Slashdot Mirror
Touch Screen Voting Industry Circling Wagons
bhoman writes "Salon has an interesting article/interview with the author of a forthcoming book, Black Box Voting, by Bev Harris, that looks at electronic voting machines, especially Diebold touchscreens. The story includes incriminating internal memos, cease and desist orders from Diebold, transcripts of an industry teleconference where Harris Miller of the ITAA brags of his lobbying experience, and documentation of a backdoor via an Access MDB with no password. This is for software currently being used in 37 states. "
How much longer until a major newpaper picks it up?
Touch Screens are GOOD! The technology is getting an incredibly bad smear thanks to the idiots at Diebold who are using it in ways which are, well, dishonest. I wish somehow the technology could be separated from the fools who use it to further their schemes. Let's hear it for all the good that touchscreens do !
The Fix is in. "How George W. Bush Won the 2004 Election":
t ml
http://www.infernalpress.com/Columns/election.h
I wouldn't use an Access Database as a way of securing my list of CDs, let alone my democracy.
Then again, does Dubya have any more brothers who are governors?
This might be just me, but the apparent insecurity of these voting machines almost ensures courtroom nonsense and bickering. I could be wrong, and I hope so.
----
"Ours was a free culture. It is becoming much less so."-Lawrence Lessig
You can check fingerprints on paper too you know. And with paper, you have the ability to say "This ballot was held by X and he voted for Y", whereas with a screen with some 5000 people touching it in 1 day, good luck finding any useable prints.
It to open the source for these "voting machines" so they can continually undergo a public review.
Hell the hardware needs to be open for review also. It's not like there is any secret designs in there (Unless you are trying to hide something illegal)
All it takes is a tiny bit of off the shelf hardware components, a refrence design and the software to make it work easily... anyone could make an electronic voting system.
until it's all open for review by today's IS and IT experts I will not trust it or the companies making them. This isn't some silly toaster or PVR... this is the basis of the United States... voting..
Do not look at laser with remaining good eye.
Well, it is called Access after all.
Doesn't it make you glad to be in a country were your democratic views are stored in an unprotected Access Database!
An open invitation to election fraud
The U.S. government seems to me to be becoming more and more corrupt. As David Letterman recently said, "When you make out your check for the Iraq war, there are two Ls in Halliburton."
Money seems to be everything, the health of the country nothing. McCain is right, we need campaign finance reform.
Every software in government, which is paid for from citizens taxes, should be open source. So that every citizen (at least the one which is a programmer) could check whether the code is good and fair, especially in elections.
Of course the code actually used in voting machines should be double checked by government professionals, but everyone should have an access to read the code.
I love high tech as much as anyone on Slashdot, but paper ballots make a whole lot more sense: with even a modicum of security you have the originals for recount (recounts being actually pretty straightfoward Florida FUD not withstanding).
"Everyone is entitled to their own opinion, but not their own facts."
You can have fraud using any medium, but when you throw computers into the mix it's a heck of a lot easier to have fraud on a grand scale.
-Jeff
Please learn the difference between a dissenting opinion and a troll before you moderate.
What is the fascination with Access? Why does every company seem to use Access for important data when there are so many other databases that are not only higher quality, but less expensive at the same time?
There is nothing funnier than companies that try to use Access as the database for 150,000-pageview-a-day websites. Middle management at its most entertaining.
Business isn't willing to pay for products, innovation and careers, so we get brands, mortgage commercials and layoffs.
More info is avaliable atw s/20 01574367_votefraud21m.html
http://seattletimes.nwsource.com/html/localne
Ok, I admit it, I really thought of fingerprints when I say touchscreen voting. Would anyone care to tell me what kind of screens are used for these touchscreens ? Would anyone with a little will be able to capture your fingerprint on the screen ? I mean, someone comes in, votes, wipes the screen real clean, you come in and vote, next guy comes in and uses that powder the police uses on the screen ? I see no real use for this informations, but still, privacy is privacy ...
In Canada, we don't fancy things like socks
and these touchscreens can have marquee screensavers saying, "This whole thing is wildly inaccurate. Rounding errors, ballot stuffers, dynamic IPs, firewalls. If you're using these numbers to do anything important, you're insane."
If the machines would actually print out a receipt of sorts, leaving a paper trail for the voter and the election officials, then we would get the best of both worlds. An easy, understandable, and technologically advanced voting system that is open to accurate recounts. But the first count still wouldn't be guaranteed correct.
If the touch screen prints out a ticket that confirms your vote and you put half of the ticket into a locked box all the votes are completely auditable. The ticket could even have a long random number on it that you could use to confirm your vote was counted correctly. If there is a re-count they put all the neatly printed, voter confirmed ticket stubs through an optical reader. No pre-preinted ballots are needed, just a roll of ballot stock. Something is fishy here, must business want to supply a materials to a customer on an ongoing basis. Here they are fighting the customer telling them you don't want to mess with paper.
