More E-Voting Software Leaks Surface

Christopher Soghoian writes "Sound like something you've seen before? Wired News reports that the software which runs Sequoia's AVC Edge voting machines has been accidentally placed on another company's publicly available FTP server, although this time it's the binary, rather than the source that's been leaked. Machines running this software were used in California's Riverside County for the 2000 presidential election and for last month's California gubernatorial recall election. The system also has been used in counties in Florida and Washington state."

does it really matter?

[adamruck]

I dont know a whole lot about cyrpto, but if its a big deal if a binary got leaked, perhaps the software isn't that secure to begin with. We all know security through obscurity doesn't work.

Re:does it really matter?

[SatanicPuppy]

I think we'd all feel a bit safer if they went ahead and leaked all the source for all the different machines.

Who wants their vote to be tallied by a black box? This is too complex for buerocracy crippled government oversight. We have a right to know exactly how our vote is being recorded!

Just my opinion.

Re:does it really matter?

[cshark]

Why aren't people getting as offended over this as they do over the old style votomatics?!

This all seems a lot worse than hanging chads to me.

Re:does it really matter?

[krymsin01]

The difference here is that someone actualy went into a booth and made the voting machine produce a hanging chad that we could all argue over.

Here, the posibility might exist that due to bad software design someone with nefarious purposes could come up with an exploit to poision the results and there not be a way to go back an argue over the evidence.

Re:does it really matter?

Because morons such as those at the ACLU have big fat wood for electronic voting - damn the consequences!

Re:does it really matter?

[morgue-ann]

Here, the posibility might exist that due to bad software design someone with nefarious purposes could come up with an exploit to poision the results and there not be a way to go back an argue over the evidence.

It doesn't even take deliberate bad intentions for bad software to fsck up the democratic process.

Remember in Cryptonomicon when the lady pulling the bingo balls to form a one-time pad didn't like certain numbers, but preferred multiples of 5 so skewed the probability distribution enough that the cryptext could be attacked?

In one of Georgia's elections using a Diebold machine, Green party votes got screwed up.

The systems are new, so the election officials are interested in figuring out went wrong.

Once the systems lose their freshness, maybe an official won't persevere for a resolution to losing votes for a 2% party.

However, candidates getting 2% encourages those who feel disenfranchised by the two-party system and would rather vote for someone like Camejo than Bustamante (California Gubernatorial election).

Successive elections can build momentum as more and more people see that a third party is possible. Then a candidate gets enough votes to qualify for federal election funds and the spiral continues upwards.

It doesn't take a grand conspiracy but simply a hegemony of just not caring that much plus difficulty in resolving the problem (due to grody Access databases and crappy documentation), to screw up democracy bigtime.

Re:does it really matter?

[jostallin]

And, do the voting machines use ECC RAM?

Re:does it really matter?

[jazztech]

It sure DOES matter. How there possibly be a voting system WITHOUT an audit trail! That's just nuts! So, yeah, BRING IT ON!

Re:does it really matter?

[presidenteloco]

A few points: 1. The source code should be open source, so it can be inspected by all and any security flaws OR vote counting logic flaws "outed" as soon as possible. This makes it LESS risky than supposed but doubtful and never provable secrecy of the code. 2. We have to be careful what we're comparing. As long as we have open source, secure code on the voting machines, we almost certainly have more accuracy in vote counting than a manual system. People handling pieces of paper are going to be subject to various psychological or physical errors or biases when counting votes. And mechanical machines are subject to physical errors (e.g chad-counting errors). Also, in some jurisdictions (some developing countries for example), most people believe there is wholesale vote rigging such as ballot stuffing and soldiers/hoodlums stealing ballot boxes. How can you imagine that an open-source software based net voting system (with public security audit) will be less accurate than that everyday cheatery? I think the net voting system will eliminate many opportunities for cheating that exist today. Granted, it may open a few new avenues for cheating, but with open code review, those avenues can be controlled.

Re:does it really matter?

[jafuser]

This all seems a lot worse than hanging chads to me.

It is worse.

Imagine if the same fiasco happens with our current electronic voting machines.

There would be absolutely nothing to recount, and people will be even more furious because their first assumption will be a corrupt system.

What could be done to appease them? Nothing short of a re-election, which AFAIK is not even a legal option.

Actually, as long as any election remains unauditable, people will always presume that it was rigged. People even assume so when there is a good audit trail. Just imagine how many more will feel that way when there is not one.

Re:does it really matter?

Sure we all know. We aren't the problem.

Whatthewhata huH?

[strange_attract0r]

How do you "accidentally" put software on a public FTP server ... this is ridiculous. Makes me glad to not be an American :)

Re:Whatthewhata huH?

[gregfortune]

You don't. Someone who was upset with what happened during the elections probably posted it so tech people could find the flaws and make the people in charge look foolish.

Re:Whatthewhata huH?

[strange_attract0r]

That is a good possibility. I'm not convinced of the value of releasing the code to the public to test though, as suggested in the article; a number of hacks could be discovered, and kept secret by some techie, and then used during the actual process. Perhaps they should just take more care when designing the actual product to make sure it's bulletproof - i.e. hire really good people to write the code. To my naive mind, this should not be too difficult to do

Re:Whatthewhata huH?

[gregfortune]

a number of hacks could be discovered, and kept secret by some techie
That's *exactly* why I wouldn't mind seeing the code open for public review...

Perhaps they should just take more care when designing the actual product to make sure it's bulletproof - i.e. hire really good people to write the code.
The problem here is that companies are driven by profit and hiring better people, spending more time in design, doing more testing, and even a formal translation of a formal model for proof of correctness all cut into the bottom line. It only needs to be good enough to sell copies in the current market to satisfy the corporate need.

Re:Whatthewhata huH?

[strange_attract0r]

a number of hacks could be discovered, and kept secret by some techie
That's *exactly* why I wouldn't mind seeing the code open for public review...
Sorry what I meant was, there is the potential for hacks to be discovered by members of the public, and not put forward, which, if they are not spotted by anyone else, which is conceivable, could lead to huge abuse later ...

It only needs to be good enough to sell copies in the current market to satisfy the corporate need.
Surely the corporate requirements are incredibly stringent here, the governments should be willing to pay as much money as necessary to the contractors to ensure security.

Re:Whatthewhata huH?

[laird]

It sure looks to me like all of these e-Voting companies are scammers chasing after the huge pile of money that the government committed to spending to fix the problems in 2000, and they're willing to say or do anything (aside from engineer in a responsible manner) in order to grab the money. So they'll argue with a straight face for "security through obscurity" because they certainly don't have any other security, and fight any real peformance or code audits by technically knowledgable people because they know that they can't pass an audit.

if they really believed that their systems were secure, they'd post the source code publicly and issue a huge cash reward to anyone who cracks their software and tells them how. that way they'll flush out as many security flaws as possible, and have a solution that at least people can somewhat trust.

By releasing the source code I'm not saying that it has to be open source -- they could retain copyrights, etc., and the various governments would have to license the software from them -- but since we can all read it, or set up our own test instances, etc., we can prove to ourselves whether it works in a secure, auditable manner.

Re:Whatthewhata huH?

[lseltzer]

You're right. The /. writer-upper added that themselves for reasons only they know.

Re:Whatthewhata huH?

[ryanvm]

That's okay - we're glad you're not an American too.

Re:Whatthewhata huH?

[q-the-impaler]

If it weren't for Americans you wouldn't even have an Internet to leak stuff. Just ask Al Gore. He created it.

Re:Whatthewhata huH?

mod parent up! its funny!

Open Source

[ottothecow]

This wouldnt be a problem if they used OSS to vote. The problems could be caught and fixed before a vote...and nobody has to keep the info secure.

Re:Open Source

[it0]

OSS is a great way for everybody to find bugs, however it is still possible that not all bugs are found (in time). So open or closed isn't the issue, it's just proper programming methodology and get your priorities straight, like security/privacy in this case.

Re:Open Source

[lisany]

Obscure problems in the source may be found by people nefarious enough to exploit them before fixing them. Open Source is not the end-all, be-all of software. Rather, the goal should be Quality Assurance. Open Source just makes QA easier since anyone can look at the code and audit it.

Re:Open Source

Trick or Treat, Negro Style

Negro corpses washed ashore
"That one looks like a dirty whore"

Drowned cadavers dark and black
"That one must be full of crack"

Dead Negro eyes blank and hazy
"This one here sure was lazy"

Bloated sambos full of bile
"Trick or Treat, Negro Style"

Code shouldn't be important!

[hampton2600]

If these systems were really secure, then finding out the code shouldn't be important. Just because I know the RSA 128-bit algorithem, doesn't mean that I can break it in a second!

Also, why isn't the federal government coming out with a standard software framework for voting?

This seems obvious to me, at least.

Not that I trust my government to be the best coders, but heck... get the DOD on it. They are pretty good at these problem domains.

Maybe they'd run it off of source forge....

-hampton2600.

Re:Code shouldn't be important!

[Petronius]

the files also contain Visual Basic script and code for voting system databases that could allow someone to learn how to rig voting results. The programmer spoke on condition of anonymity.

that's what we're talking about here: VB script! I'm sure it's real secure.

No kidding it's time for a standard: OS, access to the boxes, protocols, install procedures, app, app validation, audit, the works.

Re:Code shouldn't be important!

DOD is probably going to have to build a system for Iraq sooner or later anyway.

Re:Code shouldn't be important!

DOD is probably going to have to build a system for Iraq sooner or later anyway.

That's what Halliburton is for. I'm sure for just $86 they could whip up a voting computer, and Bush would be free to use the rest as needed.

Re:Code shouldn't be important!

[dbIII]

Also, why isn't the federal government coming out with a standard software framework for voting?

Because there isn't even a standard for voting when it's done without software. Wnen Iraq votes, you can bet there will be inspectors to ensure that it all runs as smoothly as possible with the minimum of cheating. Why shouldn't something like that be applied domesticly as well?

If things like this are not open and accountable the dead will vote, and they will vote for the people that put themselves furthur ahead of the public interest than anyone else.

Disclaimer: Thanks to the open and accountable system where I live, we now know after the fact that a government that did nothing but sell assets, and serve time to pull in the salaries was elected due to a rigged by-election.

Re:Code shouldn't be important!

Also, why isn't the federal government coming out with a standard software framework for voting?

Be careful what you ask for, or Executive Order 192519 may declare Diebold to be the sole contractor for electronic voting software. Or maybe Halliburton would like to expand its service roster to include "trustworthy software development" ;)

--
Rate Naked People at Fuck Meter! (not work-safe)

Re:Code shouldn't be important!

[gregfortune]

The /. community didn't produce the binary in question nor did open source. The point is that a source code leak shouldn't imply a security risk and a binary leak *really* shouldn't imply a problem.

Re:Code shouldn't be important!

[dtfinch]

You're getting your public and symmetric key lengths mixed up.

Supposedly, 128-bit RSA can be factored in a few seconds or less most home pc's.

Re:Code shouldn't be important!

Not quite. Just because someone thinks they're using RSA, does not mean they implemented it properly

Re:Code shouldn't be important!

[Fnkmaster]

Your first sentence is unintelligible and your second sentence is the obvious point of my previous post. So you post a comment that makes no sense and get modded up, and I simply make a factual observation about the recent series of e-Voting topics and get modded down. Great work, moderators.

Re:Code shouldn't be important!

[YrWrstNtmr]

It *may* be an indicator of other problems, though.

Sloppy here, sloppy there.

Re:Code shouldn't be important!

Not that I trust my government to be the best coders, but heck... get the DOD on it. They are pretty good at these problem domains.

Well since you mentioned it... when the Diebold source code was originally posted on a site in NZ, over 120 .mil domains downloaded the full motherload....

Plus... as soon as you look a bit closer at these monkey voting software companies you will find that many of them are practically military already.

Most notably VoteHere the makers of the crypto-receipt stalking horse solution to this crisis have a Admiral Owens, former Naval Chief of staff as their Chairman (he also happens to be a Senior VP of SAIC which did the security report for Maryland), and former CIA chief Robert Gates on the board.

So think very carefully, do you really want the military writing the code that manages the US ballot box?

Re:Code shouldn't be important!

I once had a job doing Software Verification and Validation to the then new Federal Election Commission standards for voting machine software. The standard was really loose (even kind of funny in places) and there was nothing to bind a government to use a certified electronic voting system. I'm sure things have changed since then.

The system I was verifying was probably typical of the current systems, though. The machine itself was well done, an embedded system with well documented software coded in 680xx assembly language. My V&V job was easy and the machine did what it was supposed to do. The hardware was also very robust and had been successfully tested to military environmental standards.

However, the software that tallied and reported the votes gathered by these elegant machines was written in interpreted BASIC to run on an x86 PC. This software was presented to me for verification as a box of fan fold paper where the source had been dumped with a dot matrix printer. Aside from the sloppy presentation, the system was just complete spaghetti code (the FEC standard specifically disallows "egregious spaghetti code" in favor of "structured programming techniques". I found out later that this code had been written by the 17 year old son of one of the principles of the company.

I flunked the company because of the tally system software and caught a lot of heat for doing so. A government in Pennsylvania was persuaded by the manufacturer to use the uncertified system anyway in a local election. The results were, predictably, disasterous and my analysis was vindicated.

Re:Code shouldn't be important!

I could probably whip up a system in just a couple minutes that would let the user click buttons with candidates names on it, and then at the end of the day spit out the hardcoded winner's name :) You can have it for only a quarter million.

Re:Code shouldn't be important!

[dracocat]

Also, why isn't the federal government coming out with a standard software framework for voting?

There is good reason.

