Slashdot Mirror
Diebold Audit Released, BlackBoxVoting.Org Shut Down
Chris Soghoian writes "The State of Maryland requested an audit of the Diebold electronic voting system by SAIC, after a report released by Johns Hopkins University and Rice Researchers (disclaimer: I'm one of Dr Rubin's students) noted several security issues. A condensed, from 200 to 40 pages, and censored version of the report has been released online (PDF link). The report notes that 'SAIC has identified several high-risk vulnerabilities that, if exploited, could have significant impact upon the AccuVote-TS voting system operation.'" However, Diebold says Maryland are moving forward with installation with "new security features" included, and elsewhere, Badgerman points out "Diebold has shut down blackboxvoting.org, apparently with copyright claims made to their ISP. But you can still go to the blackboxvoting.com site."
The Supreme Court is always most willing to hear cases when they involve political speech and voting, and this involves both.
This totally need to be crammed down every voting American's throat. Lather, rinse, repeat.
I think most here would agree that electronic voting systems are a waste of time without a physical audit trail, but as far as the public's concerned, hi-tech is better...as long as I have a nice GUI where I can go File>Vote>Undo I'll be happy to click and then shuffle out of the voting booth with a confident but bewildered smile on my face.
She's done a fair amount of research on electronic voting systems.
I bootleg Fizzy Lifting Drinks.
The meme for the 21st Century seems to be "if your product is faulty, abuse IP laws to squash anyone who mentions it", rather than, say, fixing the damn problem.
Sheesh, evil *and* a jerk. -- Jade
> if implemented properly, could revolutionise governance in general - pity it's being so badly implemented thus far.
I think "revolutionise governance" is exactly the problem most of us are worried about.
Sheesh, evil *and* a jerk. -- Jade
I wonder how many precincts in CA plan to use the Diebold system, with its well-known cracks, in the upcoming Gubernatorial Recall election.
With a broad field of candidates splitting the vote, and the field-leader taking the race, small margins could easily swing the election - which means a small number of compromised precincts could swing the election.
And with no human-readable audit trail, if you thought the stink over the Florida Presidential results was bad you ain't seen NOTHING yet.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Just read this quote from a Diebold press release that is being refuted on blackboxvoiting.com:
"The thorough system assessment conducted by SAIC verifies that the Diebold voting station provides an unprecedented level of election security." (emphasis mine)
Unfortuantely, in this case, blackboxvoting is quite wrong, and Diebold press release is entirely correct. You see, the word "unprecedented" doesn't necessarily mean "good". It means "without precedent". The level of security offered by these voting machines is most certainly "without precedent".
What has *science* done?!? -- Dr. Weird (ATHF)
OK Dieboldt, do you really think that suing computer scientists will give you any good PR?
Look, your voting software has more holes than swiss cheese. We are willing to help you, but there are some requirements you must follow.
1) your voting machines must have a printer attached
2) the votes must be counted electronically, optically, and by humans
3) if the printout doesnt match whats on screen, then remove the machine.
4) the paper ballot is the final record.
Look let the computer science community improve your software. We all want the election to go through in an error-free way. No one wants a florida to happen again.
But, if you fight this tooth and nail, you will have no fiercer enemy. Ignore the Slashdot nation at your own peril
...we're screwed. I mean all kinds of screwed.
Not just "they messed up my vote" screwed, but entire-election-results-legitimately-contested screwed.
The problem is that they're raising the margin of error by an unknowable amount. No matter which party wins in the 2004 Presidential election, the loser will easily be able to argue that the voting system was highly flawed and vulnerable to foul play. It will be a replay of 2000, except worse.
Using a system that's known to be insecure for national elections... it's just a guaranteed disaster. We'll have another election settled in court, and the populace of the U.S. will become even more polarized.
For the elections to be so obviously and openly rigged is to make sure that there is no dissenting opinion available. The Communists and Facists regularly skewed and falsified election results to prevent anyone from actually challenging their methods and agendas. Which, I might remind you all, was mass murder, wholesale pilliaging of national treasuries and imprisonment of dissedents. Fact is, Americans already have accepted the Fascist philosophy now being touted as "patriotism". Call me a nut, but thats what we are looking at. If Bush wins, I will consider this to be the end of the United States, and I will make serious efforts to leave the country. It would no longer be worth my time, effort or loyalty if the Fascists win another election.
And these men ARE fascists people, in every sense of the word. You think there would be any "open source" after that? This administration has already made little noises about Linux and BSD being "hackers" operating systems, there have been several years worth of propaganda about "freeware" being something only criminals use to steal and sabotage. You can damn well bet that it would be outlawed, or at least, brought under private control of some sort where it would be rigidly controlled.
Can you say heil SCO? Whether or not they actually have a claim, which they don't, it would only take a few lines of obscure law written into some other peice of legislation to change all that. It would be nothing for the fascists to declare something to be criminal or subversive and use that as an excuse for a major crackdown on the information industry.
But nobody really cares, as long as they can have their Hummers and Porches and Rolex watches.
Stupid Humans.....
That's what the lack of a human-readable audit trail avoids: those pesky "ballots" that people might want to recheck for accuracy. The Diebold systems might not be any better than hanging chads, but you can be sure they'll seem better because there won't be any way to remeasure the results and get a different number.
The postal service has to deal with incomprehensible writing thousands of times every day and seems to do a pretty good job of it. With a little practice, unless you're perhaps a doctor in a hurry, it's not an issue. This is because we have good pattern recognition algorithms in our brains and can usually decipher poor handwriting to get the point. More so if we have lots of experience doing it.
