Slashdot Mirror
Maryland Plans Code Review for Voting Software
asmithmd1 writes "We already knew Diebold software is insecure, now the Baltimore Sun is reporting that the Governor of Maryland has asked SAIC to review the software in Diebold voting machines. Diebold has graciously allowed SAIC access to their proprietary code. Why isn't this code open source by law?" In a related story, a trade show for closed-source electronic voting systems is doing their best to keep critics out. Update: 08/07 15:23 GMT by M : Diebold's website security is less than outstanding.
even if the code is opensource, how can you be sure the voting machine executable has been compiled from the genuine source code ?
"Why isn't this code open source by law?"
because we haven't made it so yet. Remember Government by the people...
If electronic voting becomes the norm (likely), I just won't vote.
Voting via absentee ballot. At least there is a greater chance of my vote not being screwed up or changed.
Anyone who thinks these voting computers are going to be flawless and secure by Nov. 2004 is greatly mistaken.
Well because the US is a capitalist country and because currently most people seem to believe that the best way to make money in software is by keeping the code proprietary and because US government favors money-making corporations.
I agree that if it were open source it would be far more likely the security problems would be discovered quickly.
So how about creating an open source alternative... anyone ready to register an OpenVote system on SourceForge?
John.
You can't force open source down people's throat.
Sorry, but a story filed by a "freelance journalist" from www.EcoTalk.org...I can't help but think that it's slanted in some way. I'd sooner trust a story from the New York Times with no verification than I would this story from a hard-left nutcase.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
It makes sense that they don't want their code to be open source, because then ALL the bugs will be found. When open source code is developed normally, people notice bugs/security holes a few at a time and fix them. But when software has been closed source for a long time, it's bound to have tons of bugs and holes. Opening the code up to public scrutiny would unveil A LOT of problems. And that's just not good for PR... especially in voting.
My guess is they just want someone to look through the code, maybe suggest a couple quick fixes, and then give the OK, so they can reassure the public. They don't really want to get to EVERY hole in the code. They probably just want show that they get numbers close enough that we should keep using/buying their stuff.
Slashdot Syndrome: the sudden, extreme urge to correct someone in order to validate one's self.
Security through Obscurity is not Inherently Evil.
Of course, if the only security a system has is based on the fact that nobody can see the code, I'd say that system is hosed. I highly doubt voting software would fall into this category. It's unfortunate that obscuring code has taken on the negative connotation of "hiding bugs." That's not always the case. Keeping the inner workings of a system secret is a valid security measure, and used in conjunction with other means it can create a well-secured system.
I think the process they are taking is a step in the right direction. I believe that independent code reviews strengthen privately owned code. I think it's a mistake to deny access to those who have the ability to challenge the system. But I'm not sure open sourcing the code will make it any more secure.
They are probably using Patriot act as the explanation of why to keep a security expert out.
But for the love of god and all that is holy, WHY are they fighting so hard against paper records? It makes no sense. (unless you are conspiracy-minded) Seriously. I just can't come up with any decent reason that Diebold et al would be so strongly against hooking a printer up to the system to produce a physical record. Much less why our elected officials would buy into such an idea.
Bush: He's Liberal in all the wrong ways.
Not only should the code for voting machines be made open to any interested member of the public, the whole voting process should be opened to the public.
Provided that it does not infringe on the privacy of individual voters, it seems reasonable and much more secure to allow any interested party to view the voting process in real time and at any level, provided, of course, that the process were set to read only
you need to build it. They're not interested in building it open source apparently. Remember, Diebold makes ATM machines and other commercial products, and they have stiff competition. By the design of their business plan their software won't be open.
So, if you want to see an open source implementation of voting software, something that you can argue is perfect and be able to show the world such, you need to make it. Diebold and their competitors won't.
If you can build the software to make a secure voting system, someone else can design the hardware once the software is ready. That seems to be what people are missing here. Design the system right and the hardware will be built to work. Design the hardware first, and the system will be dependent on whatever wacky design is chosen.
Do not look into laser with remaining eye.
your vote has caused a fatal exception in kernel32.dll - try picking another option
Well, isn't that the point of having trusted binaries?
--
Long-term effects of Bush deficits
Independant hopefull Kevin Mitnick was elected President of the 2004 elections.
.sig
Before, it was whoever had the best campaign and the most money that won. Will elections in the 21st century be determined by whoever has the best crackers?
The voting machines aren't open source, so why should the code for this system be open source?
"Why isn't this code open source by law?"
This wouldn't fix the problem of faulty(by design) hardware, lack of audit trails, and no trust in the delivery method.
Sure with open source we can see the code, but that doesn't help if it is compiled by a compiler that you can't see the code for, run on microchips that you can't see the code for, and administered by people you can't trust.
The ``but it should be open source'' comment that gets thrown around in every single story about electronic voting does not take into account everything that happens to the code _AFTER_ we would be able to see it.
Anyway,
here is a link to a page on Electronic Voting:
Dr. Mercuri's Page on Electronic Voting
--xPhase
The following sentence is TRUE. The previous sentence is FALSE.
It is still possible to have a valid election, even with a closed source voting system. The key is to have the voting machine spit out a piece of paper where the voter can see the votes written down and then confirm them. It doesn't even have to be a paper the voter handles, it could be behind glass so the voter merely can see that what they voted for is on the paper. Then, in the case of a contested election, the checks can be made against paper as well as the bits. In a case where the ballots don't match, paper overrules the bits.
Granted, I think an open source system is the only sensible way to go, and the people writing them should be protected by copyright and patents, not secrecy. After all, if they're all required to be open, its going to be awfully hard to hide the source code you stole.
So you're already making excuses for when Bush wins in 2004? That in itself speaks volumes.
