E-Voting Expert Testifies

Christopher Soghoian writes "Johns Hopkins University professor Dr. Avi Rubin (of previous e-voting fame) yesterday testified before the Maryland House Ways and Means Committee. An article in the Baltimore Sun describes his testimony, as well as that of the director of the state elections board, Linda Lamone. Mrs. Lamone was highly critical of Dr Rubin's testimony, stating that he was doing 'a great disservice to democracy. They're telling the public: Don't trust them, don't trust the voting equipment.' This begs the question: Is it better for security researchers to avoid publicly criticizing e-voting flaws? Is public faith in the system more important than overall system security?"

Well...

[Pig+Hogger]

If Lamone is attacking the messenger, rather than the message, she is surely guilty of some flaw...

Re:Well...

[scrytch]

Election commissioners are usually appointed, not elected (funny when you think about it), so I suspect that's going to be one of the last things Lamone says. Rubin's message was well-received, and at least one politician (a republican at that) publically expressed disappointment at the non-response of the election commission.

Summary: Short Diebold, they're going to lose a lot of contracts.

Re:Well...

Capitalism in a Nutshell:

1. Tell the masses your product works perfectly.
2. Sell your product to the uninformed masses.
3. ???
4. Profit!

Now this guy from JHU is coming in and is filling the question marks and we aren't even able to get to the profit stage. It is down right anti-capitalism it tell you.

Re:Well...

[t0ny]

Mrs. Lamone was highly critical of Dr Rubin's testimony, stating that he was doing 'a great disservice to democracy. They're telling the public: Don't trust them, don't trust the voting equipment.

I think Washington really *does* want voting equipment that can be tampered with.

It seems that their opinion is that democrocy is too important to leave up to the people...

Re:Well...

[Kierthos]

Yup, they want voting zombies...

ehhhhhh.... must not question politicians....

ehhhhhh.... must vote on shitty machine.....

ehhhhhh.... must not care how vote is tallied....

rinse, repeat until the official "John Carpenter Approved Zombie Killing Hero" arrives and saves democracy in a hail of bullets and a couple witty one-liners.

Kierthos

Re:Well...

I think her name is pronounced "Lame One".

Re:Well...

[wowbagger]

Election commissioners are usually appointed, not elected (funny when you think about it)....

Not funny at all - necessary. If an election commissioner were to be an elected official, then he could alter the election rules to favor himself upon re-election, and thus be in a conflict of interest.

Re:Well...

Haha! The US is the same as some African dictatorship. Oh, well - there goes democracy...

Re:Well...

[MrYotsuya]

What's more than that is that they're also generally partisan (Democrat/Republican), which doesn't help matters. What's needed for a body overseeing voting that is completely non-partisan, or independent.
They should only be concerned about counting the votes properly and that's it and avoid all of this political crap.

Re:Well...

Instead he'll just rig it in favor of the guy who appointed him.

E-Testifying company alters results

The E-Testifying company which handled his testimony, also owned by an E-Voting company, has changed what he said! The testimony now reads "E-Voting is great. We should all move to E-Voting now. I for one welcome our new E-Voting overlords."

1984...?

[binner1]

Is public faith in the system more important than overall system security?

I love the Leader too!

-Ben

Re:1984...?

[haxorest]

C'mon guys, this could work, all we need is some modified Batman theme music:

Da-Na-Na-Na-Na-Na-Na-Na!
Lea - der!
Lea - der!
Lea - der!

Re:1984...?

the 1984 movie sucked...except for the naked chick....she was hot...I would do here.

Re:1984...?

Simpsons did it.

The public needs to know.

[Neophytus]

Just because a virus sitting in Jane AOL's system sending out spam isn't affecting her business, it doesn't make it OK. If fraud is going to go on next election, as personally I'm sure it will, there need to be huge changes happen before integrety is restored.

Re:The public needs to know.

[M$Marketing]

Sometimes I really wonder how different things are going to be with/without electronic voting. I mean, @ times I feel like I am choosing between 1 dictator or another, or 1 abuser or another. As it is, as long as we are forces to pay taxes for services we don't want &/or need, then I'm not sure that things are going to get better.

There has to be freedom to fail & to succeed.

Faith v. real security

Faith in the system by the public is absolutely more important than actual security. As long as people perceive that everything is secure and on the level, then why should security matter? Actually securing the system would just be a hinderance to the system of electoral fraud that the USA was founded on.

How do you implement trust?

[Pig+Hogger]

How can you implement trust in a given system?

Doubters have to be able to scrutinize the way the system works. So, in order to be trusted by as many people as possible, the system should be understandable by as many people as possible.

As soon as you have any kind of black box whose functionning cannot either be seen, or plainly understood by people, there is room for doubt.

This is why a hand-counted, paper-based ballot system is the most trustable one possible: it doesn't take a computer scientist to understand how it works and how it could be rigged.

Re:How do you implement trust?

[richg74]

This is something I have been arguing since the whole kerfuffle over E-voting began. Any normally intelligent persons can understand the security / threat model for paper ballots and a ballot box. I would be willing to bet that only a tiny minority of election officials -- even those responsible for selecting the machines -- actually understand the model for the electronic device.

Mrs. Lamone's response is unspeakably condescending, but I think it also unconsciously reveals this: 'please, don't make people ask all these awkward questions about the system -- because I don't know how to answer them.'

Re:How do you implement trust?

[Councilor+Hart]

It is not because you understand something that it's trustworthy.
It's not because you understand how it can be rigged, that it wil not be rigged.
Understanding does not exclude fraud.
Understanding how fraud can be committed does not give the system credibility or trust.
One does not trust the system, but rather those who implement it. Regardless of the system in use.

Re:How do you implement trust?

[Prince+Vegeta+SSJ4]

As soon as you have any kind of black box whose functionning cannot either be seen, or plainly understood by people, there is room for doubt.

Yes and No. A high level of understanding by a great number of people could help, but don't forget that many (if not all of us) trust many things to 'black boxes' everyday.

How does an ATM add and subtract money from my checking account?

The answer may seem easy, but do I really know the answer?

Do I know the programming involved in the electronic data transfer? The Software? The Hardware? How electrons are transferred via copper wire?

another example would be a calculator

Most people don't know much about most of this, but if the proper result can be proven with a reasonable degree of success, then people will trust the black box

If you do not learn to trust, you will lose

Raiden

That being said, I still don't trust in much of anything anymore

Re:How do you implement trust?

[B'Trey]

What you're talking about isn't trust. It's faith. And I don't have faith in our system or those who implement it.

Re:How do you implement trust?

[cperciva]

Doubters have to be able to scrutinize the way the system works.

Private citizens are generally not allowed to scrutinize (paper) ballot counting. Normally each candidate can send representatives, but that's all.

Of course, that situation is still vastly better than the Diebold fiasco, where *nobody* can scrutinize the ballot counting...

Re:How do you implement trust?

[JaredOfEuropa]

One does not trust the system, but rather those who implement it. Regardless of the system in use.

Not regardless of the system in use. As the Dutch saying goes "Trust is good, but control is better". (Control meaning the act of checking and supervising, rather than the act of actively steering). Ask yourself why you trust the people implementing the system. Simple, because you know they are being watched by others. In case of a paper ballot system, it's easy to see that they are being watched by others, ie. by people from the party you happened to vote for. And because the system is so simple, it's also easy to see that it will be very difficult to rig the elections without the watchers knowing it.

With an electronic system, you have two issues when it comes to trusting the implementers:
1) Are the implementers being watched at all times? Who can say... remember that you'd have to inspect the code for the machines and also make sure that that exact code is loaded into the voting machines, and not some different version. With such a complex system, even I wouldn't be so sure that all steps in the process, manual or automatic, are under scrutiny of impartial observers (or observers from all parties).... and I'm a techie. Besides, recent news about Diebold does not instill much confidence in the process, now does it?
2) Even if you somehow ensure that all steps of the software programming, software and machine distribution, machine operation, and the collection of the tallies are all supervised by impartial observers... how can you be sure that they are doing a good job? With such a complex system, it'd be easy for some mistake or intentional hack to pass undetected.

Re:How do you implement trust?

[NortWind]

In a world that has been shown to have people willing to cheat, the only way to have trust in any system is to have openness. Show me what you've got, don't expect me to believe somebody or thing I don't even know. Show me how it works. Let me take it to my experts, and have them check it for me.

I favor the paper ballot, as used here in Wisconsin. Here each voting station is just a small folding table with a curtain, and a magic marker. (Very cheap per station, never goes down, never needs a reboot.) You vote by completing a broken arrow to your choice with the magic marker. The ballot is verified by a testing box on the way out. If the ballot is readable, then it is accepted into a bin for later counting. If it is improperly marked, for example double voting for an office, it beeps and spits it back at you. You get a fresh ballot, and you can try again. The ballots can then be machine counted with knowledge that they will count right, and if human review is desired, you can manually go back through the ballots at any time. Cheep, effective, and reliable.

If all this is depressing you, check out Flak for a lift.

Re:How do you implement trust?

[HeyLaughingBoy]

How does an ATM add and subtract money from my checking account?

The answer may seem easy, but do I really know the answer?

The fundamental difference between this and a voting system is that if the ATM makes a mistake with my checking account, I will know about it when I balance my statement at the end of the month. If the voting machine decides to change my vote to the candidate I happen to hate the most, I won't have a clue. This is why people have been calling for paper output. Give me a summary of what candidates I selected that I can examine before I press the [submit] key. Then I deposit that into a lockbox as I leave so if there is any question about the vote, it is still possible to go back and do a manual count.

Re:How do you implement trust?

[Councilor+Hart]

Do you have faith in those counting all those paper ballots?
Why? (not a rhetorical question)

Re:How do you implement trust?

[Councilor+Hart]

Can't mistakes be made with paper as well?
Look at Florida (or was it california, in the 2000-election).
Some people intended to vote, but screwed up. Either because of bad layout or because they didn't "marked" (gaatje in papier prikken) the ballot right.
Or (for the sake or argument) even worse, some candidates names missing on certain ballots. Perhaps not all of them, but on some.
You can't check every computer. Can you check every piece of paper?

Re:How do you implement trust?

[Fnkmaster]

All the systems you mention are auditable by the people using them. You can check to make sure that the ATMs correctly recorded your transactions at the end of the month and get your statements corrected if they over-deducted funds (it's happened twice to me that ATMs charged me without giving me funds).

In this case, the proper result is observable over a substantial period of time on an individual as well as systemic basis. Likewise, calculators - we have been using them for years and noting that they give us correct results assuming correct input except in very unusual cases (battery dying, etc.).

How do we _know_ or _verify_ that a Diebold voting machine is recording our vote properly? That's all we're asking for here. A way to validate that the system is representing our votes properly, and gives us a verifiable paper trail. I don't think we will actually need or want to verify every vote by hand in every election, once the system has proven that it has integrity, and once we have enough checks and balances in place to trust that any fraud would likely be detected. This kind of trust must be earned, it cannot just be demanded by appointed elections officials and other beaurocrats.

Re:How do you implement trust?

Because more than one person counts them, and when discrepancies come up in any group of ballots, they will be recounted until they arrive at a consistent answer.

Re:How do you implement trust?

[cduffy]

True, but by understanding something one can understand where its weaknesses are, and one may take actions to minimize the likelihood of exploitation of these weaknesses (or maximize the likelihood of detection of said exploitation after-the-fact).

In the case of automated voting systems without a voter-verifiable paper trail, the ability to detect prior tampering is minimal; in a great many cases, detecting tampering after-the-fact is impossible. Likewise, because the system has several components which are difficult to oversee, there are a number of places where the results may be unduely influenced before the election itself occurs (ie. subtle undocumented features in the code).

It is because understanding is necessary to implement safeguards before-the-fact and audits after-the-fact that said understanding is such an important element -- not merely for understanding's own sake.

I say this, by the way, as the lead developer (a few years back) of an online voting system used for the elections of a public university in northern California and an associated $14M corporation. My system was delivered with detailed documentation describing its known vulnerabilities and describing circumstances where its use would be inappropriate.

Re:How do you implement trust?

[balloonpup]

This is not a black and white thing. I wouldn't say that I have implicit faith in those counting the paper ballots, but I most certainly have more faith because their results can be verified.

So, let's just say that I am more faithful in them.

