E-voting Patches Skew Election?

Whammy666 writes "Wired magazine has an interesting story of how the much-maligned Diebold E-voting machines were allegedly secretely patched before Georgia state's 2002 gubernatorial election. The patches were never certified by independent testing authorities or cleared with Georgia election officials. The election produced an upset which ended in a major upset that defied all polls. A Diebold contractor tells a worrysome tale of how close to a third of the machines were crashing or locking up and how his tests showed the machines producing errors up to 25%. There are no paper audit trails with these systems so it's nearly impossible to check for fraud or malfunction after an actual election."

Well, what do you expect?

[BWJones]

A Diebold contractor tells a worrysome tale of how close to a third of the machines were crashing or locking up and how his tests showed the machines producing errors up to 25%.

As I recall, these voting machines are running Windows. Are we surprised? Perhaps these things should be running a dedicated embedded OS, or a trusted Linux, even OS X, but not Windows. Especially with all of the security concerns.

Re:Well, what do you expect?

[BdosError]

The problem is with their programming more than it is with the OS. As much fun as it is to bash Microsoft, this sounds like it's mostly Diebold's fault.

I wrote something on this recently

[VonGuard]

I don't want to say that wired.com steals other people's stories. They certainly didn't steal my story this time

But I would like to point out that i wrote a piece about this sort of stuff a while back.

Do I have to ?

As a matter of law do we as citizens have a direct voice in saying how our votes are counted ? May we insist our vote be counted in a different manner at the polling station ?

amazing how Republicans keep winning elections...

[sireasoning]

Let's see if I have this right.

A Republican congressman owns a company that sells voting machines

The voting machines are closed source with no audit trail

The voting machines are easily manipulated by anyone with a moderate amount of knowledge of excel

untested and uncertified patches are known to have been placed on voting machines prior to elections

Republicans continue to defy odds and win elections that polls show them losing

----
This happened in Alabama in the latest election for our governor. Initial results showed that the incumbant democrat had won the election, then a last minute change in the figures from a district with a republican in charge of election certification swung the election to the Republican. There was no recourse for the democratic incumbant.

Florida was fixed

[JimmytheGeek]

I have some Occam's Razor cuts for you:

Does it fail the laugh test if you posit the 5 Republican Supremes going against the grain of decades of their own opinions upholding states' rights, to counter a state court's election decision favoring a Republican? Yes, indeedy. Shoe on other foot leads to other decision.

Does it fail the laugh test if you posit a Democrat running the Florida election and acting as state campaign chair, and ask whether you'd be content when every single decision favored the Democrat?

Real Razor time: what's the most obvious explanation for firing an inexpensive contractor and awarding a contract for purging voter rolls of ineligibles to the HIGH bidder? And repeatedly asking that the statistical methods for validation be less sound (generating more false positives)? What's the likely explanation for a 90% error rate, and the defiance of two court orders related to restitution of voter status?

I consider what Harris and Jeb Bush did to be treason against a democratic society.

Selected, not elected

[burgburgburg]

W was not elected under the rules set forth for elections but was specifically selected for the position by the SC. They stopped the procedures set forth for recounts of disputed votes in Florida, (proving once and for all that Republican respect for states rights is as strong as their respect for civil rights when self-interest is on the line), declared that W had won the election and that any attempts to recount the votes would cast doubts on their selection of W as the winner.

That's why W is the asterisk President. He's the selected President of the United States*.

Re:The problem with this kind of story is ...

[pla]

Could it be that they truely did lose, fair and square

Sure... by exactly 18181 votes, in no fewer than five elections (so far, that I've heard of - probably more that went unnoticed).

Hey, I acknowledge that coincidences do happen. But on that scale? If you flip a coin and it comes up heads 71 times in a row, wouldn't you get a tad suspicious, even though it could physically happen with a completely fair coin? Because the probability of that roughly equals that of five 18181-sided dice all hitting their highest number.

Lower taxes, raise spending -- the Bush way

[Valdrax]

Take the top 5 years of American history in which discretionary spending increased the most (as a percentage of the previous year's spending). Two of those years were during WWII. Three of them were under a GOP-dominated Congress within the last five years. So much for Republican's lowering spending!

Even supposedly "tax-and-spend" president Bill Clinton managed to only have a 3.5% increase in discretionary spending during his administration (with a 0.7% decrease in non-defense discretionary spending). Reagan was famous for increasing discretionary spending 7%, while GWB has increased discretionary spending 15.6% and has increased non-defense spending a whopping 20.8% in merely three years of office! This has led to a whopping $450 billion dollar budget deficit for this year alone.