According to this story Wired is running today, Diebold got 0wn3d back in March. They were given a nearly 2GB archive of the stuff that was found by a person claiming to be the hacker who got in.
If a company can't properly secure its own network, how can we possibly trust them to create a secure voting system?
~Philly
Its pretty pitiful that a hacker could gain access to the kiosk at the voting place. You'd think someone could spot a guy hacking the machines. I wonder if the online voting will be web HTML/java based or if it voters will be required to download an application to vote. If the second is true, I hope they have a client for all the operating systems.
The Television Wiki
Why should it be?
Why dont I get to follow my paper ballot, meet the person who counts it, give them a math test to make sure they can do the arithmetic required, and wont "carry the two" and fuck everything up?
Open source software wont fix anything.
I don't need no instructions to know how to rock!!!!
And that's exactly what's dead wrong about voting machines in general and Diebolds AccuVote in specific.
It's about as plausible like those industry strength, propriatery, uncrackable encryption devices with a secret, secret algorithm (which is certified by the association of creative spooks).
If we (as the voters) allow for such unaccountable, unauditable and error-rigged devices we can give the key to the town right away to he who maintains the devices (or even a few creative script kiddies for that matter)
ich bin der musikant
mit taschenrechner in der hand
kraftwerk
To see the real origin of voting software see http://science.slashdot.org/article.pl?sid=03/05/1 1/0015240&mode=thread&tid=133&tid=186
OH THE SHAME I fell off the wagon and use sigs again!
Jesus Tap Dancing Christ, let it die already. Anyone still harping of the 200 election is a braindead obsessive nutcase that is in dire need of a lithium milkshake.
I am not registered to any Party, and I don't really like any of them, but you "REPUBLICANS ARE DEMONS!" people are the biggest fuckheads I have ever witnessed. You're worse that the rightwing assholes who tried to claim Clinton personally had 40 people killed in Arkansas.
GET A FUCKING LIFE!
Yay, lets pour more money down a black hole of voting software that's really not needed at the moment, and leave Maryland's state universities wallowing in underfundedness so they have to continue to raise tuition 2-3 times a year, reducing services to non-existance, and laying off dozens of staff memebers.
Sorry for being slightly offtopic, but it feels good to rant about this. Mid-semester tuition raises because the governor would rather have a fancy voting machine than fund the education of the future.
Although I am surprised that Diebold let SAIC see their software. And I won't be surprised if they discover its utter crap. We use Diebold at the university too, and its very problematic on such simple things as magnetic card swipes. The machines frequently have problems and fail to charge (or mis/double charge). Its a lousy system, but unfortunately I'm not knowledgeable enough in this area to recommend better.
http://thechubbyferret.net - Ferret pictures and informative links.
Why isn't this code open source by law?
The source code doesn't strictly have to be under a free or open source license.
However it is vital that every single voter should have the right to examine the software and the hardware of the election process.
Without that right, there's nothing to prevent elections turning into the kinds of events that Robert Mugabe has been staging in Zimbabwe.
"Provided by the management for your protection."
I really like the system we are now using in Florida with some caveats. You're given a paper ballot with fill-in bubbles to mark your choices. You insert the paper ballot into a safe-like container that immediately scans and tallies the ballot. I've not seen any cases where there were mistakes, but I assume it would function like one of those vending machines that take paper money and reject the ballot if there was a problem. However, my one concern is that the questions and choices are stated and marked in clear text (of course). In the process of feeding your ballot into the machine, your choices are clearly visible to whoever is standing nearby. If they can deal with that privacy issue, I think it is the perfect solution.
Phoenix
If the code had to be opensource, SCO would sue the voters for using some of their IP included "important portions of the voting system" and would require Darl MacBride for President as fair indemnity for the violation of SCO intellectual property!
Yes electronic voting seems like a good idea but will it allow people to vote online from homes securly proving there ID? That might be the only way to reverse the trend of lower voter turnout
Rus
Cheap UK and US VPS
The fact is, some people can be trusted to make closed-source code. And most people writing open-source code can't be trusted to remain trustworthy. Making closed-system security code open-source increases the likelihood of someone finding an exploit and exploiting it for their own gain. Closed reviews by competent, trustworthy groups will be just as effective in finding security problems and bugs, which can be fixed without alerting bad actors that an opportunity for mayhem exists.
So, when's the last time you actually met a candidate for a major office, and actually had a discussion with him over issues?
Like most of us, you probably get all you know about a candidate from mass media.
GW Bush: -234,524 votes
Troll4x0r: 538 votes
Howard Dean: 864,234,234 votes
Natalie Portman: 784,245 votes
The next time someone breaks ito a Diebold server, they should not tell anyone, but instead should see if they can ensure that "Cowboy Neal" wins the next few big elections. Inserting the CN code shouldn't be a problem for someone who can get into their info in the first place.
Seriously. One of the things I do for Comp Sec is change management and version management. There are VERY strict auditing standards that companies like this need to meet. In the US there is a SAS 70 auditing standard that companies need to meet in order to do things like this. Up here in Canada, we call it a Section 5900 but its the same basic idea.
The way it works is, a company says that there are controls in place to assure people that something is or is not happening. If someone wants to test those controls, they'll call in a team of qualified IT auditors and we'll do a Section 5900.
For the 5900, the people hiring us to do the job (could be the company in question, a regulatory board, a judge, a client etc) will draft a list of risks or controls. These controls are things they want to see in place.
So, for a voting machine, the people requesting the 5900 would list controls similar to the following:
-All changes to code are authorized and approved.
-All changes are adequately tested, approved and testing is not carried out by the original developer.
-No changes are introduced to the code after testing.
-Changes are promoted and versioned by someone other than the original programmer.