Re:How do you implement trust?

[Faluzeer]

" Do you have faith in those counting all those paper ballots?
Why? (not a rhetorical question)"

Hmmm

Do you need to have faith in _every_ person that is counting the ballots?

When electoral fraud happens it does not tend to be the ballot counters that commit the crime, the fraud tends to happen before the ballot papers get to the counting stations (either arriving at the original ballot stations with votes already in them or arriving at the counting station after being either being switched for a pre-filled box or the original box opened and votes removed / added.

So generally speaking you can have faith in those counting the ballot papers because it would need a significant proportion of the counters to be in on the fraud for them to sway the count, at which point it usually becomes apparent that the fraud is happening.

Re:How do you implement trust?

[B'Trey]

I do not have faith in those counting the paper ballots. And in fact, it is exactly my lack of faith in them that allows me to trust them.

The ballots are counted multiple times by more than one person. In order to deliberately miscount the ballots, and thus alter the results of the election, a number of people would have to be involved in the conspiracy. Three people can keep a secret - if two of them are dead. I don't have any faith that those counting the ballots would be able to sustain such a conspiracy even if they wanted to do so, thus I can place trust in the system.

Re:How do you implement trust?

By being seen in both deed and action and apperarance of being fully honest and open.

As soon as 'You cant see that' flags appear, the public smells a rat.

Hide nothing. Outsourcing responsibilities to Dibold does not excuse anything. Are we saying the 'contract' is more important than the voter, and the constitutional right to 'vote'?

To get the publics faith

Demand Open Source - or no deal.
Demand full Vuln. disclosures be public too
Demand sanity checks (ie like Poker machines)
Explain why receipts are worthless.
Allow voters to get 'configuration data' for the machine they are using. (satisy all tastes)
Put the electronic votes online, where an electronic reference number can be looked up
later on the net.

The Australian system (ACT) with a paper random checksum barcode security ticket, satisfys tampering concerns. Its a neat solution.

Re:How do you implement trust?

[zCyl]

Who can say... remember that you'd have to inspect the code for the machines and also make sure that that exact code is loaded into the voting machines, and not some different version.

You would also have to know the compiler was not compromised, and that the hardware was uncompromised. These are nightmarishly difficult tasks to do for even one machine, and impossible to do for all.

We CAN use electronic voting, but we need verifiable trails. We can take good steps to make it difficult to slip malicious code into the machines, such as having open source code and techies (and managers) from multiple parties working on setting up voting systems. But after doing all that, from a security perspective the machine is still a black box.

A paper trail printed out that the voter can verify and then deposit in a box at least allows spot checking.

Re:How do you implement trust?

[waterbear]

Trust can't be 'implemented': it has to be _earned_.

The parent post lists some good points on how to earn it. It's important to describe the aim as 'earning' rather than 'implementing', because the opponents of this can 'implement' plenty of things ok but not those that are wanted here.

Re:How do you implement trust?

[steveya]

I suggest that faith and trust can be left out of the equation by means of verification. At the time of voting, each voter can be given a paper receipt as you suggest, with a unique id assigned randomly, as well as a list of that voter's votes. The voter can immediately verify the choices, and the id assures privacy. After the election, all votes and their unique id's should be posted on the Internet for download. Numerous independent vote counting programs could be written to verify the election results, and each voter could verify their choices and protest any variations from their printed receipt.

I suppose the weak point in this scheme is relying on the voter to check the printed receipt at the time of voting and again afterward if questions arise, but I don't think this is asking too much of the voter. The strength is that it doesn't matter what kind of black box is used to record or count the votes because verification is open to everyone.

Re:How do you implement trust?

[LeftOfCentre]

This is one of the best suggestions I have heard thus far. Assigning a random number to each vote and later posting the info on the internet is a natural extension to the "paper trail" ideas.

it's like the finger nail clipper confiscations

[Locutus]

I think they still do that today and if somebody went public with how stupid this really is, I'm sure they would get the same treatment. Be EDUCATING the public, the politicians feel threatened. They've made clueless decisions and when those decisions are threatened... well, it's just unAmerican( or so THEY say ).

For the people, by the people... yea, right.

LoB

Re:it's like the finger nail clipper confiscations

[Locutus]

This is what I get for not proof reading:

"By EDUCATING" not "Be EDUCATING"

Re:it's like the finger nail clipper confiscations

[JerkBoB]

I think they still do that today and if somebody went public with how stupid this really is, I'm sure they would get the same treatment.

They don't actually. I've been through a number of large airports on the Eastern Seaboard, and they stopped doing that a bit before TSA took over, if I recall correctly. It's certainly been over a year, although I still have a few sets of broken clippers to show for that time period.

I agree that it was ridiculous, though. I remember going through security in Pittsburgh, only to find that there were normal, sharp-pointed-nail-file clippers on sale in the convenience store.

Re:it's like the finger nail clipper confiscations

No, what you got for not proof reading was more mod points.

Work the system!

Re:it's like the finger nail clipper confiscations

They don't take clippers anymore, but they sure do take multipurpose tools (Leathermans, etc).

I have connections to TSA people, and you wouldn't belive the number of these things they collect--at a single airport...Only so they can be destroyed.

You would also be very greatful for their efforts, when you hear of people trying to get through with hunting knives and guns--there's probably more of this activity than most people would care to imagine.

Re:it's like the finger nail clipper confiscations

[Locutus]

Not intended. To that, it seems like the only time I get any mod privileges is on the weekends and when there tends to NOT be anything interesting to read/mod.

Maybe /. should add a way for us to trade mod points? ;-)

LoB

Misuse of "begs the question"

[s20451]

Most people, like the poster, incorrectly assume that "begs the question" is the same as "answers the question". This describes the proper use of the phrase.

Re:Misuse of "begs the question"

[master+control+progr]

Big ups for linking to my alma mater. Yeah, yeah, -1 offtopic.

Re:Misuse of "begs the question"

Instead of "begs the question" use "raises the question."

Re:Misuse of "begs the question"

[Jameth]

Most people, like the poster, incorrectly assume that "begs the question" is the same as "asks the question," not "answers the question," which is still equally wrong.

Re:Misuse of "begs the question"

[Highrollr]

Language is defined by usage. Since I hear the "incorrect" version of this phrase far more often than the "correct" version (At least outside of philosophy classes), I'd have to say that there's nothing really wrong with it.

Personally, though, I'm with you. It sounds bad when you know the other meaning.

Re:Misuse of "begs the question"

[AnotherBlackHat]

Most people, like the poster, incorrectly assume that "begs the question" is the same as "answers the question".

I was taught that english rules are determined by usage, not the other way around.

If most people in the audience think an idomatic expression has a particular meaning,
then it does have that meaning.

I've seen "begs the question" used as a replacement for "immediately raises the question with a level of urgency that can't be denied"
far more often than any other usage.

English is a living language. Get used to it.

-- this is not a .sig

Re:Misuse of "begs the question"

[STrinity]

So you don't think there's anything wrong with people saying "I could care less" instead of "I couldn't care less" even though the former makes no sense?

Re:Misuse of "begs the question"

[gnu-generation-one]

"Most people, like the poster, incorrectly assume that "begs the question" is the same as "answers the question". This describes the proper use of the phrase."
Actually, that site's a bit of a cop-out, which doesn't really explain the logic, and suggests that you avoid the phrase if you don't know how to use it.

• What's the problem with saying "x begs the question..." when x is a scenario, and does indeed make you think of a certain question?
  
• How is "x raises the question..." any better, apart from sounding like you're trying to avoid the b word?
  
• What's the reccommended construction?
  
• If you choose to use the correct version, and somebody asks why you're such a pompous git, would it not be even more embarassing to not have a really good answer why one phrase is better than the other?

Re:Misuse of "begs the question"

[dumllama]

There's still value in consistancy, both within the phrase and between the current useage and original usage.

Unless there is good reason reason to change the meaning of a term, I prefer to stick with the original usage.

However, "Beg the question" is a strange phrase. Maybe we should just say "avoids the question" or "neglects the issue"... or something else that uses regular words.

Re:Misuse of "begs the question"

No. Just because your audience doesn't understand the language doesn't mean that everyone else has to change to suit those idiots. Misuse of language is misuse of language, regardless of how many functionally illiterate people disagree.

Re:Misuse of "begs the question"

[Kaki+Nix+Sain]

Also, by taking the place of the "old"/philosophy-class meaning, it hurts the reasoning process by reducing the salience of a common reasoning mistake. If the name of the reasoning mistake is corrupted and people thus don't know/think about that mistake they often make, then they are unable to watch for that mistake in their thinking and try to correct for it.

Re:Misuse of "begs the question"

[Damek]

What's your problem? Does "begs the question" not make sense to you? It makes perfect sense to me. The phrase is internally consistent within its context. Just like words, phrases can have multiple meanings. It can have your obscure meaning that few use or know about, and it can have the popularly accepted and used meaning. Relax.

Or is it more important to you that other people be thought of as idiots compared to you?

Re:Misuse of "begs the question"

[erroneus]

You know, ordinarly, "English lessons" citing prior comments or even the root comment are typically modded down here on Slashdot. I think it's a shame really.

There is nothing that makes a person appear more intelligent than the proper use of language. Even though there are times when it's annoying when people make the obvious mistakes such as the inappropriate use of "there," "their" and "they're" I think it is somewhat important that these errors are indicated often enough to teach the Slashdot reading public the correct way to write. Why? We're often writing to respond to comments and articles in other publications and also to our governing leaders and various companies we hate. Isn't it a good idea that we not write crappy English when we present our views?

Let's keep the flags of good grammar flying! I read the tips and advice myself even though I already write English real much gooder!

Re:Misuse of "begs the question"

makes no sense to you maybe..

"i could care less" => I don't even want to consider caring less because I care so little. Though I could...

Re:Misuse of "begs the question"

[canadian_right]

Actually, I think it is important to speak correctly and correct people when they misuse english. "Begs the question" is actually a technical term in formal logic. It has a special meaning that you should learn before USIBGthe term.

And "I could care less" is wrong, if you mean "I could NOT care less". I for one, am not going to speak sloppily and stupidly just because there are a large number of idiots in the world.

Re:Misuse of "begs the question"

[MorePower]

What is up with this "begs the question" thing? I mean, I know (and use) the 'correct' use of the phase, but the 'incorrect' use is more logical. The formal logic term should be "assumes the conclusion" or somthing similar, because there is no 'begging' going on. However, in the 'inccorrect' usage the statement or or situation does (metaphorically) 'urgently plea' for "the question" to be asked (satisfying one of the dictionary definitions of "beg").

Re:Misuse of "begs the question"

[SoTuA]

"i could care less" => I don't even want to consider caring less because I care so little. Though I could...

Bah, you're fishing for a way to make it sound right.

I could NOT care less => It is at the absolute bottom of my worry queue

Re:Misuse of "begs the question"

[crayz]

There's a difference between saying "that begs the question of why blah blah blah" and "you're begging the question"

The latter is declaring a logical fallacy, the former is simply a statement. It's already been established that "begs the question" has a perfectly valid and common definition of "begs", so how can the existence of the other form invalidate the first?

Finally, your "misuse english" is overstated, at best. The "correct" English you use is only correct because usage has made it so. You are obeying the rules that people decided on many years ago in favor of the rules people use today. Please get off your high horse.

Re:Misuse of "begs the question"

[Dwonis]

I was taught that english rules are determined by usage, not the other way around. ... English is a living language. Get used to it.

Yes it is. However, if people allow a language to change too quickly, then what you end up with is a large numbers of colloquialisms that basically form a new, incompatible language.

How useful is a programming language whose syntax and semantics are redefined on an annual basis? The same applies to spoken/written languages.

Re:Misuse of "begs the question"

[danielsfca2]

You are right that the poster used "begs the question" improperly, but I believe what the poster meant was that this article "raises the question," (as your linked article suggested) instead of "answers " it.

Re:Misuse of "begs the question"

[efflux]

You know, I usually take the exact stance that you are taking now. However, as this is a formal term, I will side with the purists on this one.

Moving on, what really defines a rule for language is when the linguists stop pissing themselves whenever you use a certain word, phrase, or construction. I think there are still a whole lot more fuckups that need to happen before that sense of "begs the question" is accepted. Granted, to a certain extent the deferral of acceptable usage to a grammatician relies on the population using the language to have granted the authority for such discrimination to begin with, but I do not believe it is a mistake to *have* given over such authority.

