hire an coding shop like mine. They take the job, not some clown off the street. Sure they charge a bit more but they deal with the HR and timetables. Who does the job is handled by the shop not your staff. Your hiring a department not a coder.

You want it cheap, roll the dice like the rest of us.

Scrutineers

[Admiral+Burrito]

And if they don't count the ballots AT THE POLLING PLACE in plain view of the public BEFORE they ship them off to the court house you can't trust the result.

Here in Canada (and probably most other democracies) we have "scrutineers" so the general public doesn't have to worry about that. Each candidate sends a representative to each polling station to observe and make sure things are handled properly. It is in the candidate's best interests to make sure the other guy doesn't get any unfair advantage, so as long as there is more than one scrutineer and they aren't colluding (which is less likely the more scutineers there are) the system is secure.

Scrutineers are very effective with paper ballots, but only with paper ballots. They are not equipped to verify an electronic voting system. So yeah, demand paper ballots. Anyone promoting electronic voting is promoting the neutralization of a very important election security mechanism.

Re:Scrutineers

[lucifuge31337]

I don't know if it's just the county I'm in, the state, or the whole US, but we have the same thing. They're called "poll watchers".

Ballot Boxes in the San Francisco Bay, 2002

[decapentaplegic]

DEMAND paper ballots! Demand that votes be counted and posted AT THE POLL

I wish I could disagree with this. But elections here in San Francisco are so "irregular" that it doesn't even phase us when pieces of ballot boxes start washing ashore.

http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2 002/01/07/MN185094.DTL

Electronic voting not gonna do squat.

[RoadWarriorX]

Think about this:

The thousands of people in Florida who cannot stick a stupid pin in a piece of perferated cardboard is the most likely the same group of people who cannot use a computer.

We are so screwed.

"As far as you know" not very far...

[Pac]

The latest and greatest voting software is based on Windows CE. The code is closed and the cryptographic layer is even more closed (the main software is developed by whoever win the bid, the crypto is added by the Court later). I should know, I managed a team that lost the bid for 2000. The lead developer then led the team that won the 2020 bid.

And what little evaluation was done has not been considered enough by experts to date. The security of the little beasts is probably good, but no one has ever been able to certificate that beyond reasonable doubt.

But then again, yes, they are amazingly efficient and we Brazilians laughed a lot during the Florida fiasco...

In Maryland You can Register Your Dog To Vote

[mcwop]

It happened

See Here

Re:DMCA in action! (related side note)

AC, I know, I know.

I thought of a very interesting consequence of the DMCA recently that I haven't seen mentioned anywhere else. The DMCA can actually be used against itself.

Okay, follow me here. It's no crime to create a word processor that looks exactly like Microsoft Word, as long as it has all things Microsoft removed from it. So let's just say that I hacked out the word Microsoft from the binary, and put in Cardshark instead, making it Cardshark Wordmaker.

Now I encrypt the binary, and add a decryptor at run-time to load it into memory. Now I start selling pirated versions of Word. The only way for Microsoft to prove that it's a pirated Word is by circumventing my copyright device.

Obviously this is example has holes in it, but consider a similar situation where only a small amount of code was stolen, rather than a whole application. How can legitimate software companies be sure no one is stealing their work, without running afoul of the DMCA? You would have to break the law to prove someone else was breaking the law.

Reminded me of something...

[^Case^]

This whole thing is wildly inaccurate. Rounding errors, ballot stuffers, dynamic IPs, firewalls. If you're using these numbers to do anything important, you're insane.

At least...

[Pac]

At least this way our presidents are not elected by 20% of the population...

(In the end, I agree with you that mandatory voting is dumb - but it is one of our smallest problems)

Re:At least...

[Sylver+Dragon]

In the end, I agree with you that mandatory voting is dumb - but it is one of our smallest problems

I don't think I would mind mandatory voting, if, and only if, we had a "no confidence" vote on the ballot. Such that, if you didn't like any of the choices presented to you, you could vote to have a whole new slate of candidates put up(e.g. if the "no confidence" choice won, all of the parties have to put up new people and we try again.) God knows I would have voted that way back in 2000.

Re:At least...

[John+Harrison]

I actually am fascinated by Brazillian elections. The nightly hour of bad TV and the enormous amounts of trash in the streets are so different from what I am used to.

Re:At least...

[Pac]

It was even funnier in the past. Up to 1984, during the military dictatorship* , TV could only show a small, black and white, static picture accompanied by a short phrase. You would see and hear the most funny things...