Free cell phone tracking
How about a program that not only places the votes in a secure database, but also creates a PDF (an open format) and stores it on the local disks (RAID). Include all details of the vote, such as voter ID, etc. All the same stuff we keep on paper today.
After voting is complete, another program could open the PDFs and parse them out (is this possible?) and compare the results with the database. I don't know what to do in case of a discrepancy, haven't thought that through.
Oh, and whatever happens, no Windows allowed.
The screen itself could probably somehow capture an image of your fingerprint, without the intervention of a second person with a dusting kit... but they don't really need it because they already have a "fingerprint" of you on the smart card you pick up when you walk in and show your photo id. no votes are anonymous with these machines.
What really got me was the bit where one of their "engineers" was explaining how the "system test" is merely the normal POST. I'm currently in the process of writing a very simple inventory / cash flow management system for my employer, and I started building strict integrity checks and reports into it as one of my first steps. Meanwhile, the people making our voting machines can't be bothered?
TO BUY A NEW CAR WOULD MAKE YOU SEXUALLY ATTRACTIVE.
... for anything important such as voting. I'm a programmer, I do that for a living I've *never* seen a software project that didn't include quick hacks, known vulnerabilities by the dev team, ,a lazy programmer and a PHB.
The fact the matter is, EVERY software project has stuff like that.
I wouldn't trust a software (much less a closed source software) written by anyone (including NASA, govs, whatever) to do anything like this. And personally, I can't believe anyone who has worked in the industry would.
And that is, regardless of the project management techniques, reviews, whatever.
IP Therefore I am.
>>> Paper receipts make it easy for a corrupt party to pay for votes.
lack thereof makes it easy for a corrupt company (diebold) to steal votes. hmm... to have the votes bought, or stolen? it's a tough choice. however, it seems like it would be easier to affect the election on a much larger scale without a paper trail.
ATMS may not be that secure either
these people think so.
...vividly encapsulates that post-Watergate/pre-punk/coked-up moment when you could trust no one, least of all yourself.
I live in Seminole County Florida and we used optically scanned paper ballots, like those answer sheets in school that required a number 2 pencil (of course for voting pens are used). They are easy to use with the names on the ballot right next to the box you fill in. The results are read instantly when inserted in the box that holds the ballots, when a recount was ordered they just ran all of the ballots through again and had the results ready in a few hours. We have had this system for years (at least 10) and have had no problems, it is an easy answer to all of the issues that we are seeing with low-tech and high-tech voting machines. It provides a physical record and does not produce hanging chads.
Onward to the Aether Sphere!
throwing technology and computerization at the problem will necessarily make the system more secure. Not that these aren't good things, but my experience has been that, from a security standpoint, adding complexity can often increase opportunities to compromise a system.
I'm not saying that a state-of-the-art computerized, hi-tech voting booth can't be rock-solid secure. However, I do see the potential for companies to sell hi-tech voting machine soley on the *impression* that the added technology automatically makes them more secure.
I think the focus should be solely on the standard of security. Whatever system can meet that; be it punch card, touch screen, whatever, is the system we use. Sadly, I suspect such a standard will put internet voting a long way off.
A goal is a dream with a deadline
I'm glad for this article and for people raising red flags on electronic voting.
.
The truly sad part is that, from what I can tell, even if there's nothing suspicious in the realm of vote-fixing, we're still dealing with terrible software design and security.
And, sadly, that terrible design and security is all too common.
I'm hoping articles like this turns peoples eyes towards the fact that we've got lots of terribly made computer systems, applications, databases, websites, and so on doing very vital roles. In my IT career I've seen hospitals brought to a crawl by lousy patient software, websites with databases so bad that they had to be shut down for maintenance reguarly, simple applications delayed for months by bad planning and inappropriate technology, and far more.
So, sadly, in the area of voting, it's business as usual. But business as usual is pretty bad for the usual business as is . .
"The Sage treasures Unity and measures all things by it" - Lao Tzu
The EFF is organizing a petition to encourage IEEE to set trustworthy standards for electronic voting. Read about it and join the petition here:
http://www.eff.org/Activism/E-voting/IEEE/
"EFF supports the IEEE in taking on the issue of setting standards for electronic voting machines. We also support the idea of modernizing our election processes using digital technology, as long as we maintain, or better yet, increase the trustworthiness of the election processes along the way. But this standard does not do this, and it must be reworked."
Predictably, a bunch of /. responses focus on the fact that the source isn't available for public review as the primary problem, but that's irrelevant, and Bev Harris explained the correct solution quite clearly in the article.
Open source wouldn't be a bad thing, mind you, but why bother auditing the code? What you really want is to audit the *results*, and the easiest, best solution to that is also the simplest: Have the touch screen machines print paper ballots with a nice list of races and selected candidates. Then the voter can verify that they actually voted the way they wanted to, and the paper ballots can be counted and compared with the computerized tallies by anyone who wants to question the system.