Re:Misuse of "begs the question"

[operagost]

Don't tell that to this jerk! He'll break out his Sword of HTML Code Ridiculing +3 on you!

Re:Misuse of "begs the question"

[LordLucless]

There is one major problem with this argument. Oh sure, it sounds wonderful and post-modern to say that meaning is in the mind of the hearer, but the problem is that it totally screws up the purpose of language.

The purpose of language is to communicate. If there are no hard and fast definitions on the meaning of words and phrases, then they become useless. If I say "baked potato", and my audience deomcratically decides I really mean boiled pumpkin, then I have no way of converying what I mean.

The English language is just like any other communications protocol; it has standard rules and usage. If I wrote a program that received HTTP requests, and responded to them based on what it "thought" the sender should mean, the program would still be totally pointless, even if I defended it by saying "But HTTP is a living protocol, man".

The English language still needs to evolve, and, of course, it will. There's no stopping it. But just because a language changes over time is no reason to chuck out the dictionary, abolish the semi-colon, and tell people that black really means white 'cause thats what people think it means.

Re:Misuse of "begs the question"

[Moofie]

It's poor writing, and that's all there is to it. You can make it mean anything you want it to, but any educated person is still going to cringe when they read it.

It's the same principle as spelling properly. Sure, your meaning gets across if you mangle every other word, but your point is less strongly stated than if you spelled properly.

People voted for Kennedy because he was pretty, and people judge you by the way you write. That's the way of the world.

Re:Misuse of "begs the question"

[Moofie]

Saying "x raises the question" illustrates to an educated audience that you are aware of the impropriety of misusing "x begs the question". That audience will appreciate your word selection. An uneducated audience won't care either way.

The educated audience probably has more money, and they are more likely to give you some of that money if you speak well.

Anybody who'd call me a pompous git for knowing what the hell I'm talking about is not worthy of my attention. And I DO have a really good answer for why one phrase is better than the other.

Re:Misuse of "begs the question"

[Tim+C]

What's the problem with saying "x begs the question..." when x is a scenario, and does indeed make you think of a certain question?

The problem is that it's not what the phrase means. I agree that it sounds like it means "makes you think of the question", but that's not what it means. Like a lot of things (incorrect usage of the apostrophe, poor spelling, etc) in English, it doesn't really matter - but it's wrong, and that irks some of us. Everyone has one or more pet hates; incorrect language usage is one of mine.

Look at it this way - lots of people here get their knickers in a twist over the whole hacker/cracker thing. This is just the same thing.

How is "x raises the question..." any better

Because it's the correct phrase, and you're actually saying what you mean.

If you choose to use the correct version, and somebody asks why you're such a pompous git

But they wouldn't, would they? They wouldn't know that you were correctly not saying "begs the question", unless they think that that's the only way of saying that. Otherwise, you're just using one of a number of phrases that mean (or sound like they mean) the same thing.

Personally, I don't see what the problem is. It's wrong, because it means something else. It's not like there isn't a perfectly good alternative, that's only a single sylable longer. Besides, from this definiton of beg, you can see that the phrase "begs the question" is consistent with definition 3b.

Re:Misuse of "begs the question"

I've read most of the replies to this comment and nobody has given a reason not use "begs the question" in this context. They've all said "It's used for something else." Somebody doesn't have exclusive rights on this phrase because it is an expression in logic. Somebody should give reasons for why this phrase is wrong, like "It doesn't match the definition of beg." It does match the definition from Webster's which is "to ask earnestly for"

Criticizing the use in this context is like telling somebody that they can't say "the cat's out of the bag" when their cat really is out of the bag. Words have definitions, phrases have meaning based on how we put together words. There is nothing wrong with the phrase used in the post

Re:Misuse of "begs the question"

Its really annoying when the newscasters who are supposed to know the language use this term incorrectly. I can understand when normal people who are not paid to speak use the term incorrectly but when people who are paid 100 000 + dollars a year use this term incorrectly it really pisses me off. But then again i am someone who gets irritated at the misuse of the term hacker and i am from canada. so i don't count.

Re:Misuse of "begs the question"

[Snowdrake]

Yes it is. However, if people allow a language to change too quickly, then what you end up with is a large numbers of colloquialisms that basically form a new, incompatible language.

Because of the length of time over which this generally occurs, I fail to see the problem. English as spoken today bears very little resemblance to English as spoken a thousand years ago; meanwhile, the language as spoken ten or even a hundred years ago is quite understandable. As technology advances and global communication becomes easier, the evolution of language should accelerate, and there's really nothing wrong with that as I see it.

How useful is a programming language whose syntax and semantics are redefined on an annual basis? The same applies to spoken/written languages.

I think I can answer your question by posing what is essentially the same question in a slightly larger scope: How useful is a medium whose standards and technologies are redefined on an annual (or more frequent) basis? (Confused? Consider these: HTML, CSS, XML, Perl, PHP, Java... you get the idea.)

Re:Misuse of "begs the question"

[aminorex]

But mutual incomprehensibility of dialect is
VERY useful sometimes.

Re:Misuse of "begs the question"

[aminorex]

> any educated person

I think you misspelled "effete pedant".

Re:Misuse of "begs the question"

[js290]

Irregardless...

Re:Misuse of "begs the question"

[Mr.+Slippery]

...the 'incorrect' use is more logical. The formal logic term should be "assumes the conclusion" or somthing similar, because there is no 'begging' going on.

Not when you understand the words. gnome-dictionary is your friend:

"Webster's Revised Unabridged Dictionary (1913)"
Beg:...4. To take for granted; to assume without proof.

Begging is assuming. The usage of this sense of beg is now rare outside of the phrase "begging the question", thus the confusion.

Re:Misuse of "begs the question"

[instarx]

Don't make the mistake of thinking that the small universe of slashdot is the entire universe of people who use the term "beg the question". Most users of the phrase know its correct meaning and use it correctly. Whether a result of youth or a less than stellar education in English skills, slashdotters are likely to misuse the phrase more than the general population.

If a person goes into a meeting and uses "beg the question" in a wrong way he is going to look merely uneducated to the other participants. If he then tries to rationalize his usage by claiming his definition is correct because English is defined by its usage he is going to look uneducated AND foolish.

Re:Misuse of "begs the question"

[instarx]

I work with educated people and I work with lawyers. Believe me, "educated" is NOT synonymous with "pedantic".

Re:Misuse of "begs the question"

Actually the correct usage makes a lot of sense. It's call "begs the question" because it "begs the question [why?]".
Using the previous quoted example, the speaker is begging the question "Why the painting is obviously worthless?".

Re:Misuse of "begs the question"

[instarx]

Most of the arguments here in favor of the misuse of the phrase are based on the assumption that common usage overrides the defined usage of a phrase. An example would be instructing someone to "dial the phone". By popular usage this phrase is considered correct even though phones don't have dials any more.

The fallacy in this type of argument is that the phrase is usually used correctly - just not on slashdot. In the real world it is generally used to mean "avoid the question by answering another one", as it should be.

It is conceivable that a non-standard use of a phrase might come to be correct in a small population such as slashdot, in which case it would be classified as jargon. However, "begs the question" isn't even close to that level even on slashdot, much less in the general population.

Re:Misuse of "begs the question"

There is nothing that makes a person appear more intelligent than the proper use of language.

Well, aside from actually being intelligent.

Perhaps your statement would be more correct if reversed: There is nothing that makes a person appear more ignorant than misuse of language.

Re:Misuse of "begs the question"

[yakovlev]

The fallacy in this type of argument is that the phrase is usually used correctly

I doubt that. I honestly doubt MOST people have been exposed to enough logic to even be able to understand the true meaning of "begs the question" without some effort.

I suspect this more realistically approaches being philosophy jargon. However, since philosophy is in the humanities, its jargon is considered to be the "correct" definition, and everyone else is wrong.

Re:Misuse of "begs the question"

[instarx]

I don't think people have to understand the logic of a phrase to use it correctly. I certainly don't know the etimology of "begging the question!" Just as one doesn't have to know the origins of "skid row" to know it is the seedy part of town, one doesn't have to know the ins and outs of 'begging the question' to use it correctly.

Although BTQ is probably more of a debating term than anything else, I think it is a fairly common phrase. I don't hear it every day certainly, but I do hear it several times a year when someones attempts to evade a topic or issue and they are called on it (and I'm not even in academia). The only time I have ever heard it used incorrectly is here in slashdot.

However, I suspect that neither you nor I will be doing any scientific polling to find out the percentage of real people who know how to use the phrase correctly, so we'll probably not get that one resolved.

Thanks for the comment.

There... I said it.

[ericspinder]

I don't think that I am stepping outside of the "group think" of Slashdot when I say "Secure systems are more secure with open and accessable standards and code which will verify that they are indeed secure". Furthermore, "Security is not inhanced by elimating the freedom of discussion"

Re:There... I said it.

[yourmom16]

Open source is not the solution. It is difficult to prove that the code being run is the same code you have source for. Open source's openness is good when you install it on your own system, but here you can't compile it yourself(allowing people to do so would be a huge security hole, as they could use a version that counts their vote 1000 times or something).

Re:There... I said it.

[modecx]

It is difficult to prove that the code being run is the same code you have source for.

It is, huh?

I happen to disagree with you.

If the source is distributed openly, anyone is free to compile it. Compile it with the same compiler versions, with the same make files, same parameters, same everything, and you're going to get an identical binary.

If everyone MD5 Checksums the source, their binaries, and the machines checksum their binaries on runtime, everything is going to match up. No matter what--and if things don't look kosher, it's a giant red flag that someone needs to pay attention to.

Everyone should be allowed (and encouraged) to compile it and disect it to their heart's content, and otherwise find weaknesses and even break it before it's ever used to declare a winner.

If the method will fail because someone has very good understanding of the process, then it will fail for the same reason if it's a closed system; all it takes is for one of the damn things to go AWOL.

Of course faith is more important!

[SoTuA]

Better ten buggy e-voting software go free, than a good one have it's faith undermined.

What do you mean, the software is used to decide the next president?

Its important alright

[Timesprout]

Public faith in the integrity of the electoral system is vital if democracy is to be successful. If one of the vital components of the electoral system is flawed then the public can have no faith and the system cannot work.

Re:Its important alright

[Detritus]

Everything is flawed. There is no such thing as a perfect voting machine. The question is what is an acceptable level of risk.

Re:Its important alright

The general public might have faith in the system as long as their bellies are full and someone keeps telling them this issue is blown out of proportion.

improper use of begging the question

[Zebbers]

-50 points
thank you
have a nice day

Foundations of democracy

[Space+cowboy]

The adage "one (wo)man, one vote" is one of the founding principle of any democracy. Similarly "No person, be (s)he so great or so small shall count any more or less than any other."

With such powerful statements as the above, how can the reliability of the voting system be allowed to be suspect. I can't think of anything more demoralising to a voter than the thought that the "system" might just lose that person's vote. Or make it up. Or get it wrong. Or ...

You need to have a faith that "the system" works, in order to work within the system. Take a look around the world where it's failed...

With that in mind, then how can anyone who draws attention to a flaw in "the system" be villified ? Only by those with a vested interest (be that they are then open to charges of incompetence, that the system favours them, whatever) in the status quo.

I say "For shame". And I direct it not at those exposing flaws. I don't care, by the way, whether it's an electronic system or a manual one - it's the principle here that counts.

Simon.

Re:FIRST POST FOR GENTOO USERS!!!! HAXOR ON DOODS!

sorry, you fail it. Should have done an emerge sync && emerge -u world last night, your first post would be up to date, but nooooo, you had to do it before upgrading...

Maybe

[Robber+Baron]

"Is public faith in the system more important than overall system security?"

Maybe...since "democracy" is an illusion anyway, maintained by those with power to give those without power the illusion (or delusion) that they actually have a say in what goes on...basically to keep them pacified. Maintaining that illusion better suits democracy's real purpose more so than blowing the whistle on technical voting "irregularities". Make no mistake: Those irregularities, coupled with influence peddling and all the other mechanisms that result in only carefully scripted "decisions" have existed long before black-box voting reared its ugly head. "The will of the people" is a myth.