The lesson should already have been learned. You don't want a single point that can be corrupted. There is good reason that each state is left to its own devices, and its own decisions etc about elections. It is a hell of a lot harder to rig 50 elections than it is to rig 1.

You want to let each state experiment with things. Eventually a system that works will eventually be left.

Re:Code shouldn't be important!

[Stalky]

Because there isn't even a standard for voting when it's done without software. Wnen Iraq votes, you can bet there will be inspectors to ensure that it all runs as smoothly as possible with the minimum of cheating. Why shouldn't something like that be applied domesticly as well?

Although it should perhaps be federal law, I doubt very much that any state lacks the sort of law we have here in Kentucky requiring that the workers at each polling station be drawn equally from the two parties that received the most votes in the previous election.

Re:Code shouldn't be important!

[Read+Icculus]

When Iraq votes you can bet that there will be shiny new voting machines from Diebold or someone else of their kind if "we" have our way. Since they are supposed to elmininate doubt they would be the perfect thing for a country in need of "quality assurance". We are getting them nationalized healthcare, new everything, and roads and such, so why not give them the "best" in voting technology?

Some time in the future...

The people of Iraq didn't really want an Islamic government. The polls were just wrong... I mean if the machines say that's who they voted for then that's who they voted for. Conspiracy theories are for the paranoid and anti-american malcontents.

Re:Code shouldn't be important!

You were modded down because you are an asshole, as well as being an idiot.

What is inconsistent about the general consensus being that open-source would be the perfect solution to e-voting and the current situation?

Everyone realizes that any kind of leak of any kind in this matter should not be a security threat, the point is that the company in question terms it thusly, thereby making it clear to us that there is something wrong with the way that they are doing business.

Where is the inconsistency?

And by the way the guy's sentence was indeed intelligible. At least to those of us who don't need everything to be 100% correct to discern the correct meaning.

"The /. community didn't produce the binary in question [,] nor did [the] open source [community]."

Re:Code shouldn't be important!

Yes, I'm an asshole and an idiot for making a humorous observation about this story. I agree that e-Voting software should be Open Source, I think you'd find that I've argued exactly that in the past.

As for this:

And by the way the guy's sentence was indeed intelligible. At least to those of us who don't need everything to be 100% correct to discern the correct meaning.

"The /. community didn't produce the binary in question [,] nor did [the] open source [community]."

Yes, I can parse his sentence too. It still doesn't make any sense - it doesn't refer to anything in my post, which he was replying to, you nitwit. Did I ever say the Slashdot community produced the binary? The concept doesn't make any sense - somebody with access to the software leaked a binary. What the hell does that have to do with Slashdot, other than the fact that a smirking editor thought they should write a gleeful headline about it? The Slashdot community (primarily the editor who posted this story) produced silly, intellectually dishonest criticism of a company in the usual alarmist and accusatory tone - that's was the point of my original post, which was obvious to anybody with a modicum of reading comprehension skills. Posting AC for obvious reasons of karma preservation in a thread where I'm clearly not welcome. - fnkmaster

Re:Code shouldn't be important!

The IEEE is supposed to be producing a standard but having some problems, apparently with the reps from the voting machine companies not liking pesky things like paper trails and recounts.

http://archive.salon.com/tech/feature/2003/09/29 /v oting_machine_standards/index1.html

Re:Code shouldn't be important!

Indeed not. See here for a system whose correctness can be proven entirely from the data it emits.

Re:Code shouldn't be important!

It's also easier to let something slip by because only 1/50th of the people are scrutinizing your process.

Re:Code shouldn't be important!

[gessel]

Well, this could be true - but there are two problems: 1) it's a bit like currency - wouldn't it be harder to counterfeit if there were hundreds of currencies rather than just one? Not really, all you need to do is counterfeit the least secure to get rich. Similarly, all a nefarious zealot needs doo is throw one key county election, in one state to throw the national election, some lame backwater filled with confused old people, some distant dingleberry of a state... Just make some simple little ambiguous change and throw some small statistical number of votes from, say, the marginal winner, to, say, some random freak, and the wrong guy wins.

So 100 systems isn't really any more secure than one. But the same plan works if there's only 3 or maybe mostly only 1 voting system used. This argument about using contractors apes the ones made by partisan think tanks made up of the company execs scoring the $100M DRE contracts - but it's not only logically wrong, it's just plain wrong. 2) There are three vendors. Three. Two run on windows. Two. Two OS's to hack. But really all you need is to use Access to remotely edit the diebold databases in a dozen locations and you've won all the elections you need to ensure that all the key positions are filled by members of the party the DRE vendor explicitly supports, and who can prove that just because there were unprecedented 12 point swings that upset the leaders between the morning of the election and the afternoon that it wasn't just an anomaly... DRE's mean no recounts. They always get it right and they're just as secure as the windows 95 OS they were running on which we know is bulletproof.

Hell, it's just a parable for elections in general - eventually a system that works will be left? Only if there's a system that works to begin with. Let the people decide and we'll get a good candidate? Only if we have good candidates to choose from. And even then - comon' as Homer says "democracy just doesn't work." How can any one think otherwise after Mary Carey lost? It must have been part of the Diebold conspiracy.

The problem with DREs is that there's really no way to prove it wasn't.

Re:Code shouldn't be important!

[dbIII]

The polls were just wrong... I mean if the machines say that's who they voted for then that's who they voted for. Conspiracy theories are for the paranoid and anti-american malcontents.

That's the whole reason a voting system needs to be open and accountable - if it isn't then the groups that lose can say that the results are rigged and be believed - no matter what really happened. If you can't then go back and show proof, then there wasn't really much point to the election in the first place and serious unrest can occur.

People tend to forget that with any form of government those that govern cannot do so without the will of the people - or at least powerful groups of people. Dictators tend to treat the armed forces well - otherwise they will have a great deal of trouble governing (or breathing).

The point of this, is that a blatantly rigged election can backfire on whoever does it - and an electoral process shrouded with secrecy will immediately make some assume that it is rigged, whether it is or not.

Pass/mirrors

[Hi_2k]

They seem to have added a hasty requirement for a password (and its been configured! admin/admin isnt getting in). Anyone cracked an account or have a mirror of the binary?

haha

I was reading the headline and I thought I read it as "ubernatorial election", made me ponder for a moment.

Re:haha

and, for whatever stupid ass reason, you felt it necisary to share your little retarded moment with the rest of us? quit wating my time you son of a bitch

From the designers of the DMV.....

[numakris]

Yeah, because if the federal government does it, it is efficient, reliable, and effective.

Re:From the designers of the DMV.....

Interstate Highways
US Postal Service
Internet

I think three counter examples should be plenty for now.

Re:From the designers of the DMV.....

[hampton2600]

The government may be highly inefficient in many areas, but government coding is known to be very secure. Heck, when you have a carte-blanche budget to develop a secure voting protocol, you are going to be much more careful than OSS-dev (sorry guys!), because you have your job on the line, and you are going to be better than corperations, because you aren't just trying to "push" that product out. Its about taking your time to be thorough... And by God, the DMV is thorough! -hampton.

Re:From the designers of the DMV.....

[numakris]

Airport Security Employees Government enforced cable monopolies Government enforced telco monopolies Standardized testing in schools FEMA (read up on it, single most crooked agancy) The war on drugs. DMCA I could go on for hours.

Re:From the designers of the DMV.....

I don't know what interstate highways you've been driving on recently, but I've been all over the eastern half of the USA over the lst 7-8 years and the one thing I learned to count on was excessive construction. The technology exists for long-lasting (20+ years) road-making, even with the weather and temperature differentials we get in north america, yet our interestates seem to require major surgery every 5-7 years.

Re:From the designers of the DMV.....

The technology exists to make hard drives that last long enough that manufactures can provide 3-5 year warrenties, yet in large arrays disks fail everyday.

Hell, Romans built roads that lasted for thousands of years, but they don't see many oversized riggs hauling I-beams and bulldozers either.

I would recomend either Statistics for Experimenters, or Innumeracy for your reading list :).

Re:From the designers of the DMV.....

Airport Security Employees Government enforced cable monopolies Government enforced telco monopolies Standardized testing in schools FEMA (read up on it, single most crooked agancy) The war on drugs. DMCA I could go on for hours.

Deus Ex was a good game...

Re:From the designers of the DMV.....

[alienw]

Airport Security Employees

What do they have to do with the government?

Government enforced cable monopolies Government enforced telco monopolies

The government does not enforce any monopolies. It's just kinda hard to put in two cable networks to the same damn house.

Standardized testing in schools

Usually done by a private corporation.

FEMA

Whatever.

The war on drugs.

Guess what, most people support it.

DMCA

Written by Hollywood execs.

Re:From the designers of the DMV.....

Airpot Security eh? I know people who work for TSA. 90% of them are too stupid to be in the position they are in. The rest have to pull them along, just to make things work. They're underpaid, understaffed, over stressed, and afraid of their job security. They don't get federal employee benefits, they don't get good working hours, they don't get a decent lunch time, or break period, they don't get alot of things.

Think about this: do you really want to have a disgrunteld-stupid-assed-dumbfuck, who's underpaid and overworked to make sure that your plane is void of explosives? Give them enough time, and I'm sure that one of these people would gladly carry said device onto the plane, if compensated enough by the right party.

Re:From the designers of the DMV.....

[laird]

What do they have to do with the government?

Government enforced cable monopolies Government enforced telco monopolies

"The government does not enforce any monopolies. It's just kinda hard to put in two cable networks to the same damn house."

Actually, there _are_ places where there are multiple competing cable companies. Most towns make one cable company a monopoly because then they could do a deal with one company in return for the monopoly contract. If they just let them all compete, they can't extract concessions. Of course, the "invisible" downside is that cable TV rates skyrocket when there isn't competition, so the monopoly deals backfired. Luckily satellite TV, etc., are creating some competition so that there's hope that cable rates might not possible keep climbing...

And, of course, the breakup of the telco monopoly has been fantastic -- customers have more options, better products, and dramatically lower pricing than under "Ma Bell". Sure, life is a little more complicated, but did you really like renting a trimline for $8 a month forever?

Re:From the designers of the DMV.....

[kableh]

Wired had a rather telling story about this the other month: http://www.wired.com/wired/archive/11.09/bagscan.h tml?pg=1

Re:From the designers of the DMV.....

Most people support the WoD? Bet me! More to the point, most of the people who vote DO drugs, they just aren't in a position to get caught. I imagine I'll smoke dope the rest of my life, and being an affluent white guy, I probably won't ever get caught.

Re:From the designers of the DMV.....

[asscroft]

Didn't DOD's brain branch design the freakin internet? Now they didn't code up every site, but they laid the foundation (please, no al gore jokes, I'm being serious here). I think combining government experts with academic experts can produce some amazing results, and in some cases it's worth avoiding the private sector.

Re:From the designers of the DMV.....

I recommend you watch the episode of Frontline from 10 years ago where they exposed the road construction biz in the USA for the graft-ridden 1950's-based system that it is.

I would work on voting software

[LordSah]

...but I lack the prehensile tail.

(sigh)

Re:I would work on voting software

Are you in a room? Are there chimpanzees there with you? Are they, or you peeing on a computer? Are you a chimpanzee? Do you want to throw your poop at me?

I'm thinking that maybe they switched to apes typing as opposed to monkeys....

Re:I would work on voting software

Weasels don't have prehensile tails.

Ok hackers...

[skank]

from the article

Neumann, the security expert, said, "This means that anyone could install a Trojan horse in the MDAC that won't show up in the source code." Jaguar employees, Sequoia employees or state election officials could insert code that wouldn't be detectable in a certification review of the code or in security testing of the system, he said.

Now all we need to do is write a trojan to get Tux elected president!!

Karma -2 (Not Funny)

Re:Ok hackers...

Hell Yeah!!!!!!!!!!!!!!!
I love that lil guy.

Re:Ok hackers...

[Ziviyr]

Bah, vote Ficus!

Re:Ok hackers...

[sahonen]

<< Now all we need to do is write a trojan to get Tux elected president!! >>

Or worse, CowboyNeal.

Re:Ok hackers...

[CGP314]

Ficus in 2004!

Re:Ok hackers...

[LnxAddct]

Wouldn't comparing the MD5 sum of the binary freshly compiled to the MD5 sum of the binary on the system detect even the slightest change? I mean the first MD5 could easily be stored on some site publicly accessbile. Makes me wonder how serious the government takes voting if they aren't even going to check things like modifications to the binary because someone bound a trojan to it. If I'm wrong about the MD5 thing I apologize, but as far as I know, this would do the trick.

Re:Ok hackers...

[drinkypoo]

Actually, to me it sounds like a great application for DRM. It's a closed system all the way around, so it's not hurting anyone. Provided, mind you, that it keeps an internal paper record as a backup, and maybe even issues you a printout as well. (Let's face it, you can do whatever you want with data if you control the medium.)

You are correct that a MD5SUM should be adequate protection. However a combination of a checksum for version verification (with verification sums distributed on some moderately secure hardcopy) and some DRM scheme (it could well be completely custom, it is not necessary for this application to burden the rest of us with the stuff) would provide protection on two levels, both that of verifying that you are not being screwed over, and of making it difficult for someone in charge of verifying the sum to actually load unapproved code in the first place. Hell, you could use Xboxes for the hardware, if you just prevented physical access to the machine :P

Re:Ok hackers...

g/pgp sign the compiled binary, md5sum it and everything else on the system. Setup a drm scheme on the box so nothing that is not signed by the appropriate group canot be installed or used on the box. Use a tripwire type of system to detect any changes made to said box. Have the security information verified by someone besides those who have direct access to the box. Do anything that will make it secure. But if they don't even have any kind of auditing in place to detect a "bad" binary then I really am even more worried about this whole thing than before. We have to unite against this bullshit.

