Electronic Voting Machine Cracker Challenge

An anonymous reader writes "In the ongoing debate on the security of electronic voting, an Atlanta area programmer has confronted Georgia election officials on the potential for fraud in its statewide electronic voting system. She claims that she can be prepared to crack the system within a week, and officials have accepted the challenge." What makes this even more interesting is that the election officials are encouraging the woman, so that any possible exploit can be found and remedied.

look out...

[worm+eater]

Diebold is gonna bust out some DMCA on her ass if she cracks it...

This is VERY true

[WilliamsDA]

The Diebold system does have major flaws. I was just at the Crypto2003 conference where one of the talks was on the faults in this system. Amongst other things, when they pointed out the major errors in code, the company replied back calling DES (or DSA, I forget) a compression scheme, and they implemented an algorithm from Handbook of Applied Crypto for purposes of encryption with a value listed in the book that says explicitly "Do not use this for cryptographic purposes"

Re:This is VERY true

[cpeikert]

and they implemented an algorithm from Handbook of Applied Crypto for purposes of encryption with a value listed in the book that says explicitly "Do not use this for cryptographic purposes"

It was actually worse than this -- they used a Linear Congruential Generator, which is a very cheap method of generating "random" numbers. Those numbers might work well for simulations, but for cryptography they're totally predictable once you've seen just a couple of output values. Cryptography relies upon the unpredictability of random numbers for security, so LCGs should never be used for that purpose.

Re:This is VERY true

[WilliamsDA]

Right, thanks for jogging my memory. Being up for 20 hours makes me forget stuff :) Anyway, it was a very good, and very funny, presentation. I also rather liked Quisquater's presentation about the stone.

Re:This is VERY true

[Basehart]

They could always hire the spouse of a local priest to pick balls at random out of a bingo machine ;-)

Re:This is VERY true

"They could always hire the spouse of a local priest to pick balls at random out of a bingo machine ;-)"

Perhaps this guys spouse:

http://news.bbc.co.uk/1/hi/world/americas/317702 1. stm

Good riddance, god bothering pervert.

At Least

[dolo666]

This is a change from the Kevin Mitnick days when ppl would be incarcerated for even *thinking* about cracking a gov system.

Mad props to Georgia for being cool about this.

Re:At Least

[rblancarte]

Hell, you would think that Georgia (and any other state) would have a "Hack the System" type contest. Considering what this is being used for, finding and, more importantly, fixing all the flaws should be of high importance.

Re:At Least

[kableh]

Then again... I see this almost as a copout. If government is to be truely transparent, if the encryption scheme is truely unbreakable, then the machine's code should be open source and subject to public scrutiny.

Of course, there is always a large gap between my ideals and reality =D. This just happens to be one instance where I can see how RMS has it right in ways.

Re:At Least

[drinkypoo]

RMS has lots of good ideas. The problem is that he has a tendency to treat all of the ideas as an unbreakable package, which means that people will tend to throw his baby out with his bathwater.

Erk, that just caused me to have a horrible thought, what would his kids be like...

Re:At Least

[rblancarte]

Well, someone has started an open source project on this:
EVM Project
so maybe your are onto something here. I can really see the benefits of this project. Free, open source, anyone can look into the code and see the problems and fix them. It is a solid idea.

Re:At Least

[ajs318]

"Throwing out the baby with the bathwater" takes on an altogether nastier significance when you come to realise that the baby is already dead -- and it was probably the minging bathwater that killed it .....

Re:At Least

[cpeterso]

no, CYA is more important to gub'mint officials than finding the flaws.

Re:At Least

[sapped]

Hell, you would think that Georgia (and any other state) would have a "Hack the System" type contest.

This is what they were planning on before this woman came and upset their plans. The "Hack the System" contest was scheduled for... let's check the calendar here...hmm found it, next election date. Yes, that's the "Hack the System" date.

Awful Wise of Them

[TexVex]

So, who wants to make book on whether or not she cracks it?

Re:Awful Wise of Them

[worm+eater]

He put the odds of corrupting the software undetected at 1 billion to one. I'll put $50 on it.

Encouraging a women in Georgia?

[secondsun]

What makes this even more interesting is that the election officials are encouraging the woman...

Instead of slapping her and saying "Get me another beer" like most of my fellow Georgians are inclined to to? (or most companies are inclined to do when you ask to crack their software).

SCO Voting

[McBride,+Darl]

SCO's Intellectual Property and Trade Secrets are embedded within the Georgia voting system, and my lawyers assure me that this programmer will be vehemently prosecuted under the full extent of Georgia Law if this "crack" attempt is successful.

Looks like Georgia's gonna learn the hard way

[Surak]

...that there is no such thing as an uncrackable computer system. At least if this woman and her associates have all the m4d l33t sk1llz they're claiming. :)

The Plan

[imbaczek]

1. Accept the challenge.
2. Make her win.
3. Fix holes.
4. Put her to jail on DMCA basis, or Patriot Act, or for desire to live and love for the country, or whatever.
5. ???
6. PROFIT!!!

(Hope #4 won't happen.)

Re:The Plan

you sir are a fag.

Re:The Plan

[stevey]

2. Make her win. I spot a flaw .. women can't program ;)

Re:The Plan

[usotsuki]

Oh?

You know COBOL was designed by a woman ("Amazing" Grace Hopper, IIRC)

-uso.

Re:The Plan

maybe he was joking, moron

Re:The Plan

It shows...

Re:The Plan

[dglaude]

1. Accept the challenge. 2. Learn from her how to hack. 3. Make sure she does not reveal anything to anybody else and pretend she found nothing and it was an accident. 4. Win the election (for ever) 5. PROFIT!!!

Re:The Plan

Step 3 is redundant.

Re:The Plan

[thynk]

You know COBOL was designed by a woman

I've known a few good women programmers, however, saying that a woman designed COBAL really doesn't say much for the cause.

To be fair, I'll entertain arguments that COBAL isn't the OS/2 of the programming world, but only if the comments are printed on $100.00 bills and left under my keyboard.

Re:The Plan

(Hope #4 won't happen.)

It never does happen.

Sort of like this joke becoming funny again.

Reasoning?

[Meffan]

Moreover, they said, paper ballots can be tampered with more easily than electronic ones, and they're harder to tabulate.

Sorry, don't believe that. A few locations in memory are easier to change than thousands of paper ballots. Hanging chads notwithstanding...

Nice comeback at the end -
Asked Williams, the computer security expert: "Are you saying there's no such thing as a secure and accurate computer? Do you fly on airplanes?"

I think I'd counter that by asking if he knew of any airplane where all members of the general public were allowed access to the terminals used by the pilots? And if so - does he fly with them?

Re:Reasoning?

Asked Williams, the computer security expert: "Are you saying there's no such thing as a secure and accurate computer? Do you fly on airplanes?"

Maybe no one has pointed this out to Williams, but pilots are still trained to fly by instrumentation for this very reason; the computers are not completely reliable and the plane has to be safe even if the computer crashes.

Even NASA have procedures for restarting flight computers for crying out loud!

Re:Reasoning?

[ant_slayer]

Moreover, they said, paper ballots can be tampered with more easily than electronic ones, and they're harder to tabulate.

Sorry, don't believe that. A few locations in memory are easier to change than thousands of paper ballots. Hanging chads notwithstanding...

Interestingly enough, I was challenged on the idea of electronic cash when I was making a very similar argument. After researching some of the various cryptographic schemes for electronic cash, I came to the conclusion that if some of them were implemented in a fashion that remained true to the mathematics, it would actually be impossible to undetectably alter all those cute little bits.

The idea is this: sure, someone could change bits, but the system would know if those bits were changed. The protocol can be designed in such a way as to reliably detect any tampering, and even preserve anonymity. It is possible, for example, to determine that one person voted twice with mathematical certainty, discount the earliest vote, and yet keep the identity of the illegal voter secret.

Pick up a copy of Bruce Scheiner's "Applied Cryptography" and read through the sections on cryptographically secure voting protocols. They exist and are in use in different arenas. The cool part is that, even if you *could* alter bits in some machine somewhere, depending on which protocol is chosen, it wouldn't help you any.

-Josh O-

Re:Reasoning?

[doorbot.com]

Sorry, don't believe that. A few locations in memory are easier to change than thousands of paper ballots. Hanging chads notwithstanding...

Well here in San Francisco, quite a few boxes of ballots regarding the 49ers new stadium ended up in the Pacific Ocean. While electronic voting definitely has it's potentials for misuse and voter fraud, there are a variety of other tactics available to criminals.

With that said, I do believe an open system, with a yearly code review (by different programmers each year) would be prudent.

Re:Reasoning?

[danila]

Sorry, don't believe that. A few locations in memory are easier to change than thousands of paper ballots. Hanging chads notwithstanding...

Depends on your definition of "easy to tamper with". Apparently, it's easier to change a single paper ballot than a single electronic ballot, but once you can change one electronic ballot, you probably can just as easily change them all, which is not true for paper.

So while the expected number of tampered ballots might be similar (I am not saying it is), electronic machines are more risky. The question is whether it's compensated with cost-savings and may be somewhat lower expected number of tamperings.

Re:Reasoning?

[Catbeller]

Here's the thing. How do you - at the time of the vote -- know what is actually running behind the pretty GUI?

The vendor could claim to do everything the objectors are suggesting they do. So? Are you going to run second by second checks on the servers yourself? On the clients?

It was shown that Diebold was applying "patches" to the code in one election hours before the system went live. HOW can anyone possibly know what are in Diebold's patches? Diebold considers it all their intellectual property. They consider the data of the voting results themselves their IP! They won't let an independent auditor check either the system or the data! And commercial law backs them up!

Open source won't work. They can change the code and compile and patch a cheat and no one could ever know -- by law.

And even if they dropped all IP nonsense and let everyone look at the process, even during realtime execution, who do you think is going to monitor the process? With what manpower and money? You think PAPER was expensive?

Let's face it. A computer based system is hackable. The company making it is Republican. They won't let anyone look at the system. There is infinite motivation to cheat -- trillions of dollars are at stake. Human nature dictates that they are enabling future cheats, if they aren't cheating now. We are facing a hijacking of participatory democracy, made possible by ignorance of the majority of citizens about comp sci, and by the overconfidence of comp sci people.

Why electronic voting ?

[Krapangor]

I most European countries people use pen & paper voting.
And unlike the US there was never a Florida voting scam.
And paper is much more immune to fraud: the election sheets are stored for a certain time, so any questions and be sorted out by a recount without any paper pebbles dropping from the holes. And if a fraudelent government wants to pull off a voting scam they have either to forge election sheets, which would be noted afterwards, or they have to destroy sheets, which would be noted, too.

So why use a high-tech solution which isn't immune to fraud and other problems instead of a low-tech solution which hasn't these problems ?

Re:Why electronic voting ?

Most European countries are also a lot smaller than the USA. It is probably a lot more feasable in the former than in the latter.

Re:Why electronic voting ?

Because Diebold wouldn't get paid millions of dollars every decade for the next millenia if the states chose to use good old fashioned paper and pencil.

We can't have that now, can we?

Re:Why electronic voting ?

The total population of the European Union is larger than that of the United States of America, so clearly that cannot be true.

Re:Why electronic voting ?

[shepd]

>The total population of the European Union is larger than that of the United States of America, so clearly that cannot be true.

Does everyone in the entire EU vote for a new president/prime minister/leader at the exact same time?

Re:Why electronic voting ?

[gilroy]

Blockquoth the poster:

And unlike the US there was never a Florida voting scam.

While as disgusted by the whole Florida debacle as any freedom-loving person would be, I have to say: Until the last presidential election, the US hadn't had a Florida-sized failure, either. In other words, Europe might be doing it right or they might have just been luckier.

Re:Why electronic voting ?

[gl4ss]

no.

doesn't really matter either.

does it matter if it is succsefully done in a population of 10 million or 100million? it scales pretty consistently(the voting system), unless you want to outsource it to someone who will do it most cheapest(and so don't have to rely on volunteers and activists doing the grunt work, using a system like the system in florida is just laziness or lack of effort, or the determination to have both.)

if a system is good enough to get election night returns on population of 25 million voters it is good enough for 100 million easily(all that changes to bigger is the place and effort for combining the informtion from poll points, as the voters per poll point should stay almost the same and the votes to count per counter should stay the same as well).

you don't have to use paper, pen and a courier to send the results just because the actual vote giving isn't pressing a button, actually pressing a button would be pretty stupid way of handling it because it leaves no physical evidence of the vote should somebody challange the counting. i'd bet apart from writing the number and someone reading it for counting the system is pretty much electronical in any european country too.

Re:Why electronic voting ?

[rusty0101]

While I agree that there are flaws with going to an electronic ballot, there are several advantages over paper ballots.

As an example I live in a voting district that Senetor Wellstone represented. As a result of his plane crash and death two weeks before the general election Voting involved suplementary ballots for the senate seat he had been running for. The paper ballots had already been printed as the normal date for candidates to declare had already passed. Suplementary ballots had to be printed when Mondale ran as the party candidate replacement for Wellstone.

An electronic voting system would have mearly required a change to the template each voting machine used for the election.