Re:Maybe

The will of the people is a myth until they show up in masses in front of your seat of government.

Re:Maybe

until they show up in masses in front of your seat of government.

that's what machine guns and crack troops are for.

Re:Maybe

[bj8rn]

"People" is just a myth in itself. There's no such thing as "people" and they don't have a will, they don't know what they want (I don't know what I want. do you?).

Now, masses are a different thing. They might even know what they want, or at least what they all want at that particular moment. But as soon as the revolution or the riot is over, the masses turn back into "people" again.

Re:Maybe

[Peaceful_Patriot]

"The will of the people" is a myth."

I hope not yet. It gives me hope to see outsiders gain momentum, much to the dismay of the party big wigs which pre-select the candidates we are supposed to choose.

A recent example of this is the explosion in supporters for Dean who has risen through a grass-roots energization of the Democratic party. Suddenly this nobody is the frontrunner, and will probably be taking on GWB & Co. next year. This is completely against the will of the official Democratic Party, who had already annointed Gephart and Kerry.

Democracy is not completely dead in America. I feel very lucky that Diebod exposed their stupidity or bad intentions to the world through the accidental posting of internal documents and source code. Just think if this had never come out. The ability to rig elections untracably, secretly hidden away in the closed, propriatary source which no one can see.

We might have gotten lucky. Perhaps we have bought a few more years before 'they' can come up with a new plan for world domination.

Perhaps public faith is better

[c4ffeine]

In my opinion, public faith may very well be better than a system that we think works. There are flaws in every system, some of them inserted deliberately. With flaws as egregious as Diebold's, we (or anyone) can probably use the flaws to fix the massive errors and possible cheating. OK, I know, this sounds idealistic, but someone will always try to rig e-voting, might as well make it easy to be fixed/counter-rigged.

Uhhhh...

[jeffkjo1]

Is it better for security researchers to avoid publicly criticizing e-voting flaws? Is public faith in the system more important than overall system security?"

Is this a trick question? Is Slashdot being controlled by e-voting Nazi's who hope to find out those that are skeptical so they can come to their houses and force feed them e-voting propaganda?
Oh well, the answer is NO!!! Security through obscurity DOES NOT WORK!!!

Re:Uhhhh...

[gnu-generation-one]

"Is Slashdot being controlled by e-voting Nazi's"

Is slashdot composed of people who know how easy it is to type:

for(1..1000){ `wget http://polls.slashdot.com /polls?poll=1543&answer=cowboyneal`;}

--
delete * from votes where result=12 and (rand() < 0.01);

Re:Uhhhh...

[worm+eater]

The issue isn't about security through obscurity. I think everyone agrees that the system should be secure by design (although people seem to disagree about what constitutes secure design). The issue is whether a widespread public perception of the flaws of the system would damage people's faith in the system, thereby decreasing voter turnout.

While I think this should be a concern, I really don't think that we are at the point of these e-voting articles actually having a negative effect on the number of voters. There honestly has not been all that much bad press for the e-voting industry, when you compare it to other political issues. At the same time, is this guy supposed to lie in court just to keep a few people from becoming disenfranchised? He's not a jouralist. It isn't his job to decide what people will think of his research. It's his job to determine how secure the system is.

Re:Uhhhh...

[yourmom16]

Try voting twice. It won't let you do so from the same IP address.

Re:Uhhhh...

[Moofie]

Stupid free speech.

I'd rather not vote, than have my vote hijacked. If I can't trust the system, I will not use it.

Re:Uhhhh...

Is this a trick question? Is Slashdot being controlled by e-voting Nazi's

No, it's:

irony
n. pl. ironies

1.
a. The use of words to express something different from and often opposite to their literal meaning.
b. An expression or utterance marked by a deliberate contrast between apparent and intended meaning.

Re:Uhhhh...

[gnu-generation-one]

"Try voting twice. It won't let you do so from the same IP address."

Answer A: Alive-proxy - 613620 proxy servers in database, of which 15550 Anonymous, and 298070 Transparent

Answer B: many people have easy access to 65,000 IP addresses; I know we have that many at work, and all but 300 are unused.

Re:Uhhhh...

[yourmom16]

yes, but its slightly more difficult than that for statement.

You don't have to trust - know thy facts

[ptaff]

They're telling the public: Don't trust them, don't trust the voting equipment.

Is public faith in the system more important than overall system security?

The trouble is with that 5-letter word: faith. Anything that handles data in an obscure way (read closed-source) relies on user's faith.

Anytime you start a closed-source program, faith in the coders/packagers is what makes you believe that nothing will go wrong. You can't double-check anything; if source is available, you don't need faith: just read the code. I guess for the majority it's the same: they don't understand so they must have faith in those who do.

But I feel it's just like a car: most people don't understand the inner workings - but they wouldn't buy one on which the hood is sealed.

Re:You don't have to trust - know thy facts

[wirelessbuzzers]

But I feel it's just like a car: most people don't understand the inner workings - but they wouldn't buy one on which the hood is sealed.

Yeah, that would play havoc with the air intake...

Re:You don't have to trust - know thy facts

[Lost2Home]

Anytime you start a closed-source program, faith in the coders/packagers is what makes you believe that nothing will go wrong.

While open sourcing these e-voting systems is a good first step, it is not a solution. Taking the skepticism one step further, how do you know that the source you have seen generated the binaries installed on the voting machine? What about the system collecting the reports from all the e-voting machines?

The only viable system is one that produces a human readable copy of the completed ballot (can optionally also have a bar code to be machine readable). These ballots can then be used in recounts or to spot check the accuracy of the machines.

The Diebold systems provide no way to verify that they have accurately recorded the votes. Therefore regardless of any software changes or open sourcing, these machines are fundamentally flawed and need to be redesigned.

Re:You don't have to trust - know thy facts

[Lord+Kholdan]

The trouble is with that 5-letter word: faith. Anything that handles data in an obscure way (read closed-source) relies on user's faith.

Take the position of joe average. You get your hands on the source code. Do you think it is NOT obscure?

E-voting should fail because it cannot be directly trusted or checked by majority or even a large minority. Would you trust your vote on the exclusive hands on $profession that has agendas and attitudes that are easy to see? If not, why would you require it from everyone else?

Re:You don't have to trust - know thy facts

[jcr]

The trouble is with that 5-letter word: faith

Exactly.

Faith is belief in the absence of evidence. Sometimes, it's even belief in spite of contrary evidence.

What we should have is confidence, not faith.

-jcr

Re:You don't have to trust - know thy facts

[yourmom16]

I guess for the majority it's the same: they don't understand so they must have faith in those who do.

I would prefer to trust a larger group not chosen for their political leanings, or lack of trustworthiness, than a small group that may have been chosen for those reasons.

Is this even a question?

[maan]

This begs the question: Is it better for security researchers to avoid publicly criticizing e-voting flaws? Is public faith in the system more important than overall system security?

Is this really a question that needs to be asked? Are you asking that for the sake of democracy, is it better if the people don't know everything? At first I thought this question was ironically posed, but now I'm fearing that it's not.

I really don't see why in the world the people responsible would want to shush the researchers, other than to hide something they don't want uncovered. As hard as it is for the people that are trying to get the message out that these voting machines can't be trusted, I hope they continue doing it until this whole mess is over and a reliable voting system is put in place.

Maan

Re:Is this even a question?

[h4rm0ny]

Is it better for security researchers to avoid publicly criticizing e-voting flaws? Is public faith in the system more important than overall system security?

There are two sides in this battle - those who may benefit from not fixing flawed voting practices and those (as present in vast numbers on Slashdot) who understand these flaws and attempt to get them fixed.

Trouble is, one of the few pressures the second group can exert on the first group is that of public opinion. Spreading awareness of these flaws is the most effective way for Slashdot types to force change. They wont care for potentially costly (or rig-spoiling) changes just because one programmer points out a flaw.

Of course publicising these flaws is a good thing!

Disservice?

[nsxdavid]

How in the world can you do a disservice to democracy by highlighting a new voting technqiue that is plauged by insecurity and potential for fraud? In fact, what he is doing more service to democracy than anyone alive. It's the people who think their jobs are on the line for some questionable calls that are doing democracy a disservice. With all due respect to their opinion, I don't really care if this makes some election official look bad. Perhaps the professor should be heard and the problems he highlights investigated. A lot of this technical stuff is not all that subjective. Here's an idea, have Cusomer Reports subject the e-voting machines to their usual array of scrutiny (they'll need experts of course). That sounds fun. :)

morons see, hear, smell, no evile?

kind of LIEk va lairIE/robbIE's stuff that matters slowgun, & their whoreabully infactdead (& obviously, still broken) PostBlock(tm) commeNT censoring devise?

you won't be needing any phonIE corepirate nazi FUDgePacking devices/?pr? ?firm?hypenosys /.puppets to determine which way the wwwind is bullowing at gale force/farce?

that's right, this stuff is unbreakable, wwworks on several (more than 3) dimensions, & requires no 'BiG scIEnce' FUnDing.

'big science' will have to 'discover' it's conscience before it can tap into this stuff.

Two programs got the nod, so far. The top priority is planet/population rescue. Other goals mandated include the permanent disempowerment of unprecedented evile, & assurance that the planet/population is around to enjoy the gnu millennium of open/honest communications/commerce. Your grandchildren will survive to produce additional uses for the powers that are rescuing us from the greed/fear/ego based life0cide, as the lights come up...

consult with/trust in yOUR creator... get ready to see the light. there's never a cover charge/subscription fee. see you there? tell 'em robbIE?

even more corepirate nazi schemes eXPosed?

& what dispositions are to be considered for the felonious payper liesense softwar gangsters as they are rendered invalid, & more&more of their phonIE stock markup scams are known? maybe they'll 'release' linus, & put fuddles et ALL, in prison.

then, let's say fuddles IS the greed/fear/ego based massturdmined softwar gangster bankrolling the phonIE ?pr? ?firm? scriptdead attacks on the hobbyist dogooders. can we say fud wants more, has a conscience deficit, & no regard for the public/his hostages? we could easily say that.

talk about fauxking wags?

nothing gnu about this phonIE ?pr? ?firm? softwar gangster scriptdead crud:

http://www.google.com/search?hl=en&lr=&ie=UTF-8& oe =UTF-8&q=microsoft+%22bill+weisgerber%22&btnG=Goog le+Search

http://www.google.com/search?hl=en&lr=&ie=UTF-8& oe =UTF-8&q=microsoft+%22sanjay+ahuja%22&btnG=Google+ Search

http://www.google.com/search?hl=en&lr=&ie=UTF-8& oe =UTF-8&q=microsoft+attacks+linux+open+source&btnG= Google+Search

wag on at: http://www.trustworthycomputing.com

felonious softwar gangster execrable hired goons?

what else could it be?

here is where the bitch works

http://www.mdarchives.state.md.us/msa/mdmanual/25i nd/html/30elect.html

Ignore that man behind the curtain.

[Ungrounded+Lightning]

Mrs. Lamone was highly critical of Dr Rubin's testimony, stating that he was doing 'a great disservice to democracy. They're telling the public: Don't trust them, don't trust the voting equipment.'

"Ignore that man behind the curtain."

(Or should that be "Ignore the guys sneaking up behind you with the net."?)

Yes, they're telling the public to distrust the voting machines. And in the short run that may destabilize the nation - slightly.

But distrust of something untrustworthy is appropriate - especially when letting it be corrupted can literally lead to tyrrany and war, while FIXING it so that it is verifiably trustworthy is trivial.

Of course that means the decisions of Mrs. Lamone's department (no doubt those of Mrs. Lamone) might be criticised, and her state be required to spend more money to upgrade or replace the devices they selected. Bad for her carreer path, eh?

Re:Ignore that man behind the curtain.

Her idea of democracy is ludicrous. Democracy should be based on people being knowledgeable, critical and sometimes suspicious.

It seems that there exists a number of people who think that democracy should have something to do with trusting your leaders, and I cannot begin to imagine how such people actually get to be in any important position in any sane country.

Not a fair question

[salesgeek]

This begs the question: Is it better for security researchers to avoid publicly criticizing e-voting flaws?