Re:Ok hackers...

[strike2867]

or at least "not bush"

E-Voting

[mizhi]

I think that no matter how many assurances there are (and there aren't a whole lot right now) we're never going to be able to take care of lingering doubts about the security and fairness of e-voting.

Right now, voting software is obviously not ready for primetime and the companies that make it need to have some sort of oversight committee making sure they're not playing games or royally fucking things up.

There was enough of a commotion in FLA about hanging chads that people's confidence in machines are shot. And those are relatively simple compared to secure e-voting software!

It seems that the more we try to "high-tech" the voting process, the more problems and uncertainty we will introduce into the system.

So, right now I'm leaning towards a really low tech solution: simple paper and pen for ballots.

I know I'm a geek and supposed to love technological solutions. And I do, but with something as important as voting, until they get it to be as reliable as pen and paper, I say screw the machines because as a geek, I also know how unreliable software can be.

Re:E-Voting

So you don't trust open-source software?

Re:E-Voting

[mizhi]

Not inherently. There is shitty OSS out there. Note that I run linux and use OSS on my home machines exclusively, but that's just because I've found them to work much better (in general) than the alternatives. As soon as one of them fucks me, I'm hesitant to keep using it. EG: wu-ftpd from a long time ago.

Re:E-Voting

[tinrobot]

I'm leaning towards a really low tech solution: simple paper and pen for ballots

Makes a lot of sense. Pretty hard to tamper with ink, and even then, you'd need to do it a ballot at a time.

Right now it seems as though the owner of Diebold is openly rooting for Bush. Using a computer, his company can affect a lot of ballots very quickly. That worries me.

If the owner of the Flair Pen company was rooting for Bush, I wouldn't worry in the least because pens can't be controlled via modem... I hope.

Re:E-Voting

[strange_attract0r]

Heh heh heh. maybe the country should gather in the primary schools and vote by show of hands. Then we'd get a really good laugh over here.

Re:E-Voting

[zurab]

It seems that the more we try to "high-tech" the voting process, the more problems and uncertainty we will introduce into the system.

Not necessarily. It depends on what the interests of the parties involved are. More "high-tech" processes can, in fact, give you more guarantees that election results have not been tampered with. How about something like following:

0. When starting a vote process, assign a unique one-way hash to each voter;
1. Have voters vote electronically, and record their electronic vote record in a database;
2. Have the voting machine (or the server) generate a paper trail of each vote and keep those papers separately;
3. Give the voter the paper confirmation "receipt" of the vote record with their hash on it that they deposit in a safe box right before they exit the voting area.

Count votes from (1) and certify the election. In case of any challenges, or any reasons to believe that electronic results were tampered with, do a recount on (2) and (3), compare and reconcile any differences. As long as different groups/parties are in charge of (1), (2), and (3), you can easily tell where tampering occurred, and how.

Now, there are a lot of different variations and ways to accomplish such redundancy to make sure tampering with elections is extremely hard if not impossible. This means that we can use technology to our advantage, not to score political points, and enable backdoors for tampering with results. Again, as I stated in the beginning, it depends what the interests of the parties involved are.

Also, consider that pure paper ballot voting is prone to tampering as well. Realize that paper ballots are not marked in any way, they are contained in boxes that are usually guarded, that only very few people have access to. This creates an excellent opportunity for "dumping" extra ballots without anybody's knowledge, and no ability to recover from such "dumping" if it indeed occurs.

Re:E-Voting

There was enough of a commotion in FLA about hanging chads that people's confidence in machines are shot. And those are relatively simple compared to secure e-voting software!

Wrong. People don't want problems with voting to be apparent to them. Those hanging chads and problems with voting machines were problems in other elections before, but people were not generally aware of them. Those problems were out-of-site, out-of-mind. The auditless no-paper vote machines bring back the promise of sweeping problems under the rug. Any problems you can bring up about the software programs will be invisible to them. The voters will love it.

Long live the sheep.

Re:E-Voting

My solution would be to have the voting maching punch its results onto a punch card. Punch cards were used in the 50's and 60'. The machine gives the punch card to the voter. Voters are all educated as to how to examine the punch card and make sure that its punched cleanly. Then, in the voting booth, the voter runs the punch card throug a reader, which displays the results. Then the voter compares the results of the punch card read with how they initially voted (possibly by use of dual screens).

If the comparison is right, you hit send. That sends the vote out electronically for and instant tally. The punch card gets turned in so that it can be used in a recount.

It you really want to do it up, make sure the punch card has the vote printed on it, not just punched. You could also put a serial number on it and give the voter a copy (just don't put anything on it that personally indetifies the voter). The copy could be used later to verify that votes were not tampered with.

Re:E-Voting

[DavidTC]

You can't give the voter a copy, that can be used to verify who he voted for. Which sounds good, until you realize proof of who you voted for just leads to vote buying.

I don't know why you're for punched cards, though. Print out ballots with an OCRable name, and printer number. Have a ballot box that scans the card and displays what's on it, and then keeps it inside. (Or lets you press 'reject' and dumps it into the 'rejected' box and doesn't count it.) Also it should print a code on on the back saying what machine read it and what it thinks it read.

Then you have five data points: Electronic records of all ballots that were printed, electronic records of all ballots that were submitted, electronic records of all ballots that were rejected, the physical ballots that were rejected, and the physical ballots that were rejected.

And, yes, before announcing the result, they should rescan all the cards. Even the rejected ones. Even so, it would be faster than currently, with punch cards or fill in the circle cards that require human intervention. These are printed by machines in specially OCRable fonts, and what's more there's only a limited number of text strings to recognize.

Five data point, and they damn well better match. The only thing that might be off is people who print ballots and then walk out without submitting them either way, but, you know what? I'd make that a crime, and not let people do it. You cannot make off with printed ballots, you must return them. You can say not to count it, but you have to return it.(That sounds extreme, but realize some places have manditory voting...I'm just mandating you *finish* voting, or at least cancel out your vote properly.)

There's basically no way of tampering with it, expecially if the three electronic totals were constantly recorded offsite.

The only thing I haven't figured out is write-in ballots, but in most elections those are negligable. I would, however, say that you cannot write in someone already on the ballot, and thus 9,999 times out of a 10,000 the write-ins couldn't possibly matter anyway.

Also there should be some physical security. Voting booths should have to be reset at the sign-in table, when you say who you are. They should also hand you the ballots to insert in the printer there. If you misvote and print an incorrect ballot, you have to submit it and choose reject, a red light comes on, and you have to walk out and go back to the table and physically get another ballot from them. They should have to push a button to reset the booth for every vote you print, *and* hand you the ballot themselves. I find it really crazy that if I stole some ballots, I could just stick them under my shirt and carry them into the voting booth and dump them all in. It should be one vote per person. Heck, it should be one vote per entrance-to-the-booth.

Re:E-Voting

ok Point well taken. Elliminate the copy that the voter keeps.

Punch cards, OCR printed cards either works for me. Just as long as its reliable.

The idea is to use an electronic voting machine with a screen that can be formatted in a user friendly way. That machine records its result onto a card. The card is immediately read so that the voter can verify that it was imprinted with the correct info and that it will actually scan right. If the use accepts it, the results are reported immediately and the card can be kept and reused later to verify the election.

All of you other points are very good.

Here's the news

[Dancin_Santa]

A file was placed in the wild and if hackers got hold of it and figured out ways to alter the results it would be a bad thing.

And this would be better with an Open Source solution?

Re:Here's the news

OSS is better only in that anyone who wants can examine how it works and find vulnerabilities that can then be publicly hashed out and fixed. Believe me, this is not a trivial issue.

And the issue isn't just some cracker or script kiddie hammering away at the system in his basement, it's whether anyone, including government officials, can tamper with it.

Look at it this way. How much faith would you have in an election system where you voted by walking up to a partition with someone you can't see standing behind it? You tell them who you want to vote for, and you must trust that they correctly record your vote and don't alter it, either accidentally or deliberately. To top it off, if you asked to see who the person was, you'd be told that you have no right to know. In addition, poll monitors would be able to see you as you told the person your vote, but even they would be barred from watching the person behind the partition.

Basically, your vote goes into a black box, and all you can do is hope that what comes out matches what went in. And since votes are never tied to the individuals who cast them (something we don't do for obvious reasons), not being able to see what happens inside the box means there is absolutely no way to determine whether fraud has occurred.

Would you trust such a system?

Re:Here's the news

In all seriousness, how do you think your scenario is different from the way it is now?

How do you think it would be different from the way it would be if we had "open source" voting booths?

At what point are you going to trust that your vote is actually being counted and not just tossed out the window as soon as you leave the booth? To be perfectly honest, you'd have to say that at some point you implicitely trust that the voting commission is doing the right thing, whether it be in hiring vote counters or in running voting software.

Re:Here's the news

[Zeromous]

I think the point is that in his example, the process is *less* secure than it already is (which it isn't really).

As for OSS voting machines? Yeah thats a great idea. As long as everyone can look at or tinker with the source code, no one will ever come up with a way to hack the current build. Yay.

Accountability, along with checks is balances isn't worth a hill of beans- especially when it comes to elections. whats done is done once its done. Ask Florida.

Here we go again...

[tinrobot]

Let's see, the software is written on a Microsoft base, is closed source and... shudder... appears to be prone to tampering. Just like Diebold and I would imagine every other vendor's software.

We need to get the source in the open, and more importantly, we need to have these machines give paper ballot reciepts as well as an internal audit tape like those found on ATMs...

There is a bill in the House (H.R. 2239) that already has a lot of support and addresses a lot of these issues. Please urge your representative to support it as well.

Re:Here we go again...

[kevin_conaway]

Its a binary that was put on an ftp server, explain how it being written for a windows platform and being closed source has anything to do with that?. Believe it or not, not everyone can make a profit by giving away software and selling support (os model i believe). OSS isnt the answer to everything and isnt a quick fix.

Re:Here we go again...

[tinrobot]

Closed source software is great for things like banks and automobile ignition systems, but when it comes to deciding the future of our democracy, I would like to know EXACTLY what is going on inside the code.

Call me old-fashioned, but I don't think companies need to make a profit off of elections. It introduces some very serious conflicts of interest.

Re:Here we go again...

[ForestGrump]

ATM machine?
NEVER USE THEM!
Atleast, that is my mother's advice. She used to do software for them. (years ago)
So yea, she knows the dirt on those things.
-Grump.

Re:Here we go again...

[laird]

They can release the source code for public verification and auditing without licensing it for actual use in an election, so people would be able to audit it to establish trust, but would still have to go to the company to license the system. Compare this to a patent -- you completely and publicly document your invention, and have a monopoly on its use. Without public disclosure, there's no reason for anyone to trust you...

Embarrassing question ( you've been warned )

[FrankoBoy]

Never quite understood why someone can't get the source code from the resulting binary file, it's not even logical... Or am I missing something here ?

( RTFMers shall be impaled and BBQ'ed )

Re:Embarrassing question ( you've been warned )

[mlk]

You can, to a degree.

Decompiling software leads to something that can be compiled back into the binary. However, most binary formats strip a lot of information to make the resulting binary smaller, things like method and variable names.
You also have applications call obfuscators. This will make the code even harder to read, and change the execution path (where it does not change the functonailtiy of the programe).

You can also encrypt part of the program, but this would require the application to include something to decrypt your encrpyted sections.

Re:Embarrassing question ( you've been warned )

[FrankoBoy]

From here.

Anyway, that other guy mlk understood what I meant and gave a clear answer. YHL, HAND ;P

Re:Embarrassing question ( you've been warned )

There is even a theoretical reason -- the halting problem. To tell for sure if a given byte is code or data, absent out-of-band markings that are occasionally present, you have to completely simulate every possible run of the program for every possible input; there's no shortcut in the general case. Unless the program is known beforehand to halt for every input, this is not just impractically slow; it is impossible in *any* finite amount of time.

Re:Embarrassing question ( you've been warned )

[dekashizl]

Unless the program is known beforehand to halt for every input, this is not just impractically slow; it is impossible in *any* finite amount of time.

More precisely, it is possible that it takes an infinite amount of time.

Re:Embarrassing question ( you've been warned )

It's like derivatives and integrals... Derivative of f(x) has one answer f'(x), but integrating f'(x) will yield any number of functions which fit..

The computer can come to one outcome many different ways, but on the other hand, it will only have one out come for whatever specific code you put in....

hope that makes sense.

Re:Embarrassing question ( you've been warned )

[FrankoBoy]

Well it does from my viewpoint, and your thinking-out-of-the-box has interesting ( and true ) implications for other kinds of systems. Thanks mate.

( Hey, seems like this wasn't such an embarrassing question after all :) )

Pleasent Dreams.

Don't worry. The impact on you foriegners is expected to be negligible, it only affects who helms our foriegn policy and is trusted with the nuclear weapons.

Sleep tight :).

Re:Pleasent Dreams.

[strange_attract0r]

nuclear weapons and my country (NZ) don't mix ... in fact nuclear anything and my country don't mix. It's quite funny, we have a super-shiny nuclear-free policy, i.e. you guys can't even bring nuclear powered ships here!

Re:Pleasent Dreams.

I wasn't talking about the release as in allowed to go out for a night on the town. It's a little closer to the release that can sometimes follow dinner and a movie :).

Re:Pleasent Dreams.

[strange_attract0r]

what?

Re:Pleasent Dreams.

BOOM!!

Re:Pleasent Dreams.

[devilspgd]

Yeah, I can just see that... "Sorry, we have an anti-nuclear policy, so you can't bomb us unless we vote out the anti-nuclear laws)

Re:Pleasent Dreams.