Other advantages include faster reporting of vote counts. Though this can normaly be handled by an electronic counter for paper ballots (using the filled oval method)

One method of making a paper count possible with an electronic ballot system would be to print a paper copy of the selections made by the voter, and have the voter initial that the copy is what they chose, which then gets filed. It could be as simple as a table of offices with the selected candidate. A large number of ballots with the same initials would be a flag for concern as it may show an election official is not following the accepted procedure. Initials would not be generally traceable back to the person who made that mark.

A series of numbers at the top or bottom of the page, or as an additional table entry would provide a machine readable version of the selection. I don't know of any election official who would relish the thought of going through 10,000 or 100,000 (or more) ballots and reading off each name.

Then again, that's just my view.

-Rusty

Re:Why electronic voting ?

[delphi125]

>Does everyone in the entire EU vote for a new president/prime minister/leader at the exact same time? To the second? or to the femtosecond? Seriously: many countries in the EU are significantly bigger than Florida - where I doubt the voting times were the same as say New Hampshire, or California. And the system in the US is based on this last item, as everyone is well aware.

Re:Why electronic voting ?

[tsa]

Maybe a voting machine that produces a roll of paper with all the votes written on it close to each other (like the machines they use in stores, which I don't know the English name for, but you get a small paper receipt that shows how much you paid) is in order. The counting of the votes goes very quickly with the computer and in case of doubt there is this long slip of paper that is difficult to tamper with if the right ink is used.

Re:Why electronic voting ?

[imsabbel]

Here in germany, the votes are counted in small "wahlbezirken", each of them with a few 1000 votes. The results are transmitted to a central station, the papers are secured.
At the last election, 30+million people voted. After 3 hours, the results were aproximated +-2%, after 7hours the official end result was presented.

Re:Why electronic voting ?

[Anguo]

Does everyone in the entire EU vote for a new president/prime minister/leader at the exact same time?

Well, we do have European elections at the same time, to elect our MEPs.

In any case, there are maybe more people voting in the USA than in any EU country, but there are also much more people available to count the votes...

Re:Why electronic voting ?

[The+Limp+Devil]

And several European countries consider electronic voting and have had field tests already.

Re:Why electronic voting ?

[Austerity+Empowers]

The words you're looking for are "cash register", and I think this is a good idea. Better, if before leaving the voting booth you can verify that what is on that piece of paper reflects what you voted for. Keep it behind a pane of glass so that one can't actually MARK it, but at least see it.

I'd feel more comfortable about electronic ballots if I knew there was a paper trail. No one will ever convince me that any electronic system is secure and unhackable, it's too easy to twiddle some bits. I'd feel better if both an electronic and a paper system where used together.

Re:Why electronic voting ?

[TheLink]

Uh, why not just have an announcement that a candidate is dead?

If people still insist on voting for someone who is dead, let em.

Re:Why electronic voting ?

[drinkypoo]

However what you are ignoring is that there were TWO Florida issues which caused the whole thing to be classified as a "scam" and even "debacle" - Not only were the ballots (deliberately?) confusing, but then when the vaunted recount was being done, it was illegally stopped by a relative of the candidate in question.

Using an electronic system would have made a recount unnecessary, but the question is, can you stuff it? I think it's clear that the system must be free and open source software in order to ensure openness. While that has not worked for other software in the past, I think the intense scrutiny likely to follow such a release would ensure the highest possible level of security. Besides, it's not like voting is complicated. Writing the code to reasonably authenticate someone is a zillion times harder than the actual voting mechanism :P

Re:Why electronic voting ?

[tsa]

Thanks for improving my English. What I forgot to write (but most people will see that right away) is that this system is difficult to tamper with because all votes are on the same piece of paper so no votes can be easily added or removed.

Re:Why electronic voting ?

[ceejayoz]

Read his post again, slowly.

Suplementary ballots had to be printed when Mondale ran as the party candidate replacement for Wellstone.

They needed to replace the dead guy's name with the new candidate, not just remove him from the ballot.

Re:Why electronic voting ?

[dsnowak]

Ever looked at a ballot for a U.S. general election? We don't just vote for President and Congressman in an election. Depending on the timetable for the state in question, on a general election ballot, an American is often voting for President, Congressional Representative, and Senator on the Federal level; Governor, Lieutenant Governor, Attorney General, Secretary of the State, Agriculture Commissioner, State Treasurer, State Supreme Court Justices, State Delegate and State Senator on the state level; Mayor, Councilman, County Commissioner, Sherriff, Tax Assessor, County Clerk, Prosecutor, Circuit Court Judge, Magistrate, School Board, Dog Catcher, and who knows what else on the municipal level.

In short, tabulating paper ballots with all those offices on them would be a nightmare. Using a seperate ballot for each office whould be a logisitical nightmare at the polls and could cause mass confusion. America went to automated systems because it was the most efficient way to handle an election where they are often over 20 offices that people must cast ballots for. For an election where all you have to decide is your MP and maybe a preferred party, pen and paper are fine.

Re:Why electronic voting ?

I live in Leon County, the capital county of Florida, and the epicenter of the last big (thank you California) voting scam.

In our county, we use paper ballots which are scanned by an optical scanning system. As far as I can tell, it's the current appropriate technology for this function.

Here are the positives:

1. You only require one (or a few for a big precinct) piece of equipment per polling place instead of a computer for each voting booth.

2. When the votes are entered into the optical scanner (by the voter) any entry errors are immediately recognized and the ballot is rejected. The poll worker can destroy the error ballot and provide a new blank ballot to the voter if they want to try again. There is NO problem with partially marked ballots.

3. There is an acceptable audit trail available for post election research, verification, audits, etc. An earlier poster suggested that paper ballots were easy to screw with, but another poster pointed out that screwing with an electronic file only takes a few lines of scripting.

So in my county (and total admiration to our Supervisor of Elections, Ion Sancho -- http://www.co.leon.fl.us/elect/bio.htm, we didn't have any problems with our count during that pesky election. Our election went smoothly, and the recount was exactly the same as the initial count.

The State of Florida has certified the Sequoia Eagle (http://www.sequoiavote.com/productguide.php?produ ct=EAGLE&type=Introduction) system which is what we have been using here.

I encourage the woman refered to in the original post to blog her progress and to seek and accept help from the larger world. I consider finding flaws in the touch screen election system as a open source project or perhaps even a contest with a cash prize (no...I'm not stepping up to offer such a prize.

Re:Why electronic voting ?

[grimarr]

They needed to replace the dead guy's name with the new candidate, not just remove him from the ballot.

Yes, that was the reason. "They" was the political party Wellstone was in. (I don't remember which it was.)

Which is a total crock. There's no reason a party should consider it manditory that they have a candidate on the ballot, and get special consideration if something happens to their choice.
Individuals run for office; if one of them dies before the election, or goes to jail, or something else befalls him, people should choose from the remaining candidates. The idea that people are voting for "A Democrat", and if the one on the ballot can't serve for some reason, the Democratic party can pick another person to take his place, is completely wrong.

Naturally, the politicians who decide these things disagree.

Re:Why electronic voting ?

[Tony-A]

The problem is that the sequence of votes is in exactly the same order as the sequence of voters.

Re:Why electronic voting ?

[NortWind]

In short, tabulating paper ballots with all those offices on them would be a nightmare.

Unless you used a scanning machine to tally the votes. Then it woud be really easy, fast, and economical, while preserving the benefits of a physical paper trail.

Re:Why electronic voting ?

[shepd]

>i'd bet apart from writing the number and someone reading it for counting the system is pretty much electronical in any european country too.

If Canada does anything like Europe, the votes are not only written by hand (put an X in the box for the party you are voting for), but also tallied by hand*. After being tallied by hand, the results are reported, IIRC, by courier to another larger station where they are counted "electronically" (ie: Totals entered into a computer) officially.

Things have worked well in elections here -- considering how little I ever hear of fraudulent election results, perhaps we'd be a good country to model?

* Note this comes from a teacher 10 years ago, things may have changed since then.

Re:Why electronic voting ?

[shis-ka-bob]

You are completely right. Besides, the size of the population doesn't really matter, as long as the number of vote counters scales with the population.

What does matter is the complexity of each ballot. We, in the US, have long complex ballots that contain votes for many elections (President to local dog catcher) and various propositions. Even California's governor's recall vote has a referendum tacked on to it.

Under these conditions, paper is a pain. You need to print different ballots for each city or town. This also gives rise to the disgracefull differences in voting accuracy between districts - it seems that wealthy districts can affort more accurate equiptment, so a larger fraction of the votes are counted. Sadly, this means that you really can buy votes - at least statistically speaking. Rant aside, the complexity of our ballots makes electronic voting attractive.

Re:Why electronic voting ?

[shepd]

>To the second? or to the femtosecond?

YES. If you want to be so picky, I can join in too: The vote isn't official until someone is elected. This happens instantly as soon as the last vote is added to the system.

HTH.

Re:Why electronic voting ?

[gl4ss]

yeah that's exactly how they're done afaik here.

and works excellently.

Re:Why electronic voting ?

Is changing an election law after an election to change the outcome illegal? I'm pretty sure it is.

Re:Why electronic voting ?

[dglaude]

Belgian is the worst of all... Spontaneous Bit Inversion change the result of the election. Feel free to join PourEVA association.

Re:Why electronic voting ?

[NicM]

> Other advantages include faster reporting of vote counts.

I don't understand how speed of reporting is even an issue.

In most cases you are voting the guy in for a few years, what does a day or so of vote-counting matter? After all, the result should be the same.

Re:Why electronic voting ?

[EvanED]

Which is why you don't actually have a long strip, but you do still print out a paper ballot which you hand into a box just like today.

Re:Why electronic voting ?

if a fraudelent government wants to pull off a voting scam they have either to forge election sheets, which would be noted afterwards, or they have to destroy sheets, which would be noted, too.

HOW will it be noted? Fraudulent governments the world over have been doing exactly these two things for decades. From "machine" run cities and states in the US to various banana republics around the Third World, the dead vote, paper burns, and ballot boxes are emptied. If the audit mechanisms of the election can be corrupted, they have been (or will be).

Yes, high-tech solutions have their own sets of issues. Auditing a purely digital vote is not easy. It is a difficult technical and social problem. What it may buy you is improved time-to-tabulation and increased accuracy (selecting a picture of the candidate is surer than poking a hole in a butterfly ballot).

The question should be "are these improvements worth the price", not "why use a high-tech solution when a low-tech one exists".

Re:Why electronic voting ?

[staev]

My friend in Sweden confirms that most European countries use paper ballots. What's interesting is that each party can stand outside a polling venue and distribute pre-filled ballots; which are counted the same as "regular" ballots.

What REALLY floored me was the fact that even though he is an American citizen (FORN), he is allowed to vote in local elections. Guess they figure if you're there legally, you have a right to participate in how your city's run.

It's a win-win (then lose) situation!

[Phantasmo]

She cracks it, reveals the expoit to them, they thank her, put fixing it on a "to do list", then knock her into prison with the mighty DMCA!

I can already hear the local news station:
"Computer hackers are trying to steal your votes! Politicans are asking that if you know ANYONE who both likes computers and is interested in voting that you report them to the police immediately. Film at eleven."

Re:It's a win-win (then lose) situation!

[mrseigen]

They should just turn in all the people who are interested in voting, that way they'd get rid of all the voting-interested terrorists as well!

doh

God, this is stupid....

Instead of doing such a media hype just open the source code for the public and let about 10'000 people have a look at it.

Idiots.

Re:doh

They did, by accident, months ago, by having the full source code (tar of the CVS repository, actually!) available on an open FTP site.

Whoops!

I browsed through it myself a while ago, the smartcard portion was epecially weak -- it'd take two minutes to write an "Administrator" card (passwords and card-reader keys were in plaintext in the code!) that'd allow all sorts of goofiness.

Re:doh

[Slack3r78]

I'm glad someone else brought this up so I didn't have to. If there was ever an application that needed to be open source, this is it. There's simply too much at stake and too much of a chance for shady manipulation if our voting system was to suddenly become a mystical blackbox where no one really knew what was going on inside.

The only way to disprove any kind of impropriety in an electronic voting system would be to make the internal workings freely viewable to anyone, anywhere. Not only would there be concerned "Citzen Hackers" checking the code, but I'm sure it'd open up a whole field of university level research. And honestly, I'd far rather my tax dollars go to research grants where an open system can be checked and improved than to a private company which may or may not have an agenda that I don't know about.

Re:doh

[EvilSporkMan]

Who says the code they show us is the code that's running on the voting machines?

Re:doh

[Verteiron]

Yes, because to compound this, you just KNOW that the media is going to be doing a follow-up at the end of the week's time. If she hasn't cracked it in a week, the media will rave about how secure the system must be, etc etc etc. If she cracks it the next day after that, we won't hear a peep about it.

Not that this whole deal is going to make the slightest bit of difference; if she does crack it, the people behind the system will just say "Well, that's irrelevant, because in the real world, a person wouldn't be able to do X".

Re:doh

[HBI]

I haven't agreed with someone so much in ages. You are dead on. If there were only one valid use for OSS, this would be it.