* Yes, we had a military dictatorship with regular elections - obviously there were rules that made the government win almost every time and there were also laws available for the generals to revoke the mandate of a Representative or Senator they really didn't want there...

Re:At least...

[ebh]

Would that be the American commuter lifestyle, which is a nightly hour of bad streets and then enormous amounts of trash on TV?

(Disclaimer: I am an American commuter.)

Re:At least...

That's what the "branco" button does. branco=blank, or not candidate.

Re:At least...

I don't think I would mind mandatory voting, if, and only if, we had a "no confidence" vote on the ballot. Such that, if you didn't like any of the choices presented to you, you could vote to have a whole new slate of candidates put up

well, at least in the US, I'd be willing to wager that "no confidence" would win every Presidential election, and at least a third of the senate and house races. Talk about a recipie for disaster...it'd a perpetual campaign with whoever happened to be Pres last running the country. GWB could end up president for life by default.

double*sigh*

what is the saying about lies?

You do realize those figures do not count everyone out of a job, don't you? If memory serves, this only includes people actively involved with the dept. of labor.

Re:double*sigh*

what is the saying about lies?

Ah, yes. We should just keep on with the discussion without any sort of evidence. Baseless, specious arguments are the best!

If memory serves, this only includes people actively involved with the dept. of labor.

Your memory serves incorrectly. They use statistical phone surveys. But I'm sure you'll decredit them because they are based on statistics! Lies! All lies!

Now go put on your tin-foil hat, troll.

A little worse

[Pac]

But the software code (of a brazilian company) is closed source

Actually, you should say "the software code (of many companies)...". Each bid winner has used a different system and a different codebase. The Court is slowly replacing older machines, but in 2002, for instance, machines from 1996 running a flavour of DOS were still used. And not all winners were Brazilian companies. The 2002 machines and software were made by Unisys.

How Diebold's machine works

I've had the "privelege" of snarfing down the CVS archive that this analysis is from.

After running doxygen -- a kickass source analysis tool, by the way, if you have it document everything -- I poked around for a while.

1. The ballot station is a WinCE touchscreen doohikey with a smartcard reader and some type of secured (physically, anyway) storage.

2. The station is turned on and reads config information from the storage (who/what's on the ballot, etc).

3. The election is started by an administrator

4. Voter walks up, voter puts in smartcard, voter vots.

5. Vote is recorded on the media. An "audit trail" is, too, but it's just another file on the same
disk with the same information.

6. Voter's smartcard is marked as "used" and ejected

7. Administrator or election worker walk up, put in smartcard, enter PIN, and can end the election / restart the election (deleting all previous votes!) / do a few other things.

Problems with this:
* Smartcards are easy to forge -- especially with the source in the wild, since it includes the authentication passwords for the cards in plaintext!

* The storage is wide open to tampering by folks who can get at it -- there's no reason a simple bait-and-switch (using voting media with modified timestamps) wouldn't be perfectly undetectable.

* Etc -- Download the sources and find your own holes! Then, drive a truck through them! Bonus if you can find a buffer underflow triggered by a smartcard alone....

Malice: Not necessarily

Incompetence: Hell yes. This code was plainly written by underqualified MFC monkeys with no security background whatsoever.

Re:Another Old Saying

Don't leave your keys in the car.

The state of Diebold's voting machines may be ascribed to stupidity, but I have great confidence that it will be taken advantage of to cheat an election.

I meant " won the *2002* bid"...

[Pac]

Sorry... :)

Paper Ballots

[Crazy+Eight]

It would be fun to sing the praises of technology, but when it comes to voting I think you're on to something. The technology we need for large scale, secure elections has been around for a long time -- it's called paper and pen. I fail to see why it need be more complicated than circling a name and dropping it in a box.

PKI would help

[Thuktun]

Whats the way to handle this properly in a world of PKI and the web?

Given public-key encryption, a user would submit their vote signed with their private key. Their vote could be easily verified against their public key and forging of their vote would require breaking or stealing their private key. To prevent replay attacks, include in the vote a nonce generated for that specific election.

Of course, this doesn't deal with the major issues of verifying the voter submitting the vote is unique and is authorized to vote in that election.

Re:This explains the Republican congress and senat

And why do you think Republicans cheated rather than Democrats? You think it is not strange for Democrats to have been running Congress for decades?

Simple Solution

[Tony]

I don't know if this has been offered as a solution yet, but the easiest way to verify an election is to keep a paper trail.

When a person votes, the machine should spit out a piece of paper with the voter's choices listed. The voter verifies the paper, then slides the paper into a slot (in much the same way many current voting machines accept the voter card).