Don't get laid much, do ya?

Total recall?

and for last month's California gubernatorial recall election
more like 'Rise of the eVoting Machines'.

Yeah, right

[lildogie]

> Also, why isn't the federal government coming out with a standard software framework for voting? ... get the DOD on it.

Yeah, have the military run the elections. Great idea...NOT.

Re:Yeah, right

[swillden]

Yeah, have the military run the elections. Great idea...NOT.

At least in the US, as it is now, that would work just fine. The US military has a deeply ingrained institutional respect for the civilian leadership and the democratic process that selects those leaders, regardless of who it picks. The military mostly hated Clinton, for example, but still fully accepted him as their Commander in Chief and would never have attempted to subvert the political process in order to oust him.

Members of the armed forces tend to be strong believers in the form and process of our government. If the military were in charge of verifying the correctness of the elections, I think you could expect an officer or enlisted man who attempted to subvert the process to be court martialed immediately and with extreme prejudice, along with anyone who knew about it. I wouldn't be surprised if they found a way to make treason charges stick.

That said, I think it's important that the political process be an entirely civilian one, and one of the reasons is to maintain the strict separation between political and military power, and to keep military power strictly subordinate to civilian leaders. Although I'm confident the current military would act properly if entrusted with the security of our elections, who knows what might happen in the future?

Re:Yeah, right

There is some talk of using the National Guard as "security" during elections in hotly contested areas... Philadelphia's Mayoral Election comes to mind, where there are documented cases of "Followers of Party A" harassing "Voters of Party B".

On-Topic: Diebold Lists Posted to Freenet

Earlier today I posted the lists.tgz archive of Diebold's damning mailing list exchange to Freenet, as has been requested repeatedly in threads related to the electronic voting issue.

The key is:

CHK@sgOjWAy4g-0bf0m5biyqnEzWloENAwI,OXw8OfHPfsmL d0 68BtICKg/lists.tgz

If I can obtain the AVC Edge binary, I will do the same with it.

Let loose the DMCA notices, boys. It won't do you a damned bit of good now.

Re:On-Topic: Diebold Lists Posted to Freenet

[ealar+dlanvuli]

And people said FreeNet would never find a use.

I must admit however, I never thought the draconian goverment argument I used against them would ever apply to our own voting system.

Re:On-Topic: Diebold Lists Posted to Freenet

[cyt0plas]

Unable to retrieve key: CHK@sgOjWAy4g-0bf0m5biyqnEzWloENAwI%2cOXw8OfHPfsmL d0%2068BtICKg/lists.tgz The URI was invalid.

Re:On-Topic: Diebold Lists Posted to Freenet

[sahrss]

Note that key has a space inserted it by /. Perhaps it didn't work because that was not removed?

Re:On-Topic: Diebold Lists Posted to Freenet

I live in a giant bucket.

Beautiful...

I am the Queen of France!

Re:On-Topic: Diebold Lists Posted to Freenet

[vDave420]

In the same line, I am hosting multiple copies of this data on Gnutella, DMCA take-down notices be damned. This is too important to trust in the "good intentions" of this company. Our freedoms are at stake!

Anyone interested in your own copy can get it here from this dedicated node:

magnet:?xt=urn:sha1:6Y6QZNUNME3IWZJZVIVJB3ZXLHHN6Q 4F&xs=http://208.239.77.179:6310/uri-res/N2R?urn:s ha1:6Y6QZNUNME3IWZJZVIVJB3ZXLHHN6Q4F&dn=Who%20Will %20Seize%20Control%20of%20Our%20Country%20-%20Top% 20Secret%20Diebold%20Memos%20-%20Election%20Voting %20Fraud%20-%20Vote%20Memos%20electronic%20voting. tgz%20errors%20steal%20votes%20miscount%20miscount ed%20recount%20mp3%20mpg%20avi%20mpeg%20asf%20zip% 20tar%20illegal.tgz

Copy and paste that entire magnet link into your web browser's URL window.

Slashdot inserts spaces every 50 letters in that URL, so you may have to trim the spaces back out.

Note: You must be using a Magnet-capable program, like BearShare, Shareaza, etc, for this link to work.

-dave-

VB disassembler

[Petronius]

can be found here: http://www.programmersheaven.com/zone1/cat252/1308 3.htm

I guess in 2 days we'll know who really won the California recall vote. :)

Re:VB disassembler

Yeah Unfortunately that only works on VB4, so unless they're using VB4 still, I highly doubt this will work.

Hear is anoteher arictal

[SirJaxalot]

on this subjeckt

Re:Hear is anoteher arictal

a god arictal is hrad to psas up!

Someone set us up the Trojan

Anyone else notice the over-use of the word Trojan in the article. It's almost used as a buz word. The article read like the writer, "security expert", and h4x0R had no real idea of what they were talking about.

Sounds like some kid found an open FTP an put the spoils on kazaa, that's all.

Underwhelmed and still to lazy to register,
Frank

It was...

Just look at Schwarzenegger's past statements about Adolf Hitler.

Embarrassing answer

[freeweed]

I'll probably embarrass myself even more by my answer, but here goes.

You can often get a fair bit of source from a binary, but it all depends on what language the source was originally from, what platform it was written for, etc.

More importantly (as I understand it) is how it was compiled, etc. Source code isn't just translated line by line into machine code. Especially with today's optimizing compilers, there's a lot of automagic going on.

Now, you usually can get the assembler directives out of a binary (ahh, disassemblers are fun), but even this is dicey. I know from playing around with Atari 2600 roms that often you can't know precisely what parts of the code do what, iirc because code and data were often intermixed in irregular ways. Even if you get the full assembly code, have fun reading it if it's more than a few thousand lines.

Having said that, there's a lot of incredible stuff a skilled person can do with disassemblers, but it all comes down to the source->machine code translation. There's a lot of factors that come into play here, and it's not just a simple inversion of some always used process.

There, can I be less specific? :) I'm sure 50 other Slashdotters will expand/correct/make fun of me, but I figure since no one else is answering, I'll take a stab at it.

Re:Embarrassing answer

[FrankoBoy]

I'm quite satisfied by your answer and mlk's, though other slashbots may have problems with these, I don't know... Anyways, thanks guys !

Re:Embarrassing answer

[Prof.Phreak]

Here's a good example:

int gcd(int x,int y){
if(y == 0)
return x;
return gcd(y,x % y);
}

got translated (by Visual C++) into:

_gcd PROC NEAR
; File gcd.c
; Line 4
mov ecx, DWORD PTR _y$[esp-4]
mov eax, DWORD PTR _x$[esp-4]
test ecx, ecx
je SHORT $L417
$L414:
; Line 6
cdq
idiv ecx
mov eax, ecx
mov ecx, edx
test ecx, ecx
jne SHORT $L414
$L417:
; Line 7
ret 0
_gcd ENDP

(notice that assembly code is not recursive) It's the same with GCC and just about every other compiler. So having disassembled code doesn't nessasarily mean you can get back at the source code in any meaningful way.

Re:Embarrassing answer

[bm_luethke]

No reason to make fun of you, I don't know why you would think so.

Even given the ability to modify the binary I would say it would be very hard to get malicious code put in that gives the same MD5 checksum as what the original is. Then again it wouldn't surprise me if they never did an MD5 on the binary.

Re:Embarrassing answer

That's tail-recursion removal. It's a standard optimisation: if the last statement in a function is a return this_function(args), you have two choices:

1. push the arguments onto the stack in the usual way and call the function as usual; or
2. replace the original parameters on the stack with the new parameters, and jump to the start of the function.

Now, which of those is going to be more efficient in terms of amount of stack space used, and CPU time taken? That's left as an exercise for the reader.

Btw: Option (2) above can be further enhanced if you know that the parameters are going to be in registers, or put in registers at the start of the function. That's all fairly trivial stuff. The point is that anybody who has done even a basic compiler theory course would recognise that sort of optimisation, and be able to figure out what's going on. Even if you haven't done a compiler theory course, if you're a halfway decent programmer, you should still be able to figure out that optimisation. Sure, your end code may not be the same as the original source -- but functionally it's identical, and that's all that matters.

Re:Embarrassing answer

It looks like a loop, but there's no counter and the registers are continuously maintaining the same set of variables (swapped before jump & modulo op).

That would make it an unconventional while loop (which it is now after compiler optimization) but given the way it maintains the same registers, and knowing the way most people code, it pretty much has to be a recursive function.

Re:Embarrassing answer

Optimizations like this are essential for a good tokenizer or DFA.

Re:Embarrassing answer

Very hard doesn't even begin to describe it.

The odds of two completely different files having the same md5sum are extremely remote, but possible.

The odds of a file and a trojaned version of that file having the same md5sum are precisely zero. The "seed" base of matching data between the two is far too large, and the odds of code changes that do what you want without diverging the md5sum is so infinitessimal that it's not going to happen in the lifetime of this universe.

Re:Embarrassing answer

[swillden]

The odds of a file and a trojaned version of that file having the same md5sum are precisely zero.

Actually, the odds are greater than zero. They're greater than 1 in 2^128, also, since that's the lower bound and would only be achieved if MD5 were perfect.

That said, the odds are still so small as to be negligible, and if they're not small enough, you could use SHA-1 to make them smaller. Detecting modified files is not a problem, as long as you're certain of what you're hashing and which hash values are which.

Standard Rubuttal to Ballot Receipts

[temojen]

Vote Buying. .....and..... Coersion

Every time someone suggests Ballot Receipts, I wonder whether they don't understand the concept of "free and fair elections", or just don't want them to happen.
Here's a hint: "secret ballot". It's one of the key concepts of democracy.

Re:Standard Rubuttal to Ballot Receipts

[tinrobot]

I don't understand how a piece of paper equals coercion.

If you marked a paper ballot with a pen, and dropped the ballot in a box, then that would also be coercion? Seems like that's the way its been done for centuries.

What makes it different if the paper comes out of the voting machine before it gets dropped in the box?

In fact, there is no difference. Why do we even need the voting machine?

Re:Standard Rubuttal to Ballot Receipts

[davebo]

Yes - ballot receipts are a huge mistake if and only if the voter keeps the receipt when leaving the polling station.

A printed receipt which the voter can examine (to verify the vote was recorded as intended) then deposits in a secure ballot box is something else entirely. This allows validation of the electronic vote count as well as a fallback in the event of a recount.

Re:Standard Rubuttal to Ballot Receipts

[extra88]

Yes - ballot receipts are a huge mistake if and only if the voter keeps the receipt when leaving the polling station.

That's not a paper reciept, that's a paper ballot. The electronic results could be used, especially in the case of a blowout but the paper ballot would/should be the official ballot.

Re:Standard Rubuttal to Ballot Receipts

[extra88]

I don't understand how a piece of paper equals coercion.

If you marked a paper ballot with a pen, and dropped the ballot in a box, then that would also be coercion? Seems like that's the way its been done for centuries.

What makes it different if the paper comes out of the voting machine before it gets dropped in the box?

It doesn't, what you're describing is a ballot, not a receipt. A ballot receipt would be something the voter takes with them. If the voter takes anything with them which shows who they voted for, they could be threatened beforehand to vote a certain way and they would have to produce the evidence afterward. More common would probably be the selling of votes since the voter could prove they voted a certain way.

In fact, there is no difference. Why do we even need the voting machine?

I think carefully designed electronic voting machines could be very helpful for improving voting accessibility and preventing voter mistakes. An electronic system could provide the ballot in many formats; large print, different languages, audio (with headphones) and include pictures of candidates. It could prevent people from voting for more than one person for a position and make it harder to accidentally not vote for any candidate for an office. They could be especially helpful when there are lots of choices, such as in the California recall election or when there are many ballot initiatives.

The machine can also make tabulation of votes very fast but ultimately it must print out the voter's ballot on paper which is placed in a secure box by the voter. That (anonymous) piece of paper is, at least, the official ballot in any instance of a dispute over the electronic result. The paper itself should be machine readable but also fully human readable (like the filled in bubbles on standardized tests, not barcodes which are not human readable).

Re:Standard Rubuttal to Ballot Receipts

[laird]

Paper receipts are worthless -- not only do they rely on everyone keeping theirs (and turning it in when asked, etc.) in case of a recount, but there's no guarantee that the vote printed on the receipt matches the vote recorded in the eVoting system.

The only system that works is having people make marks on paper that they can look at and verify, then put into an independent tallying device to count the votes, which rejects invalid votes immediately so that they can be corrected. And in the even of a recount, the paper can be re-scanned.

Astoundingly enough, such devices not only exist, they're cheap, reliable, and fairly widely used -- scantrons! They have the lowest error rate of any voting mechanism, and cost almost nothing.

I have no idea why anyone would even consider an untested (and un-auditable) touchscreen terminal that costs thousands of dollars instead of a scantron that costs almost nothing (the forms cost about 10 cents, and the election board can borrow the scantron from the local schools).

Luckily (http://newshound.de.siu.edu/spring03/stories/stor yReader$1954) not everyone is so enamored of technology that they overlook the obvious.

But just to keep us on our toes, these morons (http://clients.enfocom.com/avs/products_winvote.h tml) actually put wireless LAN interfaces on their touchscreen machines ("The functionality linchpin of the WINvoteTM system is its wireless LAN (IEEE 802.11b) system - called the Wireless Information Network (WIN) -- that enables the user to communicate remotely with the major components of the voting system.")

Isn't anyone with a brain cell writing the requirements for these voting systems? You'd think that secure and auditable would be adjectives that you'd want in a voting system.

Re:Standard Rubuttal to Ballot Receipts

Just because you get a paper copy of your ballot doesn't mean that you can take it out of the polling station.