The answer is pretty straightforward: NO. Security researchers and other whistle blowers serve a valuable role in public. This isn't even an interesting question. A more suitable qustion for discussion is:

* Why is the incumbent party in power supporting untrustworthy voting machines?

* Why would someone oppose a simple request for accountability being built in to our democratic process?

* How is it so difficult to see there is an opportunity to create the worlds possibly first trustworthy election system? All we need is a paper backup...

Re:Not a fair question

[YrWrstNtmr]

Q: * Why is the incumbent party in power supporting untrustworthy voting machines?

Q: Why isn't the opposition party making more of a stink about these untrustworthy machines?

A: They're both clueless.
Alternate answer: They're both looking at how to rig future elections in their favor with these incredibly flawed systems.

Re:Not a fair question

[Free_Meson]

A: They're both clueless.
Alternate answer: They're both looking at how to rig future elections in their favor with these incredibly flawed systems.

Or, perhaps more likely, one is clueless and the other is looking at how to rig elections. Why you think both parties see this issue the same way is beyond me, and not terribly logical. While the parties in the U.S. often want the same things, they often want them for different reasons.

Re:Not a fair question

[YrWrstNtmr]

Why you think both parties see this issue the same way is beyond me, and not terribly logical.

Both parties do want the same thing. They want to win. Anything else comes after that.

Who has the degree in computer science?

[tinrobot]

Mr Rubin or Ms Lemone?

Ok, now that we have that settled, this woman has no idea what she's talking about and yet she's running the system. This is one of the MAJOR problems with e-voting. Everyone running the show has absolutely no clue. This makes it ripe for fraud and abuse.

I say we go back to a form of voting that even a five year old can understand - paper and pencil... or paper and crayon... because five year olds like crayons.

Remember, when dealing with children -- Keep it simple.

Suppose it were the steering wheel of your car.

[RealProgrammer]

I'd rather have someone write about the flaws ahead of time than discover them by their results.

Information will find its way out, one way or another.

Re:Suppose it were the steering wheel of your car.

the flaws ahead of time than discover them by their results

As happened in Florida. If not for the butterfly ballots, there wouldn't have been a surge in "Buchanan" voters and there'd be a President Gore. Alright, maybe he would have renamed the Internet YesIReallyCreatedThisNet, but do you think he would have strutted around a fucking flight deck with "Mission Accomplished" behind him while people who are serving their military service (instead of skipping out on Air National Guard service to go skiing like he did) die every day?

Doubt

[Nucleon500]

This begs the question: Is it better for security researchers to avoid publicly criticizing e-voting flaws? Is public faith in the system more important than overall system security?

Obviously, for e-voting to function, there can't be any suggestion of fallibility. After all, what good is a voting system that instills doubt? It may be reasonable, but it's still doubt.

General Question about e-voting

[Fux+the+Penguin]

I read Slashdot every day. There seems to be an e-voting story about once a week, and it's always cast in an "e-voting is evil/impossible/flawed/broken/corrupt" light. I was wondering...is there any argument FOR e-voting, from a pro-technology, pro-democracy standpoint?

Does anybody out there support e-voting, and, if so, why?

Re:General Question about e-voting

[JayBlalock]

It's not e-voting itself we're against (generally), it's the incredibly flawed implementation which Diebold and its ilk are pushing. I don't know about everyone else, but give me an e-voting system with transparent code and which produces a paper verification \ backup ballot when you vote, and I'll have no problem with e-voting.

However, having a black box which can do anything with your vote it likes, provides no verification of vote cast, and is completely open to manipulation - THAT I have a problem with.

Re:General Question about e-voting

[master+control+progr]

Sure, a properly implemented (read: open, with an audit trail) e-voting system has tremendous upside.

Consider: a nice big touch screen to select your choice (no confusion. Put your finger on your candidates picture to cast your ballot) and fast, accurate results (accuracy trumping fast, IMHO).

Re:General Question about e-voting

[Andy_R]

That's not the impression I get from the articles. All the articles seem to be targetted at specific bad implementations of e-voting, not at the concept itself.

I guess the good e-voting systems don't really warrant much coverage? After all, 'press a button to increment a variable' isn't really groundbreaking tech to do properly.

Re:General Question about e-voting

[Steve+B]

Diebold et al are discrediting the entire concept of electronic voting with their refusal to address problems and (especially) their refusal to provide a paper audit trail.

The latter is particularly damning -- they'd make MORE money by selling printers along with electronic voting machines, after all, so one naturally wonders about hidden agendas.

Re:General Question about e-voting

[Sigma+7]

I was wondering...is there any argument FOR e-voting, from a pro-technology, pro-democracy standpoint?

There is: It's called a proper implementation. The various arguments condemning E-voting that appear all around are simplistic "four legs good, too legs baa-aa-aa-ad" style of arguments that ignore successful implementations.

For example, the city of Ottawa recently held elections using E-Voting, without any of the problems that get mentioned with E-voting: You are given a scanatron card where you fill in bubbles with your scanner. After making your choice, you place the ballot in a privacy sleeve and put it into the scanatron. The vote gets tallied and a paper trail remains in case an audit is needed.

The only "irregularity" is that the three terrible candidates (sorry, no names) on the list got over 1000 votes. I could understand one reaching this value as being a fluke, but all three indicates something is wrong - It indicates that 2% of the voting population is either anti-bilingual, wacked with strange delusions, or a white supremesist (and yes, this inference is based in publically available information about those candidates.)

Re:General Question about e-voting

[Steve+B]

The only "irregularity" is that the three terrible candidates (sorry, no names) on the list got over 1000 votes. I could understand one reaching this value as being a fluke, but all three indicates something is wrong - It indicates that 2% of the voting population is either anti-bilingual, wacked with strange delusions, or a white supremesist (and yes, this inference is based in publically available information about those candidates.)

Frankly, it would be surprising if only 2% of the Anglo-Canadian population is sufficiently irritated with the Quebecois to vote against bilingualism. I presume that the baggage from the other two suppressed their votes below what they'd have gotten if they'd stuck to that issue.

Re:General Question about e-voting

[Crash6-24]

The general public is being told about security flaws in the voting software. At the same time another Windows virus/exploit makes the news. M$ spreads FUD about how Linux has security holes. So why would anyone want to trust this black box, be it Linux, Windows(R), or Brand X powered? The benefit I see is lessening the time to count the votes. But the voting laws were established in a time of paper ballots when it was OK to take weeks to do the counting and months could pass before the winner took office.

The security protocols, at least here in Washington State, are set up for paper ballots. The police deliver the empty ballot boxes to the voting site; witnesses from each political party at the polling place verify that the box is empty,who signe in to vote, and that the ballot was placed in the box. The county sheriff picks up the ballot boxes and delivers them to the counting site. The ballots are available for a recount. An ordinary person can understand the security procedures and how many people have to be corrupted to alter the results. Not so with a black box from a vendor chosen by the party in power...

Re:General Question about e-voting

For example, the city of Ottawa [ottawa.ca] recently held elections using E-Voting, without any of the problems that get mentioned with E-voting: You are given a scanatron card where you fill in bubbles with your scanner. After making your choice, you place the ballot in a privacy sleeve and put it into the scanatron. The vote gets tallied and a paper trail remains in case an audit is needed

Yes, but Canada does everything better than the States. You expect a new system to be implemented in the US without it being turned into some kind of keep-the-big-corporations-happy "solution"?

Just apply common testing procedures

[blair1q]

There's no reason not to perform an ordinary round of safety and reliability testing on this system. It's obvious they did nothing other than casual alpha and beta testing, with no code inspection, no robustness, no structural coverage, and no documentation of faults.

They don't even follow the laws when taking machines out of service to be repaired at the polls.

It's not worth discussing the merits of the current machines. They have none.

Resolves to...

ppp-67-37-26-36.dialup.wotnoh.ameritech.net

so?

Best quote

[thelenm]

Probably the best quote from the whole article: "I thought he was far more credible than I thought."

Trust by Obscurity

[Dareth]

Trust by Obscurity will never work to convince people with a background in computers. However, it is sad that people can argue about "hanging chads" but seem to trust that computers are impartial and never wrong.

Then again if we inform people that even discounting corruption and other problems, that a simple "off by one" error can greatly change the results they may never trust us, the computer development community, to do anything significant again.

All said and done though, since this seems to be a Republican plot, and I am a registered Republican, I want to be first to say this.

I Welcome Our New Republican Electronic Voting Fraud Elected Overlords

Re:Trust by Obscurity

[instarx]

Well I'm not Republican and I don't want to hear Bush or Cheney screaming All your votes are belong to us! in 2004. :-)

Heh... "e-Voting expert" ?

[Bowie+J.+Poag]

Ok, i'll bite..

Just how, exactly, does one become an "e-Voting expert"?

"Yes, your Honor, I have 3 years experience in the field of poking. I was a Poking major in college, and belong to a number of internationally-recognized poking, pointing and clicking consortiums. During my years at McDonalds, I logged a total of over 40 hours a week poking screens for nearly two years before leaving to pursue other career opportunities (fry clerk)."

WTF?

Re:Heh... "e-Voting expert" ?

[smitty45]

I'm gonna go out on a not-too-long limb and say that he's a 'e-voting' expert because he's done, written, and published investigations on electronic ourvoting techniques, devices, and related technology in the past.

Your welcome in advance for leading you to such a huge stretch of understanding and logic.

Re:Heh... "e-Voting expert" ?

[t_allardyce]

Its actually a very difficult area of computing, far more complex than designing deep space probe software, 3d graphics engines and nuclear simulations, we're talking here about counting how many people vote for one person!

Re:Heh... "e-Voting expert" ?

[smitty45]

yeah. it definitely doesn't have anything to do with any sorts of silly physical security analysis, internal code audits, cryptography, reverse engineering, or investigation of design choices that include encryption algorithms, physical media, or network media and access controls.

nope. it's only about counting votes.
rriiiiiigggghhht.

Re:Heh... "e-Voting expert" ?

[bjtuna]

I took Dr. Rubin's class in my final semester at Hopkins. He's an evoting expert indeed; his primary field of research is the development of secure and trustworthy electronic voting methodologies. He understands network security and trust issues and how they relate to electronic voting.

This is a much more complicated issue than most /. trolls believe. I've written on this subject before; see the following link:

http://slashdot.org/comments.pl?sid=72311&cid=6524 117

Re:Heh... "e-Voting expert" ?

[Bowie+J.+Poag]

Puhlease.

Did you have a tamping iron go through your skull or something?

Re:Heh... "e-Voting expert" ?

[smitty45]

did you have an retard sandwich for breakfast ?
http://avirubin.com/vote/

I thought chads were

[unassimilatible]

a great disservice to democracy. Now they are trying to improve on punchcards, and that's a disservice.

Will the argument go:

2000 - "Bush stole the election with punchcards. The people need e-voting!"

2004 - "Bush stole the election with e-voting. The people need punchcards!"

You know people, e-voting might not be foolproof, but punchcards are easier to hack. Any al Qaeda can walk into a DMV in California and ask for a voter's registration card, and voila!

Hacked.

Re:I thought chads were

[tinrobot]

I think what I'm starting to see is that - at least in the case of voting, low-tech is the only solution.

Punch cards have problems, OCR has problems, touch screens have problems.

Pen and paper? No problems.

Plus, it's cheap.

Re:I thought chads were

[ph43thon]

boring, boring, boring troll.

Re:I thought chads were

[Geeyzus]

You know people, e-voting might not be foolproof, but punchcards are easier to hack. Any al Qaeda can walk into a DMV in California and ask for a voter's registration card, and voila!

Hacked.

What are you talking about?

Let's say what you are saying is true (which I doubt, unless the person you reference is a U.S. citizen, in which case it's not a "hack", it's a legitimate vote). So this terrorist group member gets one vote to the party of their choice. Big deal? Plus in the U.S., there is no problem with a U.S. citizen voting for his choice regardless of motivation.

If you have access to the vote DB however, you can change thousands of votes easily and efficiently with no trail. There is no way to do that with a paper voting system like punch cards or anything else, unless the person in question has access to a huge stack of punch cards or something. And even then, you aren't changing votes, you are adding more votes, which is way easier to detect.

Mark

Re:I thought chads were

[mcc]

I don't know, most of the people I've been hearing complaining, it's been closer to:

2000 - "Bush stole the election with punchcards. The people need pieces of paper and pens where you circle the option you want!"
2004 - "Bush stole the election with e-voting. The people need pieces of paper and pens where you circle the option you want!"