In that way, the voting machines can automate the tabulation, and we can avoid any hanging chads; but the paper trail still exists.

Are there any flaws with this?

Re:Simple Solution

[koan]

yeah several come to mind, what is the average user going to do with the paper take it to a lawyer, take it somewhere o be counted again? by whom? and so on and son on. How many people do you think can keep track of their own shopping list much less a voting chit, once you shove the paper into the machine to confirm you're right back where you started from.
Basically this electronic voting is going ahead whether you like it or not in case you haven't noticed our government and the corporations that run it are tired of our *interference* and want to by pass the middle man, namely the american public.

Re:Simple Solution

[Tony]

You misunderstand me. When the machine gives you the paper, you check it over, touch the "yes, I voted like this" button, and then insert the paper into a (human monitored) collection box, just like paper votes are handled now. The paper votes accompany the electonic votes at all times; this way, we get the convenience of the electronic votes (the thing everyone is after) with the auditability of paper votes.

The best of both worlds.

Note the difference between "electronic voting," and "on-line voting." So far we are talking about the electronic version of the current system, in which people have to go to a poll location. On-line voting presents other problems, but probably results in a similar situation as absentee ballots, in which you must print off and mail in a chit; then, you are correct, the dunces and mouth-breathers will have a hard time with it.

Re:Simple Solution

[koan]

I see your point, but I still feel that any "network" or "electronic" voting is a bad thing, the convenience you speak would be not having to go to the polls in the first place which you would do anyways with electronic voting, as for counting the votes the possibility for tampering out weighs any convenience.
I say as long as the paper is still in the system lets just keep it paper all the way after all the system is obviously easy enough to mess with take a look at the 2000 *election*

Sorry, there is only one solution

kill all the lawyers.

meaningless!

The method of deriving unemployment statistics has been changed at least 5 times since the 1950's. You are comparing apples to oranges.

Re:meaningless!

The method of deriving unemployment statistics has been changed at least 5 times since the 1950's.

Well, that would be an interesting caveat. I can't find any reference to it on the BLS web site, but I'll take your word for it. A reference would be nice, however.

I will still argue, however, that unemployment was worse in the early 90s that in is today. See this page for the basis for my position. Expand the graph to include 1990-present-- looks rather sinusoidal, eh?

Re:meaningless!

Here's a site that has a number of other employment indicators one can peruse:

Fred II

One popular alternative to main "unemployment number" is the Help Wanted Index

Gore had more people who intended to vote for him

[wayne]

http://www.cnn.com/SPECIALS/2001/florida.ballots/s tories/main.html

Gore most definately did not win a "majority" of the recounts. In fact, he only won under one scenario, and that was if they counted every single "overvote" that included Gore as a vote for Gore.

Your recollection of what was said in that article differed quite a bit from what I remmebered, but it has been a couple of years so I re-read it.

What you say is simply not true. Gore would have won under several scenarios, and the "overcount" scenario is to count cases where people both voted for a candidate and also wrote in their name. While I can understand this being counted as an overvote, it seems pretty clear to me what the intent of the voter was.

Go RTFA.

Ballot Integrity by Printed Obfuscated Receipts

[jpetts]

One way of maintaining the integrity of a ballot is to have the machine ossue a printed receipt, but the major objection to this is that it allows post hoc determination of who an individual voted for, removing one of the 'tails' of the four-tailed (secret, universal, direct and equal) ballots which are considered the Gold Standard*.David Chaum (one of the original inventors of electronic cash) published a fascinating article about splitting printed receipts into two parts which are both required for the vote to be reconstructed, and handing half off to the voter, and retaining half until the election has been completed successfully. Highly interesting reading, and contains mathematical details and proofs of the integrity of the system.

*Don't get me started about the Electoral College system of electing the POTUS. Deliberately designed by the Founding Fathers to remove the 'direct' and weaken the 'equal' tails...

DRM to DVM?

[jameson71]

Wouldn't it be nice if Digital Vote Management was as important or "hot" of a topic to the government as Digital Rights Management seems to be? How about a DMVA that puts anyone caught tampering with an electronic vote in the same position copyright infringers seem to be in?

Re:DRM to DVM?

because anyone caught tampering with a vote is already committing a felony and can face up to life in prison?

I definitely agree

The TRS-80 model 100 is/was a way cool laptop....

Re:No, the SC said that ...

[SatanicPuppy]

The whole thing is stupid, because it should never ahve gone to the supreme court.