"Now take your paper ballot reciept, fold it in half (text inside) and put it in the box between the democrat and republican observers."

Re:Standard Rubuttal to Ballot Receipts

[davebo]

paper receipts are worthless -- not only do they rely on everyone keeping theirs, in case of a recount, but there's no guarantee that the vote printed on the receipt matches the vote recorded in the eVoting system.

Right, so if you were to design a system like this, one has to make sure the paper ballot gets turned back in (think ballot prints out, big flashing lights go off, ballot has to be re-inserted into box under touchscreen before lights stop flashing). AND you have to spot-check a certain fraction of the machines by hand-counting the paper ballots and making sure they match the electronic vote tabulation.

I think a system like this would be reliable and verifiable, and I could support an e-voting system which worked in this fashion. And I think it is technically possible to build such a system.

Now, with that out of the way - would it be any more effective or have a lower rejected-ballot rate than a scantron system? I seriously doubt it. And there's no way it'd be as cheap. And nobody's even come close to building a system like this, that I am aware of. Unless I was seriously mistaken about contention #1, I'd say go scantron all the way.

And as for the wireless LAN support - gak. GAK. Looking at that page made my brain hurt. That's just such a really really bad idea.

Re:Standard Rubuttal to Ballot Receipts

[davebo]

I think we're pretty much in agreement here - you use the electronic tabulation because it's basically instantaneous. Presumably recounts would be more common in close races than in blowouts, and if you need a recount, you go by what the paper says.

Re:Standard Rubuttal to Ballot Receipts

[laird]

"And as for the wireless LAN support - gak. GAK. Looking at that page made my brain hurt. That's just such a really really bad idea."

The part that scares me is that all of the commercial eVoting systems are so obviously flawed that I can't imagine how anyone ever bought them. Don't these towns have _anyone_ who can point out obvious flaws? It's not like it takes a rocket scientist to realize that combining a wireless LAN with voting just might increase the opportunity for fraud. Or that all of these systems have higher error rates and require more training (bad), yet cost far more, than scantrons.

Re:Standard Rubuttal to Ballot Receipts

wtf?

It's simple. You have a reciept of how you voted. If we're talking about action for pay, that little piece of paper is a proof. It's like a professional killer taking someones photo or ear or something to prove he finished the job.

How much would it cost for you to change your vote?

Re:Standard Rubuttal to Ballot Receipts

The receipts are for traditional ballot boxes, numbnuts. You don't take them home.

Re:Standard Rubuttal to Ballot Receipts

Receipt is probably the wrong word. They're just called that because people are thinking in terms of bank ATMs.

The "receipt" is actually a paper copy of the ballot, which you drop in a ballot box and do not take home with you.

Re:Standard Rubuttal to Ballot Receipts

[Tackhead]

> But just to keep us on our toes, these morons (http://clients.enfocom.com/avs/products_winvote.h tml) actually put wireless LAN interfaces on their touchscreen machines ("The functionality linchpin of the WINvoteTM system is its wireless LAN (IEEE 802.11b) system - called the Wireless Information Network (WIN) -- that enables the user to communicate remotely with the major components of the voting system.")

/me turns in his moron card, hangs his head in shame, and walks away, having been completely outclassed. Inherently crackable WLAN technology in a voting machine. Just... damn.

Then again, didn't we all want to grow up in a world where geeks ruled the earth? Well, guess what? Now we do. The next President of the United States will be elected by whichever faction of wardrivers has the m4dd35t ski11z.

So, time to start thinking. Will it be ESR or RMS? (Linus isn't eligible, bummer.)

Re:Standard Rubuttal to Ballot Receipts

Maybe that is the only way to get the problems addressed. If someone could hack these voting machines in some way to set all the votes to be write-ins for Obi-Wan Kenobi, then the security issue will be obvious to even the most dimwitted individual.

The problem will have to be fixed and the citizens will have to re-vote. Keep hacking the system until it's fixed.

Re:Standard Rubuttal to Ballot Receipts

[asdffdsa]

San Francisco uses optical scan voting machines. They're not quite as simple as scantrons (they have hard disks that store the data, and various locks and tamper guards).

The system appears to work well. I've been an elections clerk for two elections since the introduction of these machines, and at this point, almost all voters are comfortable with them.

The physical ballot is retained, so that if a recount is needed, they're available, with the voters' original marks on them.

Besides a paper trail, there are other benefits.

• Each polling place only needs one machine. Instead of half a dozen touch screen voting stations, we set up simple plastic booths and give the voter a paper ballot and a pen. When they're done voting, they walk over to the counting machine and feed their ballot in. Typically, they spend a long time filling out the ballot, and 30s having their votes counted).
  
• If the machine breaks or if there's a power failure, we can continue to collect votes (the paper ballots go into a sealed, locked box to be machine-read later).
  
• If there were a total failure of (or failure of confidence in) the technology, the ballots could be easily hand-counted by humans.
  
• If a disabled voter needs to vote, it's a simple matter of getting a paper ballot and pen to them, rather than having to get them to come to a touch-screen station.
  

Re:Standard Rubuttal to Ballot Receipts

[laird]

Someone please moderate the parent post up for sheer informative coolness.

Apple should make voting machines.

They'd be cheaper, faster, easier to use, better looking and would work infinitely better. Think different, think better, think Apple.

Re:Apple should make voting machines.

cheaper? i doubt that.

Re:Apple should make voting machines.

[Artifakt]

And people would form long lines in front of the teal one, while ignoring the grape machine.

Re:Apple should make voting machines.

[skinfitz]

Yeah and when the voting system fucks up they can blame the firewire chip set.

Eureka!... I got it!!!

[strange_attract0r]

Vote by slashdot poll! Ah always wahnted tuh see cowboah neal in governimint

Short answer: variable names.

[slackergod]

To go from, say, a C language file to an exe,
the compiler first loads the C file (ending in .c),
and all the files it refers to,
and then parses all of it into an internal
structure.

this structure is then optimized:
loops are unrolled, functions are inlined,
and info that is mention but isn't needed
is stripped out.

the resulting structure is then
written out as a series of assembly
instructions, which are then
converted to the numeric codes
the processor understands.

this is the exe.

to go backwards, it's (generally)
trivial to take an exe and get a
plaintext file containing the assembly
instructions (this file usually ends in '.a')

it's the optimization step that causes
issues: one of the main things the computer
doesn't need which is stripped out is
variable names, comments, etc.
without them, there's no context.
you can figure out the algorithm from the assembly,
but you can't easily figure out what
it's operating on.
to make things worse, other optimizations
may alter the code for faster execution,
making it even harder to figure out.

Occasionally, mistakes are made...
Microsoft slipped up a while back,
and released a windows patch which had
the 'debugging info' left in it.
All this really amounts to is the variable
names, function names, etc...
which is bloody useful.

Making this process even worse is that
some (rare) executeables are self modifying,
which makes them MUCH harder to predict.

in summary, it's not that hard to get
back to C code, assuming the program
was even written in C. You'd just have
variable names like 'var0001', 'var0002'
'func0001', etc.

It's basically the difference between
having a nice nested tree structure
which you can compartmentalize and analyze,
versus one long list of instructions,
which the computer may start and stop
execution of at any point.. sorta like DNA.

Re:Short answer: variable names.

The way this is formatted, I can't help but see it as poetry. Its beautiful. *sniff*

Re:Short answer: variable names.

[FrankoBoy]

This deserves upmod too :) Thanks buddy, you covered some stuff the other answers ( so far ) haven't, and now the portrait is pretty clear to me for what I care about right now.

Re:Short answer: variable names.

[ealar+dlanvuli]

I agree with the like poetry comment.

Mod this up!

Re:Short answer: variable names.

[Ninja+Programmer]

It's the optimization step that causes issues: one of the main things the computer doesn't need which is stripped out is variable names, comments, etc. without them, there's no context. You can figure out the algorithm from the assembly, but you can't easily figure out what it's operating on. ...

All this is true, however, more programs tend to the use the standard language libraries, and/or STL. And if you have the right tools that can recognize usage of these, you can determine an aweful lot about what the source was trying to do in the first place.

Another thing to consider is that comments can often be misleading, and variable names might mean different things to different programmers.

Re:Short answer: variable names.

[ryanvm]

What's your address? We are pitching in together for Christmas to get you a screen larger then 640x480.

Re:Short answer: variable names.

[Artifakt]

Beautiful answer, but it raises a new question. Isn't voteing one of the last places we want self modifying executables? I doubt anyone used them in Dibold code, but the very idea should be only a tad less scary than self modifying code at Iron Mountain/NORAD.

Re:Short answer: variable names.

There's a poetry slam at a coffeehouse near my house this evening. I am going to go and I am going to read this. I am 100% honest-to-Dobbs serious.

It is already been abused.

[Pope+Raymond+Lama]

Here in Brazil, were we have had last year the largest elections using proprietary-software-equiped-polls, it seens that there have been more than a
couple of frauds last year.

The latest news are these ones (In Portuguese. Use
the fish to read in English).

There have surfaced accuatins of votings being sold at R$10,00 (~U$3.30) each one, and of a candidate that had more than 1000 votes while they were being counted ending up with zero votes.

I just hope they get to the only one true: these eletronic polls, as they are, are nothing but election-buying machinnes.

Re:It is already been abused.

[laird]

Babelfish (or perhaps the Brazilian site) appeared slashdotted, so here's a copy of the english translation of the article linked above:

PF investigates project of frauds in the election of the River

Rio De Janeiro - the Federal Policy opened inquiry to investigate a presumption project of fraud in the elections for state deputy of the last year. On the basis of denunciation of a defeated competitor, Ronaldo Antonio Da Silva, of the PT of the B, the PF selects a supposed net of venda of embezzled votes. It hisses, that it gave deposition in last day 23 in the policy, questions the security of the informatizado system of voting and totalling of the votes.

It took a writing in the which colloquy with a man who charges R$ 10 for adulterated vote to favor candidates in the municipal elections of the year that comes. As He hisses, the project would involve employees of the TRE. The denouncer presented to the PF totalling bulletin copies that, according to it, would have resulted of the verification of 65% of the votes. He hisses says that a candidate had more than a thousand votes computed in the bulletin and in the result of the TRE he appears without vote, nor its proper one. To all, 41 candidates had had voting zero.

The president of the TRE of the River, Alvaro Mayrink, did not have if sharp on the denunciations until the end of the afternoon.

Karine Rodrigues and Luciana Loyal Nunes

wu

[temojen]

Embrace the wu-wei
Do not un-BIND your RH 6.2,
Leave it it it's natural state
for it is in acting through inactio...
what's this letter from my ISP about a bank in Bolivia?

State agencies

[tehanu]

As I've said before, the agencies responsible for buying this equipment and software should bear a good deal of the blame for anything that goes wrong. It seems to me that some gross negligance or incompetence is going on here. If the government was hiring a private company to do security related work, you bet that they would have standard procedures set out, vetting, interviews, background checks etc. by people who are actually familiar with the security area. Yes I know it doesn't always work, but they give it a decent shot and show a degree of competence. If a problem with security clearances of this magnitude came to public light, you'd bet that they would be announcements of an "inquiry". However as soon as it comes to "computer stuff" it seems like government agencies suddenly try to express how incompetent they really are. A lot of the weaknesses in this software should be blatently obvious by an audit by a computer security professional. As it is the articles I've read suggest that they only audited the source code the companies themselves wrote rather than the whole program ('hey wait a minute what's all this MS stuff? We need to audit this whole thing you know'), only audited for reliability rather than security and didn't even take the audits seriously anyway. It increasingly seems like they made a token gesture at an audit and them simply trusted the companies' word on the matter. And now that things like this are coming to light they are burying their heads in the sand. Sure they are unlikely to be tech experts but can't they just apply the basic principles of security clearances and audits to this software? And surely being 'experts' on managing elections they should realise the importance of a paper trail, since they must be familiar with all the stuff that goes wrong in elections that most of us never hear about? I mean what is about "computers" that suddenly make government employees act like incompetent idiots? They seem to be able to act at least somewhat competent in non-computer areas, but suddenly stick some technology in and it's like they suddenly don't know what to do and any previous expertise they had in the field eg. managing elections suddenly disappears into thin air.

Re: State agencies

[Black+Parrot]

> As I've said before, the agencies responsible for buying this equipment and software should bear a good deal of the blame for anything that goes wrong. It seems to me that some gross negligance or incompetence is going on here.

Problem is, the people who should take them to task for it will be the people who just got erroneously elected (or appointed by same), and will therefore be the least likely of all people to make a fuss over the error.

Re:State agencies

[tompoe]

Diebold, as I understand it, is one of the major suppliers of ATM's in India.

Bullshit. Libraries. F-15s. Interstate Highways.

[namespan]

Yeah, because if the federal government does it, it is efficient, reliable, and effective.

Blah blah -- the government boondoggle meme strikes again. Yes, it has its roots in some truths, and that's why it exists. But...

The problem is, there are in fact examples of government programs and agencies working and working well. Our, poor, terribly innefficient government programs are responsible for creating the world's best military. My locality might be an exception, but we've got incredible public library resources that I'm so happy with I'm *glad* when I get library fines. The Interstate Highway system makes cross country travel effecient and quick -- which keeps the cost of goods lower -- at least, those you buy that were shipped from somewhere else.

Yep -- I know, private firms were involved in the creation of each of those things. Doesn't change the fact that some branch of our poor, incapable, incompetent government commissioned and managed those projects.

And yes, I know -- the DMV is frustrating to deal with. But I can tell you that the service of the DMV and even the IRS looks positively stellar compared to any number of private entitities -- several health insurance companies, Sprint, Microsoft Customer support, and the hosting company I called last week (no, not some dinky provider either -- I'm talking freakin' Interland here). All of whom should have, in theory, been erased by the invisible hand or otherwise kicked in the pants by the market. But in fact, these beaurocracies are no better than most mediocre government beaurocracies.