(Obviously there is more than one)

Re:doh

[Whitehawke]

While I agree that the voting code should be open source, I'm bothered by a couple of things....

1) How do you make sure that the binary in the machine actually came from the code that was open sourced?

2) How do you ensure that the particular instance of the compiler that was used to generate the binary had not been modded to insert trojans into its output?

3) If you answer the above questions with "use checksums", then how do you know that the program generating the checksums has not been tampered with?

4) And so on, ad infinitum.

David Storrs

Re:doh

[Igneous]

Even if the source code was freely available for public inspection (and somehow deemed to be acceptable), can the public be sure it's the same code that is actually running each and every voting machine during an election?

Ensuring bug- and tamper-free code is just one of the many tasks required to verify the integrity of such a system.

Re:doh

[ajs318]

Old problem. Been solved elsewhere. Was Ritchie, or Thompson, or Kernighan ..... nah, probably not him ..... one of the other two. Something to do with writing your own C interpreter in assembler, interpreting the compilation of the compiler and then you know you have a clean compiler {having scrupulously inspected its source for code-alteration shenanigans} that you know won't put extra code into your programs. Then you know that anything you compiled with that compiler will do exactly what the source code says it should do. Unfortunately you don't know for certain that the processor manufacturer hasn't put malicious code-altering code into their own assembly language .....

The upshot of it is, you can never be absolutely certain. But there are things you can do to make it less likely to be tamperable. For instance, separate program and data memory {hah! make the bitch write an emulator!}, and only use program-memory devices of a limited capacity {not much room for extra code in there anyway}.

The nearest to truly tamper-proof voting would be a system whereby the machinery is proportioned on a sufficiently large scale, and the entire process moves slowly enough, so that every detail can be seen by a trusted human observer without the use of any special instruments. And that is why, in this country, we do it that way .....

Re:doh

[Tony-A]

Old problem. Been solved elsewhere.

Actually it has.
Where does the Secret Service buy food for the president and his entourage?
Same places you and I do, but they are unpredictable and are not repeat customers.

Here is a special compiler just for compiling your voting software.
Here is a stock compiler from a semi-stale RedHat box.

prove

[Gorny]

Please will at least everyone keep in mind that when she wont succeed in cracking the machine that doesn't prove it's security.

You can't prove a product is secure, only showing that it's insecure...

Re:prove

[alfredo]

It's going to be her and several other programmers. they have had the source code for months, and know what the problem is. the machines run windows and Access.

blackbox Voting

Re:prove

...same thing with proving that software has no bugs. Wasn't it Dijkstra that came up with that saying?

Re:prove

[GoofyBoy]

I don't get the point of this either.

She cracks it, they fix it and then declare its all fixed now.

She doesn't crack it, they declare its ok.

Even if she does crack it, they can just claim that they did detect it ("its super-duper-secret code, too bad you tripped it") and call her attempt a failure.

This doesn't look like a serious test, but a media relations stunt.

Re:prove

[eyeye]

OMG Access?
That piece of shit can't be relied on to keep accurate data even if its NOT being hacked.

Re:prove

[Gorny]

What if no-one finds a flaw? Everybody claims (or at least the dudes who've created the machine) the voting mechanism is secure. But you cant say that. The only thing you can conclude is that there were no flaws found.

If someone would find a flaw he/she would have showed an absence of security in the product. But when he/she didn't find flaws that doesnt necessarily mean the product is secure.

Re:prove

[mhotas]

One possible exploit is not the same as any possible exploit. Paraphrasing Einstein: No number of experiments will ever prove me right; it will take only one to prove me wrong.

Unrealistic trial

[blair1q]

One cracker?

Try everyone in the state if you want a real test.

Re:Unrealistic trial

[Vargasan]

I don't think even 1/2 of Georgia state can use a computer, much less be a cracker.

Try 5-10% of the state.

Re:Unrealistic trial

[myyrk]

I don't think even 1/2 of Georgia state can use a computer, much less be a cracker.

Thats where your wrong, because they are all crackers.

Re:Unrealistic trial

[mikewolf]

i think 5-10% might be a little high...

Georgia has about 8.5 million people. [http://www.areaconnect.com/population.htm?s=GA]


Do you really think that there are 850,000 capable of cracking a system like this in Georgia?????

Re:Unrealistic trial

[Vargasan]

425,000 - 850,000 crackers is a little more realistic than 8,500,000 crackers, I say.

and to myyrk:
"Crackahs!" or "Crackers"?

The Odds

[CGP314]

He put the odds of corrupting the software undetected at 1 billion to one.

If you make a statement like that you are asking for trouble. It's like walking into a bar and saying 'No one here could win in a fight with me.'

Re:The Odds

[SuiteSisterMary]

I think it's Australia, especially the rural/outback areas, where if, in a bar, you empty your glass, turn it over, and thunk it down on the bar/your table, that's *exactly* what you're saying.

Re:The Odds

[SoftwareTechie]

He probably means that they are using something like a 30 bit hash. If so then the odds of changing the binary without changing the hash are about 1 billion to 1.

Re:The Odds

[Alsee]

He put the odds of corrupting the software undetected at 1 billion to one.

I'll take a shot at it. Put me down for one dollar.

-

Re:The Odds

[NortWind]

He probably means that they are using something like a 30 bit hash. If so then the odds of changing the binary without changing the hash are about 1 billion to 1.

Unless you happen to corrupt the part that calculates the hash! ;-p

Re:The Odds

I COULD WIN A FIGHT WITH YOU, ya freaking bozo!!!!!!! Bring em on!!!!! Bring em on!!!! Bring em on!!!!!

Re:The Odds

[EvanED]

"'The chance that a HPHTP pipe will burst is 10^-7.' You can't estimate things like that; a probability of one 1 10,000,000 is almost impossible to estimate."
-Richard Feynman, _What Do You Care What Other People Think_, p. 183

Incidentally, this "1 billion to one" sounds like it could be similar to the whole discrepancy between what engineers thought the odds of a Space Shuttle disaster was (ranging from 100:1 to 300:1) and what management thought the odds of a Space Shuttle disaster was (100,000:1).

I wonder if the programmers of Diabold are sitting around knowing the probability is 100:1 here and are not saying anything.

Why not open the challenge to all?

[mikeophile]

If I was to don the tinfoil hat for a bit, I'd say the only reason the dare was so readily accepted by election officials was to stage the illusion of security and uncrackability.

Of course, this is assuming Ms Jekot fails to find weaknesses in the voting system.

Even if she does find exploitable flaws, will she find all of them? Probably not, in my opinion.

Am I being cynical and paranoid? Hell yes.

Re:Why not open the challenge to all?

[Wizzy+Wig]

If I was to don the tinfoil hat for a bit, I'd say the only reason the dare was so readily accepted by election officials was to stage the illusion of security and uncrackability."

Good point... no tin foil necessary. An authorized hack is, by definition, not a hack at all. It's a system test.

Re:Why not open the challenge to all?

No, if you were to actually don a TFH(tm) you would realize they are only making sure those *other* illregularities can't be uncovered.

Jeeze, what kind of TFH(tm) club member are you, anyways?

Awful TRICKY of Them

[The+Monster]

So, who wants to make book on whether or not she cracks it?

Define 'crack':

Brit Williams . . . put the odds of corrupting the software undetected at 1 billion to one.

If she isn't detected, then how do we know she cracked it? Does she have to make the number of votes for each candidate end in 1,337 to prove she cracked it? No, that would be detected

Re:Awful TRICKY of Them

[Tyrdium]

Brit Williams . . . put the odds of corrupting the software undetected at 1 billion to one.

You don't need to change the software to prove that it's insecure, just the data...

Re:Awful TRICKY of Them

[Zardoz44]

From the context I assume that undetected is used in the sense that this is a live system and people are already voting with it. The goal of a hacker after this system goes live is to change the vote numbers without being detected to make their candidate win. If the intrusion is detected the election results wont be considered valid.

So if she breaks into the system and changes a few things, they would presumably have a backup that they could compare with that wouldn't be the case in a real election.

The article mentions this:

and declares she can put an unauthorized vote anywhere she wants.

Re:Awful TRICKY of Them

What they mean is that they would be able to look at the system after she has had it and then figure out whether or not every vote was a valid one. They gave her the equipment to work with so she will be able to add authorized votes and unauthorized ones. Only she will know which are the unathorized ones. The state will then examine the system to determine if they can detect whether any of the votes are unauthorized. Presumably each vote is digitally signed in such a way that the state feels that she will not be able to duplicate the signature. Then after the state determines which votes were unauthorized she'll turn around and tell them if they erroneously counted invalid votes as valid ones. Presumably because she figured out how to duplicate the digital signatures. Then she'll show them how she did it and why they weren't able to detect them.

Re:Awful TRICKY of Them

[BooRadley]

I live in the district where this is taking place. Last year, Georgia got its first Republican governor since Reconstruction, along with many, many Republican upsets over Democratic front-runners. The Diebold machines recorded votes that mismatched pre and post-election polling by large percentages.

I would love to see some sort of accountability for these damned things, besides some independent "hacker" trying to break into one. What is needed is a redesign that provides an unalterable record of each vote, along with transparency in the system itself. I'm afraid this challenge is only going to reinforce the system already in place.

Re:Awful TRICKY of Them

Not to mention that when the first articles pointing to "irregularities" with the Diebold system in GA appeared, they included the description of Diebold's publicly accessable ftp server, complete with a list of "patched" versions of the Diebold/Wince software that were found on it, some apparently tailored to states and different from the software shipped on the machines. The file believed intended for Georgia was called Rob-GA-(serialnumberstring) --probably more a description of what the software was designed to do than a indicator for whom it was intended.

The vote, as delivered by Diebold, was "off" the tracking poll data by a factor of ~10 times the divergence usually seen between tracking polls and the final tally.

Vote fraud just got Digital and privatized, baby.

(then lose (then win again)))

[rde]

I'll probably turn out okay for her. Remember: the last time anyone was found to have rigged an election, you made him president.

Re:(then lose (then win again)))

[AntiOrganic]

I sure didn't make him President.

Be interesting to see

[jamesjw]

It'll be interesting to see what kind of feedback this generates, I mean, if the cantidates dont like their outcome in future elections they can say "Well, a hacker musta changed my tally"

While i'm sure the intentions are good, i'm just a little unsure about what kind of picture this paints, especially with the DMCA in the US, legally shaky? maybe..

-- Jim.

Who do you trust?

[Herrieman]

Although it's good to have an independant security audit of the hardware/software, it's still a far cry from what I would call development of a secure system.

Did an independant auditor (or security specialist) audit the design - both hardware and software - from a security point of view? Where there independant audits/reviews of the coding or assembly of the hardware? Can you trust the developers or factory workers? Who is monitoring the deployment, development, good working, ...? What are the logging/auding possibilities? How secure is the data transmitted? How secure is that data stored?

Who will monitor the people who are in charge of the system?

Ultimately, you have to trust someone. And putting trust in the wrong kind of people is the biggest security risk there is ...

Way to go Roxanne and Georgia ...!

[OldHawk777]

Bravo Roxanne - Technology and Cultural Wisdom and Enlightenment being displayed in a Southern State "Georgia". Dang, what in the world will happen in Mississippi and/or Alabama next. I may just move back down south when I retire, maybe they ain't the evil dumb (white and black) bigots I remember from my childhood anymore.
That this forward thinking behavior is happening in the USA is a surprise, but that it is happening in a Southern State (not at fed-level), a Woman made the challenge, and a predominantly white male group of state employees and politicians accepted the challenge. I mean "HOLY-SHIT" something big has changed about Southern Culture over the last 30 years.
This "Challenge and Acceptance" is (I feel) the most forward thinking act by any government (including the Fed) in the USA on Science & Technology possibly since the start of the Internet with the US Congress and DARPA, and definitely since the "moral majority" [AKA: Religious Extremists/Terrorist] began strongly influencing USA Foreign and Domestic politics.

OldHawk777

Reality is a self-induced hallucination.

Re:Way to go Roxanne and Georgia ...!

It's not a reflection of the natives' sentiments, they're the same bigots you grew up with. People from New England have been moving down here in droves lately and that has affected the way people in office act.

Re:Way to go Roxanne and Georgia ...!

[Daniel+Dvorkin]

Of course Southern culture has changed over the last 30 years; so has Northern culture and Western culture -- they've all become more like each other than they used to be. Thanks to a number of factors (the universality of TV shows and popular music, increased geographical mobility, and yes, damn it, the Net chief among them) the US, like most First World nations, is a lot more homogenous than it used to be; and in fact the same phenomenon is occurring between nations as well as within them. Whether this is a Good Thing or not depends on your point of view, but overall, I'm inclined to say that it is.

This is a hoax

[DarkAurora]

This is obviously a hoax. Everyone knows that there are no women in computer science. :)

I've been in college for a few years and I haven't seen a women since I stopped taking Gen. Ed. classes.

Re:This is a hoax

[Daniel+Dvorkin]

Then all I can say is, you're at the wrong school. My undergrad CS courses were nearly 50% female; in the grad courses it's more like 30%, but there's still plenty of eye candy. Hint: try an urban commuter campus that caters more to working adults.

