Touch Screen Voting Industry Circling Wagons

bhoman writes "Salon has an interesting article/interview with the author of a forthcoming book, Black Box Voting, by Bev Harris, that looks at electronic voting machines, especially Diebold touchscreens. The story includes incriminating internal memos, cease and desist orders from Diebold, transcripts of an industry teleconference where Harris Miller of the ITAA brags of his lobbying experience, and documentation of a backdoor via an Access MDB with no password. This is for software currently being used in 37 states. "

the only solution...

[Lumpy]

It to open the source for these "voting machines" so they can continually undergo a public review.

Hell the hardware needs to be open for review also. It's not like there is any secret designs in there (Unless you are trying to hide something illegal)

All it takes is a tiny bit of off the shelf hardware components, a refrence design and the software to make it work easily... anyone could make an electronic voting system.

until it's all open for review by today's IS and IT experts I will not trust it or the companies making them. This isn't some silly toaster or PVR... this is the basis of the United States... voting..

So many databases

[cubicledrone]

What is the fascination with Access? Why does every company seem to use Access for important data when there are so many other databases that are not only higher quality, but less expensive at the same time?

There is nothing funnier than companies that try to use Access as the database for 150,000-pageview-a-day websites. Middle management at its most entertaining.

why are they fighting a printing machine?

[asmithmd1]

If the touch screen prints out a ticket that confirms your vote and you put half of the ticket into a locked box all the votes are completely auditable. The ticket could even have a long random number on it that you could use to confirm your vote was counted correctly. If there is a re-count they put all the neatly printed, voter confirmed ticket stubs through an optical reader. No pre-preinted ballots are needed, just a roll of ballot stock. Something is fishy here, must business want to supply a materials to a customer on an ongoing basis. Here they are fighting the customer telling them you don't want to mess with paper.

Seminole County Florida

[glenrm]

I live in Seminole County Florida and we used optically scanned paper ballots, like those answer sheets in school that required a number 2 pencil (of course for voting pens are used). They are easy to use with the names on the ballot right next to the box you fill in. The results are read instantly when inserted in the box that holds the ballots, when a recount was ordered they just ran all of the ballots through again and had the results ready in a few hours. We have had this system for years (at least 10) and have had no problems, it is an easy answer to all of the issues that we are seeing with low-tech and high-tech voting machines. It provides a physical record and does not produce hanging chads.

Receipts should be treated as ballots for audits

[hey!]

Not necessarily. The idea would not be for the voter to take the receipt with him, but to put it into a locked "ballot box" where it would provide an independent audit trail. Machines would be randomly audited after each election to ensure that fraud did not take place.

I would say that the system could be made even better this way: separate out the voting and tallying machines, using the paper as a medium of transfer.

It would work like this:

(1) Voter makes choices on the voting machine.
(2) Voting machine prints out paper ballot with text and barcode representation of the votes.
(3) Voter confirms that text matches his wishes; if so he places the vote in the tallying machine which scans the bar code, puts it into a database, prints the database serial number on the ballot and deposits it into a locked box. If the ballot is unreadable,the machine spits the ballot back out and the voter can try a different machine. If for some reason the tallying machine will not accept a voter's ballot, the ballot is placed in a separte locked box for manual tallying.
(4) After the election, database records are randomly audited to compare with paper ballots; paper ballots are likewise randomly audited to ensure that the bar codes correctly. The locked "ballot boxes" should have a mechanical counter which indicates the number of times they are opened; a proper log should be kept every time of every time the ballot box was opened and why.

Such a system would have the auditability of a paper system, with an electronic system's rapid and accurate tallying and ability to handle complex balots.

About access control....

[Polymath+Crowbane]

I can't believe the Diebold folks actually said this:

Note however that even if we put a password on the file, it doesn't really prove much. Someone has to know the password, else how would GEMS open it. So this technically brings us back to square one: the audit log is modifiable by that person at least (read, me). Back to perception though, if you don't bring this up you might skate through Metamor.

There might be some clever crypto techniques to make it even harder to change the log (for me, they guy with the password that is). We're talking big changes here though, and at the moment largely theoretical ones. I'd doubt that any of our competitors are that clever.

I seem to recall that, back in the Dark Ages of the 70s, RACF was able to handle this kind of access control quite nicely. To say a log file can't be protected from the sysadm is either dishonest or incompetent. Either reason should be enough to disqualify a company employing someone like that in that position from anything requiring the public trust.

Re:Another article by Bev Harris:

[BevHarris]

Just so you know: I have never "published articles in Conspiracy Planet."

Just as the Salon.com article was picked up here at Slashdot, Conspiracy Planet picks up articles from wherever it wants. It copied an article that was in Scoop Media. The Seattle Times reporter was somewhat misleading, and he was determined to get the word "conspiracy" into the article somehow.

I put him on notice that if he called me a conspiracy theorist, he would have to back that up with facts or I would require the editors to print a correction. Then he said "well, I'll just print what others say about you."

This guy did everything but stand on his head to slant the story, but I blocked most of the efforts. Something he fails to report in his story is that the Microsoft Access hack that is the subject of the Scoop Media article, the Ken Clark memo, and the Salon.com article (and was vetted out right here on Slashdot) -- well, I demonstrated that hack in front of the Seattle Times reporter, the IT guy for the Times, and a Seattle Times photographer, who commented, "Wow. This shows you can rig an election."

The reporter's use of the "Conspiracy Planet" reference was pretty disengenuous, when you realize that he knew damn well my work has also been covered in the Washington Post, AP Wire service, the San Francisco Chronicle, and CNN.