-Code that is installed into the production system is the same code that was tested and approved.
... and so on.
Then the auditors will go in and verify that these controls exist, that the risks these controls are designed to cover off are adequately covered and that the controls are effective. If a company fails a SAS 70 or a 5900, they usually HAVE to fix the problems.
Also, it usually isn't that hard to get your hands on a Section 5900 or SAS 70 report. Most companies will happy give them out unless they failed them or there are other NDA issues. As a voter, you probably have rights to these reports, and even if you don't, your elected representatives definitely do.
They're probably having the code reviewed because it didn't give the results they wanted, per old Joe Stalin: it's who counts the votes...
why not record people's votes, and print them out a record of their vote with some kind of ID number. then publish the preliminary tally.
then a week or two later, have the people come back and enter their same ID number and the same way they originally voted, and tally that.
and then compare the two tallies...
But it doesn't matter since all electronic voting is untrustworthy no matter how much review and or so-called security. There is no way for people to verify or track the electronic votes without using machines, and machines can be made to lie. People can too, but look at the typical poll worker...
if thousands of grandmas are riggin votes then you're really screwed.
Why isn't this code open source by law?
Because there's no public mandate to make it open source? Or was that a rhetorical question? Besides, there's always the argument that security is less likely to be compromised if the only bodies that verify the code are folks like SAIC.
Just for the record, I'm a computer programmer by profession, so I'm not against computers per se. I just think that we should not have computers at all in the actual casting of votes. We should just use paper and ink. It is a technology that everyone understands (and if they don't, they shouldn't vote anyway). It will take longer to tabulate the votes at the end of the day, but so what? The ballots will be open to audits and understood by everyone who can read, not just a small cadre of computer professionals.
Finally Rubin (of RSA fame) speaks up and the scandal gets respect and coverage.
Now Chaum (another famous cryto patent holder) gets banned?
What is next, Robert Morse turns up sleeping?
It happened: Link Here I posted this in another voting related story, but it couldn't be more relevant here.
"I don't think it's selfish, to eat defenseless shellfish." -NOFX
Okay I just checked sourceforge, and I saw one open source voting project, with no activity. Why aren't we doing something to change this? Why aren't we writing our own voting software? We can test it out in small groups, eventually use it in communities, counties, states, and finally in national elections. The country is tending toward electronic voting; IT NEEDS TO BE OPEN SOURCE.
A poster said earlier that the only reliable method of tallying votes is counting them by hand. That may be true, but look what happened last election. Wouldn't you feel safer if you could go through all the code line-by-line, and know for yourself it was secure, rather than have to trust some truck driver to not get lost with the ballots?
One huge benefit of electronic voting: we could be a true democracy. Want to decide if we should go to war? Lets all vote for it. Lower taxes? Get your vote in, Sept. 19th. Everyone voted for no taxes, and things got fucked up? We'll schedule another vote Oct. 19th to vote again, and unfuck them. Think about it: technology today is about to allow us to do something that has never before been even attempted on a large scale - rule by the people. The president could be a figurehead! Congress could exist for the purpose of suggesting laws for the American people to decide, rather than making them!
So who's the fucker who registered truedemocracy.org? Why don't you give it up so someone can put it to good use? I'm no programmer, but I'd be more than happy to give up some of my time to coordinate a project like this. Anyone who's interested, feel free to get in touch with me. Oh wait, I forgot - this is Slashdot - a lot of complaining about how things are, but no balls to fix them.
c-hack.com |
The voting software should be Free Software, but that's highly unlikely. However, maybe this raises a (seemingly insignificant) question: if voting systems are all front-end-software-based, will true believers in the Free Software movement even vote? Could the government be creating a situation where people feel obligated not to vote, simply because of the software which is used to register their potential votes? Maybe absentee ballet is the answer? Will we still have paper ballets? I hope so! Though this problem does raise some questions, no matter how you feel morally towards software, you should vote regardless of the recording method (if you can vote using half a brain, and pick a candidate who will actually do something for this country).
hard-left nutcase == OSS geeks
The state of Maryland just asked SAIC to issue a report on Diebold touch-screen voting machines.
E C LLC
My prediction: They will issue a report that puts a seal of approval on these voting machines. It will be almost impossible to debunk their report.
This is just to shut people up. SAIC = Military.
So far, we have the Pentagon involved with Accenture/election.com
General Dynamics,
Diversified Dynamics,
Northrop Grumman
All getting involved in voting systems -- as are the Saudis and the Pentagon. Why?
Take a gander at the companies run by SAIC and below this, their board of directors
At SAIC we have over 35 companies, subsidiaries and equity partners. A partial listing is provided below.
http://www.saic.com/about/companies/
AMS
Specialists in full ship systems support: command and control systems, combat systems, communications, information warfare, main propulsion systems, hull & deck systems, auxiliary systems.
Bechtel SAIC Company, LLC
A joint venture between SAIC and Bechtel, Bechtel SAIC Company, LLC provides research, engineering and nuclear science capabilities to meet the unique challenge of science and engineering for the Yucca Mountain Project.
Data Systems & Solutions
A joint venture between Rolls-Royce and SAIC, DS&S incorporates Rolls-Royce engineering/controls expertise with SAIC's systems integration and information technology skills.
Hicks & Associates (H&AI)
Defense industry consulting.
Saudi SAI
Installation and maintenance of computer systems, telecommunications systems, and other data analysis systems in Saudi Arabia.
Members of the board:
D.P. Andrews
Corporate Executive Vice President, Federal Business, SAIC
W.A. Downing
General, US Army (Ret.)
B.R. Inman
Admiral, USN (Ret.)
H.M.J. Kraemer, Jr.
Chairman and CEO,Baxter International, Inc.