Re:This is a hoax

[Dark+Lord+Seth]

Aha! There you are wrong! I happen to know a grand total of... Three women doing IT in the same college as me, possibly four! (Don't ask.) Now, one of those is only still at college because she begged her way through, one of them isn't the brightest nor most active person around (Which makes her the PERFECT Windows sysadmin manager!) and the latter one is a combo between a raver, a goth and er.. something tiny. But she's clever and she talks more then I do. Not to mention she's going for the whole software engineer thing I believe, after she's done with college.

As for how they look; no comment. Just trust me on the fact you won't find anyone at my college for the women. Except for perhaps another department, but that's in an entirely different building. Bastards.

Re:This is a hoax

Take database classes. At least, the database classes at GaTech were full of women. (yeah yeah, not all cs majors, but what the hey)

Re:This is a hoax

[lostguy]

That's because cracking the voting boxes is so easy, even a...

Re:This is a hoax

[panurge]

Rear Admiral Grace Hopper, author of Cobol.

Remember, those who know no history are doomed to repeat it. You, my friend, are therefore doomed to reinvent Cobol.

Re:This is a hoax

[SlashdotLemming]

I've been in college for a few years and I haven't seen a women since I stopped taking Gen. Ed. classes.

Same problem here. I used to think the sysadmins with the long hair and the boobs were women until I started dating one.
Wow. Talk about scarred for life.

Re:This is a hoax

[GT_Alias]

I used to think the sysadmins with the long hair and the boobs were women until I started dating one.

What, "she" was a man?

Re:This is a hoax

Maybe the constant "OMG a female CS major?!!1" comments got to them.

I don't want to be noticed because of my gender; I want to be noticed because of my code.

I *STILL* can't believe

[ajs318]

that the companies that manufacture voting machines are not mandated to publish full specifications including technical drawings and listings of firmware, for anyone to look at, any time, for free. It's like they are trying to say mere mortals are not supposed to know the processes by which their representatives are elected.

And don't give me the hand-wringing "important proprietary secrets" crap. Firstly, all companies would be required to show their "secrets", so nobody would be gaining any unfair advantage. Secondly, what the hell is so secret about adding up a bunch of numbers anyway? And thirdly, what corporate secret is more important than the due processes of democracy?

If these companies are not prepared to let the general public - who are, after all, the rightful owners of "Government" property - scrutinise their products, thenthat alone is a good enough reason why the public should reject their products.

Re:I *STILL* can't believe

[ErikJson]

Good post. Thank you. ajs318 for president! =)

Re:I *STILL* can't believe

[jgardn]

Hear, hear!

Only through open processes can a democracy or a democratic republic be maintained. How would you feel if any of these processes were closed and not a matter of public records:

- Lawmaking
- Budget writing
- Judicial Hearings

If our election process becomes secret in any way shape or form, then our democracy is doomed. Elections are the key to our government, and the second the people believe that their vote isn't counted, then our nation will fail. I believe Republicans, Democrats, and most any other party will agree with this.

Re:I *STILL* can't believe

[jc42]

And thirdly, what corporate secret is more important than the due processes of democracy?

Uh, maybe the fact that there's a backdoor that enables rigging the election results?

If you think this is paranoid, you have no concept of how democracy works (or sometimes doesn't work).

Re:I *STILL* can't believe

[mdielmann]

That's because they don't want you to see that, no matter who you vote for, that GWB (or whoever he chooses to be his successor, or whoever supports him, etc.) will be given the highest proportion of the votes, regardless of which button you push. It's a good system, and removes one of the most flawed elements from the system: the uninformed voting public.

Sure, it sounds like a crock, but tell me, can you show me where I'm wrong?

Roxanne?

[ergonal]

Roxanne Jekot, a 51-year-old computer program developer from Cumming

Roxanne, you don't have to put on the red light :(

the state is so worried that they

[alfredo]

have destroyed the record of the 2002 election, in defiance of federal law. they have stated that the election went smoothly.

Right before the election, an uncertified patch was installed to all the voting machines in Georgia. There were some stunning upsets in the race. Saxby Chambliss and Sonny Perdue won in dramatic, come from behind fashion.

the Libertarian party candidate has issued a formal request for the voting records, the ones that have been destroyed.

Re:the state is so worried that they

[Slack3r78]

How was Sonny Perdue a come from behind victory? While I'm definitely liberal-leaning, (although an elected Georgia Democrat is essentially a Republican in other parts of the nation :)) there's no way I would've voted for Barnes in the last election. Where Barnes screwed up was in education. He made totally unrealistic mandates without funding soon after he came into office. Georgia school districts are STILL hurting from this, even though it's been what, 4+ years since then? You may not realize it, but teachers here can hold a good deal of power when it comes election time. Barnes pissed off the wrong people. He was toast long before last November.

Re:the state is so worried that they

[gilroy]

Blockquoth the poster:

The Libertarian party candidate has issued a formal request for the voting records, the ones that have been destroyed.

Um, doesn't that mean they'll have to wait until someone invents a time machine?

Re:the state is so worried that they

[Ian+Bicking]

They also strangely stopped exit polls part way through, even though exit polls would have been an important measure of voter intention, and a significant discrepency between poll results and votes tallied would be evidence of fraud or misinterpreted voter intention. The justification for stopping exit polls part way through the day (that it might effect the race) was absurd, as it is not difficult to withhold the results or simply not collate the results until after the polls have closed.

Re:the state is so worried that they

[Oswald]

Um, maybe that was the biggie for you, but given the apathetic, ignorant parents my mother has to deal with (she teaches in fabulous Henry county), I give the "flaggers" theory a lot of credence. I know the number of teachers is large, but not as a percentage of voters--and I don't think very many people listen to their concerns.

Re:the state is so worried that they

[Alsee]

doesn't that mean they'll have to wait until someone invents a time machine?

While I'm sure he'd be satisfied by having the voting records handed to him, I think he expects to receive someone's head on a platter when they fail to comply with a lawful order.

-

If she fails

[porkface]

This only PROVES their ignorance. If one person fails in one week, that's far from showing that the system is secure.

Open Sourcing it won't make it secure either, but it would probably be the fastest way to fix a ton of the most obvious holes.

Better yet, if they want good PR, they should hire Mitnick to have a go at it. Lord knows he's probably rusty, but his name alone would end the debate one way or the other.

As a native Southerner

[The+Tyro]

I resent your implication that we're all slack-jawed, inbred, wife-beating neanderthals.

Indeed, the very idea is preposterous

But while I'm thinking about it, you've got a pretty mouth... why don't YOU get me another beer, before I make you squeeeeal!

Re:As a native Southerner

But is it really?

Secure from whom?

Before you will know it this machine will have a level of security that can only be compromised by organisations that have the manpower and knowledge to do so, like the CIA, NSA, M$, etc So there is nothing to worry about..

Sigh!

One week? Why?

[ruiner13]

"She claims that she can be prepared to crack the system within a week..."

Perhaps I'm missing the point of this, but doesn't an election system just have to be good enough to last one day without being hacked? How many one week long elections are there? As long as you leave the system secluded before you release it, then only expose it to the public for one day (election day), I think that there wouldn't be any time for people to realize exploits on it, providing it is a unique system that doesn't use components that are publicly accessible. After the election, they can do what they want with the system, but I'm guessing a full year is enough time to come up with a newly created system for the next election. It keeps programmers in work, and keeps their system so unique as to be difficult to hack. What do you all think? Am I missing the point on this?

Re:One week? Why?

Well, I've seen early voting thats lasted for at least a week.

What about election employees or employees of the manufactuer of the voting machines? They already have access to these machines, long enough to work out any exploits and release them at anytime they wanted.

Security through obscurity

[FreeLinux]

This doesn't really work, no matter what Microsoft might say.

The point is that if the system is vulnerable at all then it should not be used and the results from it cannot be trusted.

^^^ FECAL TROLL ABOVE

8====D

Reply: doh, ... But ...

[OldHawk777]

But, but, but, ... how does that help GW or his brother next time, the Bush, Kennedy, or any other USA political dynasty [AKA: USA Aristocracy]. Politics in America has become "pomp & circumstance"..."Dog and Pony" shows for the media to market fools or criminals to an almost illiterate (the majority/51%) public. As in "Being There" I enjoy watching (it is funny ... a joke) not participating in politics, it just reminds me to much of rape ... nothing to enjoy and everything to object too.

OldHawk777

Reality is a self-induced hallucination.

Paper AND Computers

[The+Monster]

We changed our voting a few years back from the old mechanical lever system to one where you get a sheet of paper and a Sharpie to fill in the oval for the candidates/issues. Then you walk over to the scanner (with your ballot inside a cardboard sleeve to keep people from seeing it) and feed it through yourself. This arrangement has several advantages over the old one:

1. More people can fill out their ballots at once. Instead of being limited to the number of machines for your precinct (we have consolidated 4 precincts into a single location now) you are only limited by the number of lightweight, cheap carrels that shield your ballot from prying eyes. (If those are all full, and you want to fill it out in the open, that doesn't disqualify your vote.)
2. Absentee voters can recieve a ballot exactly like the one they would vote on normally (since no special equipment is required to do the voting) which can be held until election day and counted with the rest.
3. When the polls close at 7PM, the scanner can dial up and transmit all the totals instantly, and we have an accurate count within minutes.
4. If something goes wrong with the scanner, we can insert our paper ballots into a locked ballot box, which can then be opened for scanning (along with the ones that already went through the scanner into a lockbox) when the scanner is repaired or replaced, or the entire box taken downtown to be scanned there.
5. All the ballots can be taken down to the courthouse and run through several different scanners to confirm they all give the same totals.
6. Who is this 'Chad'? If a hand recount is ordered, we have solid pieces of paper and don't have the spectacle of judges holding them up to the light to try to devine the voters' intent. White paper. Red oval. Black marker. Not much room for argument there.
7. We can run random audits of just one or two polling places, and even limit it to just one question on the ballot - do a hand count and see if the numbers agree with the ones sent from that scanner. Since the software authors can't possibly know which one would be audited, they wouldn't be able to cheat even if they wanted to.

Re:Paper AND Computers

[VCAGuy]

This system is used here in Orange County, Florida. The system is great and we've never had any problems tabulating our votes. (Counties to our southeast, on the other hand...)

Re:Paper AND Computers

ummm.. what happens when i fillin more then one oval... what happens when i use teh sharpe to make an oval on the glass in scanner so every scan goes my way? no, that's not very secure. you have failed. sit down!

Re:Paper AND Computers

[Ralph+Wiggam]

Where was this done? I really like the system. My question is how can you make sure each person only scans one card? Is there an official that is alerted each time a vote is counted so a dozen votes in a few seconds would be noticed? Also, is there a way to change your ballot after it's marked? Maybe they could have white stickers to put over accidental marks. The Indiana voting machines were crappy, but you could push the lever back up if you changed your mind.

I voted in Georgia in 2002 and the machines were pretty cool but obviously very expensive. The interface looked a lot like it was written in Visual Basic. The system you describe sounds just as effective for a fraction of the cost.

-B

Re:Paper AND Computers

You moron, the sharpie on the scanner would be found out by a random inspection. And filling out more than one oval? No vote for you!

Re:Paper AND Computers

[NortWind]

We also use this system, except we complete an arrow with a black marker instead of filling in an oval. An additional good feature of the system (your system may have this as well) is that if you have voted incorrectly (two choices made for prez, or whatever) the scanner machine spits it back at you, uncounted, as invalid. You can fix it and submit a valid vote. No invalid votes ever make it into the counting box

I don't think our machines actually tally the cards, they just validate them, I think the cards are all taken back to a central counter. It's a good flexible system, with a paper record that makes it tougher to cheat. It's much less expensive than a row of PC's too.

Re:Paper AND Computers

[rbullo]

Maybe they put serial numbers on each of the cards, so that it can only be scanned once and accepted. I don't live in the grandparent's county, so I honestly have no clue how they would stop ballot stuffers.

Or mabe they just use Slashdot's system;)

Re:Paper AND Computers

[nutshell42]

The best page on voting machine fraud I know you can find here.
I don't know how accurate it is but they have extensive quotes from newspapers (not the normal, nearly mythical "sources" they mention =) about astonishing discrepancies between polls days before the elections and the elections themselves.

A very convincing article about why a paper trail and verification of results with machines from different vendors or -even better- open source voting machines must be required for elections

Re:Paper AND Computers

[octalman]

I have worked local elections here where mark sense machines are used. I don't know how it is done in other states, but this is how we do it here.

The ballots have precinct (voting place) identification and serial numbers on them, both of which are scanned along with the rest of the ballot. In primaries, the party name is coded on the ballot too. Records are kept of which ballots are issued and of those returned as spoiled (for which duplicates have been issued) and of unused ballots. The precinct election judges must return all spoiled ballots and unused ballots to the election clerk.

A vote can be changed by erasing and re-marking, but this is one of the most common problems in counting votes. It is almost impossible to completely erase the "old" vote. Any voter can declare a ballot to be spoiled and exchange it for another, but as an election official, I have seen many erasures. The counting machine usually rejects them (it is very sensitive), but the judges are usually able to determine what the voter intended, in which case white stickers are applied and/or a weak mark darkened and the ballot put back through the counting machine. At least two election judges must examine a questionable ballot and agree before this is done. There are also independent observers. All ballots are retained after being counted; they are later sampled and audited by an independent auditing committee.

