Slashdot Mirror
Virginia Begins to Worry About Voting Machines
nonsecurity writes "Remember the unheeded stories about possible fraud with new electronic voting machines? Well it seems that someone is finally now taking notice. The Commonwealth of Virginia has been ready to take the leap with electronic voting machines, which many experts say are wide open to potential voting fraud.
Like other jurisdictions, Virginia had been shrugging off the concerns. But the Washington Post is is now reporting that Johns Hopkins Computer Scientists have been studying the issue and have found that the machines might be easily hacked and election result tampering is a very real concern. And apparently Virginia is listening. With next year's elections promising to be full of fireworks, it's good to see that people are finally taking notice of the issue."
But, it does make for a good story.
Anonymising the data makes it hard to ensure that everyone casts only one vote. Consider Slashdot polls an example.
There are possible ways around this, based on cryptographical methods. Take a look at this, for example.
India's been using electronic voting since
1 32 01701
years and the next general election will
be all-electronic with 800,000 electronic
voting machines.
http://sify.com/news/politics/fullstory.php?id=
Jolted Over Electronic Voting
Report's Security Warning Shakes Some States' Trust
By Brigid Schulte
Washington Post Staff Writer
Monday, August 11, 2003; Page A01
The Virginia State Board of Elections had a seemingly simple task before it: Certify an upgrade to the state's electronic voting machines. But with a recent report by Johns Hopkins University computer scientists warning that the system's software could easily be hacked into and election results tampered with, the once perfunctory vote now seemed to carry the weight of democracy and the people's trust along with it.
An outside consultant assured the three-member panel recently that the report was nonsense.
"I hope you're right," Chairman Michael G. Brown said, taking a leap of faith and approving Diebold Election System's upgrades. "Because when they get ready to hang the three of us in effigy, you won't be here."
Since being released two weeks ago, the Hopkins report has sent shock waves across the country. Some states have backed away from purchasing any kind of electronic voting machine, despite a new federal law that has created a gold rush by allocating billions to buy the machines and requiring all states, as well as the District of Columbia, to replace antiquated voting equipment by 2006.
"The rush to buy equipment this year or next year just doesn't make sense to us anymore," said Cory Fong, North Dakota's deputy secretary of state.
Maryland officials, who signed a $55.6 million agreement with Diebold for 11,000 touch-screen voting machines just days before the Hopkins report came out, have asked an international computer security firm to review the system's security. If they don't like what they find, officials have said, the sale will be off.
The report has brought square into the mainstream an obscure but increasingly nasty debate between about 900 computer scientists, who warn that these machines are untrustworthy, and state and local election officials and machine manufacturers, who insist that they are reliable.
"The computer scientists are saying, 'The machinery you vote on is inaccurate and could be threatened; therefore, don't go. Your vote doesn't mean anything,' " said Penelope Bonsall, director of the Office of Election Administration at the Federal Election Commission. "That negative perception takes years to turn around."
Still, even some advocates of the new system are thinking twice. The Leadership Conference on Civil Rights, which pushed for electronic machines to help visually impaired and disabled voters, says the Hopkins report has given them pause. They're calling on President Bush and members of Congress to convene a forum of experts to hash it out. "We have become concerned about these questions of ballot security," said Deputy Director Nancy Zirkin.
Her group and others supported passage of the $3.9 billion Help America Vote Act in November. Of the $1.5 billion appropriated so far to replace old machines, rewrite outdated equipment standards, encourage research to improve technology, train poll workers and update registration lists, about half has been released. And that has all gone toward buying electronic machines, which cost as much as $4,000 a piece.
"These vendors are everywhere," said David Blount, spokesman for Mississippi Secretary of State Eric Clark. "They're besieging everyone."
The remaining money is to be released once an Election Assistance Commission is appointed. By law, the board was to have begun work in February. But the names of the four commissioners, two from each major party, have yet to go to the Senate for confirmation.
The stakes are high. The 2000 Florida presidential election showed the shortcomings of the current system.
A subsequent Cal Tech/MIT report found that of more than 100 million votes cast nationwide, as many as 6 million weren't counted because of registration errors or problems with punch-card and lever machines. One study found that of 800 lever machines tested,
That is far easier said than done. See, for instance, Bruce Schneier's explanation of why secure electronic voting is a hard problem.
The Johns Hopkins study isn't the worst of it. There is apparently a second report by some people who took a more detailed look at how the software stores data. It turns out that the format is MS Access, security is based on obscurity and that audit log entries aren't numbered.
http://www.equalccw.com/voteprar.html has links that go into more detail on this subject.
Cheers,
Coward 132-213
I did some work in this area a few years ago, and it seems to me that if governments would put the amount of thought into this, that they have put into regulating digital signatures, this would be a non issue.