M.E. Trout
Executive Vice President, Cytyc Corporation (?? someone want to look this up?)
J.A. Welch
General,USAF, (Ret.)
A.T. Young
Executive Vice President, Lockheed Martin Corp. (Ret.)
Googling Marianne Rickenbach turned up the following info:
Photo and email address
(Near the bottom, and oh yea, turn up your beer goggles to "FULL")
MRICKENB@montcopa.org
Have fun...
"A microprocessor... is a terrible thing to waste." --
GeneralEmergency
If you can change a secret cheaply and do so regularly, it makes sense to keep it a secret. PGP session keys are a wonderful example.
If you can't change a secret then the secret is a weakness. If your software is burned into ROM embedded in epoxy in thousands of voting machines then you have no good way to recover from a leak of the source code. In that case, might as well publish it and get the benefits of distributed auditing.
Then there's whether you can detect a compromise. If the Polish resistance steals one of your Enigma machines, you could theoretically check inventory records and discover that one went missing. If someone copies the bits of your source code, you may never know.
It's not open source because a private company devoted it's resources to create it, and owns the copyright on it. (I'm assuming now)... It obviously needs to recoupe that investment, so it keeps it's code to it's own.
Simple enough. I really don't know why you'd question why it's not open source.
http://slashdot.org/~tf23/journal
The code is not open source because it was developed by a private (vs government grant) company for a commercial product.
And have we made a good case for why it should be open source? Remember, around here it's taken as gospel that Open Source is a "Good Thing," this isn't the case elsewhere. I'm not necessarily taking a contrary position, but it's a question that needs to be answered clearly.
Obviously security is the main concern here - but one could make a case that this isn't like windows, which hackers can play around with all the time at home. For systems with limited distribution, one could make a compelling argument that Closed Source would be more secure, because the hacking threat is smaller.
On the contrary, if the source were opened, one might not be able to trust that there would be more white hat hackers than black hats for such a high-profile application (ie, anti-US). I don't even think we could assume that a white hat with a name to make would work with the code authors outside the media and a forego a full whitepaper deployed on the eve of an election. A lot of whitehats have recently taken to giving authors about 15 minutes to patch bugs before publishing them. That's not something we can have with a system like this, it's too dangerous.
There are a lot of issues to consider here, and it can't be taken as granted that anyone outside /. and Stallman's disciples will assume that OSS is best here as a matter of course.
-Looking for a job as a materials chemist or multivariat
I have to admit from the onset that I am no fan of open source. This is for a variety of reasons. (It is probably sacrilege to state that here.)
Voting machine software is however a case where I firmly believe that open source is not only important but necessary. The ability to vote either among a certain group or among the populace as a whole goes to the heart of our democratic republic. If votes are not tallied properly, not only may mistakes be made but there is the very real possibility that the country through forged votes may be manipulated by those who have nefarious purposes in their heart.
The cryptographic community a long time ago discovered the best way to ensure the security of a cryptographic algorithm is to provide the algorithm to their colleagues. The rest of the cryptographic community then responds by trying to break the algorithm or in the least trying to discover the weaknesses. Because of this review process, the algorithms are then adjusted until they are highly secure. On the other hand, when cryptographic algorithms are kept secret, the review process is skipped and it is not uncommon for unsecure algorithms to make it on the market. When this happens it can cost lives and money.
The same can be said in the case of voting machines. If the source code is not released, security problems will likely go unnoticed until discovered by accident by someone who may or may not have the public's best interest at heart. In fact, the likely hood of it being discovered by someone who wants to manipulate the system will actually go up as they are more likely to be able to obtain the source through deception or to take the time to decompile the voting machine binaries. With the large number of voting machines that could be used around the country -- or in storage between use -- it would not be hard for someone to obtain at least the binaries for the voting machine software. And this goes to the heart of the matter which is this: Someone who wants to manipulate the system will be able to obtain the source either by bribery, theft or through decompiling the software's object code. Thus in a closed source environment, the only people who would not have the source and be able to easily discover the problems would be the good guys.
If you think about it, an election is like a high speed race. The only difference is that the voters are behind the wheel. With that in mind, I'm surprised the system allows uninformed voters to actually cast a vote without knowing about the issues and the politicians.
Before you can drive, you take driver's ed. Every election before vote time, there voter's ed should be a requirement. The issues are constantly changing, as well as the politicians. If this was manditory like a driving test (written or hands on, doesn't matter), then the people would be far better informed. Imagine the difference that could make. Imagine the turnout.
You would need beer goggles that went to 11 for that bitch. Whew! Talk about a face for radio! I wouldn't fuck her with Taco's dick!
But remember, you have to insure that the paper trail *can't* be used by a voter to prove who they voted for - that would allow verifiable vote-buying, which would be bad...
Hardcopy logs seem a no-brainer, though.
You know what kills me from the wired article:
Who the hell calls code -intellectual property-??? WTF?I can just see a memo sent out by some PHB...
From this moment forward in order to enhance share holder value and increase synenergy all software and code shall be referred to strictly as intellectual property.
So now the already over used misnomer of IP, which already includes copyright, patent, trade secrets, and four hundred other unrelated laws, rights, misc, shall also include any form of software, be it in binary or code form, including code that is open source, public domain, or proprietery.
I'm going to start calling my bowel movements intellectual property, just to be safe.
It is like they are just ramping up for a lawsuit.
Open Source isn't for everyone or thing... But anything as important as a voting system should be transparent and open to public review, which is not nessarily open source! Propritary software has a few benefits... 1) A reasonable expectation of problem resolution. Volenteerism is nice but inconsitant at best. 2) When #1 fails, money can be recovered and a new project started. Who do you sue when Open Source causes $ loss? You may not like the message, but don't bother shooting the messenger he's wearing a bullet-proof vest with a flame retardant outer shell.
