Slashdot Mirror
More E-Voting Software Leaks Surface
Christopher Soghoian writes "Sound like something you've seen before? Wired News reports that the software which runs Sequoia's AVC Edge voting machines has been accidentally placed on another company's publicly available FTP server, although this time it's the binary, rather than the source that's been leaked. Machines running this software were used in California's Riverside County for the 2000 presidential election and for last month's California gubernatorial recall election. The system also has been used in counties in Florida and Washington state."
I dont know a whole lot about cyrpto, but if its a big deal if a binary got leaked, perhaps the software isn't that secure to begin with. We all know security through obscurity doesn't work.
Selling software wont make you money, selling a service will.
How do you "accidentally" put software on a public FTP server ... this is ridiculous. Makes me glad to not be an American :)
This sentence no verb
This wouldnt be a problem if they used OSS to vote. The problems could be caught and fixed before a vote...and nobody has to keep the info secure.
Bottles.
If these systems were really secure, then finding out the code shouldn't be important. Just because I know the RSA 128-bit algorithem, doesn't mean that I can break it in a second!
Also, why isn't the federal government coming out with a standard software framework for voting?
This seems obvious to me, at least.
Not that I trust my government to be the best coders, but heck... get the DOD on it. They are pretty good at these problem domains.
Maybe they'd run it off of source forge....
-hampton2600.
"I don't want to start a holy war here..."
I was reading the headline and I thought I read it as "ubernatorial election", made me ponder for a moment.
Yeah, because if the federal government does it, it is efficient, reliable, and effective.
...but I lack the prehensile tail.
(sigh)
from the article
Neumann, the security expert, said, "This means that anyone could install a Trojan horse in the MDAC that won't show up in the source code." Jaguar employees, Sequoia employees or state election officials could insert code that wouldn't be detectable in a certification review of the code or in security testing of the system, he said.
Now all we need to do is write a trojan to get Tux elected president!!
Karma -2 (Not Funny)
I think that no matter how many assurances there are (and there aren't a whole lot right now) we're never going to be able to take care of lingering doubts about the security and fairness of e-voting.
Right now, voting software is obviously not ready for primetime and the companies that make it need to have some sort of oversight committee making sure they're not playing games or royally fucking things up.
There was enough of a commotion in FLA about hanging chads that people's confidence in machines are shot. And those are relatively simple compared to secure e-voting software!
It seems that the more we try to "high-tech" the voting process, the more problems and uncertainty we will introduce into the system.
So, right now I'm leaning towards a really low tech solution: simple paper and pen for ballots.
I know I'm a geek and supposed to love technological solutions. And I do, but with something as important as voting, until they get it to be as reliable as pen and paper, I say screw the machines because as a geek, I also know how unreliable software can be.
Humorless sig goes here.
Let's see, the software is written on a Microsoft base, is closed source and... shudder... appears to be prone to tampering. Just like Diebold and I would imagine every other vendor's software.
We need to get the source in the open, and more importantly, we need to have these machines give paper ballot reciepts as well as an internal audit tape like those found on ATMs...
There is a bill in the House (H.R. 2239) that already has a lot of support and addresses a lot of these issues. Please urge your representative to support it as well.
> Also, why isn't the federal government coming out with a standard software framework for voting? ... get the DOD on it.
Yeah, have the military run the elections. Great idea...NOT.
Earlier today I posted the lists.tgz archive of Diebold's damning mailing list exchange to Freenet, as has been requested repeatedly in threads related to the electronic voting issue.
L d0 68BtICKg/lists.tgz
The key is:
CHK@sgOjWAy4g-0bf0m5biyqnEzWloENAwI,OXw8OfHPfsm
If I can obtain the AVC Edge binary, I will do the same with it.
Let loose the DMCA notices, boys. It won't do you a damned bit of good now.
I'll probably embarrass myself even more by my answer, but here goes.
:) I'm sure 50 other Slashdotters will expand/correct/make fun of me, but I figure since no one else is answering, I'll take a stab at it.
You can often get a fair bit of source from a binary, but it all depends on what language the source was originally from, what platform it was written for, etc.
More importantly (as I understand it) is how it was compiled, etc. Source code isn't just translated line by line into machine code. Especially with today's optimizing compilers, there's a lot of automagic going on.
Now, you usually can get the assembler directives out of a binary (ahh, disassemblers are fun), but even this is dicey. I know from playing around with Atari 2600 roms that often you can't know precisely what parts of the code do what, iirc because code and data were often intermixed in irregular ways. Even if you get the full assembly code, have fun reading it if it's more than a few thousand lines.