Re:Paper AND Computers

[The+Monster]

Where was this done?

Wyandotte County, KS, which used to be considered a 'machine' county before we voted in some people to clean things up.

I really like the system. My question is how can you make sure each person only scans one card?

Well, when you go to the table with the book for your precinct, they give you ONE ballot and mark you off the list. With observers from two parties (theoretically more, but minor parties don't have poll workers to go 'round) watching. You can only scan the ballot once, because the scanner 'eats' it (into a locked box) when you scan it.

Also, is there a way to change your ballot after it's marked?

You have to take it back and tell them you screwed up. They mark the ballot 'spoiled' and issue you a new one. They have to keep track of the total number of ballots that were originally printed, marked spoiled, inserted into the machine, and left over. All this is auditable.

Re:Paper AND Computers

[stup]

Then you walk over to the scanner (with your ballot inside a cardboard sleeve to keep people from seeing it) and feed it through yourself.

Eww! Takes a couple of days to get a result out, then? I sure hope the guys doing the hand-count are provided with gloves or something.

StuP

Re:Paper AND Computers

[Dr.+Zowie]

(If those are all full, and you want to fill [your ballot] out in the open, that doesn't disqualify your vote.)

It certainly should. If you have a choice whether to make your ballot secret, then an evil cartel could potentially use extortion to make you reveal your ballot -- and thereby force you to vote a certain way. If your ballot must be secret to be valid, then your vote is much less susceptible to that kind of control.

Re:Paper AND Computers

[duke_of_well]

Amen. I wrote essentially the same thing to MD's Gov.who is considering ditching Diebold. Horror story of Diebold. At final screen there are review of votes marked. Bottom near centerling Change vote Vote A friend wanted to change vote. His pinkie barely touched the VOTE box. It was irreversable Note that the alternate of hitting the change box is reversable without a problem. Obviously this is a layout flaw, and probably the final vote should not be on same screen as the final commit. And there was no paper trail. Too bad. Several FLORIDA counties used scanners in both 2000 and 2002. I was visiting during both Selections. My son's count used the scanners. They wrote the book on how to properly run a county election. One scanner per voting place could handle more voters than 30 optkcal touch screens. At 4K for either machine what is the choice? Unless one wishes to bonker the voters. And most of us who have been in schol in the last five decades have experience with filling out the space between the dotted lines for IQ tests, SAT's, registrations, etc. The Florida scanners were smart. They detected over or under votes. Only those logically correct are accepted. Over-rides are allowed by deliberate over ride by voting judges. Seems like they covered all the bases. The only problem is only a few counties used them. A paper trail leads to honest counting. duke PS several counties in CA still have only butterfly ballot machines to record votes in a ballot with 135 candidates for one office. Wanna bet there will be "CHAD" hanging in a lot of ballots?

Re:Paper AND Computers

[duke_of_well]

U hit the nail on the head. $4K per copy. Allowing 5 minutes to vote a complex ballot, Processing speed is about 150 voters per day. Through put of scanners about ten seconds a vote. Some will preform logical tests of over or undervotes. Only correct or intentionally over-rides make it into the sealed box. And paper makes a better trail than photons. Duke, who is trying to convince Maryland to adopt this sensible program rather than purchasing 55 million dollars worth of trash. The OS in Diebold is the familliar flag of Micro$loth. One a week security flaws.

Re:Paper AND Computers

[sbwoodside]

just curious, what do they do for people who are blind? Do they have special braile ballots or whatever?

simon

Run elections at Defcon

[phr2]

or some other cracker conference. Sort of like electing the King and Queen of the County Fair. Just announce that at Defcon you're going to elect the Evil Overlord of All The Crackers, and you're going to use Diebold machines to count the votes. That should lead to some amazing exploits :).

Paper more immune to fraud?

[Shivetya]

Sorry to burst your bubble, but paper voting is rife with fraud, that is one of the major reasons it took so long to rid many of it.

Going to digital introduced a whole new system, whereby the exploiters of the previous lost their investment and are forced to start again.

Voter authentication needs to be taken further with the requirement of a picture ID, as it stands now, many dead vote on paper ballots, and many votes that are for one party or another are either lost or damaged so as to become invalid.

If Florida proved anything, it proved just how dangerous paper ballots were, and even how more dangerous subsequent handling of them was. Seems to me many stories of how the same box of ballots yieleded different results depending on who looked at them!!! How is that not an easier source of fraud? Especially when people start introducting "interpetation of intent" into the mix!

Sorry, digital voting will one day be the only true way to avoid fraudelent voting, however for that to come about we will had to shed some of our mickey mouse vanities. Something must be done to not only protect our vote from a fraud at the machine but to protect our vote from fraudelent voters (ie, the dead, the multi-voters, etc)

Re:Paper more immune to fraud?

[SpaceLifeForm]

You're confusing punch-cards with fill-in-the-oval paper ballots.
There is no hanging chad to deal with when you fill in an oval.

Re:Paper more immune to fraud?

[RayBender]

The comment above is not insightful. The only way to avoid fraud in the voting process is to have it as open and transparent as possible. Who do you want counting your votes, some judge who you can sit and watch, or some black box that was programmed in secret by some guy, and who won't show the source code (and even if he did, how do you ensure that was the code run on the machine)? Paper ballots may have issues, but the one advantage of the pen-and-paper approach is that any reasonable person can look at the ballot and form an opinion as to what the vote said. That builds trust in the process, which is the bedrock of democracy. A black-box that only some qualified engineer can even read is not a system that builds trust.

This blind trust in "digital" systems is simply idiotic. In fact, it's so stupid that I doubt any honest person would have such trust. Simply put, I think those who argue in favor of these secret, non-transparent voting machines are deliberately trying to corrupt the voting process.

As a famous dictator (Joe Stalin) one said: "Those who vote control nothing. Those who count the votes control everything."

Re:Paper more immune to fraud?

Sorry to burst your bubble, but you have no clue.

Without a user-verified paper trail, there is no such thing as secure voting.

+1 funny

[scubacuda]

:)

Who is this woman?

[Bob+Cat+-+NYMPHS]

She's a webmaster with an interest in carnivorpus plants. She did this site.
http://www.cumbus2002.org/eco_rescue.htm
N ote the fucked up links on the bottom of the page. They point to c:.
She does not even have a web site for her web design business! AWEBPLACE.COM is registered to her company Southern Belle Software. Search for some of her posts to newsgroups for more dismaying info.

How about posting the code here, Roxanne? A 'few of your expert friends' will be happy to help you out.

Re:Who is this woman?

[Tap-Sa]

You have a web company making cute pastel colored pages with broken links, sales are plummeting, cannot afford to advertize. What do you do?

1. Make a bold state you can crack a voting system.
2. ???
3. profit!

Re:Who is this woman?

[BandwidthHog]

Cut her some slack; that mangled HTML was at least partly created by StarOffice, that should get her a few credibility points around here.

Electronic Voting Machines

[foo_48120]

At least in a paper voting world, there needs to be some semblance of a paper trail record to be available for recounting.

While such systems can be manipulated, it takes quite a lot of people in the loop to do so. Voter early, vote often; run a steel rod through any Republican ballots in Democratic areas...

The move to scannable ballots using sharpie markers is a bit better but physical security of those are questionable as they allow thermal printouts and often have the covers open at the polling places.

Right now, if I want to steal an election, I probably have to bury my opponent in the places that I control the entire polling apparatus with my political party hacks. It looks crude and messy to anyone who watches.

Now if we have all the local precincts reporting frequently into a central computer system with two way back door communications; we can easily determine the number of manufactured ballots needed and allocate them over a greater number of precincts without drawing any attention at all.

An example of this is a weighted average cost bid, I have personal experience with this. If we know that there are two items on the list; one says it will buy a million of an item and the other says it will buy 3 of the item but the quantities are reversed. I can make my evaluated bid much lower and rape the buyer by biddin no cost for the first item and $10,000 for the second item (assuming both are worth $1000); however the bid will look really, really abnormal compared to the other bidders and they are going to smell a rat even if they don't know the real quantities to be bought.

However, were I to just shade the bid a bit by lowering the cost on one and raising on the other I could win the bid, have higher margins and no one be any the wiser. OK, the example of a million vs 3 is too extreme but so is the ballot count for Democrats in these key urban areas coming in higher than the total number of living and dead there.

If the election comes in as the controlling power wishes, there is no need to do anything. If it is off track, they can certainly round up people on buses to vote but they can also create some new ballots that will be totally untraceable.

All electronic balloting is not to be trusted.

Computers do many wonderful things, counting elections is not one of them.

D

I just have to say...

[p3d0]

Please mod parent up, and mod this down. Thankyou.

How to prove they hacked the system

[Harald+Paulsen]

make Georgy Russell the winner of the election :-)

Re:How to prove they hacked the system

Because that would show that it was a farce?

Seriously... other than a pretty face, what does she bring to the debate? Her site has typos and spelling errors. She resorts to ad hominem attacks and taking quotations out of context to support her arguments, which I have found to be an indicator that the person cannot support her thoughts with reason and facts. She seems to be saying "things should be this way because I think so."

She declares the recall to be a farce, even though enough citizens of the state felt that it was warranted that they signed the petitions and the judiciary declared it to be proper. Just what the state needs, another elected official that does not value the thoughts and wishes of the citizens and does not wish to be held accountable for her actions by those citizens.

She also seems to have difficulties with cause and effect. She argues that raising taxes on the wealthiest citizens caused the boom period, but does not bother to consider growth rates where taxes were not raised. She also does not mention the growth spurt that occured when President Kennedy pushed to have the tax rates slashed for the highest income groups. It appears that she does not understand complexities and instead opts for simplistic interpretations.

Having said all of that, I do think there is merit in many of her positions. I just do not think she is the person to implement them.

More background

[heydude]

Curious for more about this story, the best background I found was here.. Also, this bill seems to be starting down a better path toward a publicly viewable system. Not sure about the paper trail part though.

Normally...

[jd]

...a capture-the-flag event would not really be that useful a way to diagnose failures. However, this is a head-to-head CtF, which is different.

This offers the potential to expose not just one flaw, but many. It also offers the potential to encourage greater consideration of security elements in voting.

Unfortunately

It seems more like they're calling her bluff than expecting she can actually do it. I don't live in Georgia, but from what I've heard about the state, it's not terribly progressive at all. I'll be surprised if all the older people in the state even TOUCH the electronic voting machines, especially if there happens to be a black person within the vicinity :P

I wonder...

[G33kDragon]

Forget Georgia...what about California? (BTW - Are we going to use the same system for the October recall? I'm not quite sure) I think it would be quite easy for some "high up" people with the monetary influence to do a little fiddling with the voting system. ...can you say "weighted recall vote" 1 vote for a Rep. = 1 vote for a Rep. 1 vote for a Third party = 2 votes for a Third Party 1 vote for a Dem. = 3 votes for a Dem. A few votes for Davis = 100 votes for Davis ...or not. Just something to think about.

Re:I wonder...

Yeah...If Georgy Russell (www.georgyforgov.com) doesn't get more votes than what's-his-name, I'll know for sure that the vote was rigged.

Creating an Audit Trail

[hugesmile]

The CORRECT way to implement computer voting is to create a process whereby each time someone votes, the computer creates a mathematical "voting result" string of numbers, such that the voter can literally SEE their vote among the string of numbers. Then as subsequent voters vote, the "voting result" changes, such that others can see their results as well.

The algorithm (not to be confused with Al-Gore-rhythm) must allow ANYONE to tabulate the votes by examining the "voting result" string of numbers, which would be publicly posted. However, it must keep anonimity.

Each voting district's tabulations should be reflected in this "voting result" string of numbers as well. Then you could verify your own result. District supervisors could verify the counts of voters in their district (as compared to the physical counts), and Everyone could compute the winner.

It's not hard. But we need to move away from the pieces of paper idea!

Register for free here!

No paper trial == trouble

[Whammy666]

The potential for fraud is only part of the problem with electronic voting. The biggest problem is the lack of a hard paper trial to use in the event of a recount or if the machine crashes. Suppose you have a group of booths in a busy voting district that suddenly decide to blue-screen. Potentially, thousands of votes could be lost. The lack of a paper trial has been brought up many times, but proponents of the system have so far dismissed it as unneccessary. This is just asking for trouble.

Even worse is cases like those in Florida where the state purchased new electronic voting machines with the provision that their warranty would be immediately canceled if the state ran tests to verify their performance. Egads! This has fraud and disaster written all over it.

Our system of democracy is very important our liberties. As voters, we should insist that our voting system be beyond question. That means it should be secure, verifiable, and robust. The best way to accomplish this is through open-source peer review of the code and hard-copy backup of voting results for auditing purposes.

Obligatory lame comment

But female Georgians are called peaches, not crackers.

Two things here...

[Vip]

" Asked Williams, the computer security expert: "Are you saying there's no such thing as a secure and accurate computer? Do you fly on airplanes?" "

That would be the most insane statement in the whole article. There is no such thing as a secure and accurate computer. Only one way to completely secure a computer. Turn it off, encase it in a 30ft concrete tomb. Very few will get to it, yet it still isn't totally secure, I'm sure there's a bunker buster out there that'll destroy it.