...May be to throw up such discouraging obstacles that people will simply stop voting.
Call me paranoid if you want, but it strikes me as odd that the US government is even allowing voting machine software to be closed-source. SAIC has been a virtual lap-dog for all kinds of well-shrouded government and DoD contracts for decades, most of which are heavily classified (I know this because a friend of mine used to work for them).
And Diebold is now allowing SAIC to "review" its code? Given SAIC's heavy federal connections, does this not strike anyone else as a Fox-Guarding-the-Henhouse scenario?
Don't even get me started on the possibility of back doors in voting software that would allow special interests who shelled out enough $$ to easily rig an election.
Like I said, I hope this is just my paranoid side jumping at shadows. Unfortunately, I have little proof one way or the other.
Bruce Lane, KC7GR,
Blue Feather Technologies
Fools ignore complexity; pragmatists suffer it; experts avoid it; geniuses remove it. ~A. Perlis
Actually partisans of "either" party aren't paying attention. It's all Coke vs Pepsi as far as the mass marketed candidates are concerned. They're both bad for you.
The author states that the investigation uncovered CDs that contained lists of MANY THOUSANDS voters who were disqualified because they had supposedly been convicted of crimes. There are several interesting items (all verifiable because they are not mere opinions) related to this:
1. The disqualified voters were predominantly blacks and democrats. Less than 400 names were republicans so you do the statistical math about this being pure chance.
2. The supposed crimes took place IN THE FUTURE. The original list contained future dates of crimes such as year 2007 and so on. I'm reminded of technology used in the movie Minority Report but that is fiction--this is real life.
3. When this error was reported to the appropriate authorities (I do not recall the official title of the person), the "solution" was not to requalify these "future criminals" but to blank out the fictional future dates of crimes! I'd like to know WHY! And please, lets not jump to conclusions simply because the benefitting candidate's brother was governor where this happened. Jumping to conclusions don't help so lets just stick to facts that can be confirmed & verified.
4. This story was covered by non-profit news organizations like the BBC (British Broadcasting Corporation) but no American for-profit company even mentioned it while they constantly reported about ridiculous "hanging chads" and "lets move on" stories. BTW, the BBC is huge and is used by 90% of the British it wasn't a tiny local news show that published this story.
5. The election was decided by less than 600 votes so doesn't the discovery of MANY THOUSANDS of illegally disqualified voters deserve a full investigation?
As a patriotic American, I don't want to believe any of this stuff and it really pisses me off to hear about it. What I'd like to know is if this stuff really happened as the author (investigative reporter) stated--these allegations are more relevant to our country than any "Monica" story (which also sucks BTW) but it didn't receive ANY airtime in the USA by media corporations who'd benefit by upcoming decisions from the FCC. These same US media giants were campaign contributors to the benefitting candidate so this is simply tragic. Maybe our country needs something similar to the BBC that the British can count on for more objective, non-profit news.
If voting were computerized, won't abuses such as this be easier to commit?
Another interesting assertion made by the book is that the Bush family had business dealings with Osama Bin Laden's family in Saudi Arabia and the Bush administration made the FBI avoid doing certain investigations that would uncover this. I don't know if this is true but it is kinda creepy given that the book was published WAY BEFORE the Bush administration's current attempts to censor Saudi Arabia's alleged involvement in 9/11.
I don't know about you folks, but I lost someone in 9/11 who happened to be working at the WTC that day. She and all the others who died deserve better than this. We shouldn't avoid investigating certain involved parties because it would be politically uncomfortable for the President to explain how his family may have provided money to Osama's family members which in turn provided money to Osama himself. IMHO, intentionally putting a one's own political career and thereby weakening US National Security should be considered treason at most and grounds for impeachment at least. At a minimum, there should be a full investigation that at least matches the one performed during the "Monica" fiasco.
I've never voted for a Democrat before but I'm seriously considering voting for them if this nonsense continues.
Two interesting points, one which was brought up in the article and one which wasn't:
I'm a resident of Maryland, and employed by a state university. The previous administration made a mess of our finances (which were excellent up until then), and now the state is suffering budget cuts, particularly in higher education. This has resulted in hiring freezes, elimination of positions, and layoffs.
I've been voting in elections here for almost 8 years now, and I don't seem to recall us having problems like Florida's. Baltimore uses a system where you mark a paper with a special pen, and the paper is fed to a machine. It looks like a standard multiple-choice test, not confusing at all. Why is it absolutely necessary for us to be the first state to buy these shiny new toys when our financial situation is so dire? This will just bring more pressure to legalize gambling (although we already have a state lottery and Keno, so I don't see why people upset about real casinos aren't protesting those).
Second, remember that Maryland is a UCITA state. Under UCITA, isn't software required to be fit for the purpose for which it is designed? There's also something in there WRT implied warranties concerning data. It will be interesting to see whether this plays a part.
WMBC freeform/independent online radio.
For those of you who are in Northern VA. The Researcher at John Hopkins who looked at the Diebold systems is doing a presentation on his findings at the National Science Foundation, room 110 Aug 12th at 4pm.
If you can't make it, I've drafted an intern to tape and encode it for download. It will be archived a day later at http://www.ngi-supernet.org/conferences.html
If any of you are interested please tell me so I can post it as a bittorrent instead of burning down the web server.
Just respond to the thread...thanks!
The only way I'll ever trust an electronic voting machine is if they provide a printout I can verify on the spot before dropping it in a box, so that it can be used for auditing purposes. Ideally, the source code should be open source. But even if it is not, providing a marked paper ballot that can be manually counted (if necessary) ought to be sufficient.