Punchcard machines have an unacceptably high margin of error. E-voting machines have an unacceptably low level of trust. These two statements are not contradictory, especially when you consider there are options that involve neither punchcards nor electronic vote storage.

punchcards are easier to hack. Any al Qaeda can walk into a DMV in California and ask for a voter's registration card, and voila!

What does voting registration process have to do with voting process? If california doesn't properly check to see if the person attempting to register to vote is permitted to, that's going to be exactly the same problem whether they use electronic voting machines or punchcard voting machines or, well, anything else.

Public faith is important

[rknop]

Public faith is important. The first step to that faith is a system which deserves it.

-Rob

Civil Disobediance?

[tinrobot]

Not that I'm advocating it, but I see a lot of people getting very angry about this issue. I can see this debate getting to the point where some group of angry citizens finds a way to disable or mess up the voting machines. Might be as simple as going into the booths and smashing the touch screens or better yet, something more clever, such as a hack that puts up Abe Lincoln as a candidate or something.

I can see the irony of all e-voting machines being technically disabled and people actually having to vote with pen and paper. Would certainly be a good story for the evening news...

Re:Civil Disobediance?

[JayBlalock]

Bad idea. Under post-9/11 laws, that could get you declared a terrorist and we know what happens then. I wouldn't trust our current government to understand the difference between civil disobedience and malicious tampering.

Re:Civil Disobediance?

maybe we should just have another civil war only better cause now we have nachine guns and tanks and airplanes and rocket launchers, nuclear weapons and etc...

Re:Civil Disobediance?

The US military still gets paychecks signed by Uncle Sam. Don't look for them to turn their firepower against their own command as long as the checks clear.

Trust...

[curunir]

Is public faith in the system more important than overall system security?

Faith is completely unimportant. Trust, on the other hand, is incredibly important. Faith is blind trust which is only important when the belief is not verifiable (think religion...you can't prove god exists, but you could have faith that he does.) Since e-voting is, at least, somewhat verifiable, faith shouldn't apply.

As the saying goes, "trust is earned." The only way to earn trust is to answer your detractors arguments to prove that your system is secure. You can be trusted once your detractors have no more valid points.

technology allows higher standards

[fermion]

Democracy depends upon the trust of the people who matter that their concerns are going to fairly represented. Voting is one way that concerns are represented. As long as voting appears to be fair, then democracy can function.

Which is the argument against security researchers publicizing problems in any voting system. This is especially true if the new voting system is at least as fair and secure as the system to be replaced.

However, the standards for 'fairness' are increasingly strict. Many in the US now want to count every single person, no matter how poor, dark, or uneducated that person is. Such inclusive counting keeps people content while not changing the political landscape all that much, as the elite have other ways to control the landscape. Furthermore, as more people become educated they want access to the public process. Since the educated have the power to disrupt, their concerns matter and should be addressed to protect the peace which is so critical for economic well being.

Additionally, technology allows increased trust in our system. One good example is fingerprinting. Genetic matching brought up issues of the trust and reliability in the technology used to identify suspects. The courts ruled that any technology used in the courts must be reliable. This brought up the question of whether fingerprints are reliable. Though they have been used for a long time, and though a full fingerprint is reliable, the partial prints may not be. Even though they satisfies the standards of the past, they may not satisfy current standards.

Voting may be a smilier case. A higher level of reliability is possible, so it mandated that the possibility be realized.

False Choices

[Doc+Ruby]

Is public faith in the system more important than overall system security?

The most important aspect of the public's relationship to voting is trust. Universal suffrage does not employ all the people in choosing our leaders because "100 million heads are better than one". To the contrary, "None of us is as dumb as all of us". Voting is a method of demonstrating consensus of the governed, so it's easier for us to accept the elected. With the beating administered to their constituents' trust by politicians ever increasing, trust of the elections must be increased to compensate, to allow us to be governable.

We don't have to choose between trust and security. Just read that sentence again; choose between trust and security?! Security REQUIRES trust. This goes beyond the modern either/or fallacies of the excluded middle, like "those who would choose a little temporary security at the expense of liberty" who would neither deserve nor get either security or liberty. When you look at the torrent of these fallacies coming out of politicians today, you've got to wonder "where is this coming from"? They're adults, haven't they learned to see through that simple trap? Or is it just contempt for the public that frames these false choices? America is the strongest country in the world, because of the variety of choices we create, then choose. To throw that away over every security issue is to choose the path to doom. Why do they hate America?

being forced to use a system you dont' want to

[JimBobJoe]

Disclosure: I'm a precinct poll-worker.

I find myself more and more irritated with the idea that, even if a system is approved, then I would still be forced to use it. Seems to me that's not in the best interests of democracy. If I went into the polls one day, saw the machines, I should be able to say "to hell with them...I'll just write my votes on a ballot and give it you people."

I say that one way to improve the system is to lobby state legislatures for the ability to opt-out from using the machines and cast a paper ballot. By always having that option available, security is under stronger examination, since the machines are in competition with paper.

Security is a secondary concern

[symbolic]

Security, as most geeks know it, is an issue, but it's an issue because it speaks to a much larger concern: the overall integrity of the system- it is this trait that should worry anyone interested in maintaining a democratic form of government. In other words, it's not that the system is insecure, it's that it's lack of security, in addition to the lack of controls over modifications to the software, hardware maintenance/administration, etc., poses a substantial threat to the integrity of the voting process, and this is why e-voting should be scrapped (at least in its current form). Maybe this is just a semantic game, but referring to the lack of integrity moves it out of the technical realm, and gets at the real issue, which I'd argue, can be more easily understood.

Voting in a democracy...

[TREETOP]

Consider this: If the American people are so blind as to ignore the obvious problems with these e-voting machines, then they DESERVE whatever form of government corruption they end up with. We have a valuable lesson to be learned here. Fox news is beginning to pick up on this. Lets hope that the media bcomes quite loud in the coming months about the discrepancies and the "changes" made to these machines during and immediately after some recent elections. If these machines could be hacked, or changed, then I would submit that they are NOT viable as an alternative to conventional voting machines, be they mechanical or punch-paper cards. I would suggest that we keep the voting process as simple and straightforward as possible, and that we utilize our current methods for counting and recording the votes. No matter how complex it becomes, the voting process must be overseen by a responsible party, one that can be criminally prosecuted for fraud, should it become apparent. Since no electronic method is 100% secure, I would suggest that we disallow those methods. Now it's up to you, the people. Do you want someone else telling you how you voted before you vote?

Re:Voting in a democracy...

[quacking+duck]

If the American people are so blind as to ignore the obvious problems with these e-voting machines, then they DESERVE whatever form of government corruption they end up with

I agree with the rest of your comments but not your opening statement, and I'm not even American.

If it was some backwater country that had little ability to affect its neighbours, and the people's apathy let a tyrant get into power, who then screwed over the people, that's another story.

But like it or not, the US is one of the biggest influences in the world today, capable of, among other things, waging a major war halfway around the world with or without consent by the UN. If that is truly the will of the majority of American voters, as represented by the president they voted in, then so be it. But if that president is in reality put in place by a minority of people that can affect election results behind the scenes, and have a vested interest in putting or keeping that person in power, then that's to the detriment of all of us.

Re:Voting in a democracy...

"But like it or not, the US is one of the biggest influences in the world today, capable of, among other things, waging a major war halfway around the world with or without consent by the UN."

Whether the UN is important or not, the fact is that no nation raises a finger in opposition to US policy. Sure it would have taken courage to put an allied sub in the Persian Gulf and say, we will not permit you to invade this country."

The US would not have had the stomach to be forced to sink Russian, French, Chinese, English, or German ships to get to the Gulf.

Getting Screwed (again)

[NSupremo]

There have already been enough electronic voting machines in place in the United States to completely change the outcome of recent elections. It's been happening and no one seems to care.

Just wait to see what happens in Nov 2004.

The Shit will hit the fan.

Damn you un-american freedom haters

[t_allardyce]

"I think they're doing a great disservice to democracy," she said. "They're telling the public: Don't trust them, don't trust the voting equipment."

Sounds like the sort of thing dictators say when making an example out of someone eg. "he's an enemy of the people, he would kill your baby in the blink of an eye, would you actually trust a man like this that kills babys?" Then again there was the whole communist thing "hes a commie burn him" and the un-american thing "you are an un-american and im gonna call the FBI on you"

Linda Lamone either has no-idea about electronic voting, or has another agenda.

Actually i just realised shes right but shes using the redifined term for democracy which means "the most money wins" in which case its bad that the machines cant be controlled buy the most affluent people

Sounds to me like...

[Ryan+Amos]

Anyone who wants public faith in the voting system over accuracy and security is opening the door to election fraud. Unfortunately for them, contempt levels with the government are so high right now (especially after Dubya's little fib about WMD in Iraq) that we don't trust anything they say. Stop lying to the people and they'll trust you. Until then, we'll continue to ask questions to make sure we're getting a fair deal and not a rigged election (well, they're all pretty much rigged anyway with party-based gerrymandering of voting districts, but that's a whole other issue. :)

More Security Through Obscurity

[Kurt+Wall]

Russell Doupnick, the state's deputy chief information officer, rejected Rubin's call for full disclosure of the SAIC report. He said officials did not want to provide "a road map to intrude into the system."

Software is software is software. Hiding the source or failing to disclose fully the nature of the flaws doesn't make it more secure. Most of here take this as a given.

I think...

[GreyWolf3000]

...in the interest of Democracy, we should continue being critical of E-Voting machines until we know exactly how they work (open source).

Saying it is un-American to be critical of the American government is un-American. To ask others to be critical as well is really, really un-American.

Follow-up

The article says that the governor assigned Science Applications International Corp to look over the Diebold code and they found 26 vulnerabilities. Diebold is supposed to fix them, but SAIC won't get to review the fixes.

Instead the check is to be done by BSC Systems of Churchton, MD. Google didn't have anything about them. Anybody know if they are qualified for this sort of work?

heres' what one county is doing

[goombah99]

Here's part of a presentation to a county in New mexico which is considering Sequia systems If you aren't up to date on the controversy over so called "black box voting" here's just a few recent articles to give you a flavor about what is being said in the media: http://www.wired.com/news/politics/0,1283,61068,00 .html?tw=wn_tophead_5 http://www.nzherald.co.nz/storydisplay.cfm?storyID =3529556&thesection=news&thesubsection=wor ld http://www.wired.com/news/print/0,1294,61045,00.ht ml http://www.washingtonpost.com/ac2/wp-dyn/A1397-200 3Nov5?language=printer Why there is no need to rush The state deadline for HAVA compliance is over two years off, the planned system wont meet expected new federal requirements (sponsored by Tom Udall and 61 other congressmen), and better, equivalently priced, systems will be available in the forseable future. Finally, the federal law and state law requires voting machines to be FEC and NIST standards compliant; these standards have not yet been set for touch screens. STATE DEADLINE IS OVER TWO YEARS AWAY First, some comments by the clerks office indicate a belief that Los Alamos must have touch screen systems in place for the 2004 vote. Recent information contradicts this deadline. In fact, the N.M. Secretary of States draft plan for implementation of the HAVA act, calls for a goal of January 1 2006, for placement of one touch screen DRE in every polling place. (http://www.sos.state.nm.us/Election/HAVA/HAVA03.h tm ) NEW FEDERAL LEGISLATION MAY DISQUALIFY PLANNED SEQUOIA SYSTEM Second, federal legislation currently in committee would disqualify the proposed Sequoia voting systems equipment. In may 2003, our representative Tom Udall co-sponsored H.R. 2239, to amend the Help America Vote Act of 2002 to require a voter-verified hardcopy, also know as The Voter Confidence and Increased Accessibility Act of 2003. This bill requires DRE systems to produce a voter verifiable hardcopy and the software to be fully disclosed to anyone (i.e. open source). The Sequoia system meets neither of these requirements at present (however, the next generation of Sequoia systems may possibly be able to meet this requirement.) http://holt.house.gov/issues2.cfm?id=5996 This bill has 61 co-sponsors: even if this bill fails to pass this session, the strength of this overwhelming endorsement ought to indicate to the council that Voter verifiable hardcopies and open source software are extremely desirable characteristics. Indeed this is so important that the country of Brazil, which has 400,000 electronic voting machines has decide to replace them with voter verifiable systems. (see http://www.notablesoftware.com/Papers/BtF.html ) Australia, New Zeland, and Canada require open-source voting systems. VASTLY BETTER TOUCH SCREEN SYSTEMS AVAILABLE AT NO ADDITONAL COST Third, already three manufacturers offer touch screen systems, which provide paper voter verifiable records of vote and some offer software disclosure. The Avante Vote-Trakker, Accupol, and Advanced Voting Systems (Hewlet Packard) all print voter verifiable ballots. The "big three" touch screen makers ( ES&S, Diebold, Sequoia) all have prototypes that produce voter verifiable paper records that should be certified in the near future. (http://verifiedvoting.org) Finally, Vogue Election Systems, offers an alternative to touch screen systems: a HAVA compliant device that assists handicapped voters to independently mark a conventional optical scan ballot. (http://www.vogueelection.com/ ) These newer systems are not expected to be more costly that the current non-voter-verifiable systems. After pressure by California's Santa Clara county (19 million dollar contract), Sequoia voting system has agreed to implement (at no added cost) a voter verified, recountable, paper ballot addition to the touch screen system. http://www.verifiedvoting.org/states/ca/ca-scco.as p OTHER UNCER