If an election is "too close to call" which means, "within the statistical margin of error" which certainly applied, the issue is supposed to go to the damn legislature, not the supreme court. The executive and legislative branches elect supreme court justices, not the other way around.

paper / electronic hybrid

there is a company in Omaha, NE that makes macines that do hi-speed counts of paper ballots. They have recently developed touch-screen w that prints a paper ballot.

www.essvote.com

I worked for them back in the early 90s. We were unable to get our equipment certified in Florida then - our biggest competitor at the time (I can't remember their name) was apparently located just down the street from the Sec of State office...

It All Makes Sense....

[pickity]

Yes, finally... now I get it.

This is how the village idiot got elected to president...

Honestly though.... this major lack of security in our voting system scares me quite a bit.

no, you are wrong

If someone punched the hole for Gore, than wrote in Gore's name on the ballot, according to the existing Florida law, that is a legal vote for Gore.

It's understandable why Bush didn't want the votes hand counted, and why the Supreme Court ordered the count to stop.

Re:no, you are wrong

Sure, but if somebody punched the hole for Gore and also punched the hole for Buchanan, there is no way to tell what the intent of the voter was, and the ballot doesnt count. Those are the ballots in question here, and florida law specifically excludes those.

Whats their slogan?

[powerlord]

Which ballot box do you want to stuff today?

waiting for the sig

I'm waiting for the day when "One more reason I'm glad to live in Canada" becomes someone's sig. After all, it seems to apply to just about every story on /. these days...

Counting vote at the polling place.

[nlinecomputers]

The rules depend on what state and sometimes what county, parish, district, whatever...you are in. I live in Texas. All ballots are locked in a ballot box and taken, often by sheriff's deputies, to the county court house. Note in Texas the Sheriff is an elected official often on the ballot his men or hauling in.

Not in King County, WA

[SarekOfVulcan]

I just called the county Board of Elections, and the gentleman I spoke to said that there are no plans to replace their optical-scan machines with electronic machines, and that he knew of no state-wide initiative to do so. He seemed quite familiar with the issue.

Nedap

I don't work for them, but Nedap's voting machines are great. :)

Re:Gore had more people who intended to vote for h

[workindev]

Wrong. The only scenario where Gore came out in front is if all undervote and overvotes were counted in all of the Florida counties. The AP predicted that in this scenario, Gore would have won with a margin of 42 - 171 votes.

All other scenarios had Bush as the leader, including counting all overvotes and undervotes in only 6 counties, which is what Gore was asking the Supreme Court to do.

Overworked Testing Dept.

[Dav3K]

I remember interviewing for a QA position at Diebold last year - what I remember then was that the single SW Tester they had was very overworked and not able to keep up on the basic QA tasks. I don't blame the tester for this - she really wasn't being supported by management. So it comes as no surprise to me that they have let serious security issues slide for as long as they have.

Network, today

[stefanlasiewski]

but I can see the writing on the wall

(...)

It's a cliche, but in today's market it's not what you know, but who you know.

As someone who can see the writing on the wall (Good for you), I highly reccommend you start networking now: Contact your friends, old coworkers, business partners now.

Throw a party, host a dining event at your local sushi place, meet for beer, meet for coffee. Have fun, re-establish your connections, and don't talk about work all the time. However, you should become somewhat familiar with their workplace. See if you want to work there. Make sure you are aware of how their business is doing, and if interested, let them know.

It is sometims better for you to leave your job on your own then to wait for your buiness to lay you off.

When you are out of a job, it is sometimes very hard to get people to take you seriously. When you have a job in this economy, it makes you even more employable if you decide to move to another business.

But starting now would be very wise.

Not exactly

[Pac]

First, "branco" is "white" and its meaning is not "no candidate" but "any candidate", a very different choice. These votes are distributed proportionally among the candidates after totalizing their votes (this is important in elections for National, State and City representatives, where the amount of votes one party gets helps elect candidates from that party - its irrelevant for majority elections, ie, President, Governor, Mayor).

To vote against all candidates one must vote "null", a process the eletronic election made a bit harder. When you had paper, it was just a matter of wtiting anything there. Now you must enter a number for an inexistent candidate and confirm it.

I think that if the total of null votes is larger than 50% plus one, the law requires the whole election to be nullified.

Re:This sounds like a victory for the 'little guy'

Then again, sounds like a great way to get a free copy of Windows.

Them: You must use Windows
Me: So I have to BUY a copy of Windows to excercise my right to vote?
Them: No, see www.evote.gov/downloads for a FREE copy of Windows.

Neat

Here's a solution I've thought about

[jsm]

Getting in here a little late, but....