Accurate? Hardly. A computer will tell you what you program it to. If someone can change it's purpose (or results) you've no longer got accuracy. Note how the comment doesn't question the accuracy of input/output to the computer?

And finally, flying on airplanes. I think history has shown that there is no such thing as a failure-proof aircraft. However, I will still fly on them, because I hope that procedures ensure that it's not Williams flying it with a computer only.

Vip

That's right...

[Guido+del+Confuso]

Electronic Voting Machine Cracker Challenge

...an Atlanta area programmer has confronted Georgia election officials on the potential for fraud in its statewide electronic voting system.

Give them votin' machine crackahs somethin' to chew on!

Re:One week? Why?

[mikewolf]

although the main issue that is brought up consistently on slashdot is the vulnerability of the system to hackers, i think the more frightening issue is the vulnerability of the election results. From what i can tell, it is unencrypted data just sitting in a table. It can be easily changed by just opening access... now that is the kind of thing that should make diebold go out of business, but it won't.

New security audit methodology?

[D4C5CE]

Are they implying that a computer system is to be considered reliable just because one hacker/group did not find any (more) flaws in one specimen (not even "in the wild") at one given moment in time?
Auguste Kerckhoffs tourne dans sa tombe...
Whether she succeeds or fails does not prove a thing.
Since when do we attribute the most "l33t sk1llz" on earth to the first attacker, and then just assume we're safe to vote happily ever after?
The only route to go for the code that could finally make someone president is full disclosure. "Elected on Open Source" sounds a whole lot better than "four years under the rule of a computer glitch."

Re:New security audit methodology?

Yes, it does. If she succeeds, it proves the system is insecure. Only if she fails is nothing proven.

Re:New security audit methodology?

[Cyno]

Since when do we attribute the most "l33t sk1llz" on earth to the first attacker, and then just assume we're safe to vote happily ever after?

Since we decided that our goal was to make money. Capitalism doesn't allow us to make secure widgets. They would cost too much. But we can never run out of excuses. :)

Bubba Notes

[Arbogast_II]

That was a practical and honest solution to the percieved problems with the voting machines.

Also, I noticed a tidal shift in which American states were now most enlightened this winter, when talking to a California Cousin, he noted that at least his governor kept the power on. Seeing as keeping the power on is a GIVEN down South, I started wondering which states were truly the most advanced in US.

Mod Parent Up

Yeah, put Ron Rivest on it (RSA)... I'm sure something can be invented! Come on MIT!

To get the whole story go to

[arichar4]

www.blackboxvoting.com - Very intresting

Is she crazy?

[codefungus]

I wouldn't do that. The next headline will be, "Cracker goes to jail for showing flaws in electronic voting system"...I mean, this is America...home of the patriot act and indefinate imprisonment without cause.

Re:Is she crazy?

[retro128]

Your post may have been modded as funny, but you can bet your ass if she owns the system bad enough they'll try to get her thrown in jail.

Re:At LeastA better challenge

[Stephen+Samuel]

A better challenge would be to put together a prototype system with an easter egg for munching the results, and then challenge the electoral people to find the easter egg. -- just to prove how hard that is to do without the source and a paper trail.

Reply: Way to go Roxanne and Georgia ...!

[OldHawk777]

A rhetorical reply to a rhetorical (overelaborate or bombastic) comment, so entertaining. PLEASE, seek the concept content to critique, but if it is not possible, then I will always enjoy the entertaining (somewhat dull) replies.

Oh, any attempt to critique of my spelling of "overelaborate", will be considered entertaining.

HAVE FUN

OldHawk777

Just wondering....

[3seas]

if an expolit is found and patched, are we supposed to feel our voting is safe?

Do you feel safer every time MS patches their stuff with claims of fixing an exploit? Or how many patches does it take to make the public feel safe?

If a politician or political group wanted to exploit such a system, wouldn't they consider hiring someone familiar with cracking such a system? How would you advertise for such a job and even test the applicants?

If I vote electronicly, does that mean I can also participate in a jury electronicly?

I'm sure I can come up with all sorts of other perspectives but doesn't it all come down to simply controlling what the media reports anyway, and that it can eliminate or bypass any electronic counting system? (i.e. with all the media talking down on the Dixie Chicks, how is it that they are the top selling country band? Or how SCO has been so much in the Media lately about stupid stuff... who should believe the media anyway, no matter what the truth is.)

Point being, what verification do I as a voter get?

A: NONE!

I am expected to believe what someone else tells me the results of an election is.

Don't politicians as a profession lie? Especially in campagining for election? And haven't past elected politicians been found to lie to the public?

Doesn't this really all add up to cheating is OK so long as you do not get caught, or can't talk you way out of it?

There was a delay in responding to the olympic park bombing in 1996. The delay was caused by the program of the then new 911 system. It would not allow an assignment of a call to an officer(s) without inputting a valid address. Problem was, nobody thought to give the park an address, though everyone knew where it was, cept the 911 computer program. The call finally went out over old style walkie talkie to those officers who still had such a device. The delay time was perhaps long enough not to have saved those who died.

Point is, humans are smarter than programs. What we make we can break.... Electronic voting is just another place to manipulate the voting process. Another tool to perhaps convince people to vote for someone that is more likely to do something the voter would not approve of anyway.

But if such a systemn could be validated, then I think it could be used for more than just voting a politician into office, but could also be used to handle the day to day decissions of what politicans and their company do..... like slashdot moderation.... but better, more accurate and perhaps more verifiable to the adverage joe..

Social engineering works better

[FearUncertaintyDoubt]

Cracking a voting machine is hard, but social engineering is relatively easy. I mean, George W. Bush is no programmer, but he successfully hacked the 2000 federal elections quite well with just a bit of social engineering. He proved all you need is access to 5 Supreme Court justices to change any election result you want. Ain't no key length in the world long enough to fix that hole.

Re:Social engineering works better

[pengolodh]

Silly h4x3rz! In GA we fix elections with Redistricting. The votes were tallied by the GA Assembly in the Gold Dome months ago when they carved up the state. How they count the resulting votes in the election is not really the point.

Re:Social engineering works better

[Satan's+Librarian]

In Texas we just take vacation and think about redistricting.

This just in

[Stonent1]

After successfully cracking the system, she is immediately arrested.

Reply:Bubba Notes

[OldHawk777]

Bubba,

That was a good'un. If I could I would give you a "+1" for funny.

THANKS

OldHawk777

Open Source Voting Machine Project

[Lulu+of+the+Lotus-Ea]

I tried posting a story about the EVM2003 project a couple weeks ago, but unfortunately it was rejected. I'll try again soon, I suppose. So this note is a little less complete (not all the background URLs and the like). The project comes out of several years of background work by some well known computer scientists, political scientists, lawyers, elections officials, and political activists. But the demo (to be written in Python, btw), is just starting development.

Anyway, the short story is that I am involved in a project to create an open source voting system, with the extra twist that the machines also produce printed ballots. That is, the electronic part makes selection more clear, and prevent overvotes and other errors, but after using the touchscreen (or mouse, or blind accomodation), voters can visually verify their ballot for accuracy before submitting it to the ballot box.

Read an announcement of the project at http://gnosis.cx/voting-project/announce.html.

Check out the sourceforge page for EVM2003. We also have a mailing list archive.

The difference is....

[Brian_Ellenberger]

The difference is that she didn't try to hack it first. She made a challenge and they accepted. This is how normal society acts. Hackers have made a bad name for themselves by doing things without other people's knowledge or permission---often to show off their "superior skills". Hackers may feel this is no big deal or some sort of "good work", but normal people feel very threatened and violated. Hence people like Mitnick go to jail.

If Mitnick had asked and recieved permission like this woman, there would have been no problems.

Brian Ellenberger

Re:The difference is....

[Morosoph]

The difference is that she didn't try to hack it first. She made a challenge and they accepted. This is how normal society acts.

Although this is true, it is by making the 'normal' universal that we oppress. Arrogance on the part of those running the vulnerable system is in fact likely to both make them sloppy, and take those who would crack their system to court. We need to protect the messenger so that people focus upon securing the system against attacks, rather than their ego.
I am not claiming that hackers aren't arrogant, BTW, but simply that the law should encourage behaviour that is in the public interest, whatever the motives. Here, finding vulnerabilities (and then informing those who are in a position to fix them) is in the public interest, and obscuring them goes against it.

Need audit trail... security misses the point

[ClarkEvans]

I'm not concerned if the system is secure or not (well, I am, but it is a side point). What I'm concerned about is that I can't audit the computer system without a paper trail. This is the most important issue. One can have a "secure" voting system which purposefully gives the wrong results on election day. Also, just beacuse one hacker can't crack it doesn't mean that other hackers won't.

Re:Need audit trail... security misses the point

[Steve+B]

What I'm concerned about is that I can't audit the computer system without a paper trail.

A trustworthy system needs to be based on these criteria:

1. The selections entered by the voter (electronically, manually, telepathically, whatever) are immediately printed out and displayed (behind a window so the voter can't remove or alter them). If approved, they go to a lock box; if disapproved, they are marked VOID and dropped to a reject box (again, with visual verification for the voter).

2. If there is a dispute, the results of counting the printout ballots prevail over the electronic count.

Looks like Georgia's gonna learn the EASY way

[farmkid]

No: the hard way is when you resist all suggestions that anything might be wrong, and then you find out otherwise after election day.

As a Georgia voter, I'm very happy about this development.

Punch card, fill in the oval, all the same...

[Shivetya]

and you are forgetting the fact that they just as subject to fraud as punch ballots.

If the vote is not what someone wants how easily is it not distorted or lost?

Nothing short of confirmation of the voter is a sure thing in our elections, and we don't have that. We are closer with digital voting. We just now need to prove that the vote is secure.

Funny how the same standards people want to hold digital voting are not applied to paper?

Better the evil you know than the evil you don't?

we need some standards

[MegaFur]

Another poster says "at least this is a change from the Kevin Mitnick days" (or something similar)

That poster is mistaken. We had a recent story on slashdot where someone was threatened with legal action for revealing a bug in some code.

IMHO there should be standards for how and when you are allowed to attempt to break into a piece of software or system to demonstrate its vulnerability. I suppose one way to go is:

1. find out that it's vulnerable
2. tell the company that you believe it's vulnerable and you'd like their permission to demonstrate that to them then
3. show them how you break in

It's a rather round-about process since you'll usually have to break in (secretly!) in part one to be sure that it really is vulnerable. But you can't let them know you did that or they'll prosecute you in step two. Suggestions?

Re:we need some standards

Another ways to go is ... break in, cause a enough issues so that you noticed, but not enough to do real damage, then get out. Oh yeah, and don't get cought. .... ;) .... j/k

GET IT IN WRITING FIRST!

Before you start on this project, get it in writing that you will not be prosecuted.

A letter from the state attorney general probably do.

These days, you never know what ridiculous law they might prosecute you with.

just so you understand

[sbwoodside]

the reason that they want electronic voting is because it gives access to the disabled, who can push a touch-screen button but can't use a pen and paper.

simon

Re:just so you understand

[burns210]

well, ya, that is a nice side bonus. But things like instant counting, rather than having hand counted cards(remember 'chads'?) along with better security(in theory) seem like just as good of reasons to persue this as the accessability is.

Re:just so you understand

[sbwoodside]

how the * did I get moderated "troll" for that one ?

now THAT'S funny

+1 funny pls

percentage of flaws vs percent required to win

[SolemnDragon]

She's on the right track, but it's not enough. She only has to find one way to do it in order to win.

However, there are countless creative and intelligent folks out there who would probably find other ways to do it. Moreover, if they're dumb enough to publish the hole(s) etc that she finds, this will only concentrate efforts to find other ways to do it. There are many other ways that they could do this, such as

letting everyone have a go and paying a bounty for every successful attempt;

putting them into colleges and envcouraging community attempts;

(least advisable) wait for election day to find out what the problems are!!!

It's good that this is happening, but not very useful unless subsequent challengers are also all owed to give it a try. Everyone has a different approach, and since we have no idea how many exploitable weaknesses it has, and she only need find one to be successful, i sure hope they aren't dumb enough to think that the system will then be secur... oh, wait, these are politicians, right? Damn. Waittress! Another round, we're screwed here and need a drink if we're gonna have to watch this!!

flipside of the coin...

[Lord+Dreamshaper]

who's to say that she/they reveal any/all flaws? Isn't this giving her the inside scoop on manipulating future election results as well as one free trial run to see if the officials can detect her manipulations? (hypothetically speaking)

Fair amount of money at stake if she wanted to auction off her knowledge...

About chads

[Catbeller]

I know everyone is convinced that chads are the work of the devil, and caused all the problems in the 200 election, but I have to say that everyone is wrong.

There was *no* problem with "hanging chads". The voter's selection had a stick pointed in it. The stick made an indentation, or a partial hole, or a complete hole, or no impression whatsoever. The chad may or may not have been detached. Big woof if not.