Having said that, there's a lot of incredible stuff a skilled person can do with disassemblers, but it all comes down to the source->machine code translation. There's a lot of factors that come into play here, and it's not just a simple inversion of some always used process.
There, can I be less specific?
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
To go from, say, a C language file to an exe, .c),
the compiler first loads the C file (ending in
and all the files it refers to,
and then parses all of it into an internal
structure.
this structure is then optimized:
loops are unrolled, functions are inlined,
and info that is mention but isn't needed
is stripped out.
the resulting structure is then
written out as a series of assembly
instructions, which are then
converted to the numeric codes
the processor understands.
this is the exe.
to go backwards, it's (generally)
trivial to take an exe and get a
plaintext file containing the assembly
instructions (this file usually ends in '.a')
it's the optimization step that causes
issues: one of the main things the computer
doesn't need which is stripped out is
variable names, comments, etc.
without them, there's no context.
you can figure out the algorithm from the assembly,
but you can't easily figure out what
it's operating on.
to make things worse, other optimizations
may alter the code for faster execution,
making it even harder to figure out.
Occasionally, mistakes are made...
Microsoft slipped up a while back,
and released a windows patch which had
the 'debugging info' left in it.
All this really amounts to is the variable
names, function names, etc...
which is bloody useful.
Making this process even worse is that
some (rare) executeables are self modifying,
which makes them MUCH harder to predict.
in summary, it's not that hard to get
back to C code, assuming the program
was even written in C. You'd just have
variable names like 'var0001', 'var0002'
'func0001', etc.
It's basically the difference between
having a nice nested tree structure
which you can compartmentalize and analyze,
versus one long list of instructions,
which the computer may start and stop
execution of at any point.. sorta like DNA.
Here in Brazil, were we have had last year the largest elections using proprietary-software-equiped-polls, it seens that there have been more than a
couple of frauds last year.
The latest news are these ones (In Portuguese. Use
the fish to read in English).
There have surfaced accuatins of votings being sold at R$10,00 (~U$3.30) each one, and of a candidate that had more than 1000 votes while they were being counted ending up with zero votes.
I just hope they get to the only one true: these eletronic polls, as they are, are nothing but election-buying machinnes.
-><- no
As I've said before, the agencies responsible for buying this equipment and software should bear a good deal of the blame for anything that goes wrong. It seems to me that some gross negligance or incompetence is going on here. If the government was hiring a private company to do security related work, you bet that they would have standard procedures set out, vetting, interviews, background checks etc. by people who are actually familiar with the security area. Yes I know it doesn't always work, but they give it a decent shot and show a degree of competence. If a problem with security clearances of this magnitude came to public light, you'd bet that they would be announcements of an "inquiry". However as soon as it comes to "computer stuff" it seems like government agencies suddenly try to express how incompetent they really are. A lot of the weaknesses in this software should be blatently obvious by an audit by a computer security professional. As it is the articles I've read suggest that they only audited the source code the companies themselves wrote rather than the whole program ('hey wait a minute what's all this MS stuff? We need to audit this whole thing you know'), only audited for reliability rather than security and didn't even take the audits seriously anyway. It increasingly seems like they made a token gesture at an audit and them simply trusted the companies' word on the matter. And now that things like this are coming to light they are burying their heads in the sand. Sure they are unlikely to be tech experts but can't they just apply the basic principles of security clearances and audits to this software? And surely being 'experts' on managing elections they should realise the importance of a paper trail, since they must be familiar with all the stuff that goes wrong in elections that most of us never hear about? I mean what is about "computers" that suddenly make government employees act like incompetent idiots? They seem to be able to act at least somewhat competent in non-computer areas, but suddenly stick some technology in and it's like they suddenly don't know what to do and any previous expertise they had in the field eg. managing elections suddenly disappears into thin air.
Yeah, because if the federal government does it, it is efficient, reliable, and effective.
Blah blah -- the government boondoggle meme strikes again. Yes, it has its roots in some truths, and that's why it exists. But...
The problem is, there are in fact examples of government programs and agencies working and working well. Our, poor, terribly innefficient government programs are responsible for creating the world's best military. My locality might be an exception, but we've got incredible public library resources that I'm so happy with I'm *glad* when I get library fines. The Interstate Highway system makes cross country travel effecient and quick -- which keeps the cost of goods lower -- at least, those you buy that were shipped from somewhere else.
Yep -- I know, private firms were involved in the creation of each of those things. Doesn't change the fact that some branch of our poor, incapable, incompetent government commissioned and managed those projects.