I've thought about this before. It seems that publishing all votes in a huge data file (or even in a newspaper) solves this. No voter names are used, of course; the votes are listed by the unique number on the little receipt you get after voting.

That way, any voter can verify that their own vote is correct. Further, anyone with a computer and a vote-counting program can verify that the stated outcome is correct. And people's votes are still private. Maybe only implement this for some minimum vote count (100? 1000?) so votes in tiny elections can't be analyzed to break privacy.

Does anyone see any drawbacks to this? Seriously, I'd like to see this implemented.

Re:Here's a solution I've thought about

[Deekoo]

Such a scheme could be made more resistant to
vote-buying by giving voters the tools to make
fake receipts. Someone wants to buy my vote?
Fine. They can. And it's their wild guess
whether or not the receipt that matches a vote
for Joseph Moneybags IV is in fact *yours*.

ideally, computer counting with paper trail

[DunbarTheInept]

ideally, any computer counting system has to come with a paper trail that the voter can verify by eye. I like the system we use here in Wisconsin. It's simple, easy, and fairly hard to spoof. You have a large thick paper ballot, with big writing for people with bad vision. You use a pen in the booth to fill in the arrow next to the choices you want. Then *you* personally carry the form to a reader machine, that accepts the form face-down (so you don't have to show anyone what you marked), and electronically tallies your votes right there, AND drops your paper copy inside in a locked box. The paper copies are kept around in case there's a dispute (If a recount is called for , the paper ballots are used and the electronic counts are ignored. The paper ballots are not disposed of until several weeks later when everyone agrees to the results of the election.)

The machine doesn't tell you who you voted for (that would ruin anonymity, since people are watching), but it does give a green light and a beep if your form was understood, or a red light and a rejection if it was not. If it was not understood( because of, say, a stray pen mark that made you vote for two candidates), then you find out RIGHT AWAY that it was misread, and you have a chance to take another blank ballot, go back to a booth, and redo your vote. This way you never, ever, have to guess the voter's intent if the ballot isn't machine readable. The voter himself gets immediate feedback right at the polling station if the ballot cannot be read.

About the only thing missing that I would like to see is some form of receipt the machine prints, that the voter can rip off, look at, and then hit a "confirm" button before the machine counts his vote. That way if the machine misread his vote, he can see on the reciept that it isn't what he wanted. The receipts would have to be something only the voter sees (to preserve anonymity). If the voter doesn't take the receipt, it should be dropped in a trash box or shredded so the next voter doesn't see it.

The thing about that system is that it provides BOTH an accurate paper trail, and a computerized counting system, that makes sub-tallys at the voting station, and allows for the user to have instant feedback at the polling station. In the infamous Bush/Gore election, the Wisconsin vote was as close a margin as the Florida vote. But it was believed accurate and no recall was called for.

Any fair system cannot get rid of the paper. The paper is the proof, should anyone dispute the results.

Newsflash: Water is Wet

[LaCosaNostradamus]

Grossly insecure? So what? Computerized voting systems are now being built to satisfy two demands: (1) Political demands following the 2000 election travesty. (2) To have sexy, sleek, fancy-schmancy, modern, greatest-society-in-da-fuckin'-world voting systems.

Security wasn't on the priority list. Even voters will generally prioritize "new and exciting" and "makes me feel better about the 2004 election" over dull, nerdy and frankly citizen-involving aspects like fraud-proofing the new vote systems.

Grossly insecure. Sheesh, you may as well levy a similar charge of grossly insincere against politicians, but that has hardly stopped them from being elected and re-elected and re-re-elected ad nauseam in droves. The voter is responsible for the slimy pieces of shit that fill the ranks of our elected representatives, and we all similarly share the blame for the wholly fraudulent voting systems that are being installed as we speak.

Re:OPEN SOURCE Voting system available.

[aebrain]

As this post showed, there's an open source system running on an open-source OS, compiled by and open-source compiler, avaliable on the web. That's already been used in government elections.

Dumb Question

[jefu]

I understand this is a stupid question. But I must ask anyway.

How do you know?

I understand that you know that it doesn't crash. But how do you know that your vote can't be audited, that votes are not being changed ....

Connections aren't enough

Bucketsful of people know me and my work. I'm in regular contact with them. Some are company board members. Coming up on a year of unemployment with not so much as a fscking interview.

It's so bad where I live, the traffic jams have gone away.

Re:Open Source? YES

[aebrain]

As this post showed, there's an open source system running on an open-source OS, compiled by and open-source compiler, available on the web. That's already been used in government elections. Yes, this a repeated post. But as long as the same very valid questions get asked, the same very valid answer will be given.

