Slashdot Mirror
Virginia Begins to Worry About Voting Machines
nonsecurity writes "Remember the unheeded stories about possible fraud with new electronic voting machines? Well it seems that someone is finally now taking notice. The Commonwealth of Virginia has been ready to take the leap with electronic voting machines, which many experts say are wide open to potential voting fraud.
Like other jurisdictions, Virginia had been shrugging off the concerns. But the Washington Post is is now reporting that Johns Hopkins Computer Scientists have been studying the issue and have found that the machines might be easily hacked and election result tampering is a very real concern. And apparently Virginia is listening. With next year's elections promising to be full of fireworks, it's good to see that people are finally taking notice of the issue."
The big advantage is that electronic voting will make election fraud, much easier to hide and so, less embarrassing for the free world's leading democracy.
Karma: Bad due to google bombing - Robert Watkins woz 'ere.
Anonymising the data makes it hard to ensure that everyone casts only one vote. Consider Slashdot polls an example.
In an amazing upset, the winner was not even running. It appears that Linus, maker of the well known Linux operating system has won the Presidential election. Of special note is how he received four hundred billion votes...
Why are these machines connected to the outside world? Why can't all the polling locations be on a LAN?
--I'm not talking about dance lessons. I'm talking about putting a brick through the other guy's windshield.-
All voting software and results should be subject to scrutany by the OSS community. All fraud is shallow when subjected to so many eyeballs.
never bring a twinkie to a food fight.
Anonymising the data makes it hard to ensure that everyone casts only one vote. Consider Slashdot polls an example.
There are possible ways around this, based on cryptographical methods. Take a look at this, for example.
Sounds alot like every other voting system.
My experience with poll workers is that they are serious and committed folks. But they are not the most savvy with computers and that may be the biggest security challenge.
Why not just install cheapo receipt printers into the voting machines and keep a paper tally that would be easily verifiable if need be. This would be good for an audit, and a statistically proper number of voting machines could be audited to insure valid electronic reporting. Although crude, a paper record is nice in it's resistance to tampering (at least electronically). At work we've got a dot matrix printer hooked to the door's ID card reader. There ain't no hacking that without physical access.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
India's been using electronic voting since
1 32 01701
years and the next general election will
be all-electronic with 800,000 electronic
voting machines.
http://sify.com/news/politics/fullstory.php?id=
If we truly believe that open-source tends to provide better security, we should be developing open-source voting software. I'm sure it would take a while to get much notice from the government, much less "certification", but we could start a grass-roots campaign for adopting it through, say, universities in student body elections (a target screaming for being hacked) or maybe even local elections.
Jolted Over Electronic Voting
Report's Security Warning Shakes Some States' Trust
By Brigid Schulte
Washington Post Staff Writer
Monday, August 11, 2003; Page A01
The Virginia State Board of Elections had a seemingly simple task before it: Certify an upgrade to the state's electronic voting machines. But with a recent report by Johns Hopkins University computer scientists warning that the system's software could easily be hacked into and election results tampered with, the once perfunctory vote now seemed to carry the weight of democracy and the people's trust along with it.
An outside consultant assured the three-member panel recently that the report was nonsense.
"I hope you're right," Chairman Michael G. Brown said, taking a leap of faith and approving Diebold Election System's upgrades. "Because when they get ready to hang the three of us in effigy, you won't be here."
Since being released two weeks ago, the Hopkins report has sent shock waves across the country. Some states have backed away from purchasing any kind of electronic voting machine, despite a new federal law that has created a gold rush by allocating billions to buy the machines and requiring all states, as well as the District of Columbia, to replace antiquated voting equipment by 2006.
"The rush to buy equipment this year or next year just doesn't make sense to us anymore," said Cory Fong, North Dakota's deputy secretary of state.
Maryland officials, who signed a $55.6 million agreement with Diebold for 11,000 touch-screen voting machines just days before the Hopkins report came out, have asked an international computer security firm to review the system's security. If they don't like what they find, officials have said, the sale will be off.
The report has brought square into the mainstream an obscure but increasingly nasty debate between about 900 computer scientists, who warn that these machines are untrustworthy, and state and local election officials and machine manufacturers, who insist that they are reliable.
"The computer scientists are saying, 'The machinery you vote on is inaccurate and could be threatened; therefore, don't go. Your vote doesn't mean anything,' " said Penelope Bonsall, director of the Office of Election Administration at the Federal Election Commission. "That negative perception takes years to turn around."
Still, even some advocates of the new system are thinking twice. The Leadership Conference on Civil Rights, which pushed for electronic machines to help visually impaired and disabled voters, says the Hopkins report has given them pause. They're calling on President Bush and members of Congress to convene a forum of experts to hash it out. "We have become concerned about these questions of ballot security," said Deputy Director Nancy Zirkin.