As you can see, I'm getting sick of the "conspiracy" label, since I've broken seven stories in a row on the voting issue and every one of them has checked out and, eventually, been picked up by the mainstream media, albeit haltingly. For a long time I just ignored it, but now, when reporters try to go there, I tell them to back it up or get hit with a correction, and if they don't correct, a libel suit.

Sad that it has to come to this -- printing facts is not the same thing as being a tinfoil hatter. What I do is scrutiny, and my facts check out.

Bev Harris

Re:It's a basic principle, all right

[tsg]

The major flaw in a secret ballot, however, is that the only person who knows for sure how he voted can't verify his vote was counted correctly. The people who can verify the vote don't know what the vote is. There's no check. Even in a simple summation, You can't verify the output without knowing all the inputs.

Take a simple model of a non-secret ballot where everybody's vote is published in a newspaper the day after the vote. John Q. Public can check the paper, verify his vote was recorded correctly, and verify that all the votes add up to the reported total. There's no opportunity for fraud except for the case of vote buying but then the voter is a willing participant, and, in fact, can be done in the existing system through absentee ballots.

What's needed is a method where the voter can verify his vote and the reported totals without sacrificing his anonymity. Then it doesn't matter if the vote is cast on paper, electronically, or by smoke signals. It then becomes an argument over which system is more efficient (less mistakes, faster results, etc.) rather than which system is more open to fraud.

Re:It's a basic principle, all right

[87C751]

What's needed is a method where the voter can verify his vote and the reported totals without sacrificing his anonymity.

Dead simple. Take a SHA1 hash of the voter's name and address, a secret string Joe entered at the polling place and the candidates he voted for. Publish the list of hashes in the paper. Joe Voter calculates the hash himself and looks for it in the list. If it's not there, someone is playng games. You need the secret string because Joe's name and address are public knowledge.

Re:It's a basic principle, all right

[LizardKing]

Could you explain why, exactly, this is a problem? If someone chooses to sell their vote, why shouldn't they be allowed to do so? This is a serious question.

Because it undermines the whole notion of voting for a candidate because of the things they promise to do once in power. Bad election practices such as these were common in parts of England until the nineteenth century. "Rotten boroughs" with small numbers of eligible voters could be used to ensure a candidate got into parliament. Even after the widening of the franchise a mixture of bribery and coercion was common, with small farmers and manual labourers expected to vote how their bosses saw fit.

Chris

Apparently the Diebold machines screwed up in FLA

[rsheridan6]

lifted from a blog:

A remarkable exchange concerning Diebold's voting machines in Volusia County, Florida. On January 17, 2001, Lana Hines, a county elections official sends out an inquiry as to how Al Gore ended up with a vote-count of -16,022. That's NEGATIVE 16,022--which just happens also to have been the total number of votes cast for various independent and third-party candidates who also ran. (It was the largest number of such votes cast in Volusia County's history.)

Pay close attention to the final entry, from "Tab"--that is, Talbot Iredale, Vice President of Research & Development at Global/Diebold. The most troubling of his statement is in bold below. Iredale writes: ...the error could only occur in one of four ways:

1.Corrupt memory card. This is the most likely explaination for the
problem but since I know nothing about the 'second' memory card I have
no ability to confirm the probability of this.

2.Invalid read from good memory card. This is unlikely since the
candidates['] results for the race are not all read at the same time and
the corruption was limited to a single race.There is a possib[ili]ty that
a section of the memory card was bad but since I do not know anything
more about the 'second' memory card I cannot validate this.

3.Corruption of memory, whether on the host or Accu-Vote. Again this is
unlikely due to the localization of the problem to a single race.

4.Invalid memory card (i.e. one that should not have been
uploaded). There is always the possib[i]lity that the 'second memory card'
or 'second upload' came from an un-authorised source.

And that's only the tip of the iceberg.

When will this all-important story break out in the US mainstream press?

And Diebold has been sending cease-and-desist letters out to people who have covered this. This particular mistake looks like a screw-up rather than fraud, but either way I want no part of it.

DIEBOLD: Cease & Desist THIS:

[BevHarris]

Diebold objected to publishing a link to a foreign web site which in turn published links to the Diebold memos, and our ISP caved. More on this here, and you'll find the letter from the Diebold attorney here -- and for a small hoot, please notice that the letter, which is not copyrighted, includes the link (three times) which they object to, and therefore republishing the letter telling people not to publish the link actually serves to publish the link.

Here is what I have been doing all day:

Reporter: Why is Diebold sending cease and desists?
Me: Because they don't want anyone to see their memos
Reporter: Oh. What is in the memos?
Me: Oh, things about security flaws and using uncertified software and using cell phones to intercept and transfer votes and discussions of how to fake things...
Reporter: Wow. Where can I download these?
Me: At this web site
Reporter: Okay I'm going there now, okay, it's downloading, when I'm done will you give me a guided tour?
Me: Sure. And here is a neat little web page where you just enter any search term and it instantly searches and find you the Diebold memos that match
Reporter: What search terms should I start with?
Me: Try "boogie man" and also "hack" "cel phone" "broken" "fake" and one of my personal favorites, "What good are rules"
Reporter: I'll try that "what good are rules" one. Found it. Gosh, what is he doing? Is that legal?
Me: No.

And so it goes. Excellent plan, Diebold. Yes, shut down a web site, that'll help.

Besides reporters, the memos were downloaded today by the U.S. House of Representatives.