So it's fun to repeat, but remember to look at the facts while you're thinking about it. Our beloved commercial driven-to-efficiency-by-the-market companies have produced an absolute steaming heap of bovine excrement when it comes to an e-voting product. And yes, it's still taxpayer subsidized, because our governments are paying for these products -- and not just the costs, but also the profits.

if(chosen_president==='Al Gore')

[alexborges]

president_choice_for(VOTER_NUMBER,'Bush')

Pencil and Paper please?

[Clinoti]

My personal cynic is asking me if we can we just forgo the electronic voting and vote with a pencil and paper or a stand-up voting booth, I'm certainly going to inquire about it if (when) the new voting methods hit my town.

This story is yet another crack in the armor (paper machete) of the new age of voting. The trouble is that the people trying to usher in the new age of voting are forgetting that the new age has ignorance, corruption, greed and hidden agendas as the standing guard. Not to mention the bystanders of activists, the Just and the uninformed held on the sidelines by a velvet rope called lack of media interest.

Who is to say that despite the binary or non binary...whatever.. that this leak was done just to undermine the credibility of the new system(s). Seems to me that in this case the ends justify the means because not only am I questioning them, I'm also starting to wonder if having a central authoriy in place would not be a great idea after all.

But who do we trust now? We can't trust the voters, can't trust Chad, and now it seems as though we can't trust the election system at all.

Re:Pencil and Paper please?

...and now it seems as though we can't trust the election system at all.

You trusted it in the first place?!?

Re:Pencil and Paper please?

[Stalky]

My personal cynic is asking me if we can we just forgo the electronic voting and vote with a pencil and paper or a stand-up voting booth, I'm certainly going to inquire about it if (when) the new voting methods hit my town.

But these methods aren't new -- we've been using touchscreen voting machines here in my corner of Kentucky for nearly 20 years.

Re:Pencil and Paper please?

[John+Hasler]

> My personal cynic is asking me if we can we just
> forgo the electronic voting and vote with a pencil
> and paper

The Feds claim that paper ballots discriminate agasinst the disabled.

> We can't trust the voters, can't trust Chad, and
> now it seems as though we can't trust the election
> system at all.

Of course you can't trust the electoral system, nor should you. That's what poll-watchers et al are for, and that's why voting systems must be completely transparent and comprehensible to ordinary non-technical people. The paper ballot is the only system that qualifies.

Re:Pencil and Paper please?

[mwooldri]

Well, I guess that's why the UK still has paper ballots. No scantrons. No touch screens. Just a piece of paper with your candidates listed, and you put an X by the one you want. More than one vote? No problem, you get more pieces of paper for each vote.

And recounts? How long did it take for Florida to do a single recount of all their votes? And how long did it take one constituency in the UK parliamentary elections to recount their votes? I think one time there was about eight recounts for one seat and it was done by 2pm the next day, having the polls close at 9pm that night.

Me thinks the USA is trying to do democracy on the cheap. Come on, let them public officials have some time one night and count votes instead! Sure the cost of overtime will be expensive but I bet it'd be far cheaper than a lawsuit.

Mark.

Yes, it does matter.

[BrokenHalo]

There are already enough doubts about these boxes to raise the suspicions of any intelligent person.

Think about it: The USA has a president who got in after a series of shenanigans through the courts. Never mind counting the votes.

With this "black-box" technology, the option to count the votes is not even there. There is no way to publically check the output from these machines to verify concordance with the voters' wishes.

We have no recourse against an electoral candidate who has found a means to subvert these devices to their own ends, and given the unscrupulousness of (probably the majority of) politicians, sooner or later that's going to happen.

Re:Yes, it does matter.

We have no recourse against an electoral candidate who has found a means to subvert these devices to their own ends, and given the unscrupulousness of (probably the majority of) politicians, sooner or later that's going to happen.

I'll put $50 on sooner.

Re:Yes, it does matter.

[SpaceLifeForm]

About one year from now would be 'sooner' than 'later'.

Re:Yes, it does matter.

[AKnightCowboy]

With this "black-box" technology, the option to count the votes is not even there. There is no way to publically check the output from these machines to verify concordance with the voters' wishes.

Oh, you mean inducing human error into the equation by hundreds of people manually counting, recounting, and then recounting again punchcards? Punch cards worked absolutely fine up until the 2000 election. If you're too stupid to punch a punch card cleanly then you shouldn't be voting. I know it's not a popular opinion, but for crying out loud, it isn't difficult to do. We need to quit treating citizens like they are 5 year old morons and expect them to have some sense of fscking common sense.

Re:Yes, it does matter.

[jslag]

Punch cards worked absolutely fine up until the 2000 election

You mean, you didn't hear about the problems with some types of punch card machines until Florida 2000.

Nice of you to decide that tens of thousands of voters in Florida "shouldn't be voting". You're on the same page as Sec. State Harris.

Re:Yes, it does matter.

[BrokenHalo]

Oh, you mean inducing human error into the equation

At least human error can be checked.

A box producing output with no verifiable trail of its input is fraud waiting to happen.

Re:Yes, it does matter.

As bad as they are, I'd take a punch card over a lot of these electronic "Vote-magic" machines anyday.

But here's a crazy idea. Why not just have a paper ballot where you mark an "X" in a box beside the candidate/party of your choice. Simple. No chads and 100% recountable.

Canada has a population about the same as California but a larger geographical size than the entire United States. It uses this ballot system with virtually no complaints. In the last election, held in miserable weather, even the most far flung regions of the arctic had all votes cast and hand counted within a few hours of the polls closing. A couple ridings/districts were close enough to be re-counted, which was easily accomplished the next day, by hand. No complaints.

This is how our system works. No complaints, very few spoiled ballots, no hanging chads, easily re-countable and verifyable votes. No court cases. Everyone accepts the results.

I live in a riding that was once won by 7 votes, decided by absentee ballots, after a different candidate had been declared winner by the media. They re-counted the ballots and everyone was cool with it.

This ain't rocket science people. The idea the "world's leading democracy exporter" can't even get it's own ballot straight is a joke.

Re:Yes, it does matter.

Oh, you mean inducing human error into the equation by hundreds of people manually counting, recounting, and then recounting again punchcards?

1) Recounting reduces errors.

2) "To err is human but it takes a computer to really mess things up"

- No amount of human error on a hand count would result in Gore getting -16000 votes from a single ballot box.

- Humans are extremely sophisticated signal processors and would not discard thousands of ballots because the hardware(3) failed to correctly mark the card.

3) I've never had to vote with anything but a pencil but what do you mean "too stupid..."? Aren't these electromechanical devices? Are you saying that any idiot can quickly strip down and rebuild a card punch without tools? That any moron would know (prior to 2000) that any bit of dust or scrap of paper must be cleaned off their ballot lest it cover a hole.

As a final thought...

Suppose three people independantly count 1000 ballots. They all arrive at the same figure. You now feed the ballots through a counter three times and arrive at the same figure each time but different from the handcount. What do you do next?

We need to quit treating citizens like they are 5 year old morons

Could we start by letting them count their own votes?

Re:Yes, it does matter.

[ReaperOfSouls]

You mean, you didn't hear about the problems with some types of punch card machines until Florida 2000.

Good god no, every one has heard the gory details over the punch card ballot.

Nice of you to decide that tens of thousands of voters in Florida "shouldn't be voting". You're on the same page as Sec. State Harris.

While I do agree that everyone should have a right to vote, if you can't follow simple instructions, maybe you shouldn't be voting. The real issue in 2000 was not a problem with the machines, it was a problem of human error. Pregnate chads, dimpled chads, hanging chads result from not following the instructions. The instructions state quite clearly, after making your selection, make sure that all the little peices of chad are punched out and removed from the ballot.

So the question really is will a new voting system have less of a chance for human error. Probably not. Heck my grandma refused to use a mouse for years. I am sure there are more techno phobic luddies out there then her.

There is no such thing as an error free system. It may be possible to decrease the machine error rate with touch screen voting, but no matter what system you use, until you remove the human from the equation you will never have error free elections or voting.

where you from?

[alizard]

I know that in at least 1 EU nation, the request to examine voting machine and vote counting software was responded to by "Oops, the foriegn company forgot to give us a copy."

The company was NOT a USA company

my master plan

[austad]

So, it seems like states will use just about anything someone puts in front of them. I'm going to write my own voting software called iVictory. Then, because it has the "i" in front of it, state legislators will think it's as good as their pretty white music devices, and totally use it. Once my diabolical software is in place, I will run for office.

I will then go on to become supreme ruler of the universe.

Re:my master plan

[stewwy]

Been done already .... see last few American elections. Incidentally Bush is really VR run by a mid-west professor

voting software

[watermodem]

I had a long discussion this weekend on voting software with a friend who was an executive with one of the firms manufacturing voting equipment... (I won't say which one.)

I asked him: "Since you make money on your hardware what's the problem with open sourcing your software?" He hemed and hawed but then said: "Our programmers are not good enough that we want to let the world see our code!"

I got a little irate and said: "Well its our votes getting counted." He then said: "Well there is something else. Its running on Win98 and we can't fix those security holes!"

At that point I told him: "I think I prefer hanging chad."

Re:voting software

[watermodem]

I asked him one other thing: Could you please implement a hash with our social secuirty number and a digital pin-number which would typed in when voting? Then we can go back after the election and verify online that the vote was counted as we cast it. The pin wouldn't be known by anybody but the individual voter so our privacy would still be secure.

His response: We talked about it but this would make full internet voting possible. The API and protocol would be documented. We would not have a captive product! We will never move in this direction.

Shows what they care about the quality of the actual voting.

Re:voting software

[Stalky]

Could you please implement a hash with our social secuirty number and a digital pin-number which would typed in when voting? Then we can go back after the election and verify online that the vote was counted as we cast it. The pin wouldn't be known by anybody but the individual voter so our privacy would still be secure.

Are you sure about that? If someone wished to purchase your vote, would he not simply say, "Here, use this PIN when you vote", and then check your vote himself before giving you the money or breaking your kneecaps?

Re:voting software

It doesn't matter. In Chicago if a precinct has one vote for the other side... Why everybody looses their lease.

Re:voting software

[toast0]

well yeah, but your employer (who already knows your ss#) wouldn't be able to check up on your voting records w/out your permission, etc

Data Dump On SEQUOIA VOTING SYSTEMS INC.

This is from Lynn Landes ecotalk.org... I am sure she won't mind.

SEQUOIA VOTING SYSTEMS INC. http://www.sequoiavote.com

Article - August 4, 2003 - Sequoia Voting Systems, a pioneer in direct recording electronic voting systems and a leading provider of voting equipment and services in the United States, will partner with VoteHere, Inc. of Bellevue, Washington, a leading supplier of secure electronic voting technology, to provide a new level of electronic ballot verification to customers of the AVC Edge touch screen voting system. http://www.votehere.net/news/archive03/080403.htm

? % of U.S. vote count: According to its website, Sequoia technicians "managed thousands of electronic elections for 14 years in 16 states." http://www.sequoiavote.com/aboutSequoia.php

Company description: Full service. "Through its nationwide network of offices, Sequoia has equipped and supported elections in thousands of jurisdictions - with populations ranging from a few hundred voters to over three million." http://www.sequoiavote.com/aboutSequoia.php

Ownership: 85% De La Rue www.delarue.com 15% Jefferson Smurfit Group http://www.smurfit.ie/ / source: http://moneyextra.uk-wire.com/cgi-bin/articles/200 205290701145655W.html

"De La Rue (London, UK) is the world 's largest commercial security printer and papermaker, involved in the production of over 150 national currencies and a wide range of security documents such as travellers cheques and vouchers. Employing almost 7,000 people across 31 countries, the company is also a leading provider of cash handling equipment and software solutions to banks and retailers worldwide helping them to reduce the cost of handling cash. We are also pioneering new technologies including tailored solutions to protect the world 's brands through to government identity solutions in secure passports, identity cards and driver 's licences. De La Rue has a 20% shareholding in Camelot - the operator of the UK National Lottery." source: http://www.delarue.com/about/ http://moneyextra.uk-wire.com/cgi-bin/articles/200 205290701145655W.html

"The Jefferson Smurfit Group... (Ireland) is one of the largest European-based manufacturers of containerboard, corrugated containers and other paper-based packaging products. In addition to wholly owned operations, the Group has interests in several associated companies, the principal of which is Smurfit-Stone Container Corporation (SSCC). Spanning 4 continents and 30 countries, JSG and its associates employ some 68,000 people and are significant players in Europe, Latin America and North America." source: http://www.smurfit.ie/ (see below for Madison Dearborn Partners buy out information)
Chicago-based Madison Dearborn Partners has received antitrust approval from the Federal Trade Commission for its proposed acquisition of Jefferson Smurfit Group PLC..http://stlouis.bizjournals.com/stlouis/storie s/2002/07/15/daily68.html Madison Dearborn Partners ("one of the largest and most experienced private equity investment firms, lots of communication stuff - http://www.mdcp.com/portfolio.asp ) has ownership stakes in Milnot Holding Corp. http://www.milnot.com/ and Outsourcing Solutions Inc. http://stlouis.bizjournals.com/stlouis/stories/200 1/05/07/daily28.html in St. Louis. Jefferson Smurfit Corp., the American division of Ireland-based Jefferson Smurfit Group PLC holding company, was based in St. Louis prior to its 1998 merger with Stone Container Corp. The merged company became Smurfit-Stone Container Corp. based in Chicago. Jefferson Smurfit holds about 29.5 percent of Smurfit-Stone. Jefferson Smurfit (NYSE: JS) is one of the largest manufacturers of container board and corrugated containers and recycles wastepaper in about 600 facilities worldwide.
Madison Dearborn Partners: Council Tree Hispanic Investors II, LLC Longmont, Colorado CTHI indirectly owns approximately 18% of Telemundo, one of two Spanish-language broadcasting

Be sure to remove space in key inserted by /.