As Harris points out, the fact that the manufacturers sem so dead-set on avoiding paper printing seems almost sinister... the solution is so obvious, and so simple that it makes you wonder what their true motivations are. They make a lot of noise about printers being too error-prone and difficult to operate, but that's just silly. Take a look at the thermal printers used by retail systems -- they work day in and day out for years with no more maintenance than replacing rolls of paper. Designing a workable printer for a voting booth wouldn't be trivial, but neither would it be an impossibility. The requirements are very simple: Be able to run for an entire day without jamming or running out of consumables, and print paper ballots that are easy to read and remain clear and legible for at least three years.
There are various minor improvements that can be made to this idea, such as a machine-readable section of the ballot to make automated verification easier, etc., but at bottom paper achieves a level of transparency and reliability that no purely automated system can ever achieve, no matter how many geeks have pored over the code.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Instead of storing the vote electronically, have the voting machine print off your ballot once you've voted, which you would then place into the ballot box. Increased accessibility and usability, no spoiled / ambiguous ballots, and no chance for loyal party members to control the electronic voting.
___
Cogito cogito, ergo cogito sum.
Though they only spent three-quarters of a page of copy on this, I found it interesting that U.S. News and World Report did a decent job with this week's coverage of this topic.
Typically, I don't have many kind words for USNWR, often questioning my own subscription tendencies, but I am pleased to see they reference the Johns Hopkins and Rice report regarding the insecurity of the Diebold system.
Now, if only folks would see the same potential flaws in the Hart Intercivic system, then perhaps they would not be shipping 9,000 e-Slate voting machines to California.
Personally, I detest that the last four times I've voted here in Texas I've walked away with a laundry ticket. I demand a paper trail! Or at least an online database where I can review all my past votes cast. (Of course, in a perfect world, the database would be open for peer review - r/o - and the source to the programs that access and tally the votes would be available for peer review.)
Not necessarily. The idea would not be for the voter to take the receipt with him, but to put it into a locked "ballot box" where it would provide an independent audit trail. Machines would be randomly audited after each election to ensure that fraud did not take place.
I would say that the system could be made even better this way: separate out the voting and tallying machines, using the paper as a medium of transfer.
It would work like this:
(1) Voter makes choices on the voting machine.
(2) Voting machine prints out paper ballot with text and barcode representation of the votes.
(3) Voter confirms that text matches his wishes; if so he places the vote in the tallying machine which scans the bar code, puts it into a database, prints the database serial number on the ballot and deposits it into a locked box. If the ballot is unreadable,the machine spits the ballot back out and the voter can try a different machine. If for some reason the tallying machine will not accept a voter's ballot, the ballot is placed in a separte locked box for manual tallying.
(4) After the election, database records are randomly audited to compare with paper ballots; paper ballots are likewise randomly audited to ensure that the bar codes correctly. The locked "ballot boxes" should have a mechanical counter which indicates the number of times they are opened; a proper log should be kept every time of every time the ballot box was opened and why.
Such a system would have the auditability of a paper system, with an electronic system's rapid and accurate tallying and ability to handle complex balots.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Not the whole answer, at least.
We need to check, not only that the software has no obvious backdoors, but that
I'm not that paranoid; there are probably any number of other things that could be screwed with and still have the code pass any kind of review with flying colors.
Paper ballots are the only answer.
Welcome to the Turing Tarpit, where everything is possible but nothing interesting is easy.
Quote from the article: While seeking information last January about a voting-machine company for a book she was writing, she found a Web site "on about the 15th page of Google." The open, unprotected site held some 40,000 files that included user manuals, source code and executable files for voting machines made by Diebold, a corporation based in North Canton, Ohio.
What we need is a stronger regime, one even more unafraid of manipulating silly elections. The point of elections isn't to choose a leader; it is to advertise to people that they have "chosen" their new dictator.
Unwashed masses that THINK they were somehow involved are much easier to abuse. THAT is the purpose of putting on an election performance.
--
"Those who cast the votes decide nothing; those who count the votes decide everything." - Josef Stalin
As an american citizen living abroad, I can tell you there is something fundementally wrong with the way voters are authenticated at least in one state.
:)
I vote once every 4 years, for president, as he/she is the only person representing my views while outside of the u.s.
I registered in 1992 for the first time in my birthstate of Michigan and voted. Did so again in 1996 and 2000. What was the difference between the first and subsequent votes ?
Well for starters, in 96 & 00 I merely walked into the highschool that held the voting booths and showed my ID, they checked their list and had me sign some paper (the address listed is from nearly 25 years ago.) I didn't preregister with the government, I just walked in.
Because my drivers licence was foreign he seemed a bit curious, and I asked him if I could vote for state senator/congressman & all of the ballot initiatives. He didn't seem to thrilled with the idea but admitted once I closed the shutter, nobody would know.
If anybody needs an extra vote in michigan, I'll be willing to sell.. well, I better not..
I could be killed in a car wreck tomorrow and my name would still be on that list I suspect.
Obviously these people are masters at gathering and implementing requirements from the various governmental entities that would use this.
Requirements:
1: Allow government to edit results
2: Make sure logs can be altered
3: Provide false sense of security
Invalid Checksum. Retrying.