Constitutionally Correct
The Governor of Maryland is a Republican. You know what that means: it's time for Slashdot to argue against code review of voting software.
You just gave a very good description of aegis.
It is only a tool, so you still need a proper secure organisation around it, but I could let this good opportunity to plug my favorite SCM go by.
This space is intentionally staring blankly at you
Absentee electronic voting.
"H.R. 1377, the Military Overseas Voter Empowerment Act of 2001 introduced by Representatives Mac Thornberry, Duke Cunningham, Sam Johnson and Helen Tauscher would be a major step in improving the process. This legislative initiative provides for the Secretary of Defense to expand an electronic voting pilot program to test the system in the 2002 general election for the implementation of the ultimate solution - Electronic Voting."
I've had some conversations with SAIC types. Given a choice between civil liberties and cool surveillance technology, they will always pick the surveillance technology.
I'll admit a fair amount of ignorance of the whole computer voting thing, but I assume the thing has to be 'netted up to communicate its results with something. To me, there's your backdoor for hacking potential.
Also I wouldn't discount walk-up hacking regardless. They don't screen polling volunteers really well - I don't think it's completely inconceivable that a hacker, having had ample access to the software, could figure out a way to, say, run a "patch" of the software. I'm assuming this runs on a typical computer, and with any machine, physical access basically equals root access for anyone savvy enough.
Making this software open source so that we can all look at the code is really just to make sure that there isn't some algorithm that drops every 3rd vote for a particular party or adds it to the wrong tally.
I certainly appreciate that, and I would think it a good idea if I was convinced all other avenues of hacking were cut out, but I'm not convinced they are.
-Looking for a job as a materials chemist or multivariat
A quote from this press release
So what are a bunch of spooks doing operating a large Internet network access point, hmm?
I would have expected someone else to mention this already, but I don't see it among the high-scoring posts, so let me spread the meme:
First, as some people have pointed out, open source is not a magic bullet or even close to being a sufficient solution for preventing election tampering. Even if you know that the published voting machine source code is secure (and it will be a lot harder to verify this in a situation where the coders may have a huge incentive to insert accidental-appearing back doors deliberately) you still have to make sure that the hardware has no back doors, that the compiler has no back doors, that the computers used to load the software onto the voting machines have no back doors... it's just not feasable to make a trustworthy system that can do all that. We'd be better off sticking with paper.
But now that meme I was getting to: we'd be best off combining electronic voting with paper. The obvious way to do so is with paper ballots designed for optically scanned counting (which would give fast results but still leave a paper trail to settle disputes), but cryptographer types have come up with better ideas still. The best system I've seen so far is at vreceipt.com, which lets you verify that your vote was included in the total (but in a way that makes it impossible for anyone else to know who you voted for), and makes it impossible to alter any counted votes (or to add new votes, assuming independent observers are making sure that polling places aren't padding their numbers) or count them inaccurately without a 1-2^bignum chance of being caught.
It is possible to obtain election results in a way that prevents tampering but is more convenient and reliable than counting paper ballots. Perhaps it's too early to hold our elected officials over the coals until they implement such a system, but for now we can at least spread the word that such things exist and that for some reason a few people are trying to push tamper-prone closed systems on us instead.
Prevention alone can never be an adequate security measure.
This is a very simple principle that any person should be able to understand, if they only have the moral courage to accept it. This would greatly clarify situations like this one, because people would be asking the right questions.
I'm not saying that prevention is not useful, just that a wise assumption has to be that any preventive measures we take and and probably will be. These systems are not crackable because their preventive measures were bad although they may have been bad. They are crackable because any system is crackable. What I am afraid of is that an evaluation of these machines only will look at how robust the protective measures they provide are. While it is a good idea to get an independent review of these measures, it is a bad idea to put much credence in them. The fact is that even the brightest and most professional person in the world is not going to be able to anticipate all the ideas in the world.
Security has to consist of a number of independent goals, including:
We need to ask what any system provides in each of these areas in order to asses security.
For example, if I put Grandma's diamond ring in a a safe deposit box in the bank, the thick vault walls and doors do provide prevention. However without alarms (detection) and police (response), those walls wouldn't stand much of a chance to a determined attacker. Detection and response capabilities are in themselves the single most powerful preventive measure -- much more so than the vault design itself.
On top of that, if I am wise, I take out an insurance policy on the trinket (damage mitigation).
Looked at this way, how would we evaluate a voting system?
Looked at this way, the manual paper ballot would be an almost miraculously robust system if it were a piece of software. It is capable of accurate counting the voter's intent, while completely anonymizing the voters choices. Prevention is accomplished by physical control of access to the ballot box, and by chain of custody of the ballots to the counting place. The greatest opportunity for manipulation comes up in tallying the results.
However it is possible to detect and mitigate such manipulation by recounts. Of course we want to avoid situations where recounting is necessary, but the recounting process itself is not to blame. Electronic methods of vote recording eliminate recounting at the expense of making it impossible to establish independently whether fraud took place.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
you're votes are not anonymous unless you handled everything with latex gloves. and didn't breathe to hard.
Look at it this way. Corporation A wants politician B elected. Corporation A also happens to manufacture voting equipment. politician B is elected.
You think it was bad with fundies and ecofreaks now? Wait till the corporations start deciding exactly which politicians are elected. Finding out about a bought politician will seem like a quaint Idea.
if only he considers voting democrats. Not that they are much good, lucky I don't live in the USA.
This space is intentionally staring blankly at you
WAKE UP! This isn't about the stupid "hanging chads" everyone universally is sick of hearing about. Hanging chads seem like mere incompetence, not election fraud to me. So don't associate annoying stories we've all heard to the relevant stories we have not yet heard.