[NT]

Idiots...

[herrvinny]

Why the hell are all these problems cropping up? Voting is simple enough, add one to the vote counter of a candidate/issue, like this:

vote++;

(WARNING: The code above is probably owned by SCO too, so just to be safe, I'm mailing a check for $699 tomorrow morning)

Is this really so hard? I'm working on my own OSS voting program. You can see the early version at herrvinny.com. It supports multiple choice (you can select several options together, or just one option), write in, no choice, etc. Anyone in UW-Madison want to help me test it, let me know.

Anyway, from my experiences writing this program, it doesn't seem so hard. And my program is done in Java, so all you little Java == SUV people out there are just plain wrong, the program works great.

Anyone have a mirror of these files? I'll mirror them myself, and we can play a game of keepaway with Sequoia just like with Diebold.

Re:Idiots...

[bussdriver]

NICE JOB

proof that an undergrad can do better than a bunch of pros....or proof that they WANT mistakes so that those who know can cheat; and if they get found, they can play dumb.

Keep it up, you'll probably be sited as an example at some point that even a student can do better in a few weeks of time.

Re:Idiots...

[tompoe]

My advice. Keep it simple. Election officials and voluntary groups will assure security. The key is public scrutiny. Just record the vote, and the checksum, and let the paper ballot do its' thing. Remember, the argument that the paper ballot is expensive, is a red herring.

Let us know when you have something. We'll help test out here in Reno. And, think about putting it on Sourceforge. Irritate the hell out of the crooks.

Re:Idiots...

[daringone]

I really was thinking the same thing, you just beat me to it. I mean, exactly how hard is it to do an incremental counter?!?!? You'd think they were trying to write AI to duplicate human life or something. IT'S A COUNTER!!!!

Re:Idiots...

[toast0]

++vote; is more efficient, since it doesn't have to keep a copy of the old value to return, or pass a fake parameter on the stack like vote++ does, to differentiate between the two ++'s.

java may or may not pass the fake paramater, and the compiler/runtime may optimize it to ++vote anyhow, but it's worth noting.

Re:Idiots...

[herrvinny]

Really? I didn't know that. Right, I'll do the replace right now. Does anyone know how the compiler treats vote++ and ++vote during optimization? Thanks.

Yes, sorry mods, it's offtopic, but I wouldn't mind getting some direction.

Re:Idiots...

[toast0]

looking on google, i found this, which would indicate the compiler does the right thing when you don't increment in a situation where pre/post matters.

You'ld probably get the same results with a c/c++ compiler, assuming vote is a primative type. Since java doesn't let you define operators for objects, then you wouldn't have to worry about it doing the inefficient thing on an object. But it's good practice, in case you program in c++ later.

Hey, you can still download the e-voting program!

[adambehnke]

I checked ftp.jaguar.net, and you can login as anonymous/email@idiots.com. Look in the /pub directory, and you can get all of the files still!

You would think these guys would disable it after a slashdot posting... They must be busy playing pirated half life 2 demos.

Re:Bullshit. Libraries. F-15s. Interstate Highways

So some government programs work very nicely, while some are a complete mess. How does this make it wrong to question whether putting this in the hands of the government would be a good idea?

Re:Hey, you can still download the e-voting progra

[herrvinny]

Tried it. Didn't work. Anyone else get it?

Decompiling Java & C#

[pballsim]

Java and C# are the easist languages to convert the byte code to source code. Obfuscators work but are easy to break, you get the problem of variable names being: var001, etc (mentioned before).

In fact there are many companies who write Java code who then compile it to byte code then use the decompilars to produce better looking/quality code! It also includes comments. (Source: A professional debugger).

I have the links to the decompiler for C#, it's free and the source code is freely available online. If you are interested just let me know and I can post the URL (it's at work).

Re:Decompiling Java & C#

[maharg]

search for jad if you're interesting in decompiling java classes - it does a very neat job indeed ,-}

I just hope....

[LnxAddct]

that someone out there finds a major hole in the binary and then on voting day, instead of adjusting the polls so that their candidate just wins, adjust it so that its unnaturally high, like three billion to 100. Then national attention will be brought to the insecurities, the code will have to be examined by a whole bunch of people, the election will be delayed and anger many politicians(things happen quick when politicians are angry), and in the best case scenario, open source will be looked at as a viable alternative (the only alternative when dealing with matters such as these). This could be a big win for OS. Just my two cents.

Re:I just hope....

The point of having proprietary (company trade secret - no looking) software combined with no paper audit trail is that it won't matter what the vote count shows the night of the election, whether three billion to 100 or 52% to 48%. You just announce that there was an error, "fix" it overnight, and voila! The next morning the pre-chosen candidate wins by a margin that won't upset the masses. No audit, no proof. This is exactly what happened in Georgia, and what will continue to happen everywhere these machines get put in place.

Re:I just hope....

I have been following the Diebold story closely and I am absolutely saddened and sickened by the complete disregard to the democratic process that is taking place with the voting machines. Even more so is that the officials charged with purchasing the machines do not comprehend/ appreciate/care about the magnitude of the problem. I agree LnxAddct that the only way that this is going to get the media attention it needs to cause a groundswell revolt against these machines and the mendacity of people involved is for some socially minded and talented person to hack one of the polls and totally screw the result so that the underdog gets 100% of the vote. If the Diebold accounts are true that the access db's for tallying the votes can be overwritten without any logging it should be a simple matter... "Power to the People with Pencil and Paper" I say.

Good, this time it's binary

[bigberk]

That's quite a relief that it's binary!

% strings democracy-enforcer.exe | grep http
http://votingHQ/cgi-bin/addvote.cgi?pass=hac kme

May be they should outsource it from India

[thehive]

It is ironic that a country like US is struggling to implement Electronic Voting while India which has the second largest population and high illiteracy rate is already using them. In fact they are planning to go all electronic this time. The problem seems to be from that fact that the electronic machines used in india are not fully automated as the ones used here and they are never connected to computers to count the votes

The logical progression...

[geekwench]

1) Dark or light colored rocks? How passe. Let's mark these clay tablets instead.

2)Clay tablets take too long to dry. Votes could be changed in the meantime. Pen and paper is better.

3)Pen and paper is too slow to tabulate. We're switching to these cool punch cards.

4)People are apparently too stupid to use punch cards. Long live the touch screen system!

5)These electronic voting boxes can apparently be h4x0r3d by any halfway intelligent three-year-old with a spoon and an old emery board. This system, however, is foolproof...

*pulls out basket full of rocks painted black or white*

Re:Bullshit. Libraries. F-15s. Interstate Highways

[drinkypoo]

It's already in the "hands" of the government. Who picked Diebold?

Re:Hey, you can still download the e-voting progra

[Evets]

I'd be very interested in this software as I live in Riverside County. Anonymous access disabled. If you grabbed it and are willing to send it to me, please send a note to skallest at hotmail dot com Thanks.

Re:Bullshit. Libraries. F-15s. Interstate Highways

[Galvatron]

Our, poor, terribly innefficient government programs are responsible for creating the world's best military.

Given that ALL militaries are, by definition, owned by the government (except I suppose a handful of mercenary outfits, which simply don't have the resources to design their own fighter jets), that's hardly a compelling argument. Indeed, looking at how much is spent on the military, I think the only lesson to learn there is "even if you've got a horribly inefficient process, if you throw hundreds of billions of dollars at a project, things will get done."

I think your library system is the exception. The library at my university is better than the main branch of the public library in San Francisco, where I grew up. Though the university does have a fair amount of money, it seems unlikely that it's outspending a major US city.

Sure, when you've got a situation like the highway system, where it's simply impossible to establish effective competition, then it is the government's responsibility to step in. But look at how many years it takes to do simple things like demolish on-ramps, and it is easy to see that these are not exactly paragons of efficiency.

I'm sorry, but I have NEVER seen a customer support system worse than the DMV. In San Francisco, there is ONE location, it's only open weekdays, during business hours, and you can't do anything substantive over the phone. When was the last time Microsoft made you take a day off work to drive to the city's "Microsoft Support Center" in order to register your product (or whatever). This is far from isolated, I've called government agencies which simply don't pick up their phones, others pack up and go home a good half an hour before the announced cutoff time for calling (so at 4, rather than 4:30). I am young and healthy enough to not have had substantive dealings with health insurance, but there's no way phone companies are even in the same league as the government institutions I've dealt with.

Now, when it comes to electronic voting, I think the issue is that the wrong people are making the purchases. We, the voters, ought to be the consumers. Diebold et al should have to convince you and me that their voting machines are secure, not some chimp in the local elections office.

Re:Bullshit. Libraries. F-15s. Interstate Highways

[Stalky]

The problem is, there are in fact examples of government programs and agencies working and working well. Our, poor, terribly innefficient government programs are responsible for creating the world's best military.

Ah, but isn't this made easier by the fact that government programs are responsible for the rest of the world's militaries, too?

Re:Bullshit. Libraries. F-15s. Interstate Highways

That's right - mod it to five. Nothing insightful about this post, but apparently you get a five if you post more than 3 paragraphs.

Ignorant people treat volume as content. I call it byte-bloat.

Re:Hey, you can still download the e-voting progra

[laird]

Nope, looks like they figured out (on the second try) how to disable anonymous login on an ftp server.

Let's hope this all lands in freenet soon.

Where there's a will, there's a way

[windside]

I think it's a shame that this software is getting leaked because it throws a significant wrench in the gears of the natural progression of democracy. Although I agree that the paper ballot system works just fine, the bottom line is that computerized voting - if implemented properly - stands to improve elections in terms of accessability of ballots to the electorate, workload for electoral officials and overall cost.

That said, as long as there are elections, there will be people for whom cheating or rigging the results is a very appealing prize. There's a great deal of hand-wringing going on about the leaking of this software, but in the long run, it's not a big deal - the people who run the elections will simply have to come up with some new solution that circumvents the existing problems and, of course, creates new ones.

This Modern World comic

[Slur]

Here's the most recent This Modern World comic by Tom Tomorrow for those of you who are into biting political humor....

Re:This Modern World comic

for those of you who are into biting political humor....

Actually, I prefer to read it.

Re:Pleasant Dreams

[strange_attract0r]

lol, yeah that's the one

"Secure" as in "Windows is secure"

[dk.r*nger]

From the features page:

# Proprietary firmware on closed system prevents hacker access

Wtf?

[trezor]

• there is the potential for hacks to be discovered by members of the public, and not put forward, which, if they are not spotted by anyone else, which is conceivable, could lead to huge abuse later ...

And this couldn't happen in any other way? Security trough obsciourity works perfect in every way, you say?

List of voting software

[mAineAc]

I found a pretty interesting list of the available voting software . At least I thought it was interesting.

paper ballots

[snarkh]

Why do we need software to vote? What exactly are the advantages? It is more expensive much less transparent and prone to potentially catastrophic failures and tampering.

Re:paper ballots

One advantage is to decrease the undesirability of going to the polls. If you have a slow process, the lines get long. Some people do not vote for the same reason they don't take public transportation or go to the state fair or hang out at the greyhound station: They want to minimize their exposure to the lowest common denominator of humanity. Seriously. If you can make the line to the voting booth shorter, you might have a better chance of attracting voters.

Another advantage of course, would be to minimize human error in the counting process. Obviously we see the problem with that goal if the mechanical counting process cannot be validated, independently validated, all the way to having the process of testing and validation completely open and subject to intense independent scrutiny.

Re:paper ballots

[snarkh]

One advantage is to decrease the undesirability of going to the polls.

It is a valid reason to use technology but only if technology helps in that respect.

Another advantage of course, would be to minimize human error in the counting process. Obviously we see the problem with that goal if the mechanical counting process cannot be validated, independently validated, all the way to having the process of testing and validation completely open and subject to intense independent scrutiny.

It seems that the computer techology is inherently not transparent as far as validation is concerned. For example, a small bug (perhaps maliciously implanted in the software) can completely change the results.

You might object that the software can be open and accessible for review by independent observers. However even in that case how do you validate the software running on a given voting machine?

Not to say it is completely impossible but certainly not easy. All in all, it makes it harder to justify switching from paper ballots, which is an intrinsically open standard.

How it got there?!?

[t0ny]

Machines running this software were used in California's Riverside County for the 2000 presidential election and for last month's California gubernatorial recall election.

SkyNet put it there!

India has already been successful with EVMs

[zungu]

India has already used EVMs in elections. Last time I heard the entire election in the Kashmir state was done by EVMs with no room for tampering. The technology is simple and effective. Maybe the American government can learn something from the Indians :-)

Re:India has already been successful with EVMs

[John+Hasler]

> ...the entire election in the Kashmir state was
> done by EVMs with no room for tampering.

How do you know? Just because the Indian government says so? They, of course, couldn't possibly have any reason to want to nobble an election in Kashmir, of all places.

Re:India has already been successful with EVMs

[zungu]

The Kashmir election was observed by diplomats and UN officials (though not formally) on the ground. Everyone has stated that the elections were fair. Main reason for this fairness was of course the EVMs designed in India. You are welcome to search or contact Election Commission (a constitutional body) to verify what I wrote.

over simplification or a good idea?

[Shakrai]

Maybe I'm over simplifying the issue, but am I the only one that thinks the only way e-voting of any kind is trustworthy is if there is a paper record of the vote?