Note however that even if we put a password on the file, it doesn't really prove much. Someone has to know the password, else how would GEMS open it. So this technically brings us back to square one: the audit log is modifiable by that person at least (read, me). Back to perception though, if you don't bring this up you might skate through Metamor.
There might be some clever crypto techniques to make it even harder to change the log (for me, they guy with the password that is). We're talking big changes here though, and at the moment largely theoretical ones. I'd doubt that any of our competitors are that clever.
I seem to recall that, back in the Dark Ages of the 70s, RACF was able to handle this kind of access control quite nicely. To say a log file can't be protected from the sysadm is either dishonest or incompetent. Either reason should be enough to disqualify a company employing someone like that in that position from anything requiring the public trust.
While I do believe that Paper ballots and optical scanners are the correct solution, it does need to be pointed out that they suffer from many of the same flaws. The same companies make the optical scanner databases as the touchscreen ones, and they use the same databases.
The votes could still be manipulated during the count. You could still have the issue where it reports different numbers by county than for the whole state, hiding from a limited recount. Only a total manual recount would catch cheating.
The reason that paper is better as an immediate medium is that the original is human readable and verifiable. A printed reciept is only good if every voter carefully checks it. If it is large enough to be human usable you might as well print the whole thing.
Finally papaer and permanent markers are cheap and portable. California could run their recall election on paper and have the votes scanned in the next county. One day delay in counting is way less than six months to buy touch screens.
This is not a political statement. This is not legal advice. It's a frick'n Slasdot post. However: I'm Running For
Quotes from the above article:
No official at Diebold or the Georgia Secretary of State's office has provided any explanation at all about the OTHER program patch files -- the ones contained in a folder called "rob-georgia" on Diebold's unprotected FTP site.
Inside "rob-georgia" were folders with instructions to "Replace what is in the GEMS folder with these" and "Run this program to the C-Program Files Winnt System32 Directory." GEMS is the Diebold voting program software.
Another quote:
- And assume that all 22,000 program patches did exactly what they said they did: Corrected a conflict between Windows CE and Diebold's firmware to prevent screens from freezing up.
I mean, Bush himself recently declared that there were no WMD's in Iraq, but it only made news deep within the covers of the various big journals which even bothered carrying the little item.
But this one, voting corruption in the world flagship of 'Democracy', is going to be the real indicator.
I mean, it seems this voting machine problem is in fact well known and understood by millions. People have time to raise a proper stink and prepare. I very much look forward to seeing if America will DO something about it or if they'll just grunt and roll over to a new sleeping position.
Unfortunately, it doesn't really matter very much in a political sense. At this point, it doesn't matter who gets into office. They're all a bunch of dangerous bastards who can be expected to play ball to the New World Order agenda. Those who can actually make a difference have a strange tendency to die tragically in King Air A-100 plane crashes.
I had no idea that Arnie was royalty! He's married to a Kennedy, his mom is married into high-level Austrian politics, and his pappy was in the SS. The boy terminator declared himself the loyal friend of a convicted Nazi war criminal, no less. --Oh yes, and the all-white, all-male, all-billionaire Bohemian Club which has a habit of determining who gets to be the president of the United States, (among other things), has agreed to make Arnie a king of some standing, possibly THE king. Sheesh. Thank goodness California put the brakes on when they did!
My only hope is that if America does manage to wake up enough to fix this voting machine horseshit, that it'll take the next step and realize that the current administration, and all current potential administrations, are corrupt to the core, put ALL of them in jail, and start fresh. I mean, sure, they'll have no functioning government for the next year, and people will panic, and the dollar will vaporize, and the really evil bastards will all hide out until everything blows over, but. .
Who am I kidding?
More likely? This voting machine problem will be looked and:
1. People ignore it, and what difference does it make after that?
2. People 'fix' the problem and then wait patiently to see which monster gets properly elected to continue the destruction of the universe.
Americans don't have the awareness or the spine for a real revolution.
-FL
I'm inclined to agree with you on the punch card issue delaying the CA election. However, I think punch card systems should be replaced with better systems if possible.
Pray that Queen Hillary the First doesn't make it into the white house in 2004, because if that happens who knows, we may see judges deciding elections from now on.
Isn't that what happened in the last presidential election? As a Democrat, I'm not bitter about it. The bottom line is that FL was a statistical tie; the margin of victory was smaller than the margin of error for ballot tallying. Nobody really knows what the intent of the electorate was with sufficient precision to state with true confidence who "actually won". Both parties were playing games with recount methods to try the skew the results in their favor. The irony is that subsequent analysis suggests that both parties were wrong about which method would have supported their candidate best.
I take away some different lessons from FL than most.
(1) The electoral college has some usefulness. The president is elected by electors, not popular votes. Therefore there is no question that Bush received the electoral votes of FL and that therefore he is the legitimately president of the US. There is a question whether the electors voted as they ought to have; however they are not really bound to vote in any particular way. If they voted with what was, in their opinion, the plurality of the electorate, then they really can't be criticized.