The "spectacle" of judges peering at the cards was just that: spectacle. The votes were easily discernable by anyone who was not *trying* to make a fuss. The 'publicans were making a huge, screaming (literally) fuss at the counting tables. There was a non-Republican and a Republican counter at each table, so the validity of the recount was beyond question. If the voter made two choices, or none at all, it was invalid. All others were counted.

The paper ballots worked just fine. It was just politically expedient to pump confusion and hysteria into a normal recount process in order to invalidate the process in the minds of the public.

If Gore had won the initial count, the screams for a recount from the Bushies would have been deafening. This isn't a guess: the political strategy for a close race was already decided. Question the vote. Question the validity of the election, and of the man who won. They had plans for endless lawsuits.

Since Bush won, they used the opposite strategy. And they won not only a cancelled recount from the Supreme Court (well, a half-hour time limit to finish the count is a cancellation), but now the Diebold company, a major Republican player, is replacing a solid and auditable paper system with a system that is emminently cheatable -- and with no recount possible, and no audit trail.

Anyone who's even halfway suspicious of human nature would choke with laughter at the introduction of a private computer system replacing an auditable paper system.

Re:About chads

[Geek+of+Tech]

I know everyone is convinced that chads are the work of the devil, and caused all the problems in the 200 election, but I have to say that everyone is wrong.

I'm sorry, I'm not that old. How were the 200 elections? =p

Re:About chads

[The+Angry+Mick]

There was a non-Republican and a Republican counter at each table . . .

. . . and a Republican mob outside the door, being controlled by Karl (the Nazi in Raiders of the Lost Ark) Rove.

Re:About chads

[TPFH]

There was *no* problem with "hanging chads". The voter's selection had a stick pointed in it. The stick made an indentation, or a partial hole, or a complete hole, or no impression whatsoever. The chad may or may not have been detached. Big woof if not.

Have you ever read the original version of Murphy's Law ? I didn't know this until just recently myself. Instead of "If anything can possibly go wrong, it will." it was actually "If there are two or more ways to do something, and one of those ways can result in a catastrophe, then someone will do it."

Murphy was an Engineer, and the real moral of his law was to if at all possible to engineer whatever it is you are designing to have only one way of doing things. For instance, if there is a part that if you put it on backwards would FUBAR the machine you make that part asymetrical so that there is only one way to put it on.

Now which is easier to read, a punchcard with a chad poked out, or a scantron with a bubble filled in? With chads accidents will happen, but a filled in bubble is unambiguous. At worst someone will change their mind, erase one bubble and fill in another. But if the manual counters in a recount do not have a pencil then there can be no aligations of cheating. With a scantron it is possible to poke out a chad with your fingernail.

Is this paranoid? Maybe. But if otherwise the mechanics of both systems are equal, why not go with the one that is both computer friendly and more human friedly?

I think scantron type ballots are the way to go. I live in Oregon where the ballots vary by county but most of the counties have scantron type ballots, including the one I live in and I like them. They are easy to fill out, easy for computers to read, and easy for humans to read.

And as most /. readers should know, computers can have a myriad of problems. A physical paper trail is neccessary if we want to have true accountability. Not just for cheating but the reality that computers crash and lose data.

FUD can be your friend

[ls-lta]

She shouldn't disclose all the faults she finds.

She could become the most powerful ....

[bmurray]

influence in the US if she found security holes. What is to stop here from keeping some security breaches to herself? I mean wouldn't be more useful to her if she used the information to change the voting stats at her own will. Or better yet, take huge sums of money from a backer of a candidate.

Sure this must be done, I am just thinking about all the possibilities.

Pointless challenge

[Mulletproof]

It's not nessisarily a bad thing they're letting this woman have a crack at the new system, it's just terribly redundant. You'd think it'd be common knowledge by now that if it can be made by a man, it can and will be cracked by one. There is ALWAYS somebody with more than enough time on their hands (or being paid well enough) to find some hole or bug to exploit the system. It is a 100% guarantee. I don't think we have the best system as it stands now, but this idea is a serious mistep in the wrong direction.

And even if I were for it (which I am not), I'm gonna go against the grain here and say making this open source would probably do more harm to the process than good. Sure, it gives everybody a chance to see what's up with the software, but it also gives people a chance to see what's up with the software, providing malcontents with all the in's out's and security measures and whatnot. It's never been a good idea to give the blue prints of your bank vault to would be malcontents. It's a moot point since this vault will be cracked anyway, but no sense in handing out howto guides on the street corner.

Anyway, the challenge is all but pointless and when the system is cracked, it'll be a whole lot easier to change that electronic sum than stuff a ballot box (and we've already been down that road).

Opps ... I should have proof read better

[shis-ka-bob]

Opps ... I meant 'Even California's ballot for the recall (attempt) of the governor has a proposition added to it."

Re:Opps ... I should have proof read better

No, don't bother - Proof reading only works if you can spell. (Maybe you should spell it "Oops" instead of "Opps." Twice. :-)

Where can we sign up to challenge this ourselves?

[MMaestro]

If they won't make it open source for the rest of the world to crack (and someone out there is bound to crack it) who do we ask if we want to take a shot at cracking it?

Reply: Encouraging, Y'all try'en ta be funny

[OldHawk777]

Okay, I ain't seen it yet. I cannot resist ....

Is Roxanne a Georgia Cracker?

Someone must of asked already, but I did not see the Q&A.

Ain't it funny, how the meaning of words and phrases change with time?

Things always seam to get better.

OldHawk777

eVACS

[jcsehak]

Apparently Australia is paving the way here. eVACS, as I learned from another poster, is open-source and was used in the Australian Capital Territory elections in 2001. I think a great start would be to have some federal or state IT workers adapt it for use here in the states, and test it out in small-scale elections. Maybe by 2008 we'll be able to vote via the web, and we'll see lots more voter turnout and it'll be impossible to rig the election. A guy can dream...

Re:eVACS

[yourmom16]

we'll see lots more voter turnout

Despite popular belief even 10% voter turnout is sufficient. This is why surveys are accurate, the probability of the sample deviating from the entire population significantly is quite small at that low rate as well as higher ones.

Re:eVACS

[jordand]

Despite popular belief even 10% voter turnout is sufficient.

Isn't this only true for unbiased samples? Whereas, "voter turnout" is clearly biased towards people who like to vote.

Isaac Asimov's Multivac

[jagilbertvt]

What we need is what is described in Asimov's short story "Franchise". Multivac is able to determine the result of an election by interviewing a single voter (whom it determines). A must read! :)

Re:Isaac Asimov's Multivac

[bhtooefr]

No, what we need is Mike (from "The Moon is a Harsh Mistress"). Oh, wait, is that the word "DIEBOLD" in code in the book?

Actually, why not a form of representative government like this:
10,000 or more people vote for someone
That person represents those 10,000+ people, no one else

Conflict of Interest

[cyranose]

Avi Ruben was probably a fool for not divesting or disclosing his interest in a pseudo-competitor, but why isn't anyone screaming about Senator Chuck Hagel's ownership of Diebold? here's a version of the story. But where are the mainstream media accounts of this in relation to Hagel's unprecedented win in Nebraska using election machines his own company sold! And then he apparently failed to disclose this for years.

Frankly, if voting is going to be electronic and this insecure, I'd prefer to vote via the web. Better yet, I'll go vote via Taco Bell.

Re:Conflict of Interest

[cyranose]

As the AC states, it is ES&S, not Diebold. My mistake. However, the machines were still the ones used in his election, according to those reports.

Looks like a setup to me ....

[IamGarageGuy+2]

This has to be one of the worst cases of web design I have seen. I am not a webmaster by any stretch but links to "c:" with only 1 link in the whole page that actually works. I will make the bold prediction that she does not find any holes in the code. After that the system will be declared secure and someone will make a lot of money and she will get her cut.

The conflicts relevant to this case are:

Perhaps because Chuck Hagel has nothing to do with Diebold. His ties are to ES&S.

The conflicts relevant to this case are:
1. SAIC -- the "independent" firm commissioned to do a "study" to determine whether the Diebold voting system is secure, on behalf of the states of Maryland and Ohio. The Senior Vice President of SAIC is on the board of the ITAA "ES" Division which just created a proposal and made a presentation to Diebold and other voting machine vendors to launch a massive PR campaign to repair their damaged image. This was uncovered when David Allen, the publisher of the Black Box Voting book, logged into the secret meeting (under his own name; no one asked who he was). His detailed notes of the meeting, which says basically, "come up with $200,000 by Friday and we've got your back" can be read at:

http://www.blackboxvoting.com

2. Wally O'Dell, the CEO of Timken, hosting a massive fundraiser for Dick Cheney in July 2003, and W. H. Timken, Director of Diebold, going on the campaign trail and giving so much money to George W. that he is now listed as a "Bush Pioneer" (top 100 fundraisers in the nation)

Bev Harris
Black Box Voting: Ballot Tampering in the 21st Century

Scanner

[The+Monster]

what happens when i use teh sharpe to make an oval on the glass in scanner

It's not a flatbed scanner. You push the first inch of the ballot out of the cardboard shield, then feed that end into the slot. The scanner grabs your ballot and pulls it in.

Re:Where can we sign up to challenge this ourselve

[BevHarris]

1. Go to http://www.blackboxvoting.org 2. Send an e-mail to the webmaster (Roxanne) who is the woman that Georgia gave permission to hack the machines. Bev Harris Black Box Voting

I hope she checks it for internal fraud too.

[the_REAL_sam]

This system would need to have redundant vote counting, specifically by third parties, so that no single central vote counting location could mess things up, by accident or otherwise.

Basically, anyone with sufficient bandwidth should be allowed to register as a VOTE COUNTER, to double check the government's count. (thanks for the warning, florida)

If we have an indefinitely large number of neutral third party vote counting servers to verify that gw's cousin isn't corrupting the results, voter confidence might be improved.

Idiotic rebuttal #36b -- the "disabled" b.s.

[BevHarris]

No one is saying get rid of touch screens, we are saying PUT PAPER IN THE PRINTER which is already built into Diebold and every other touch screen machine. Print ballot, voter verified, it goes in a ballot box, you've got evidence of the vote. Explain why: 1) A person in a wheelchair, or a muscular or neurological difficulty, who can vote on a touch screen suddenly cannot vote on a touch screen if you have paper in the printer. 2) A person who is blind, and uses the headphones to vote, suddenly cannot vote on a touch screen using headphones if you have paper in the printer. This is a prepared talking point sent out by the voting machine industry. Bev Harris Black Box Voting

Re:Idiotic rebuttal #36b -- the "disabled" b.s.

[sbwoodside]

This is a prepared talking point sent out by the voting machine industry.

Err... yeah ... because I'm employed by the voting machine industry, it's a conspiracy...

I wonder if you read my message again if you will find anything in it on the subject of whether or not the machine should or should not print out paper. No, you will not. However you will hopefully have noted that the old style pen and paper system while it has three advantages (it's simple, simple and simple) isn't as accessible as a touch screen.

Any debate should bear in mind that thought. It is a valid reason to throw away fair elections? No. But if it's possible to make voting systems that are as secure as paper, and use touchscreens, that would be an overall improvement over just paper.

simon

Re:Idiotic rebuttal #36b -- the "disabled" b.s.

[sbwoodside]

Bev,

I assume you are the same Bev Harris who is a major activist in this area. If that's the case, then I congratulate you on your work so far. I have to address this to you publicly since you don't have an email address or website listed in slashdot.

I didn't get karma bonus on slashdot by being a whore for the voting machine industry. I think you can be fairly sure that voting machine industry people would be slapped down pretty hard around here. FYI. maybe if you included a little more positive and less reactionary response that would be better.

simon

Re:Idiotic rebuttal #36b -- the "disabled" b.s.

[BevHarris]

And if you read my post you'd see that the first sentence says I advocate touch screens, and that is not what the whole debate is about. It is about using touch screens that print a ballot, which are entirely friendly to the disabled. So why did you answer with this:

"However you will hopefully have noted that the old style pen and paper system while it has three advantages (it's simple, simple and simple) isn't as accessible as a touch screen."

HAVA and bringing in the touch screens had absolutely nothing to do with disabled voters. I got a transcript of the secret meeting of the voting machine vendors yesterday, and they made that perfectly clear. HAVA, according to VENDORS and INSIDERS, in their own meeting, was pushed through specifically for a profit motive. The players behind HAVA were mainly defense contractors. Go to the Blackboxvoting.com site for the transcript on that meeting, which is a gun just oozing smoke.

Touch screens are just as friendly to the disabled when paper is in their printer. I can tell you this: I know Roxanne, who is the woman Georgia invited to hack the machines. She also is not saying dump the touch screens. She's saying:

Put paper in the printer so there's an evidence trail.

By the way, those machines in Georgia were rigged in 2002. This is the first time I've made a declarative statement like this in public. They were rigged.

Bev Harris
Yes, I'm the author of Black Box Voting.
And thanks, Georgia, for becoming the poster child of this fiasco, which is soon going to veer away from computer programming and start examining the "R" word: Racketeering.

Black box voting

Everyone should take a look at Black Box Voting which details many of the issues with these proprietary voting machines and the inherent security and privacy risks. Not to mention the lack of accountability in the process.