Think simple...What about vote by mail?

[potuncle]

Why all the hoopla about e-voting and its many flaws. Here in Oregon all elections and other ballots are ballots by mail. It is easy and simple...and it works. As an Oregonian, I receive a ballot about 3 weeks before election day. I can take my time vote carefully whenever I want in the privacy of my own home and then either mail it in or drop it off at one of the several county ballot drops. It's a wonderful thing. BTW, Oregon has some of the highest voter turnouts in the country...I wonder why?!?!

The whole story with source code

Sciscoop has a link to the original New Zealand article with a link to the source code of the voting machines.

Public Domain Voting Machine Design

[Soong]

Benefits:

• Security and trust through openness
• It becomes a commodity part and competing producers keep the price down

It can be all computerized as long as it generates a dual receipt paper trail like a credit card. My copy, Their copy, fast electronic count.

It has to be all computerized due to a new federal law requiring that every US polling place have a voting machine with which blind voters can cast a ballot unassisted. A computer voice would read the ballot to you and record you pressing the button at the right time. (Why do we trust the computer voice more than the human poll worker?)

How electronic voting should be done

[clenhart]

I'm a strong believer in the free dissemination and *use* of information, and what is discussed below is public domain. (Don't patent it!)

What is clear, is the votes must be signed to prevent tampering by the authority counting the votes. One way to do this is to sign the ballot to prevent tampering. There are two obvious problems if there is one private key doing the signing: 1) the centeral counting authority (Sec. of State) could forge the votes by taking the private key and signing bogus ballots. 2) A voter can vote twice.

What I propose is that each politcal party create 300 million private keys each (in USA) and distribute their *public* keys before the election. On election day, the voter (with help) would take a smart card and go to one political party to get one private key and then to another political party to get another private key (assuming at least two keys and two political parties). They would go to the voting booth and cast their votes and the votes would be signed by the two private keys. The private keys would be thrown away and never used again. The signed ballot would be put in the smart card and then the smart card would be put into a server that stores the votes for that location (and later, sent to the Sec of State). The card is read, and then erased so that it can be used by another voter. The Secretary of State would count the votes, and check the encryption signatures with the public list of public keys distributed by the 2 (or more) parties. The list of public keys and signed ballots can be made publically so that journalists, political parties, and the general public can download the public keys and signed ballots to verify the votes.

The key part of all this is there is no one person who has all the private keys neccessary to vote (except the voter). The two parties would hold the private keys very closely and it would be impossible (i.e. very difficult) to forge a vote -- much less forge many votes.

The other benefit is there is no one authority that counts the votes. Anyone can count the votes.

I can already see the news in 2004,

[corkhead0]

"...and the results are in:
Bush wins with 2 billi...
Wait a second, who counted these?"

PKI

[wirelessbuzzers]

Well, for one thing, you wouldn't want each user to vote with a simple public key; that would let anyone know who voted for whom. There are some very good PKI voting protocols out there, but here is a simple one that prevents at least mass cheating. You could cheat a few people by disconnecting them, but too many people and they would have evidence of vote fraud.

You prove your identity to the voting org (with a registration number or whatever), sign something with your public key to indicate that you requested a ballot, and they blindsign your vote. Blindsigning has the property that the signer does not know the contents of the message.

Then you wait a bit, and submit your vote (through a proxy), and they sign it again so that you can prove you submitted it.

Publishing the list of votes allows people to verify that their votes have been counted, and if it is broken down by some index with high geographical spread, say the last digits of a hash of the vote (to avoid per-county breakdowns), even people with a slow connection can verify their votes. The only disadvantage to this scheme is that everyone would have to know who voted, or else officials could inject extra votes.

Some better protocols use another stage, in which the votes are uploaded encrypted, and then the keys are uploaded later after addition to the static list has been confirmed, that sort of thing. This would be fairly secure voting over the internet, esp if the voting software were open-source and signed by the govt. I'm sure that a security researcher could poke plenty of holes in my scheme, but there are certainly protocols out there which can detect vote fraud.

Now that nobody trusts Bush. . .

[Fantastic+Lad]

What happens next?

A couple of my friends are betting on Shrub hitting the 'Emergency' button and instigating a total lock-down of the U.S., suspension of all rights and the firing up of the 800 or so empty but staffed and waiting American concentration camps sitting idle around the nation. "Night of Long Knives" and all. . .

While this IS planned, no doubt, I tend to feel (make that fevrently hope) that we're not quite there yet.