(2) Electronic voting machines would have helped, provided there was no fraud. The problem is of course it is impossible with current generation machines to prove this. There is no doubt that in the absence of fraud electronic machines would provide a more precise count. However,
(3) Concern about precision of tallying is misplaced. The real problem is that the method of the election, plurality voting, is so bad. Suppose Bush won the plurality of voters; this is by no means certain, but it doesn't really matter. Gore would have won by a clear margin in a head to head race, but Nader spoiled the election for him. I don't want to get into an argument about whether Nader should have taken this into account. No candidate should ever have to take the possibility of election spoiling into account, because we should have an electoral system which handles multi-way races better.
In short, electronic voting machines are a "quick fix" to a broken system; however they're fixing an aspect of the system that really is not so terribly bad. Even if they were perfectly secure, auditable and accurate, which they are definitely not, they wouldn't make much difference at all, especially in the CA recall election.
The real reason that the CA recall election should not go forward is that plurality elections with over a hundred candidats are nearly bound to produce a capricious result. Virtually the only system that is workable in this scenario is approval voting. Under approvial voting voters would check off all the candidates they would consent to have as governor. The candidate most widely approved of wins. Approval voting is simple to understand, requires only a single round, doesn't require the voters to rank candidates in an enormous field where they may not be familiar with most of them.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
That brings up an interesting point. The main beef I saw in the article was that the database was not auditable in the event of changes made, and that there's no other trail of information to follow.
The IRS would *never* accept the idea of accepting a tax return from the common citizen in the form of a database file without keeping some form of a copy for themselves.
And that, IMO, makes for an interesting point: The IRS is a government entity that deals with money. Where money is concerned, fully auditable paper trails are an expectation with just about any entity, let alone the IRS (just check out Wal-Mart or some other large business). Laws abound left and right in this regard, too. But, apparently, with our votes, which I think are equally, if not more important, an audit trail has been deemed unnessarily expensive.
The inherent mistrust of man when it comes to money (that the IRS holds), should be held to with voting as well.
.
uR iGn0ranc3, Their Power
No, that's not a basic democratic principle. That's a current principle used to encourage everyone to vote without fear of reprisal, but it's hardly a fundamental aspect of the system.
There are at least two reasons why you want secret balloting, one of them rather subtle. The obvious one is to prevent voter intimidation; the other is to keep people from being able to bring evidence that they voted for a particular candidate outside the confines of the voting booth.
Otherwise, I can park across the street with a sign reading, "$1 Paid For Each Vote for Candidate X" and buy votes from people coming out of the polling place with proof of their vote. Some of the machines being discussed would enable corrupt voters to do exactly that.
You really don't want to have any way to associate individual voters with their votes during or after an election. I'm sure there are tons of potential exploits beyond the few that I've heard of or thought of myself. Dropping the voter-secrecy requirement would be a major step in the ongoing banana-republicization of America.
Dahlmann tightly grips the knife, which he may have no idea how to use, and steps out into the plain.
I don't have a verifiable paper trail, but I've never worried about something "hacking" a big box of gears, "bugs" in the gears, the big box of gears going on the fritz, or the gears being made to somehow fit some nefarious purpose. You can't "patch" the gears remotely.
I see no ways that this system is inferior to a touch screen system. THEY SHOULD USE WHATEVER VOTING SYSTEM WORKS THE BEST, NOT THE ONE THAT'S THE MOST "ADVANCED" AND EXPENSIVE.
Thank you.
An excellent article
...from the moscow times. Oh the irony.
Also, has an extensive bibliography of other links at the bottom.
---
the pen is mightier than the sword, the sword is mightier than the court, the court is mightier than the pen.
Here's my idea: After you vote electronically, you put in your home address, e-mail, and phone number, which can then be given to a 3rd party commercial firm that is charged with verifying everyone's votes. Then, they can mail you a receipt with a listing of your votes, and call you to find out if it was ok with you, and also e-mail you. If you dont' repond to all three means of contact, then your vote isn't counted. As a bonus, you get to receive special offers from their affiliates.
- Donny was a good bowler, and a good man.
There is no problem with punch cards per se. Punch cards punched by machines are pretty damn reliable and unalterable without alteration being detected (assuming you have a checksum value indicated too).
The problem with punch card VOTING is that they are being punched by weakling grandmas.
So make a touch screen system that instead of tallying votes, just does the punching for you. You select your candidates via touch screen (or really, any way you want.... buttons and levers, voice recognition, braile, etc.) and out pops a punch card with your choices.
Now just like in places using the optical scanners, you then take the machine-punched card to the other side of the room to a punch card reader, manufactured by a DIFFERENT company that lets you read what votes are recorded on it. If your votes are right, you deposit it in the ballot box to be counted. If not, you (they dufus who made a wrong selection) go to the poll manager, claim spoiled ballot, and get a new card, start over and do it right this time.
If your ballot is challenged, it can be put in a challenge envelope, rather than haveing to whip out some paper ballot where your votes can be easily read by anyone, destroying your confidentiality.