This story is about computerized voting and there is new hard evidence that certain computerized abuses occured in the 2000 election.
According to the NY Times best-selling book, The Best Democracy Money Can Buy, a 2-year investigation of the 2000 election showed that we Americans did not even once hear about the real abuses during that election which were reported in the non-profit BBC (British Broadcasting Corp) but not even mentioned once by any of the media giants in the US (who happened to have contributed to the benefactor of the abuses).
WHAT WE DIDN'T HEAR IS THIS: Many thousands of voters were illegally disqualified for having committed crimes years in the future (2007, 2008, etc.) The vast majority of these disqualified voters were blacks and democrats. When this was reported to the authorities, they simply BLANKED OUT the future dates of crimes so these voters were still disqualified!
Since the abuses took place under the charge of the benefitting candidate's brother and the Supreme Court decision to stop the recount was decided by judges appointed by the benefitting candidate's father, this is much bigger news than the former president trying to weasel out of confessing to a marital affair.
Especially considering that the election was decided by less than 600 votes, the discover of many thousands of illegally disqualified voters based on FUTURE criminal convictions should be discussed and investigated at least as much as the "Monica" story.
Open source is not a panacea for what ails the world. What a voting system needs is a review by qualified people (not just anyone who might take an interest in it). And I mean the whole system, hardware, software, communications. Once a system is approved there needs to be some way to ensure that only approved systems are used in elections. Sorry, a job of this scope requires the government to oversee it.
...understood. Notice the use of "proprietary" and "open" below.
excerpted from:
http://www.banktech.com/story/coverStory/BNK20020
"That, in turn, has been facilitated by a move away from proprietary OS/2-based platforms and toward open Windows NT- and IP-based platforms. Almost all legacy ATMs run on OS/2, explained Dove's Hayes. "IBM is withdrawing support of OS/2. The industry is moving to Windows NT as the new standard for ATMs."
...requires that all the source code in a voting machine be turned over to the state. Although, I doubt we have a team of experts checking it over. It's probably just sitting in a vault somewhere.
But still, with these fancy gui kiosk voting machines, doesn't that mean the state of california should have a copy of the Windoze (CE?) source code?
See CA Code, section 19103
Start Running Better Polls
You forgot the first rule of elections. There is always a Cowboy Neal option.
So. .
The people will be watching closely the left hand of the magician, (misdirection). Maybe there will be some election fraud, maybe there won't be. It doesn't matter, because the people will get their president of choice. --I'm guessing, Democrat, Howard Dean.
Still theorizing here. .
Now some say that Bush need only set another war going during the campaign, and that this will assure his re-election. Maybe. --Thing is, to do so, he'll need to do some very unpopular things. Like recalling tens of thousands of reservists to active duty. --Because the U.S. military is spread very thinly. Or even more un-popularly, calling a Draft. (Collective shudder. Is everybody here over the age of 21? No? I see. Hope all you youngsters like combat boots and DU.)
So maybe this will be enough to piss everybody off. --There's already a scandal brewing on the back-burner about Bush's lying to congress. There's the crappy shape of the economy, thanks to Bush's complete mis-management. And there's the fact that he's an ex-coke head who can't even talk properly without making a hundred and one creepy Freudian slips. (I lost my link, but there are long lists of his verbal screw-ups all over the web. Go look. It's just crazy!)
.
.
.
Of course, if things get really bad, all Bush need do is punch that big red button and call down a state of emergency, and that's the end of the show. Democracy over, bub. Welcome to the new Amerika.
However, this Howard Dean guy. .
Looks bright and new. He's saying all the right things. --While he was governor, he managed to keep Vermont out of deficit while the rest of the country went to shit. He's openly criticizing Bush's stupid war on Iraq, (a war which is getting a couple of kids killed every day. --And those are just the official numbers.) People are losing faith in Bush, and Dean sounds like a good guy. He's also talking about some social welfare reform which all the millions of people too broke to afford medical coverage, might just perk up enough at the sound of to head in droves to try out those new DieBold machines. .
Problem is, Dean is also being backed by the Zionists. (Now, please, moderators, curb your knee-jerk desire to mod me into dust at the first sound of Jewish conspiracy, and at least finish reading this. There's no hate here or Trollish nonsense. Just listen). .
A man named, Steve Grossman, is Howard Dean's head of campaign Fundraising.
What does that mean? I'll tell you:
Steve Grossman was ALSO the president, -not just some pamphleteer, but the president- of one of the most powerful Israeli lobby groups in the entire world, the American Israel Public Affairs Committee (AIPAC).
And, who hires the auditors? Hrm...
Spoon not. Fork, or fork not. There is no spoon.
It doesn't matter, the code will vote for you.
At least I hear that's how it is in Soviet Russia.
________________________________________________
I crochet because I'm lonely; I'm lonely because I crochet.
It doesn't matter that different people are in charge of the network security and the voting system-- the general public's perception is that the whole company looks bad because of something like that. If the company's not hiring competent network admins who can adequately secure their network, how do we know the people creating this secure voting system are not just as deficient in their abilities to to their job?
This is why high-profile individuals lose their jobs with high-profile companies when said individuals get caught doing something wrong. If Company X doesn't rid themselves of Senior VP John Doe when the cops raid an S&M dungeon and catch him chained to the wall in a gimp outfit getting whipped by a dominatrix, public perception would be that Company X condones deviate sexual activity-- an almost certainly wrong perception, but then I never said that the general public isn't a bunch of bloody twits, did I?
Eventually M$ will make M$ElectoralCollege or some program like this and people won't be able to vote because they'll be too busy closing pop-ups the whole time.
_
_______________________________________________
I crochet because I'm lonely; I'm lonely because I crochet.
You need cash register printers.