A pattern of silencing dissent

This is just another example of how dissent in this country is somehow viewed as "undemocratic" or "unpatriotic" (which is quite the oxymoron given that dissent is what DEFINES democracy). More and more often we see cases where the powers that be attempt to marginalize those who don't quite swallow the spoonfed BS. For example:

Diebold Issues Cease and Desist to Indymedia
US Takes Hardline Against Greenpeace
Labeling anti-war protestors as 'unAmerican'

I have no problem with people disagreeing with someone's opinion, but the instant labeling of someone as 'undemocratic' or a 'terrorist' because they are exercising free speech makes me sick.

Re:A pattern of silencing dissent

[fishbowl]

>This is just another example of how dissent in
>this country is somehow viewed as "undemocratic"
>or "unpatriotic".

But it's been this way for a long, long time. And mostly, the people running the government, get nothing but support for the status quo. Regardless of "which" party. This isn't new, but a whole lot of people are just now starting to notice.

"Generation X" has been old enough to vote for a couple of decades now, but they are just now starting to realize that they were blowing it off.

Oops: reposting: heres' what one county is doing

[goombah99]

If you aren't up to date on the controversy over so called "black box voting" here's just a few recent articles to give you a flavor about what is being said in the media:

http://www.wired.com/news/politics/0,1283,61068, 00 .html?tw=wn_tophead_5

http://www.nzherald.co.nz/storydisplay.cfm?story ID =3529556&thesection=news&thesubsection=wor ld

http://www.wired.com/news/print/0,1294,61045,00. ht ml

http://www.washingtonpost.com/ac2/wp-dyn/A1397-2 00 3Nov5?language=printer

Why there is no need to rush

The state deadline for HAVA compliance is over two years off, the planned system wont meet expected new federal requirements (sponsored by Tom Udall and 61 other congressmen), and better, equivalently priced, systems will be available in the forseable future. Finally, the federal law and state law requires voting machines to be FEC and NIST standards compliant; these standards have not yet been set for touch screens.

STATE DEADLINE IS OVER TWO YEARS AWAY

First, some comments by the clerks office indicate a belief that Los Alamos must have touch screen systems in place for the 2004 vote. Recent information contradicts this deadline. In fact, the N.M. Secretary of States draft plan for implementation of the HAVA act, calls for a goal of January 1 2006, for placement of one touch screen DRE in every polling place. (http://www.sos.state.nm.us/Election/HAVA/HAVA03.h tm )

NEW FEDERAL LEGISLATION MAY DISQUALIFY PLANNED SEQUOIA SYSTEM

Second, federal legislation currently in committee would disqualify the proposed Sequoia voting systems equipment. In may 2003, our representative Tom Udall co-sponsored H.R. 2239, to amend the Help America Vote Act of 2002 to require a voter-verified hardcopy, also know as The Voter Confidence and Increased Accessibility Act of 2003. This bill requires DRE systems to produce a voter verifiable hardcopy and the software to be fully disclosed to anyone (i.e. open source). The Sequoia system meets neither of these requirements at present (however, the next generation of Sequoia systems may possibly be able to meet this requirement.) http://holt.house.gov/issues2.cfm?id=5996

This bill has 61 co-sponsors: even if this bill fails to pass this session, the strength of this overwhelming endorsement ought to indicate to the council that Voter verifiable hardcopies and open source software are extremely desirable characteristics. Indeed this is so important that the country of Brazil, which has 400,000 electronic voting machines has decide to replace them with voter verifiable systems.

(see http://www.notablesoftware.com/Papers/BtF.html ) Australia, New Zeland, and Canada require open-source voting systems.

VASTLY BETTER TOUCH SCREEN SYSTEMS AVAILABLE AT NO ADDITONAL COST

Third, already three manufacturers offer touch screen systems, which provide paper voter verifiable records of vote and some offer software disclosure. The Avante Vote-Trakker, Accupol, and Advanced Voting Systems (Hewlet Packard) all print voter verifiable ballots. The "big three" touch screen makers ( ES&S, Diebold, Sequoia) all have prototypes that produce voter verifiable paper records that should be certified in the near future. (http://verifiedvoting.org) Finally, Vogue Election Systems, offers an alternative to touch screen systems: a HAVA compliant device that assists handicapped voters to independently mark a conventional optical scan ballot. (http://www.vogueelection.com/ )

These newer systems are not expected to be more costly that the current non-voter-verifiable systems. After pressure by California's Santa Clara county (19 million dollar contract), Sequoia voting system has agreed to implement (at no added cost) a voter verified, recountable, paper ballot addition to the touch

screen system. http://www.verifiedvoting.org/states/ca/ca-scco.as p

OTHER UNCERTAINTIE

Proprietary Code

[speedfreak_5]

"I don't think Diebold would allow it," she said. "It's their proprietary code." --Linda Lamone, State Elections Board Director.

Okay, so has she not seen or even heard of the leaked e-mails from Diebold? Maybe someone should send them to her en masse?

Anyways...

That excuse is bulls#!t. If they have their way, EVERYONE'S elections will run on their systems. Would I would want someone other than Diebold to review every inch of that code? YA DAMN SKIPPY! I don't want my elections run by some clearly untrustworthy company who is a large contributor to ANY party running the election systems in this country.

This is another good reason to suggest open-sourced stuff for elections. The code would be open, and ideally it wouldn't be prejudiced toward any party. (Then again, some republicans in office may cry foul because it doesn't benefit any of their "constituents". ^_^)

combined with a pattern of murdering the creators'

innocents, results in a cesspool of greed/fear/ego based deceptive MiSinformation.

get ready to see the light. there'll be no going back, & no where to hide, as the big flash is already occurring.

no cowboy neal option...

[notoriousE]

If all the polls had a CowboyNeal option, I think everyone would be happy.

Who makes the call

[thenoog]

In matters of public trust it is not for any individual to censor himself. Rather, all facts and opinions MUST be expressed, so that those rightfully elected to make these decisions can make them will full information.

After all, what is more important? The trifling amount of money that might be saved, or valid, unrigged elections?

Auditability - or recovering from errors and fraud

[nv5]

I think, one of the most important safeguards in voting is the possibility to audit and correct the results many times over by many "auditors" (e.g. people and processes who re-count). Paper and pencil in connection with proper processes represent technology/methodology with these characteristics. Good electoral processes include a certain amount of re-counting already in the original count. More than one person looks at each ballot and agreement on the intent of the vote has to be there. If an entire electoral station's vote-counters are corrupt, then ballot boxes can be shipped off to a new group of examiners.

For example, I think e-voting needs to emulate the capability of having several independent examinations of a vote (like several people looking at a ballot, and interpreting which way the vote was intended). This would at least require the capability of having software from more than one provider, each piece of software essentially interpreting the intent of the vote.

Each step of the data gathering and interpretation process should be multi-sourced. And yes, that would mean, that even a log of x/y co-ordinates, which have been touched, should be generated by more than one independent source.

If the independently created and managed processes(hardware/software) in the voting machine all agree on the result, there is a good chance that neither fraud nor error has been present - but if the results amongst the independent processes vary, one needs to investigate.

So, while I think open sourcing is a fundamentally more democratic approach to e-voting software (and hardware!), I think that multi-sourcing of software (preferably in each machine) is even more important.

This alone should be sufficient...

[u-235-sentinel]

"This begs the question: Is it better for security researchers to avoid publicly criticizing e-voting flaws? Is public faith in the system more important than overall system security?"

This alone should be sufficient to overturn the DMCA and other laws of this nature. Basically forcing people to keep silent rather than voice concerns over issues we are facing. Reminds me of a Babylon 5 episode where Sheridan was appointed a political officer. She made a couple comments which are frightening.

"Of course we have problems back on earth, but that's no reason to embarrass our leaders".

then there was

Sheridan: When did all these problems with poverty, unemployment... go away?

PO: When we rewrote the dictionary.

Sounds familiar doesn't it. Ignoring the problem makes it go away. We've reached a new low level if this is true :/

Paper backups were done in Brazil

[Knights+who+say+'INT]

.. and the voting machines (Linux-based, IIRC) are being exported to a bunch of countries now. The voting machines have a numeric keyboard so you have to know the number of your candidates, but there's visual feedback (pictures) before confirmation.

Costs associated with paper backups can be greatly minimized arbitraging a significance level and using common undergrad mathematical statistics. The significance level is the probability that the whole population's parameter (say, W's total votes) will be within a certain error margin from the sample's parameter.

Error margin = (t * s) / sqrt(n), where t is Student's t number (calculated from sample size and the significance level you arbitraged using a common computer or a table), s is the standard deviation of the sample and n the sample size.

It's a demonstrable mathematical fact. The proof can be found in any basic statistics book lying around in a college library and understood by anyone who knows high school calculus.

Demcracy and Trust

[jurgen]

Democracy isn't about blindly trusting your officials. We don't give our President absolute power because we "trust" him. We have separation of powers, checks and balances, etc., built into the system because the founders of this republic knew that power corrupts and we have to continuously struggle to keep ourselves honest.

Anyone who says that mistrusting any part of the system, and /especially/ the part that deals with elections, is a "disservice" to Democracy is a complete nitwit who doesn't understand the first thing about Democracy. This person is an election official? Fire them immediately!!!

demand a receipt

Assuming this isn't fixed before the next election, here's an appropriate form of protest. Immediately after you vote, go back to the clerk and ask politely:

"I don't believe that the voting machine recorded my vote correctly. Can you show me that it did? Could I get some kind of receipt or proof?"

The clerk will tell you that it is not possible. Act surprised at the way the system works and explain why that worries you.

The point of this exercise is that there is a line of people waiting to vote right next to the clerk. So you want to be polite and try to cause the other people there to understand and agree with your point of view. So actually starting an argument or wasting a lot of their time and being dressed like a freak won't help.

Analog to the old bugtraq question

[astrashe]

Many vendors have ignored security problems in the past. One result of that is that security activists have wrestled with the idea of whether or not it's ethical to publish exploits. If you publish the exploit, people will get hacked. But it usually forces the vendor to take responsibility.

Right now, these election commissioners are taking the same ostrich approach to security. They refuse to deal with a real problem, and they attack people who point out that the problem exists.

Would it be ethical to publish voting machine exploits? What if the machines haven't been deployed yet? Would it be ethical to publish exploits in order to prevent people from rolling out a flawed system?

The California recall election was almost derailed over problems with the butterfly ballot. These problems are a lot more serious.

Anyone who has been paying attention knows that we're enterting a period in which elections are being litigated as well as campaigned. These bad systems are going to open up all sorts of doors for claims. Most of them will probably be crazy, but all of which will have to be considered.

Worst of all, if bad systems aren't auditable, there won't be any way to tell if something happened.

What happens when someone goes to court with a plausible exploit, but no direct evidence that it occured, and a poll that suggests the election should have come out differently than it did? Do we really believe that some jury or judge won't overturn an election based on that kind of argument?

This technology represents thousands of disasters just waiting to happen.