This system eliminates the problem of no paper "record" of the touch screen votes, since the touch screens are NOT tallying votes... they just produce punch cards... not tallying or recording (and no Access databases of the tally to be hacked).
If the touch screen machine is hacked, then it will be detected real quick by someone checking a card punched by the touch screen machine on the reader across the room. Someone would have to hack BOTH of them to make a fraud work.
This takes a lot less smarts and security in the touch screen kiosks, and recounts are possible since an audit trail exists (the paper ballots). Lightning strike/power failure/other FUBAR/ doesn't wipe the memory (and the votes) on that touch screen machine.
BTW, I'm pattenting this process so you will all have to pay me royalties. Profit!!
Just as the Salon.com article was picked up here at Slashdot, Conspiracy Planet picks up articles from wherever it wants. It copied an article that was in Scoop Media. The Seattle Times reporter was somewhat misleading, and he was determined to get the word "conspiracy" into the article somehow.
I put him on notice that if he called me a conspiracy theorist, he would have to back that up with facts or I would require the editors to print a correction. Then he said "well, I'll just print what others say about you."
This guy did everything but stand on his head to slant the story, but I blocked most of the efforts. Something he fails to report in his story is that the Microsoft Access hack that is the subject of the Scoop Media article, the Ken Clark memo, and the Salon.com article (and was vetted out right here on Slashdot) -- well, I demonstrated that hack in front of the Seattle Times reporter, the IT guy for the Times, and a Seattle Times photographer, who commented, "Wow. This shows you can rig an election."
The reporter's use of the "Conspiracy Planet" reference was pretty disengenuous, when you realize that he knew damn well my work has also been covered in the Washington Post, AP Wire service, the San Francisco Chronicle, and CNN.
As you can see, I'm getting sick of the "conspiracy" label, since I've broken seven stories in a row on the voting issue and every one of them has checked out and, eventually, been picked up by the mainstream media, albeit haltingly. For a long time I just ignored it, but now, when reporters try to go there, I tell them to back it up or get hit with a correction, and if they don't correct, a libel suit.
Sad that it has to come to this -- printing facts is not the same thing as being a tinfoil hatter. What I do is scrutiny, and my facts check out.
Bev Harris
By opening the source even just for the back end portions, leaving the interface and customization part of it closed is not a problem. just have an open source back end, so that you can see where the votes go, how the data is structured. It appears that one of the bigger issues is not voter fraud, but identifying each individual vote. that would be easily identified and removed. and different versions can be more easily certified.
When I lived in Massachusetts, for the last couple of election cycles, the ballots were printed out on a flat white sheet of paper. We used a thing called a BLACK MARKER to complete a line for the candidate we were voting for. This neat piece of paper was fed into a nifty machine.
So, the actual paper ballot was retained if a recount was necessary...and the electronic part was just scanning the marks I made on the ballot. Granted, write-in candidates needed to be verfied manually.
That's all that needs to be done for ANY electronic voting system. None of this touchscreen bullshit, source code fiasco, or questions of verification. The miracles of OCR are something not to be overlooked!!
// Agent Green (Ian / IU7 / KB1JQO)
// IEEE 802.3: All 10base Are Belong To Us
Tell two of your friends about vreceipt, and have them tell two of their friends, etc. We need to have everybody asking their congressmen not only "Why are we implementing easily tampered with voting systems?", but "Why are we implementing them instead of mathematically verifiable alternatives?"
There's a lot to the white paper at that link, but here's the part that makes voting receipts possible: The receipts are given out and are identical to an entry in the published "first stage" election results, so you can verify that your vote was counted. The receipts have been repeatedly encrypted with different election officials' public keys, so nobody who wants to buy/blackmail your vote can tell who you voted for (but you can, by examining the original "2-ply" receipt which you pull apart before leaving the booth). Election officials scramble the order in which results are published after each decryption stage, so nobody can trace your vote from first stage to final cleartext results, but half of the published decryptions are randomly checked so any corruption on the part of the election officials will be caught. You still need to have poll watchers to make sure that a polling site doesn't report more votes than there were voters (since the vreceipt process protects against lost or altered votes, but not illegitimately added votes), but that's much easier than attempting to make sure that even an open source voting machine is doing it's job right.
The problem is, no one looks at the paper ballots, even in a recount -- they just run them through the machines again.
In the Diebold memos is a fascinating bit about Volusia County. Diebold machines apparently gave Al Gore MINUS 16,022 votes. Just a glitch, said the news media.
Not quite -- the internal memos show that the programmers couldn't quite explain it, but what they DO know is that two different memory cards were uploaded, card #0 (correct totals) and one hour later, card #3 (all totals correct except for the presidential race). Card #3 has since been misplaced, darn it, no one can find it. And in the memos (triggered by a pesky Florida auditor, doggone those people) as they struggle to come up with a plausible explanation one of them cautions the others to be careful, "you never know when the boogie man is reading these."