Another part of the problem lies in the auditing process. There really is no standard, or security regulation of any kind, except for maybe the promise of security by the vendor. No one ever really checks these things for security until it's too late.
This signature has Super Cow Powers
This method works for voter accountibility, but it doesn't work for election accountibility. Who's to say that somewhere along the line, some of those 10,354 votes don't get changed? Someone may suspect that the vote was rigged, so they go back to the ballots and can trace the votes back to a ballot id. How could they ever know if that was a valid ballot or one that was hacked?
Ummm. Are you aware of the fact that over 100,000 voters in Florida had their constitutional right to vote recinded by a Governer who hired a GOP run auditing firm to remove names from the roles?
That prior to the last election, this list was generated for about $80,000 or so, and each county had to individually remove people from the list after verbally affirming they were the right people? i.e. names were only removed after verification?
That the firm hired to remove names this last time was paid over $2,000,000 to remove the names, and the county clerks were told this list was accurate and to remove ALL the names without confirmation?
That this list contained names of people convicted of MISDEMEANERs in texas (Florida only removes the names of convited felons, and only while they are still serving their time or on probation?)
That over 80,000 names are known to have been removed that should not have, and the majority of these were democrats?
We don't have to worry about the machines just yet, as long as Jeb can get away with this and folks like you don't even notice.
But hey, your guy got elected, and that's all that really matters, huh?
http://www.gregpalast.com/
--- It is not the things we do which we regret the most, but the things which we don't do.
you go vote very much the way you do now (by presenting your id and signing a sheet of paper)...
I don't know where you live, but everywhere I've voted in the US, it's gone something like: Show up, tell one of the people overseeing the voting what my name and address are (no ID check). Watch to make sure they cross off the right name on the list (no signing anything). Vote (by whatever method the district uses. I've lived in districts with lever machines, paper ballots, and electronic ballot readers). Tell the person on the other side of the room what my name and address are on the way out (no ID check and no signing anything).
I've been registered and voted in 5 different districts in two states and I've never had my ID checked. In fact when I tried to present it last year they looked at me like I was nuts and told me they don't need to see it...
Two votes instead of one may not be bad, but consider a corrupt official putting in 1000 votes for his favourite candidate.
I have worked as an Chief Election Officer for the past several years and have a few thoughts on our transistion to the new machines.
:)
For those who don't vote in Fairfax county, the machines we have been using in most precincts is the Shouptronic 1242, which was phased out last recently due to new voting regulations that stipulated minimum accessibility requirements (for the visually impaired) that the Shouptronic couldn't meet as well as maintenance issues for the aging machines.
I am certainly wary of the new machines we have coming down for the next election in November, which use the WinVote software and appear physically as large laptops.
The initial checking in of voters won't change the next time around. They will still have to state their name and current address, be assigned a number (for counting purposes, not associative purposes) and be issued a colored state sealed "machine enterance index card" which is relinquished to the officer supervising the machines themselves before they are allowed access to the machine.
The new machines use a phone line (modem) to remit results to the registrar and are portable enough to allow us to physically move the machine to the curb to assist physically-challenged voters (curbside voting law).
The number of conditional paper ballots we'll have to use will be lessened -- a good thing and I see that for the most part it will help in accuracy.
I see problems in a couple of areas however. Most people vote maybe once every one or two years, so their familiarity with the machines wanes over time. Completely change the machine and there will be a lot of people with a bunch of questions and uncertainty, which will initially present an appearance of confusion (and may be enough to get some lawyers on the case if they see an opportinuity). Secondly, with untested technology, it will be difficult to gauge the number of problems with the machine -- misaligned touch screens, software crashes, static discharge, space aliens, seasoned citizens, ingenious fools, etc.
In a month or two I'm going to be going back for training on the new equipment. I also believe for those citizens voting in Fairfax county, the Government Center has a sample machine available for those who want to become familiar with it.
A system for securly transmitting certified results to the county should work well, but I am really concerned with any kind of Internet voting. That's where I believe the greatest potential for fraud exists.
-Crolis
P.S. I got a heck of a lot of comments after 2000, since my first name is "Chad".
Which would have been fine (and was required under the law of the land) were it not for the meddling of Republican Secretary of State (And George W. Bush campaign co-chair) Harris, and Jeb Bush in setting the rules for this purge. The decision to use Soundexes, the decision to purge based on similar names, the decision to ignore middle names completely, the decision on how many points of coincidence, the decision not to include SSN's as matching criteria were required to be considered a match were decisions made by Bush and Harris.
Jeb Bush decided to _ignore_a_Supreme_Court_ruling_ and illegally deny registration to up to 90,000 individuals who had been convicted of felonies out-of-state, and had their voting rights restored in their state of origin before arriving in Florida.
So, yeah, a Democrat may have commissioned ChoicePoint to do the job, but the Republicans set the rules.