Her group and others supported passage of the $3.9 billion Help America Vote Act in November. Of the $1.5 billion appropriated so far to replace old machines, rewrite outdated equipment standards, encourage research to improve technology, train poll workers and update registration lists, about half has been released. And that has all gone toward buying electronic machines, which cost as much as $4,000 a piece.
"These vendors are everywhere," said David Blount, spokesman for Mississippi Secretary of State Eric Clark. "They're besieging everyone."
The remaining money is to be released once an Election Assistance Commission is appointed. By law, the board was to have begun work in February. But the names of the four commissioners, two from each major party, have yet to go to the Senate for confirmation.
The stakes are high. The 2000 Florida presidential election showed the shortcomings of the current system.
A subsequent Cal Tech/MIT report found that of more than 100 million votes cast nationwide, as many as 6 million weren't counted because of registration errors or problems with punch-card and lever machines. One study found that of 800 lever machines tested,
"The 2000 Florida presidential election showed the shortcomings of the current system."
The main shortcoming of the system is that it allowed Florida State Supreme Court justices to try and change the election rules after the election occured, and it allowed lawyers to lie in court in a wasteful attempt to overturn the election.
It works. The only thing we have to accomplish is prevent the sore losers from trying to mess things up.
http://www.scoop.co.nz/mason/stories/HL0308/S00014 .htm
Computer Voting Expert Ousted From Elections Conference
Lynn Landes
freelance journalist
www.EcoTalk.org
Denver CO Aug 1 - Dr. Rebecca Mercuri, a leading expert in voting machine security, had her conference credentials revoked by the president of the International Association of Clerks, Records, Election Officials, and Treasurers (IACREOT), Marianne Rickenbach. The annual IACREOT Conference and Trade Show, which showcases election systems to elections officials, is being held at the Adam's Mark Hotel in Denver all this week.
Mercuri believes that her credentials were revoked because of her position in favor of voter-verified paper ballots for computerized election systems. "I guess in a very troubling way it makes sense that an organization like IACREOT, that supports paperless computerized voting systems, which are secret by their very design, would not want computer experts who disagree with that position at their meetings."
Dr. Mercuri said that her credentials were approved for the first three days of the conference. She attended meetings of other groups and visited the exhibitors hall. But it was only on Thursday as she sat down to attend her first meeting at the IACREOT that President Marianne Rickenbach took Mercuri out of the room and told her that her credentials were being revoked. Rickenbach said that Mercuri had not filled out the forms correctly. Mercuri protested, but was refused reinstatement.
David Chaum, the inventor of eCash and a member of Mercuri's 'voter-verified paper ballot' group, had his credentials revoked on the first day of the conference. On the second day his credentials were partially restored. Chaum was allowed to visit the exhibitors hall, but not attend the IACREOT meetings.
Rickenbach was unavailable for comment as of this report. Mercuri can be reached at the Adam's Mark Hotel through Saturday.
Somebody (cue 200 replies) help me out here: why wouldn't you go open source for something like this? Other than some company with hands in the governer's pockets (and vice versa), I don't know a single good reason to give a private corporation control over the methods used to conduct democratic elections. Hacking and fraud by voters aside, what about fraud by programmers? Debugging tons of code is hard work - stealing an election is just a matter of a couple of "errors" in the right procedure; that 6% difference in a close race (or .2%, as in the last Presidential election) could be made to disappear, with nobody the wiser.
As for paper audits: if the perpetrators are smart, nobody would ever even suspect that we needed to audit an election...
My $.02
Web Design & Software Development
Why do americans have this obsession about making everything more complicated. If you want a reliable solution to a problem use Occams razor. The simplest solution is usualy the best.
Voting on paper is cheap, reliable and it's very difficult to commit fraud, (a large number of people has to be involved), if you set it up right.
The Johns Hopkins study isn't the worst of it. There is apparently a second report by some people who took a more detailed look at how the software stores data. It turns out that the format is MS Access, security is based on obscurity and that audit log entries aren't numbered.
http://www.equalccw.com/voteprar.html has links that go into more detail on this subject.
Cheers,
Coward 132-213
I'm pretty sure the parent of your post meant something similar to this method: you go vote very much the way you do now (by presenting your id and signing a sheet of paper)...then you assign your vote to a number (that is not associated with your name in any record) and you make those numbers public, so that you can check against them.
I agree that a system like thisis a MUST when it comes to verifying electronic voting. My big problem with it is that because of the paper trail, the individual VOTER may trouble.
Consider, we have a secret ballot for a reason--for example, to prevent your boss from pressuring you to vote for a certain candidate at the cost of your job, or to keep the local klansmen from going after folks who dared vote for a black candidate.
Under the current system, only you know who you voted for--you can always lie if pressured by someone to know how you voted. With a public paper trail, people with leverage can demand to know your receipt number, and CONFIRM what you tell them. This is BAD.
What part of "shall not be infringed" is so hard to understand?