The spooled paper is easy and convienient -- every cashier knows how to load the paper in correctly (hence, it isn't hard to train on loading). Ribbons? They are like the electronic typewritter ribbons... easy as pie to install new ones. The hardware is durable, not too costly, and quite robust. Furthermore, there is an industry of technicians that can come to a facility in $foo hours to repair the hardware on site. If you have $bar voting machines, and one printer goes down, the $bar-1 machines should do O.K. until the technician arrives on site.
Don't over-tech the problem. Use minimal hardware to print, and use a system that gets abused far more often than a home system. Use a cash register reciept system for printing, and you'll have durable, configurable, simple hardware, and cheap supplies.
(I don't work for a printing company, but I do work weekends supervising the cashiers at a Home Depot).
Support a few technologists in Washington.
It doesn't automatically eliminate fraud, but at very least, I should be given a receipt of my transaction (vote), and a printer ought to be making an archival copy at the same time for recounts.
Imagine if your bank instituted a no-paper-record policy.
What were you expecting?
Internet voting is an intrinsically bad idea.
A secure, private polling location is the only defense against vote coercion.
How secure would a woman's vote be if her husband is standing over her shoulder while she casts her ballot?
Suppose your employer set up a polling station in the office "for the convenience of his employees" and "strongly recommended" that you take advantage of this. Would you feel secure that this "polling station" wasn't recording your keystrokes for the PHB's examination?
Sorry, no. Internet voting cannot be made to work for reasons that are social rather than technological.
Honesty. Loyalty. Kindness. Laughter. Generosity. Magic!
I'm going to be asking my state representatives to allow individuals who decide not to vote on the machines the ability to vote by good old pen and paper.
The pollworker system is actually pretty good. You have two "democrats" and two "republicans" (most of the time that's the case, but independents and other party people can be switch-hitters) and they watch over a particular precinct. The four person design was put in place to count votes when they were pen and paper. (Even in the county I live in, we have machines that count the votes and print the votes on magnetic tape and paper tape. However, votes for write ins are still counted by the pollworkers.)
So individuals who do not trust the machines can just vote pen and paper and let the pollworkers count em. I like that, because I trust the four people who I've seen at my polling station for many years now a lot more than some dingbat company and their closed code.
So, who has an online copy of the source code that Diebold left publicly available? All the mirrors seem to have been taken down since the story originally broke months ago.
The difference is that Moscowitch and HP don't have any interest in our cars crashing and our inkjets substituting words. Rather the contrary. The voting operators and manufacturers, though, might quite well have an interest in "steering" an election.
Regards,
--
*Art
-1 luddite.
Instead of doom and glooming this, why not get active to see a process it put in place so we can trust electronic voting?
The Kruger Dunning explains most post on
IN a surprise electtion a 'Mr. Smith' has one the election for president.
.... to be here... This Freedom, if there is such a thing).. is lke a virus..."
we go love to Presidents Smiths news conference
"People of...America. It sickens me
At that point several shots where fired at are new leader, which he skillfully dodged.
Personally, I welcome are new robot leaders..
The Kruger Dunning explains most post on
The truth is a troll? What he said was a fact -- it was reported on the BBC that republican controled corporation Choicepoint scrubbed tens of thousands of innocent black people and democrats from the voting rolls (acting via Katherin Harris). The US media has said just about nil concerning this even though the NAACP sued the state of Fl based on this info and the state settled out of court! Wake up America.
I don't care because I don't have a right to vote in my country. 30% of us don't have.
Here and here.
I live in North Dakota, and I recently saw an article about how the move toward the Diebold voting machines in the state has been put on hold because of the recent publication regarding the lack of security, etc. I think it's good that states are taking it slow and making sure it's done right, rather than just rolling out the first thing that comes along.
Bravo for Maryland; I think electronic voting systems have the potential to compromise the integrity of our democracy, especially in these sensationalistic times. Folks are always looking for a conspiracy, and politicians love to play up that angle against their opponents ("My opponent answers to big business, not to you").
Can you imagine the hell that would break lose if one of these systems was compromised in such away that a major election was altered? Especially if it came to light after a few years after the fact (e.g. after the wrong president has been in office for two years with two years to go)? The ramifications would be ghastly.
These systems need to be foolproof, but that's not possible in this world. Almost foolproof is attainable, however, and kudos to Maryland for raising the issue. Is this really the naive state who was the first to pass UCITA into law?!? -jm
If SAIC gives it a clean bill of health then I'll KNOW 100% that everything is totally on the level.
I really trust SAIC..
http://slashdot.org/comments.pl?sid=72311&cid=6528 165
;)
on a different article and got no mod points! Grrrrr. You own me karma!
When I saw my response tagged as a Troll, I was pretty shocked myself.
Who knows? Maybe the AC who posted the original message I responded to didn't like what I had to say and was able to mod my post down with his real account.
I'm kinda glad though. It prompted you to post more info regarding this such as the successful NAACP lawsuit, Choicepoint and Katherine Harris.
SAIC! This is some kind of cruel joke.
SAIC made the DNS the shambles it is today.
You could look it up.
SAIC, NSI. What a strange history.
Bill Gates Is My Evil Twin.
There are arguments both ways, but it's not a laydown misere.
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
For the same reason that the code in a radar gun isn't open...
Makes you wonder?
I say we take a vote on this!
I don't see it that way. What is a ballot? A list of names with checkboxes, right? We used to do it on a big sheet of paper, so why do we need a big, fat, bloated computer program to do the same thing?
The way I see it, it's a damn html form (or something like that). Why not do the whole thing in perl and be done with it. Want to check and see if your system is kosher? Easy. Do a diff from the distribution CD. Piece of cake. Hell, I can make something like that in a month or two.
Republicans are idiots.