You can find this memo and commentary on it at www.blackboxvoting.com and you can find a link to ALL the memos at the activism site, www.blackboxvoting.org
Sent: Wednesday, January 17, 2001 8:07 AM
"Hi Nel, Sophie & Guy (you to John), I need some answers! Our department is being audited by the County. I have been waiting for someone to give me an explanation as to why Precinct 216 gave Al Gore a minus 16022 when it was uploaded. Will someone please explain this so that I have the information to give the auditor instead of standing here "looking dumb".
"I would appreciate an explanation on why the memory cards start giving check sum messages. We had this happen in several precincts and one of these precincts managed to get her memory card out of election mode and then back in it, continued to read ballots, not realizing that the 300+ ballots she had read earlier were no longer stored in her memory card . Needless to say when we did our hand count this was discovered.
"Any explantations you all can give me will be greatly appreciated.
Thanks bunches,
Lana
"
followup:
Date: Thu, 18 Jan 2001 15:44:50 -0500
"There are two separate issues/problems that are getting combined in this stream.
"- a check sum error occurred which the poll worker reset and continued counting the card "did not" require downloading before be reset. She never reran the previously counted ballots and this resulted in some negative PR post election. So that is Lana's primary question, how did this happen? Ken explanation sounds like a good one and will not require a line for VTS if we can ever get to GEMS.
"- the negative numbers on media display occurred when Lana attempted to reupload a card or duplicate card. Sophia and Tab may be able to shed some light here, keeping in mind that the boogie man may me reading our mail. Do we know how this could occur? "
NOTES
Sophia was the Diebold tech involved with the San Luis Obispo vote tally that appeared on the Internet five hours before poll closing.
Sophia is also the King County tech rep -- note the Ken Clark alter the audit log memo, talking about doing "end runs" around the voting system -- "King County is famous for it"
followup: possibility of "unauthorised source
Date: Thu, 18 Jan 2001 13:31:04 -0800
"John,
"Here is all the information I have about the 'negative' counts.
"Only the presidential totals were incorrect. All the other races the sum of the votes + under votes + blank votes = sum of ballots cast. The problem precinct had two memcory [sic] cards uploaded. The second one is the one I believe caused the problem. They were uploaded on the same port approx. 1 hour apart. As far as I know there should only have been one memory card uploaded. I asked you to check this out when the problem first occured but have not heard back as to whether this is true.
"When the precinct was cleared and re-uploaded (only one memory card as far as I know) everything was fine.
"Given that we transfer data in ascii form not binary and given the way the data was 'invalid' the error could not have occured during transmission. Therefore the error could only occur in one of four ways:
"Corrupt memory card. This is the most likely explaination for the problem but since I know nothing about the 'second' memory card I have no ability to confirm the probability of this.
"Invalid read from good memory card. This is unlikely since the candidates results for the race are not all read at the same time and the corruption was limited to a single race. There is a possiblilty that a section of the memory card was bad but since I do not know anything more about the 'second' memory card I cannot validate this.
"Corruption of memory, whether on the host or Accu-Vote
And Diebold has been sending cease-and-desist letters out to people who have covered this. This particular mistake looks like a screw-up rather than fraud, but either way I want no part of it.
Don't drop the soap, Tommy!
Here's one that supposedly happened quite a bit until systems were modified to defeat it:
You go to the polling place, and get stopped across the street by a couple of guys, who hand you a pre-filled ballot form. You put it in a pocket, walk in, get a blank form, go into the booth and dawdle for a few minutes. Before leaving the booth you pull out the pre-filled form and pocket the blank form. When you leave the booth you drop the pre-filled ballot into the box, walk back across the street and and give the blank ballot to the guys waiting there. They give you your money/don't break your kneecaps/don't kick you out of the union/whatever.
My voting area uses punched card ballots (and they've never been a problem) that have an feature designed to defeat this. Each ballot has a perforated easy-tear section with a serial number printed on it. When you get your ballot, the volunteer writes down the serial number you took. Before you can put your ballot into the box, the volunteer verifies that the ballot you're about to put into the box has the same serial number as the one she gave you. Then you tear off the serial number, which gets destroyed, and put the remainder of the ballot in the box.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Just a note that I'm hoping to see the BlackBoxVoting donation forms available soon - this is essential work that the /. community should actively support.
Also, extra thanks to Bev for her recent efforts to post notifications and address issues on this site; because of this I'll be purchasing a copy of her book. The publisher's iconogrpahy is unfortunate for promotion purposes, but ultimately irrelevant to the books' content.
Perhaps you should a consider a journalist calling you a conspiracy theorist a compliment?
Much of the "journalism" I see/read/hear lately is utter trash, especially from the big TV and cable networks. The bias there is quite disgusting and appears to be motivated by its entertainment value rather than true newsworthiness (I cite the shark sightings stories, for example--sharks are irrelevant!).
Healthcare article at Kuro5hin
No, you're wrong. Greg Palast did extensive research into what happened. Don't buy the party line from Fox News, CNN, and others who completely whitewashed what happened in Florida.