Florida proved to us that we have a severe shortage of people who know how to count.
I don't need no instructions to know how to rock!!!!
Feh. And other words of disgust. One of the main purposes of the constitution, and the bill of rights, is to avoid the problem of "tyrany of the majority", while simultaniously allowing free and democratic government.
Certainly a free for all democracy, without any sort of "No, you can't use the government to do this" would cause problems. Democracy, in and of itself, is not sufficient. But we have more than just a democracy, and so does every other first world nation. By explicitly limiting the government's power, and by making those limits quite difficult to change, things work quite well.
What we need is more accountability, less secrecy, and greater transparency. A government of a few tyranical types tends to have a half-life of around 30 to 40 years, and when they collapse (and they always do) its not pretty. Look at the Soviet Union for an example of this.
"Mission Accomplished" -- George W. Bush May 1, 2003
Well, something needs to swing one way or the other. In this day, you can only choose between two people, thus you don't have a whole lot of choice when it comes to stances. And it's pretty ludicrous to argue that representatives are generally responsible for their actions or to their constituents.
Maybe I'm just too cynical.
I'd personally like to log onto a secure website (I mean NSA type secure), select the issues I'm interested in (business, privacy, computers/internet, etc), and by default have a list of 5 "daily votes" related to my selected topics come up for me to vote on. Let everyone have the same. This removes a boatload of bureaucracy, makes government abide by the people, etc.
Then, IMO, it'd be a good idea to have government funded public debates in every community that anyone can attend. I akin it to Slashdot: a community debate is going to have lots of absolute retards, but I'll hear at least a few ideas and points of view that I hadn't considered for any given issue. On top of that, I'll hear from a number of folks who know more about an issue than I do. Most disagreements in my experience aren't based on judgement, but on information and communication. An open community debate would seem to be a better solution to this problem.
[end ramble]
~Dalcius
Rome wasn't burnt in a day.
The problem with this line of argument is that with machine count it becomes a matter of bribing one person: the one in charge of the machine...
This is why transparency is important. It really doesn't matter whether the ballots are counted by people, machines, or trained chimps, as long as the process can be viewed, verified, and checked by any concerned party (including individual voters) it will work quite well. When only a select few are allowed to see, verify, etc, the process than those select few can, and will, be corrupted.
An open source system, which produces paper receipts, looks like the only real option.
"Mission Accomplished" -- George W. Bush May 1, 2003
Well, yes and no. Hitler was voted dictator in a democratic election where armed thugs kept things going smoothly for him. Same as Mussolini was. It's one of the halmarks of facism: elecitons that are controled by threat of violence.
So, I'll have to disagree with your conclusion that too much democracy was what allowed Hitler to become a power.
"Mission Accomplished" -- George W. Bush May 1, 2003
The reports deal strictly with the flaws in the current electronic voting system. I know for a fact that there is no operating system that cannot be hacked in one way or another. With that in mind, one needs to remember that there are external systems that can help secure. Examples of these are using firewalls and access lists on standard computer networks. There are several things that need to be taken into account when it comes to security. 1. Security at the user interface. (sitting at the machine) 2. Ability to access the machine remotely. 3. Transmission medium. 4. Level of encryption used. Security at the user interface should be a relative easy fix. Ability to access the machines remotely can also be fixed easily. All it takes is using a dedicated fiber backbone, or using encrypted channels. Transmission medium must be considered in conjuntion with the second and fourth point of consideration. The last is where my personal expierence comes into play. I know of no cellular phones that use 128bit encryption. I also know that it takes a long time for a very strong computer (read a beowulf cluster) to crack a good encryption algorithim. Using something like double encryption with different size keys goes a long way. Pair that with using multiplexed signals and you have gone further. You can label me a troll all you wish. Hell I don't care. I do know that I can use proper security measures and secure any os from the outside. I could even do this over wifi (wouldnt want to do to bandwidth considerations though). I agree that a paper print out would be a good additional step, but you can rest assured that if someone really wants to protect this data, it can and will be no matter what the limitations of the actual voting machines limitations are. Dont believe me, email me. Alan.Dike@us.army.mil
Stop signs are only Suggestions
"in August, the Cleveland Plain Dealer reported that Walden O'Dell, the CEO of Diebold, is a major fundraiser for President Bush. In a letter to fellow Republicans, O'Dell said that he was "COMMITTED TO HELPING OHIO DELIVER ITS ELECTORAL VOTES TO THE PRESIDENT NEXT YEAR."
The internal memos from Diebold (they get referred to from Salon) show a shockingly cavalier chief engineer 'managing' the security concerns of various clients, steadily resisting the idea of even password protecting the .mdb file (.mdb file!?!) so that just anyone couldn't overwrite audit logs. Nothing overtly political in those memos, though, thank God.
Still -- how does it affect the credibility of any (new, or old) voting system for the people overseeing it to be acknowledged partisans? Imagine a Florida 2000 in which there were no physical records, and in which the systems that counted votes were frighteningly insecure and had been programmed by a company headed by a partisan figure. We already had more than enough partisan elements there -- the brother who happens to be governor, the Supreme Court justice who has a wife on Bush's transition team, the different standards for counting absentee ballots in different counties, and so on.
The thing about those memos is, they really show the states to be one more relatively uninformed client of an IT company. They'll buy the FUD of the Diebold person as long as he sounds assured enough, you know? Even when it comes to something as obvious as "I double-clicked the file of votes and it opened with no password, is that bad?" Which is all the more reason to be sure you're dealing with someone who has no conflict of interest, right?
"Fundamentalism" isn't about divine morality. It's about human authority.