Here's a quote from a recent interview with Eustace Mullins. . .

You know Howard Dean's campaign chair is Stephen Grossman, ex- president of AIPAC...

OH MY GOD! He is? Well, Jewish money is buying this campaign...

Dean's another blank slate. He's never done anything, and they're raving about him. When you see someone become the darling of the media, watch out for someone like that. You know they're compromised...compromised forever, you can't expect anything from them.

--Keeping in mind that 'Jewish Money' would more aptly be called 'Zionist Money'. Zionism doesn't have the best interests of the Jews at heart by a long shot!

Moderators. . . Please at least glance at the link info before you label this message 'Troll' (it's not. I don't have a deficient ego.) If you can't deal with this stuff, please get your fear levels under control rather than irresponsibly use your mod points. This stuff is here and it affects everybody. Cringing denial won't make it go away. Best to learn what it out there so that it can't hurt you.

-FL

They ORIGINALLY broke the story.

[eekarum]

The NZ people were the ones who ORIGINALLY acquired the files from Diebold's FTP site and broke the story.
These other folks by the names of Stubblefield, Rubin and Kohno and Wallach came on the scene a little later; NOW the 'world' hears about this .

Re:They ORIGINALLY broke the story.

[ngaur]

To the best of my knowledge, Bev Harris was the first journalist to get involved, and she brought the story to scoop. See http://www.blackboxvoting.com

Scoop's been involved in this one since about January, but weren't the first to get hold of the files.

Scoop's got a feature page linking to all the updates on the story at href="http://www.scoop.co.nz/mason/features/?s=usa coup

It bothers me the way the 'mainstream' media are ignoring the political ramifications of this discovery, and have painted it as simply a case of poor software design. These voting machines have been produced by companies run by hard right politicians, and look like they are probably designed for the purpose of manipulating votes. Combined with the well documented oddities in the past two election results, it appears that they have been rather successful to date. Bush's government has provided massive funding for the purchase of these voting machines by the states, and has removed legal requirements for any sort of paper trail. Unless this is taken seriously, american democracy is dead.

Slashdot's Voting System is more secure...

"For example, common voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal.' "

Even Slashdot's Poll system keeps users from voting more than once!!

There are many ways to do it securely

You're talking crap. Go to citeseer and do a search. There are tens of papers that describe secure electronic voting schemes.

Of course, no proprietory voting machine uses any of these schemes, but it is certainly possible.

Re:DMCA in action! (related side note)

[DavidTC]

That's one the inherit flaws in the system, it assumes some sort of god-like abilities for copyright owners to completely ignore the law. It's rather surreal.

There are just so many examples of things like this it's not funny. What if the next generation filesharing application required a password to access the files, or even search for them? That's an access and copy protection device, or whatever the DMCA calls it, and it's illegal to break it.

Now what if everyone starts using the password, oh, 'studmuffin'? Everyone knows the password, everyone can (technically illegally) get in...but the RIAA can't get in to prove any of the files are theirs, or they themselves just violated the DMCA.

Of course, the entire concept is even more surreal when you look at DeCSS. The problem isn't that DeCSS isn't legal, possibly it is, possibly it isn't...the problem is that if it's illegal, there's no good reason any other DVD player should be legal...after all, no DVD player manufacturer has manufactured all DVDs! And hence, if DeCSS is deigned to circumvent something, their product is designed to circumvent the same thing, on everyone else's DVDs! Sony DVD players would be okay if they could play only Sony Pictures movies, but they can, without Univeral's permission, play Univeral's movies! I really wish someone had made a movie, encoded it with CSS, and explictly stated that no current DVD player was authorized to play it except DeCSS.

To paraphrase Douglas Adams, the stupidity of the current uses of the DMCA has overshadowed the fundamental nonsensicalness of the DMCA. It's like banning people from 'being too far to the left of other people', it's just a completely wackjob law.

vending machines & democracy

[laskoune]

from the NYT article :

"This isn't the code for a vending machine," he said. "This is the code that protects our democracy."

but ... isn't this democracy one big vending machine ?

Re:This explains the Republican congress and senat

No not really, republicans have been president for decades during the times when democrats ran congress.

Re:*sigh* (working to death)

That's one side of the situation...

The other side is the fact that alot of us who do have jobs tend to be pushed so far we can't wait to get unemployed!

No vacation, lots of overtime, low salary (considering work effort, qualifications and level of responsibility). And often, not a decent amount of respect from the companies. Et cetera.

I'm resigning in 2 weeks, basically to keep my sanity. Yay. /Mr A. Coward.