And yes, I know -- the DMV is frustrating to deal with. But I can tell you that the service of the DMV and even the IRS looks positively stellar compared to any number of private entitities -- several health insurance companies, Sprint, Microsoft Customer support, and the hosting company I called last week (no, not some dinky provider either -- I'm talking freakin' Interland here). All of whom should have, in theory, been erased by the invisible hand or otherwise kicked in the pants by the market. But in fact, these beaurocracies are no better than most mediocre government beaurocracies.
So it's fun to repeat, but remember to look at the facts while you're thinking about it. Our beloved commercial driven-to-efficiency-by-the-market companies have produced an absolute steaming heap of bovine excrement when it comes to an e-voting product. And yes, it's still taxpayer subsidized, because our governments are paying for these products -- and not just the costs, but also the profits.
Libertarianism is rich wolves and poor sheep playing gambler's ruin for dinner.
The company was NOT a USA company
Tech Public Policy stuff
I asked him: "Since you make money on your hardware what's the problem with open sourcing your software?" He hemed and hawed but then said: "Our programmers are not good enough that we want to let the world see our code!"
I got a little irate and said: "Well its our votes getting counted." He then said: "Well there is something else. Its running on Win98 and we can't fix those security holes!"
At that point I told him: "I think I prefer hanging chad."
I don't understand how a piece of paper equals coercion.
If you marked a paper ballot with a pen, and dropped the ballot in a box, then that would also be coercion? Seems like that's the way its been done for centuries.
What makes it different if the paper comes out of the voting machine before it gets dropped in the box?
It doesn't, what you're describing is a ballot, not a receipt. A ballot receipt would be something the voter takes with them. If the voter takes anything with them which shows who they voted for, they could be threatened beforehand to vote a certain way and they would have to produce the evidence afterward. More common would probably be the selling of votes since the voter could prove they voted a certain way.
In fact, there is no difference. Why do we even need the voting machine?
I think carefully designed electronic voting machines could be very helpful for improving voting accessibility and preventing voter mistakes. An electronic system could provide the ballot in many formats; large print, different languages, audio (with headphones) and include pictures of candidates. It could prevent people from voting for more than one person for a position and make it harder to accidentally not vote for any candidate for an office. They could be especially helpful when there are lots of choices, such as in the California recall election or when there are many ballot initiatives.
The machine can also make tabulation of votes very fast but ultimately it must print out the voter's ballot on paper which is placed in a secure box by the voter. That (anonymous) piece of paper is, at least, the official ballot in any instance of a dispute over the electronic result. The paper itself should be machine readable but also fully human readable (like the filled in bubbles on standardized tests, not barcodes which are not human readable).
Why the hell are all these problems cropping up? Voting is simple enough, add one to the vote counter of a candidate/issue, like this:
vote++;
(WARNING: The code above is probably owned by SCO too, so just to be safe, I'm mailing a check for $699 tomorrow morning)
Is this really so hard? I'm working on my own OSS voting program. You can see the early version at herrvinny.com. It supports multiple choice (you can select several options together, or just one option), write in, no choice, etc. Anyone in UW-Madison want to help me test it, let me know.
Anyway, from my experiences writing this program, it doesn't seem so hard. And my program is done in Java, so all you little Java == SUV people out there are just plain wrong, the program works great.
Anyone have a mirror of these files? I'll mirror them myself, and we can play a game of keepaway with Sequoia just like with Diebold.
You would think these guys would disable it after a slashdot posting... They must be busy playing pirated half life 2 demos.
Paper receipts are worthless -- not only do they rely on everyone keeping theirs (and turning it in when asked, etc.) in case of a recount, but there's no guarantee that the vote printed on the receipt matches the vote recorded in the eVoting system.
r yReader$1954) not everyone is so enamored of technology that they overlook the obvious.
h tml) actually put wireless LAN interfaces on their touchscreen machines ("The functionality linchpin of the WINvoteTM system is its wireless LAN (IEEE 802.11b) system - called the Wireless Information Network (WIN) -- that enables the user to communicate remotely with the major components of the voting system.")
The only system that works is having people make marks on paper that they can look at and verify, then put into an independent tallying device to count the votes, which rejects invalid votes immediately so that they can be corrected. And in the even of a recount, the paper can be re-scanned.
Astoundingly enough, such devices not only exist, they're cheap, reliable, and fairly widely used -- scantrons! They have the lowest error rate of any voting mechanism, and cost almost nothing.
I have no idea why anyone would even consider an untested (and un-auditable) touchscreen terminal that costs thousands of dollars instead of a scantron that costs almost nothing (the forms cost about 10 cents, and the election board can borrow the scantron from the local schools).
Luckily (http://newshound.de.siu.edu/spring03/stories/sto
But just to keep us on our toes, these morons (http://clients.enfocom.com/avs/products_winvote.