Why not use an E-Voting machine to generate a paper ballot of some sort that could be read by scanners? More or less like a punch card ballot, but generated by a machine with multiple language support and all that good stuff. People get to _review_ their ballot before they put it in the box (giving them faith in the system), there won't be any hanging chad or bufferfly ballots (the interface would remain as a touchscreen), and most importantly, if you needed to do a recount, you'd have _paper_ records.

I'd trust this a little bit more then some software designed by a corporation with special interests to worry about.

Re:Bullshit. Libraries. F-15s. Interstate Highways

[jslag]

All of whom should have, in theory, been erased by the invisible hand or otherwise kicked in the pants by the market. But in fact, these beaurocracies are no better than most mediocre government beaurocracies.

How true. Heard a great line a few days ago - something to the effect of "the problem with the invisible hand is that it often isn't there."

Haven't heard any stories about wealthy Californians' homes spared by their hyper-efficient private fire departments this week, either.

Hello... Neumann

[sharkey]

Neumann, the security expert,

So, he quit his mail route?

Re:Hello... Neumann

I thought he worked at a dinosaur zoo.

All too easy.

[Ungrounded+Lightning]

How do you "accidentally" put software on a public FTP server[?]

Trivial:

By FTPing it TO a directory that is read/write for anonymous FTP, rather than read only or login-required.

Easy to do if a company is trying to deliver a copy of an executable to a customer and both the person doing the delivery and the person receiving it aren't on their toes, or if the person receiving it doesn't have enough sysadmin privileges to configure the FTP server and the sysadmin who does isn't cooperative or available.

Not saying this is what happened here, of course.

You misunderstand the function of elections.

[Ungrounded+Lightning]

I think it's a shame that this software is getting leaked because it throws a significant wrench in the gears of the natural progression of democracy. Although I agree that the paper ballot system works just fine, the bottom line is that computerized voting - if implemented properly - stands to improve elections in terms of accessability of ballots to the electorate, workload for electoral officials and overall cost.

Your posting shows that you believe that the "natural progression of democracy" is to expand the franchise and poll as many people as possible, and you appear to be in favor of this. That is a misunderstanding of the function of elections.

Elections are the mechanism by which a republic is made stable. The elections are intended to model the outcome of a civil war. If the losing side believes that they are a good enough model to predict that they'd ALSO lose the war if they started it, they then refrain from starting it.

To do this they don't need to be perfect. But they DO need to be visibly free of gross corruption, and to selectively poll those people who are likely to fight if a civil war erupted and who care about the issues in question.

You'll notice that, in the US, the franchise has been extended to one group after another, in each case only AFTER the group in question has proven itself capable of organizing mass violence. Starting with landowners and merchants after the revolution, national sufferage was extended to all free males after a couple post-revolutionary incidents, to women after their participation in the bar-burnings of the temperance movement, to blacks (for real) after the civil rights movement degenerated into the mid-'60s urban riots, and to the 18-20 year-olds after the Vietnam protest and associated riots, bombing, and sabotage.

Making it easy to qualify and vote - rather than requiring registration about as hard as going out and hooking up with a militia - means more people who don't really care will vote, skewing the results of the civil-war prediction. It also makes it easier to create fake voters and corrupt the count. Both make the election outcome less believable by the losers, reducing stability.

Exposing defects in the counting mechanism - especially defects that can lead to massive fraud - may destabilize things temporarily. But it will lead either to fixing the defects or to immediate destabilization of a potentially corrupt and unrepresentative government - followed by fixing the defects if (as is likely) the post-war population also opts for a republic. Either will lead to government that is more representative of the peoples' will and thus more stable.

I don't know about you folks

[GMFTatsujin]

... but I get a little nervous when I look at a brochure for voting booths with product lines named "Edge" and "Advantage."

What's next? The "Backdoor" line?

Re:Bullshit. Libraries. F-15s. Interstate Highways

[pmz]

examples of government programs and agencies working and working well.

Which ones? The only good service I've recieved from government organizations was when I dealt with the tax collectors (property tax, mainly).

Our, poor, terribly innefficient government programs are responsible for creating the world's best military.

Like other people have said, $5,000,000,000 gets contractors riled up like nothing else. You should see the $2,000,000 contracts (a typcial pork-barrel domain), where the inefficiency is often sinful in proportion.

The Interstate Highway system makes cross country travel effecient and quick

Interstates were originally a defense system. They work extremely well for long-distance point-to-point travel. However, you fail to mention that the 16-lane highways around our cities still grind to a halt during rush hour. Cities are not scaling well, and the money that keeps getting thrown into the highways system is a dead end measure. How many acres are consumed by those 16-lane highways that could be put towards real estate or parks?

But I can tell you that the service of the DMV and even the IRS looks positively stellar compared to any number of private entitities -- several health insurance companies, Sprint, Microsoft Customer support, and the hosting company I called last week (no, not some dinky provider either -- I'm talking freakin' Interland here).

Companies who have a sound business model tend to have very good customer support. I have good support experiences more often than not, usually the bad experiences come from companies hanging on by a string (my ISP, for example). Health insurance companies have to meet such a mind-swimmingly large set of regulations that they can't provide good support (just wading through medical bills and getting questions answered is nearly impossible). Phone companies are regulated monopolies and don't have an incentive for good support, although I think they've picked up speed now that cable companies and ISPs are beginning to compete in the telephone markets. Microsoft simply has no incentive for good support at all (monopoly, monopoly, monopoly) and they will only improve as Linux, Sun JDS, etc. start eating at their bottom line.

Our beloved commercial driven-to-efficiency-by-the-market companies have produced an absolute steaming heap of bovine excrement when it comes to an e-voting product.

No, they have produced shit through a politically-corrupt deal. Don't confuse business and politics, here.

Open source opportunity?

[RandomViolenceRevisi]

Between this, and the Diebold fiasco it would seem a good idea for an open source/Linux project to write a secure voting system. With many governments opening up to the idea of open source, it might just fly (and make for fair elections too).

important votescam links

[ftide]

Article by Victoria Collier: http://truthout.org/docs_03/102503C.shtml

*Very informative* articles by Votescam.com
http://votescam.com/chap1.html (1 of 5 chapters)

Technological excerpts:
"Nothing was said in the press about the secretly programmed computer chips inside the "Shouptronic" Direct Recording Electronic (DRE) voting machines in Manchester, the state's largest city.

These 200-pound systems were so easily tampered with that the integrity of the results they gave -- and George Bush was the beneficiary of their tallies -- will forever be in doubt. Consider these points:

1. The "Shouptronic" was purchased directly from a company whose owner, Ransom Shoup, had been twice convicted of vote fraud in Philadelphia.

2. It bristled with telephone lines that made it possible for instructions from the outside to be telephoned into the machine without anyone's dear knowledge.

3. It completely lacked an "audit trail," an independent record that could be checked in case the machine "broke down" or its results were challenged.

4. Roy G. Saltman, of the federal Institute for Computer Sciences and Technology, called the Shouptronic "much more risky" than any other computerized tabulation system because "You are fundamentally required to accept the logical operation of the machine, there is no way to do an independent check."

A year later, in June of 1989, Robert J. Naegele, who had investigated all computerized voting systems for New York State, warned: "The DRE (which the Shouptronic was) is still at least a year and possibly two away from what I would consider a marketable product. The hardware problems are relatively minor, but the software problems are conceptual and really major".

A source close to Gov. Sununu insists that Sununu knew from his perspective as a politician, and his expertise as a computer engineer, that the Shouptronic was prime for tampering."

Re:Bullshit. Libraries. F-15s. Interstate Highways

[Colazar]

Actually, the real thing is that efficiency is over-rated. There is a function (albeit an annoying one) for bureaucratic, in-efficient systems, and that is redundancy. This is important for anything that has to function in the "real world," and the more choatic the situation it has to operate in, the more important it is. The best example of this is the military, which isn't even close to efficient, but *is* effective.

Those are the sorts of things that governments seem to be best at: things where it's worthwhile to overpay, because the end result is important enough that all you care about is that it works. (Not to say that governments don't mess that up, too, but if all you measure them on is "Does it work, eventually" they don't do so badly.)

Reasons for paranoia

[JimmytheGeek]

There are lots of ways to create auditable trails for e-voting, but they aren't interested in offering the feature. Why not? I conclude it's because the lack of auditing is precisely the point. That's hos Diebold plans to "deliver" Ohio.

That reason why Database Technologies (DBT) was given the job of "scrubbing" felons from the Florida voting rolls was not that they were cheap (500 times more than the company they replaced) nor that they were efficient. Katherine Harris several times shifted the standards to INCREASE the error rate. False positives are a good thing when you are trimming likely Democratic voters, which was the point. (Race was identified, names munged. They were intentionally careless about getting names correctly, so the wrong people were scrubbed, but race was 100% on the money for each entry.) The error rate of 89% was just fine: and resulted in handing Bush the state. Sort of. It took other shenannigans to get the 500 vote margin.

Some Republicans have already proven they like monkeying with elections to gain power. Two of the 3 main e-voting vendors have strong partisan, Republican ties. This is a problem for believers in democracy, Democrats, and principled Republicans.

Entropy Link

This is for Entropy users:

SSK@THn_MFmAqoGeXk9COwwSiFp6PAvBCMA/bbv/2//

disenfranchise?

I love all the squabble that preceeded the California recall about every county needing to be upgraded to these new voting machines lest the "poor" be disenfranchised.

I guess the idea was that we all should be disenfranchised equally.

Re:Bullshit. Libraries. F-15s. Interstate Highways

[yourmom16]

There was an explosive factory near where I live that was surrounded by a fire, but was spared by its private fire department.

Re:Bullshit. Libraries. F-15s. Interstate Highways

[yourmom16]

and because we spend almost 10 times as much as the second highest military spender. Just because you have a better military doesn't mean its more efficient if you spend 10 times as much.

Re: My guess is the republicans picked Diebold...

[jriskin]

But its just a $200,965 guess =)

http://www.opensecrets.org/softmoney/softcomp1.a sp ?txtName=Diebold

Personally I think this should automatically disqualify them, but I guess I don't really understand the system that well.

Re:Bullshit. Libraries. F-15s. Interstate Highways

[yourmom16]

Our beloved commercial driven-to-efficiency-by-the-market companies have produced an absolute steaming heap of bovine excrement when it comes to an e-voting product.

The market needs a large number of buyers and sellers to function properly. A small number of sellers is an Oligopoly and is more common, but in this case there is a small number of buyers(government buys them but I dont know anyone who uses them for personal use.

Re: My guess is the republicans picked..fixed link

[jriskin]

http://www.opensecrets.org/softmoney/softcomp1.asp ?txtName=Diebold

Re:Bullshit. Libraries. F-15s. Interstate Highways

[phatlipmojo]

The library at my university is better than the main branch of the public library in San Francisco, where I grew up.

Better at what? Oh, you mean, better at very specific, academic things that interest you? Or better at providing a vast range of services to a vast range (read: everyone who comes in, without exception) of people with a vast range of interests?
In fairness, I've never been to SF, so maybe their library really does suck, but I doubt it. I suspect that, as is usually the case, the academic library*, in not being obliged to make the attempt to be all things to all people, has the luxury of doing an exceptional job at being a few things to a few people. Which really gets to the heart of the question of why there both kinds of libraries exist.
phatty 2x4

* Especially with the kinds of resources a large university has; if you're talking about a state U with more than about 25,000 students, I wouldn't bet money on your suspicion that they don't have a major urban public library's resources. Never underestimate the cheapness of municipal authorities, even in the People's Republic of San Francisco.

FTP needs upgrade

[iamatlas]

Diebold needs to upgrade to FTP.ID.10-T. This would most definitely stop such idiotic mistakes on the part of the people using their systems. Stupid.

Re:Bullshit. Libraries. F-15s. Interstate Highways

[Galvatron]

Better at what? Oh, you mean, better at very specific, academic things that interest you?

No, actually I meant that it has a better selection of books, both in narrow diciplines, as well as items of popular interest. Moreover, the catalogue is VASTLY easier to search. Sure, the university library (my university has fewer than 7,000 students, for the record) is focused on certain academic diciplines, but even in areas where it is not focused, it still does a better job. The reason that both exist is simply that public libraries do an inadequate job at just about every task.

Re:Link that works

why the hell was this modded "-1 Troll"?!? isn't this a valid freenet link??

Use an absentee ballot to protest touchscreens!

[HeavenlyWhistler]

I agree that these proposed paperless systems are no good. I am not confident that the various state governments will listen to our concerns, when Diebold keeps assuring them that "everything is fine". But I do know a good way for everyone here to "vote" against such a system: use an absentee ballot. What do you think would happen if, say, 50% of the voters submitted absentee ballots? Think of that mound of paper they would have to count (presumably by hand)! Maybe that would get their attention.

lockpicking book

quality lockpicking book for sale at http://cafeshops.com/hackingtexts

Nice to see that have such integrity, though

[BoogieChile]

From the article;

Sequoia makes a point of stating that its system is much more secure than the Diebold system, since it doesn't rely on Microsoft software.

Their website reads: "While Diebold relies on a Microsoft operating system that is well known and understood by computer hackers, Sequoia's AVC Edge runs on a proprietary operating system that is designed solely for the conduct of elections."

In fact, the system uses WinEDS, or Election Database System for Windows. WinEDS runs on top of the Microsoft Windows operating system.
The system also appears to use Microsoft Data Access Components, which was found in the WinEDS folder on the server.

Nice to see standards of honesty and integrity upheld by a company in such a sensitive position. hell, I'd trust them with my vote!

times like this, I'm glad I'm not actually an American, though