For months the Diebold FTP sites which distribute updates to the GEMS voting software were open to anonymous access. This software has been downloaded and reviewed by Bev Harris. Also here. If you can find the space and bandwidth, plese mirror these files for further analysis.

Re:Black box voting

How to rig an electronic election.

Either way, she'll be arrested.

[kaltkalt]

Whether she breaks it or not, she'll be charged with terrorism under the patriot act and tossed in prison for the rest of her life for trying to "hack" into a system to expose dangerous backdoors which will put our precious children in danger.. (permission doesn't matter)

Re:Either way, she'll be arrested.

[kaltkalt]

troll? I wish this were so insane as to be a troll post. watch it happen

Why don't you go to a current web site:

[BevHarris]

she is wewmaster of http://www.blackboxvoting.org

But web site design is in no way the same thing as C++ coding and database design.

The Diebold system uses the Windows operating system. It has a customized and never-examined Windows CE interface on the touch screens. They send their results in to the county server, which is on Windows NT 2k. At the touch screen level, they appear to have taken out many of the security features in order to make information transmission backward-compatible with Windows 95 and 98 machines, so they could sell the system to counties that had their old systems.

The county machine uses Microsoft Access and, in the program I ran, which was GEMS 1.17.17, the the only version listed as currently certified for use, the security features are disabled, including disabling the autonumbering feature on the audit log.

The MS Access database is constructed without referential integrity.

The newest Diebold touch screen system, the TSx, substitutes wireless communications for land line modems.

It is these issues that will be explored, not how to design a web site.

But thank you for playing. Bev Harris Black Box Voting

Re:Why don't you go to a current web site:

[Bob+Cat+-+NYMPHS]

I am not impressed with that web site, either. No one else on a dial-up will be, either.

What are your organization's qualifications for testing these systems? Do you have ANY well-known security people there? Why would you have a WEBMASTER make this challenge? How about a CS PhD?
If you fail to find any security issues in the system you are presented with, you have proved nothing and given Diebold PR they could not buy.

That's great, but...

[Eric+Smith]

If she fails, the vendor, and possibly the election officials, will cite this as "proof" that the system is secure.

Use ATM machines for voting

[geekee]

ATM machines should be used for voting. If the network is secure enough to prevent people from stealing money from the machines, it's probably secure enough to prevent voter fraud. The govt. just needs to issue an electronic card to each registered voter. Plus you get extra voter turnout from people who needed money that day.

Proprietary Pen and Paper

[Rick.C]

I'd like to propose a new secure pen-and-paper voting system. The ballots are printed with a special ink that reacts with the invisible ink in the marker pens. After the voter marks the ballot no one can see what was selected - not even the voter!!

After the polls close, all of the ballots are sent back to our headquarters where we use our trade secret process to make the marks temporarily visible. We then tabulate the results and announce the winners.

If anyone wants a recount, we'll gladly reprocess all the ballots and re-check our work. The Board of Elections can store them for as long as they wish, but they can only be made temporarily visible by our secret process and nobody can watch while we do it so no one can ever compromise our security.

Chemical analysis of this system is strictly prohibited by the DMCA (the pen is a digital device).

This is sure to be a hit, so all you venture capitalists give me a call.

I notice you didn't address any of the issues

[BevHarris]

The issues have nothing to do with web site design. And apparently you can't rebut anything about:

The wisdom of using Windows, with security features removed, and security patches never applies, on a voting system, while at the same time using wireless communication to transfer voting results into a Microsoft Access database with its security features disabled.

I thought this was a board that discusses computer issues, like the code and the security weaknesses of the Diebold machines.

By the way, before anyone gets in a dig about this, obviously, CE is always customized, it's made that way. What was unusual is the way they customized it. The other troublesome issue is that they claimed Windows was "COTS" (Commercial Off The Shelf") software, so that certifiers did not examine it. The FEC has regulations about this, and what they did to Windows could never in a million years be called "COTS."

Bev Harris

Re:I notice you didn't address any of the issues

[BandwidthHog]

I thought this was a board that discusses computer issues, like the code and the security weaknesses of the Diebold machines.

Her HTML is there for the peeking, so we can (and do) kibitz that. The Diebold code, well, much of slashdot would *love* to be picking it apart right now, but can't. Somebody needs to anonymously leak it. I mean, I'm no programmer, but even I can hack Access (it's what I do these days) and I have a very clear idea of just how insecure it is.

Re:I notice you didn't address any of the issues

[Bob+Cat+-+NYMPHS]

I pointed out the poor web site because all the gopes and dreams of those opposed to black box voting seem to be resting on A WEB DESIGNER.

I shall assume everything you say about the technology is true. Now, can you tell me why A WEB DESIGNER is trying to defeat its security, instead CRYPTOLOGISTS, COMPUTER SCIENTISTS, and HACKERS?

Who is on your team besides web designers? If you can't give us names we know, you are out of your league.

Integrity??!!!

[Lord+Dreamshaper]

Professional wrestlers & dead men elected to office, controversy in NJ and Fla last year, not to mention Fla contributing to Dubya's overthrow of Gore (even if everything WAS kosher, the family link requires far more conclusive results for appearances sake), and now the freak show in California (Clinton faced impeachment w/o leaving office; Calif. should require something more serious than being left holding the bag post-Enron) but you're worried about *potential* issues in *future* elections? Mod me down all you want, but the bigger issue here is the fact that, realtively speaking, GA is a non-issue...

You can't prove anything!

You can only disprove.

Absolutely

[Meffan]

Exactly. While a single paper ballot can be spoilt, or stolen, or ignored - Millions cannot with the same ease.

This system destroys any audit trail, and reduces the chance of free & fair elections. A single change in a computer's memory somewhere and the voices of millions of people are overlooked.

Cost-savings? Is it cheaper living under a (Media endorsed) dictatorship than a democracy ;)

Re:Absolutely

[danila]

But we have to see the bright side in it. Once the infrastructure for electronic voting is in place (including also Internet-based voting), we can hope that it will be used for more direct participation of the citizens. You can't move to direct democracy until you have the infrastructure, but one you have it (and if you avoid the possibility of a dictatorship along the way), there are only good things ahead.

A bug in the Palm County tabulation software

[bgspence]

Here is a link to my comments on a bug I found in the Palm County butterfly ballot tabulation.
Looking closely at actual results can be revealing.

http://groups.yahoo.com/group/NotMyPresident/mes sa ge/95?source=1

From: "Bob Spence"
Wed Jan 03 23:21:20 2001
Subject: A bug in the Palm County tabulation software

The undervotes in Florida are now being examined by the media. I
believe there is strong evidence that the overvotes must also be
examined to understand what happened in Palm County. There is
evidence that the tabulating software used there was faulty.

An examination of the publicly available overpunch data reported by
the Palm County election board the night of November 11 shows that
there were some legal votes rejected by the computer tabulation. Two
of the rejected votes, one with the combination of holes 2 + 3 and
another with holes 2 + 4 punched, are worth special consideration.
Hole 2 on the ballot was not assigned to any candidate. The voting
machine did not allow the voter physical access to punch hole 2. Only
holes 3 through 11 and hole 13 were exposed. How the voter managed to
punch out hole 2 on the ballot might be a mystery, by having a hole
there should have no legal significance. This hole was not assigned to
anyone in any race, so should not have been considered in evaluating
the ballot. These ballots must be counted as legal votes for Bush
(hole 3) and Buchanan (hole 4). The fact that some ballots contain a
selection in hole 2 is an indication of voter confusion, but it also
exposes a bug in the tabulation software.

A complete count of overpunch combinations will reveal even more about
what happened in Palm County.

A complete count of the overvotes reported by Palm County is at:

or

My web page analyzing the known overpunch data may be found at:

The only Florida law I can find in this area is Title IX Electors and
Elections, Chapter 101, Voting Methods And Procedures, 101.011 Voting
by paper ballot.
"4) If the elector marks more names than there are persons to be
elected to an office, or if it is impossible to determine the
elector's choice, his or her ballot shall not be counted for the
office; but this shall not vitiate the ballot as to those names which
are properly marked, and nothing in this code shall be construed to
prevent any elector, at any general election, from voting for any
qualified candidate other than one whose name is printed on the
ballot."

Bob Spence

Posted by.... Cowboy Neal!

[gzerod]

Cowboy Neal, Cracking voting machines, I can see it now:

G.W. []
Howard Dean []
Cowboy Neal []

Scary

I second that doh

[corebreech]

What if she fails it?

The system then gets hailed as being foolproof, doesn't it?

If I were Diebold and I wanted to innoculate myself against charges of deceit and corruption, this is exactly how I would do it.

Making it a female programmer is a nice touch too. It's easy to see how this plays out on cable news... criticize the challenge and you're labeled a sexist.

This smells really bad. The parent is absolutely right, if there was ever a time for open source, this is it.

gov review

[dogles]

I'm not sure a pure open source model would be that helpful, really. With few exceptions, open source programs are buggy, because the projects do not have a ton of people looking over the code. Call my a cynic, but looking at code just to find bugs is not exciting work, and the majority of open source coders are looking for something fun and interesting. I don't think you would be able to get enough really solid engineers together to look over every single line of code multiple times.

I'm also concerned that releasing a voting system already in use *is* a security risk. Obfuscation is certianly not to be relied upon for security, but you'd be crazy to think that it doesn't help, by hiding potential holes. An engineer might look over the code and decide he should expliot a bug instead of fixing it. With a rapidly changing handful of disorganized part time engineers as the review force, there is not a good chance that someone else would notice.

I think government review boards should be created that would review the code, and after their review, release it to the public. That ensures that the government and private company would remain accountable if major flaws were discovered by the public, but you still have a guarantee that there are people who have the sole job of looking over every single line of code. Only after the government review has completed and a wait period for public review has passed, would the software be permitted for deployment.

Comment removed

[account_deleted]

Comment removed based on user account deletion

If this girl was my girl friend......

[Oxide]

I can brag to others: "My girlfriends cracks the voting system... lets see your big-breasted girl do that"

ya white cracker

[MasTRE]

For a moment there when I 1st read the title I thought /. started speaking ebonics ;)

I certainly hope this is treated logically

...and not as an elitist and thus hypocritical (and inconsistently applied) exercise. I have read many of your posts and writings. I have also read many of the posts and writings of your friends and colleagues. I am rather disturbed at how by the book you all act. What book, you ask? None other than, "How to live in a fantasy land", or its pseudo-title, "Hypocricy can be your best friend: How to ignore logic and reason and replace it with 'my team' loyalty and superficial candy coatings." Many a joke and many a well written analysis of "the Academecic's neo-Speak" and the ability to treat theory as more important as empirical fact and often shade or lie to fill in gaps.

Hypocrisy seems to be the most present flaw in these elitist circles. Amazing how the very ones oft championed (i.e. working class) are ridiculed and dejected out of hand as not being capable of taking care of themselves.

Perhaps I am being a bit harsh... but understand that I am tired of partison and pseudo-partison (those claiming they hold not to specific parties and organizations, but yet do in fact hold more tightly onto the equivelent "movements") Perhaps I seem as someone who enjoys wearing suits and thinks that by applying a blind faith into conglomerate corporations we will all be saved. The fact is that I am for freedom and liberty. I am also for learning from history. What I have learned is that socialism does not work and the minds of those who so vehemently push it onto others yet themselves syphon off the labors of those they are "saving" have a mindset that is basically that of a tyrant.

I am sorry that that partison foolishness and hypocrisy resulted in the mess in Florida back in 2000. I am also sorry that the mess that was basically a combination of errors in mechanics and bad decision making years previous (by Democrats, btw). I am especially grieved that fools and snake-oil-salemen like Jesse Jackson were taken seriously at all that this was somehow created by some sinister Republicans. What grieves the most however, is when after all the time and money was spent from the demanded, re-demanded, re-re-demanded, ad nauseum, voting recounts that it turned out each subsequent time that the voting was more against the candidate who was pushing for it all. (and who also had said "I will accept this recount" before each subsequent re-demand of the count)

I really wish you would look at how this government was created and why. While there were disagreements upon exactly how much, and what, powers the Federal government would have... the consensus was that the governments in the US would be treated as a necessary evil to be limited, monitored and treated with extreme skepticism. Resorting to loaded statements (like any crooked salesman or politician would do) along the lines of

Now as then, our biggest obstacle is "privatization." The Reagan-Era notion that everything should be done by private companies remains strong. Corporate interests dominate the voting system, and they've got many politicians on a string. A lot of politicians are in bed with voting equipment vendors. In at least one case, we have found a politician with significant ownership in a voting system company. Senator Chuck Hagel (R-Nebraska) has a "$1-5 million investment" in ES&S, the company that counts most of his votes.

lend little credibility towards a "solutions oriented" goal as opposed to an "agenda oriented" goal as being the primary driving force. I have worked with the government on various levels and I can tell you that there is MORE corruption, incompetence, and hidden agenda (read: BS) than with companies... with one very important exception: the contracting companies.

You see, the difference between a company being contracted to provide a product/service and that of a company that _IS_ a contractor is vastly different. Furthermore, the relationship between the vendor and the government is vastly different as well. The problem of course is not something that just manifested on it