Isn't anyone with a brain cell writing the requirements for these voting systems? You'd think that secure and auditable would be adjectives that you'd want in a voting system.
Enable 3D printed prosthetics!
2)Clay tablets take too long to dry. Votes could be changed in the meantime. Pen and paper is better.
3)Pen and paper is too slow to tabulate. We're switching to these cool punch cards.
4)People are apparently too stupid to use punch cards. Long live the touch screen system!
5)These electronic voting boxes can apparently be h4x0r3d by any halfway intelligent three-year-old with a spoon and an old emery board. This system, however, is foolproof...
*pulls out basket full of rocks painted black or white*
Doing my level best to piss off the religious right wing...
It's already in the "hands" of the government. Who picked Diebold?
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Here's the most recent This Modern World comic by Tom Tomorrow for those of you who are into biting political humor....
-- thinkyhead software and media
I found a pretty interesting list of the available voting software . At least I thought it was interesting.
SkyNet put it there!
Manipulate the moderator system! Mod someone as "overrated" today.
Maybe I'm over simplifying the issue, but am I the only one that thinks the only way e-voting of any kind is trustworthy is if there is a paper record of the vote?
Why not use an E-Voting machine to generate a paper ballot of some sort that could be read by scanners? More or less like a punch card ballot, but generated by a machine with multiple language support and all that good stuff. People get to _review_ their ballot before they put it in the box (giving them faith in the system), there won't be any hanging chad or bufferfly ballots (the interface would remain as a touchscreen), and most importantly, if you needed to do a recount, you'd have _paper_ records.
I'd trust this a little bit more then some software designed by a corporation with special interests to worry about.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
So, he quit his mail route?
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
... but I get a little nervous when I look at a brochure for voting booths with product lines named "Edge" and "Advantage."
What's next? The "Backdoor" line?
> ...the entire election in the Kashmir state was
> done by EVMs with no room for tampering.
How do you know? Just because the Indian government says so? They, of course, couldn't possibly have any reason to want to nobble an election in Kashmir, of all places.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Between this, and the Diebold fiasco it would seem a good idea for an open source/Linux project to write a secure voting system. With many governments opening up to the idea of open source, it might just fly (and make for fair elections too).
Mundus vult decipi, ergo decipiatur...
*Very informative* articles by Votescam.com
http://votescam.com/chap1.html (1 of 5 chapters)
Technological excerpts:
"Nothing was said in the press about the secretly programmed computer chips inside the "Shouptronic" Direct Recording Electronic (DRE) voting machines in Manchester, the state's largest city.
These 200-pound systems were so easily tampered with that the integrity of the results they gave -- and George Bush was the beneficiary of their tallies -- will forever be in doubt. Consider these points:
1. The "Shouptronic" was purchased directly from a company whose owner, Ransom Shoup, had been twice convicted of vote fraud in Philadelphia.
2. It bristled with telephone lines that made it possible for instructions from the outside to be telephoned into the machine without anyone's dear knowledge.
3. It completely lacked an "audit trail," an independent record that could be checked in case the machine "broke down" or its results were challenged.
4. Roy G. Saltman, of the federal Institute for Computer Sciences and Technology, called the Shouptronic "much more risky" than any other computerized tabulation system because "You are fundamentally required to accept the logical operation of the machine, there is no way to do an independent check."
A year later, in June of 1989, Robert J. Naegele, who had investigated all computerized voting systems for New York State, warned: "The DRE (which the Shouptronic was) is still at least a year and possibly two away from what I would consider a marketable product. The hardware problems are relatively minor, but the software problems are conceptual and really major".
A source close to Gov. Sununu insists that Sununu knew from his perspective as a politician, and his expertise as a computer engineer, that the Shouptronic was prime for tampering."
There are lots of ways to create auditable trails for e-voting, but they aren't interested in offering the feature. Why not? I conclude it's because the lack of auditing is precisely the point. That's hos Diebold plans to "deliver" Ohio.
That reason why Database Technologies (DBT) was given the job of "scrubbing" felons from the Florida voting rolls was not that they were cheap (500 times more than the company they replaced) nor that they were efficient. Katherine Harris several times shifted the standards to INCREASE the error rate. False positives are a good thing when you are trimming likely Democratic voters, which was the point. (Race was identified, names munged. They were intentionally careless about getting names correctly, so the wrong people were scrubbed, but race was 100% on the money for each entry.) The error rate of 89% was just fine: and resulted in handing Bush the state. Sort of. It took other shenannigans to get the 500 vote margin.
Some Republicans have already proven they like monkeying with elections to gain power. Two of the 3 main e-voting vendors have strong partisan, Republican ties. This is a problem for believers in democracy, Democrats, and principled Republicans.