From the fiscally-conservative Cato Institute: here and here

This is in spite of approving huge tax-cuts to the rich in spite of the fact that we already have some of the lowest taxes in the world. This has twice required massive accounting trickery and Congressional action to avoid having our nation default on its debt. Bush is driving us into the ground with his lunatic economics! All of the recovery under the Republican "Contract with America" and under the Clinton administration has been brushed aside by Bush reckless combination of tax cuts and spending increases. Remember back when Clinton said that we were looking at an end to the national debt after paying off $600 billion and with it at a mere $5.7 billion back in 2000 instead of the $6.8 trillion that it is now?

In the mean time, Howard Dean has managed to keep a balanced budget on his state for 10 years, through two recessions all while paying for the social programs that needed support. Maybe we should compare Bush's record as a governor? It's pretty obvious who's gonna be better as President if you're looking to see the deficit taken care of. Then again, if you weren't aware of Bush's spend-thrift ways to begin with, you probably won't bother to read the links and get informed.

Re:Hard to comprehend

[Saige]

With everything I've seen, I'm unable to resist coming to one of two conclusions about all this.

One - the people in charge of this are incompetent and defensive about it to the point of forcing bad solutions and defects on the system to cover their incompetence. Perhaps they figured (one way or another) that this could gain them profit, and someone with no computer knowledge whatsoever was put in charge and continues to force his ideas on the system, no matter how bad it is.

Two - it is deliberate. They are intentionally making a mess of this in some sort of calculated way to give them influence over the election results.

Which conclusion to go with? I'm not certain. The standard rule is to never attribute to malice what can be approproately explained by simple incompetence, but the level of incompetence here is so drastic that it starts to stretch belief. Essentially, there would have to be incompetence throughout the entire development team for these voting machines. I guess opressive managment can drive out all the people who know what they're doing, so perhaps that could be an explanation...

less acountability than ATMs and gambling machines

[Eric+Smith]

The gaming commission in Nevada requires very strict analysis of gambling machines before they are deployed, and periodic audits of the machines (including firmware verification!) to make sure they haven't been tampered with.

Your bank puts a lot of effort into making sure that their ATM machines don't have problems. This isn't because of government regulations, it's because they don't want to lose money! (Note that many of these ATMs are made by the same Diebold that is now making the unauditable voting machines. If your bank were in charge of voting, you can bet that Diebold would be making much better voting machines.)

Yet the government has essentially no standards for voting machines! How is it that we as a society care more about gambling and convenient access to cash than we do about voting?

The ACLU may have been right to challenge the equipment used in the recent California recall election, but their argument was completely bass-ackwards. They claimed that the four counties using punched card ballots were unfairly discriminating against minorities. Ironically, it is ONLY in those four counties that the voters (including minorities) can have even the slightest degree of certainty that their vote was in fact counted correctly as they cast it.

We need open-source designs for voting machine hardware and software. There should be at least one, and possibly several designs which are made publicly available for scrutiny, and fully public domain so that no royalties need be paid to use them. Then the counties can put out bid requests, and any manufacturer could produce them. However, the bidding requirements should include that the machine and software has to conform exactly to the published plans. Any deviations must be preapproved, and must be published and in the public domain.

Note that this means that both the software and hardware must be open-sourced.

And even then, it will still be necessary to have plenty of auditing to make sure the machines aren't tampered with. There should be internal printers for audit trails. And, like the gambling machines, it will be necessary to verify that the software integrity routinely.

The normal technique used to verify the software in electronic gambling machines has been to use ROM verifiers. The auditor actually removes the firmware chips from the machine, puts them into a verifier, and compares them against known-good images. (The software was subjected to intensive scrutiny when the machine was approved by the gaming commission, but in the case of open-source code for voting machines, it could get even more intense scrutiny.)

Newer machines, starting with the Odyssey machine from Silicon Gaming, store game code on a hard drive. The ROM code refuses to load code that isn't digitally signed. So they still use the ROM verifier, but now verifying the ROM proves that the software on disc is correct as well.

A voting machine shouldn't even need a hard drive, though. In fact, it's much better if it does not have one. Aside from the paper log, writing the data to a write-only medium would be preferred. The list of items to be voted on (candidates, ballot measures, etc.) could be supplied to the machine on a flash card, and the contents of the card could be digitally signed by the election officials.

The drives for the removable media should be in physically locked containers. Of course, the machine as a whole needs to be physically secured against tampering such that attempts to do so will be easily detected by the poll workers. Tamper detectors should also log messages to both the paper audit trail and the machine-readable log.