Dean's campaign chair is Joe Trippi

[phr2]

who is a Slashdotter. Trippi posted in the thread about Dean guest blogging for Lawrence Lessig a week or so ago.

nice to see DMCA working as intended

[alizard]

On the other hand, criminals, terrorists, and anyone else who wants to corrupt the voting process can easily break the password and discover how to mess up the voting.

Now that's the DMCA in action, protecting your freedom! Oh yes, the DMCA is going to be just excellent for technology research and innovation.

The DMCA was written by people with the same love of democracy and of the advancement of human knowledge as Osama bin Laden has. And most of the people who voted for it can accurately be described the same way.

"People always get the local government they deserve."
E.E. "Doc" Smith

That's 'cause they aren't flaws

[zooblethorpe]

Has anyone considered that these security issues might not be mistakes? Look at who's contracted Diebold to do this -- the same folks who profited from Diebold's botched 'purge' of the Florida voter roles (see all kinds of fun, well-documented stuff here). Follow the money. The ones hiring Diebold have everything to gain from a completely insecure system.

--------
If I can own an idea, does that mean I can legally claim some portion of your soul once I tell you that idea? Or even if you just come up with it on your own? Heck, who needs contracts written in blood...

Thanks for the info! (n/t)

[Fantastic+Lad]

Yeah. It seems that Grossman is not his chair, but is instead coordinating his campaign fundraising.

[. . .]in 2004, you need to have a certain threshold amount of money to compete," says Steve Grossman, a former DNC chair, who is heading Governor Dean's fundraising effort. "Between now and the 4th of July, every campaign has to establish that it can raise enough money to make the grade."[. . .] --Christian Science Monitor

Please pardon me for not fact checking diligently enough before posting. My bad.

-FL

Mr. Rubin's company is having a go at it

Avi Rubin is on the board of advisors of VoteHere; they have some not-stupid ideas about making electronic voting genuinely secure. And I think they're willing to make their code public.

And here's another fine Diebold product...

[jdfox]

...the Bevo Bucks vending machine at the Univ of Texas, with the swipe card system made by Diebold.
Get yer free Snickers bars, then head off to the polling station to contemplate which switch is the best way to vote Republican. All courtesy of Diebold.

Cronies

[macguiguru]

Yep, networking is important - it's living proof you can teamwork. However, I have definitely seen more than one case where someone is *clearly not* 'equally skilled' - but the interviewer neatly overlooks that...BECAUSE THE PERSON IS A CRONY. American corporations are sagging under this load of deadwood while at the same time they cut and cut and cut jobs. The 'Old Boy' system is alive and very well - more so now than ever. The bottom line is, however, companies that aid and abet this kind of idiocy end up paying the price by strangling themselves with accidents, crappy products, security leaks, etc. etc. etc.
But wait - this isn't about Micro$oft. *grin*

Re:have you read Bush vs. Gore, that's what it sai

Slow down there, AC. He agreed that it was true.

Voting software broken

[Mokurai]

Nuke 'em with Open Source. It's the only way.

I lie. My post above DOES contain text.

[Fantastic+Lad]

Yeah. It seems that Grossman is not his chair, but is instead coordinating his campaign fundraising.

[. . .]in 2004, you need to have a certain threshold amount of money to compete," says Steve Grossman, a former DNC chair, who is heading Governor Dean's fundraising effort. "Between now and the 4th of July, every campaign has to establish that it can raise enough money to make the grade."[. . .] --Christian Science Monitor

Please pardon me for not fact checking diligently enough before posting. My bad.

-FL

Re:This sounds like a victory for the 'little guy'

[JessLeah]

A) Ain't gonna happen.
B) I don't want Windows, even if it IS free. Some things are more important than money (like stopping progress-slowing, evil monopolies).

First California-- then the 2004 Elections.

[eekarum]

" Imagine that a rogue programmer gets access to a few networks of computers in the California special gubernatorial election. ..."

The Techno-Voting Nightmare; Digital Vote Corruption-- First California-- then the 2004 Elections.

These people make me sick

[t_allardyce]

Im confused, is it really that costly to just count the votes by hand or machine reader like its done now? whats the advantage of building kiosks that cost (according to the pdf file) $5000 dollars each to make and install, just so you can get the votes counted quicker? Surely one of these $5000 dollar units doesnt count that many votes in an election? Ok so you get the votes counted faster but whats more important - being able to say who won first, or being able to say who really won?

If i see one more touch screen kiosk that lets you access the windows start menu i will smash it in..