Now that Diebold has a lock on voting systems, expect more fraud and even less media acknowledgement of it.
All these discussion about costs and speed usually leave out the primary goals of a democratic voting procedure, which should be:
The ballots are secret so that nobody can be persecuted for his vote.
The final tally reflects accurately the will of people having voted. For accountability purposes the count should be easy to verify so that allegions of election fraud can be resoved without doubt.
All entitled citizen can take part in the election and cast their vote in a safe and a easy manner.
I seriously doubt, that the average citizen is capable to even understand the necessary steps to check whether a computer-voting machine has been tampered with, not even to think about being able to verify the authenticity.
Considering how many ways have been found to tamper with simple and easy to understand paper ballots, adding the possibilities for fraud offered by a computer are mind-boggling.
Without any paper trail, "The computer said so" will be the final arguments about whether election results are correct. Going by how reliable computer systems are runing in banks and the IRS, this isn't really a very high standard of confidence for a democracy.
If a paper trail is generated anyway, why is it necessary to replace technologies understood and trusted by most people - pens or stamps - with computers? The only added feature is that the secrecy of an election can be more easily be subverted.
That fact that those computers are running Windows and a voting software written by half-wits is making things only slightly worse. Even the best and most open system design won't reach the trustworthiness and accountability of a simple pen or stamp.
I want the names of all the Diebold technical personnel involved with these machines so I can add them to our hiring blacklist.
Perhaps I've been living in an idyllic career vacuum, where everyone is competent and of good character -- and perhaps that's why I'm completely, jaw-droppingly astonished beyond words after reading Scoop's copy of the internal Diebold memos. With the possible exception of $(MUMBLE_SALTPILE_MUMBLE), I've never witnessed such opaque incompetence. These "engineers" not only don't know what they're doing, they clearly don't want to know what they're doing.
That whole "explanation" as to why a password on the database would be "pointless", since GEMS needs a password to add vote records... <*shaking head*> It's crystal-fscking-clear that they want an anonymous database user/account (the voter) that can only append records (votes) to the database; it must not be allowed to read or modify records. Read-only accounts are given to the vote counters and, if you really need to, a single strongly-passworded read-write account is given to the election commissioner. Once you establish these requirements, you then look for software that will do this for you. If MSAccess won't do it, junk it and move on. If no existing databases will do it, then My God, you're going to have to do some actual engineering! .
These idiots are trying to fudge the requirements because, apparently, they don't want to have to use any software they can't scoop up at Fry's (and, apparently, writing their own software is an anathema). I mean, yeah, their incompetence has placed the integrity of the Republic at risk, yadda yadda yadda, but am I the only person who sees their behavior as a kind of disinterested laziness? I can sort of understand people who are disinterested in the act of voting because the hiring roster has been stacked. But I mean, for God's sake, what kind of self-respecting person -- never mind software engineer -- would demonstrate such a profound lack of interest and respect in designing a fundamental instrument of democratic principles? If it were me, I'd be lying awake at night, worrying that I wasn't dilligent enough, wasn't smart enough to take on work of such profound importance. It would probably eat me alive, because any screw-up could be disasterous, because doing an excellent job would be so absolutely critical . But no, these guys are just phoning it in, tossing aside crucial security concerns with utterly stupid aphorisms such as, "Passwords actually don't matter much..."
Blacklist them. The software screwup you avoid may be your own.
Schwab
Editor, A1-AAA AmeriCaptions
Ever use a bill changer in a casino?
There's no limit to how good such a system can be if it matters enough to the people buying it.
And, we're talking about a freshly minted piece of paper with markings designed to be machine readable.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Here is what I have been doing all day:
Reporter: Why is Diebold sending cease and desists?
Me: Because they don't want anyone to see their memos
Reporter: Oh. What is in the memos?
Me: Oh, things about security flaws and using uncertified software and using cell phones to intercept and transfer votes and discussions of how to fake things...
Reporter: Wow. Where can I download these?
Me: At this web site
Reporter: Okay I'm going there now, okay, it's downloading, when I'm done will you give me a guided tour?
Me: Sure. And here is a neat little web page where you just enter any search term and it instantly searches and find you the Diebold memos that match
Reporter: What search terms should I start with?
Me: Try "boogie man" and also "hack" "cel phone" "broken" "fake" and one of my personal favorites, "What good are rules"
Reporter: I'll try that "what good are rules" one. Found it. Gosh, what is he doing? Is that legal?
Me: No.
And so it goes. Excellent plan, Diebold. Yes, shut down a web site, that'll help.
Besides reporters, the memos were downloaded today by the U.S. House of Representatives.
This is a SEARCH ENGINE, folks, that finds the Diebold memos. What's next -- Google?
"The purpose of this letter is to advise you of our clients' rights and to seek your agreement to the following: To remove from the web site the Diebold Property, and to remove or disable the information location tools (including any associated indices used for searching) contained therein as identified in the attached chart and to destroy any backup copies of the Diebold Property and/or information location tools, including associated indices, that are contained on your server."