Re:Analog to the old bugtraq question

[fishbowl]

"Would it be ethical to publish voting machine exploits?"

It would be treasonous to keep silent, if you knew of any such thing.

Another Question...

[dasdrewid]

She says Computer Scientists are telling people not to trust the voting officials or the (new, computerized) voting system. Why would Computer Scientists being trying to turn people off of computers? Doesn't that seem a little backwards? Sort of like Ford announcing that we should no longer drive SUVs cause they're dangerous to everyone else and pollute like crazy...

Oh gosh...

[dasdrewid]

Missed this one the first time. Anyone else notice that the "state's deputy chief information officer" is named Doupnick? I mean, c'mon...

Maybe when he retires he can get a job checking submissions for /.

Remember...

Trust, but verify.

Your vote counts

It's a shame that once they push this blackbox
thru your vote counts the way they say it does.
I called the County Clerk where I live and she
said that E-Voting has been mandated by the Texas
congress. We have to have it all installed within
2 years. Oh well, I don't like the Republicans or
the Democrats much anymore. So even if my vote did
count there is'nt anybody out there much worth
voting for. I feel like I'm living in the USSR.

Re:Your vote counts

USSR = United States Supreme Ripoff

Re:Your vote counts

The Texas Legislature was placed in power because the people in Texas chose it.

If your democratic process brings a government you don't want, the people have only themselves to blame.

I doubt they've received much in the way of effective correspondence and discourse on this topic. They probably don't even know that many people have a problem with it.

What doesn't she understand?

[Jah-Wren+Ryel]

Linda Lamone is a fucking ostrich.

Either that, or she thinks the electorate ought to be. I guess if we are all bent over with our heads in the sand, it makes it that much easier for people like her give it to us right in the ass.

Re:What doesn't she understand?

>Linda Lamone is a fucking ostrich.

She would change her tune if the opposition party wins by a narrow enough margin to cause another debacle.

typical talking point crap

[gessel]

"I've said it before and I'll say it again: democracy simply doesn't work." - Kent Brockman

Clearly there is a PAC driven talking points campaign to vilify anyone who points out the man behind the curtain. This seems to be coming from The Election Center (www.electioncenter.org) a front group for Diebold that's positioned itself as expert on the subject and is distributing white papers that get picked up verbatim by other organizations in an attempt to manufacture astroturf support for DREs.

These documents come from a guy named "Doug Lewis" who is, according to Bev Harris, a former used computer parts salesman who's been anointed a meta-expert on DRE security and who's pronouncements are cited by my ROV as being more authoritative than, for example the opinion of the Joint MIT/Caltech voting technology Committee (after all what do a bunch of geeks know compared to a PR flack?)

Anyway, he originally wrote "I knew that at some point in the growth and acceptance of DRE's that it was likely that the conspiracy theorists would begin t" Thanks to MS-Word QuickSave! The paragraph now reads "Now that Direct Recording Equipment (DRE) voting systems are growing in acceptance and use in American elections, it is almost inevitable that some groups, individuals and organizations will claim that such systems are not safe enough to use in elections."

He goes on to say "The problem is that well intentioned people, some of them even highly educated and respected, scare voters and public officials with claims that the voting equipment and/or its software can be manipulated to change the outcome of elections. And, the claim is, it can do so without anyone discovering the theft of votes. " This from 4-2003.

Hopefully the MD legislature can see through this transparent mendacity.

thanks, Linda is pathetic.

[twitter]

Thanks for pointing to that site. I'd never seen "besgs the question" so well explained. I especially like the little picture of the jack ass. It makes me think of people who bray extraniuosly while others around them are trying to have a reasonable discussion about something important. Yeee-Awwww, Yee-Awwwww! You can't spell. Shut up, ass.

As far as the topic at hand, the poster might have written what they said as:

I can't fucking believe the Director of the Maryland Elections board would stand before an elected committe and say, "trust in the voting process is more important than the integrity of the process."

Linda Lamone might as well have said, "I'm a cheerleader and don't care if people steal elections, so long as the public thinks they have a voice." It's that cynical. Her slavish attitude is best captured by her refusal of outside help:

"I don't think Diebold would allow it," she said. "It's their proprietary code."

In other words, "We will eat whatever dogfood Dibold thinks we should." That kind of "trust" from a watchdog of elections is unacceptable. She's let some wierd faith in "IP" comprimise her duty to safegaurd elections. You don't need trust when you have transparency and can check for yourself. Lamone has put DiBold's ownership of a particular set of software above her own job. That's pathetic.

And - Re:General Question about e-voting

[YrWrstNtmr]

However, having a black box which can do anything with your vote it likes, provides no verification of vote cast, and is completely open to manipulation - THAT I have a problem with.

And has had serious, basic, demonstrated, implementation flaws in far too many instances to date...

Re:And - Re:General Question about e-voting

[JayBlalock]

Exactly.

Paper and Electronic voting.

It seems a sort of mystique is gathering around paper, like: it holds the truth, it is permanent, it can't be tampered with. I think this is disturbing. The paper ballots are no more reliable than the alternative of electronic voting, it just takes a little more effort to cheat the system.
Didn't Florida prove that paper systems could create as much of a debacle as any other system? Before that, didn't everyone who voted have faith in their vote being counted? Paper can be burned, lost behind a filing cabinet, corrupted with smatterings of ink, it can be mishandled, it can be dropped in the trash, it can be forged.
What I see happening with the e-voting companies (despite their obvious sales executive approach, which is mind-numbing trust in their product) is an effort to protect against those kinds of manipulations and accidents. Yes, they are opening up a whole new world of manipulation, yes there have been problems, but it does solve the problems that arose in the Florida Debacle ... mainly: human error.

Hum

Any al Qaeda can walk into a DMV in California and ask for a voter's registration card, and voila!
That's hacking one card. With e-voting, you just have to open the Access DB, and you can modify the County's votes. All of them at once. With a nice point'n'drool interface.

Re:Hum

With e-voting, you just have to open the Access DB..

See, there's the problem right their. Opening an Access DB and expecting to get access to the data within the DB file is just silly!

She understands perfectly well

[YrWrstNtmr]

Her election board selected Diebold to build the system. She is the head of that election oard. In her mind, she is not incomeptent. She does not hire clueless people.

Ergo, the decision to contract Diebold was the right one, and anyone who says otherwise is simply wrong.

Defending your own territory is nothing new. Even in you are completely wrong.

Re:She understands perfectly well

[fishbowl]

"Her election board selected Diebold to build the system. She is the head of that election oard. In her mind, she is not incomeptent. She does not hire clueless people."

That too, is a better example of what "Begging The Question" actually refers to.

"This system is the most appropriate one for our state."

"How do you know that?"

"Because I chose it."

"Why did you choose it?"

"Because it is the most appropriate one for our state."

THAT is "begging the question."

Don't they teach reasoning and critical thinking in college anymore? Even math majors get this in Analysis.

Uneducated people finding themselves in positions of authority, while intelligent, educated people are getting laid off in huge numbers in every industry.

Criticsm should have been expected, avoided

[Adam.Steinbaugh]

It would be nice if the e-voting machine manufacturers were to test and subject their systems to this sort of criticism BEFORE using them as part of the public voting apparatus. If the system isn't secure, it's going to receive criticism and it's their own damn fault that the criticism is in newspaper editorials and in Congressional testimony.

faith based on security

[Sean+Clifford]

Faith in the system is based on its security, accuracy, and anonymity of votes cast.

If it's a black box, has no paper trail, and is manufactured by a company whose president has close ties to a sitting administration AND is a major contributor to the administration AND has promised to deliver votes to that administration AND a company that has an abysmal security record then how in the hell can you trust any election run on their voting platform?

Shooting the messenger isn't going to fix the problems, nor is it going to restore faith in the system. Researchers must loudly and publicly criticize flaws; doing otherwise undermines democracy.

I don't trust any electronic voting system that is not open source and has not gone through an exhaustive (and public) security review with each release.

Answer is simple...

[GooberToo]

This begs the question: Is it better for security researchers to avoid publicly criticizing e-voting flaws? Is public faith in the system more important than overall system security?"

Of course not. If they fix security, faith will follow. It really is that simple. This is like leaving your front door wide open while you go on holiday and then being upset when people worry that their house will be robbed while they are gone. Secure the door well and people will feel better. It really is that simple.

In a nut shell, it's Linda Lamone that's doing a great disservice to democracy, technology, and the people that elected and/or hired her to do what's best for the people in her distirct(s). I can't think of anything more un-American that ensuring democracy is easily manipulated and faith in the results is shaken. She needs to be beaten with a stick and replaced. She is either incompetent or actively wants a mechanism to minipulate election results.

Linda is nuts.

[twitter]

The director of the state elections board, Linda Lamone lost my trust when she refused outside help with her voting machines:

"I don't think Diebold would allow it," she said. "It's their proprietary code."

Bam, there it is, she's put some kind of faith in IP above her elected duty to safegaurd elections. It's peposterous that elections officials don't have access to the actual method of vote counting and everything else the machines do. With transparancy you don't need faith in a system, you can have reasonable trust that what you saw and know will work.

Dibold has made themselves a proxy for voting. If you removed the electronic components the flaw becomes apparent. Imagine Dibold hired people to sit in a booth and write down your vote where you could not see what they wrote! After that, the representatives would take the votes in closed bags to a place where they would count them and give the results to the elections commisioners. The electronic system has even larger flaws because it's easier to comprimise thousands of computers than it is to comprimise thousands of people, but no one would trust the low tech analog. Defending faith is such a system over the actual integrity of the system is nuts.

You can have an electronic system with a publically inspected paper trail. If the system is not free or open it can't be trusted because you don't know how it works. It's that simple.

Re:Linda is nuts.

[Ripplet]

Nice one I like it, this is a really good illustration of why you cannot have even a single 'black box' step in the process.
Unfortunately the word 'proprietary' these days is like a magic word that makes anyone that hears it completely stupid. I mean, it's like:
"Hey you, we want to see how you count the votes, NOW!".
"Sorry ma'am, it's proprietary."
"Oh I'm so sorry I didn't realise, please take me take me all the way big boy. And add an extra few mill to your contract while your at it!"

Re:Linda is nuts.

[nurbman]

Dibold has made themselves a proxy for voting.

That's the best description of the problem I've seen yet. The voting system should be counting data outside the system, not taking the data into a black box, never to be seen again in it's original format.

A paper trail is the only way voters will trust the system.

This is why we should get involved.

[rebelcool]

Electronic voting is coming, and its not going to go away. It certainly does have the ability, if done properly, to make elections far more accurate and fair.

However, the current election board members nationwide are generally clueless about computer security and why a closed system is bad as opposed to open, publically audited one. They don't have the knowledge or expertise to make a good decision regarding this.

This is a excellent chance for you, slashdotters, to get involved with your community and do some good instead of sitting at your keyboards and bitching. Meet with local officials about your concerns and most importantly - volunteer your time. Get yourselves on the election board, propose a new seat, such as officer of technology and the like that makes sure systems are fair and equitable and secure.

Democracy only works when the public participates. If you don't do your part, or simply sit and bitch behind a keyboard, don't expect things to fall your way on their own.

Preconceptions appear to be a problem.

[Booker]

Del. Jean Cryor, a Montgomery County Republican, said she came to the briefing thinking Rubin would be a "smart aleck."

Is this where we're at now? Anyone who criticizes the official line is a "smart aleck" who should be disregarded before even listening to what they have to say?

If a Ph.D. from Johns Hopkins gets this kind of treatment from the "we know better than you" legislators, how much influence do you think you and I have when we send our handy little emails to our elected officials?

Why is there this blind faith in technology and corporate competence, especially when the issue is as critical as this one?

Re:Preconceptions appear to be a problem.

[fishbowl]

"How much influence do you think you and I have when we send our handy little emails to our elected officials?"

Letters. You should be sending letters. On good paper. Well-reasoned, with appropriate grammar and mood as befits any correspondence to an honored representative of the State. A "handy little email" ought to be treated as the insult that it is.

And don't just write a letter after a situation has already come to pass, and you're upset about it. The time to ask for legislative action is before it becomes a problem, not after.

As easy as it is to bash Ms. Lamone..

[mumblestheclown]

the academic wouldn't be making a career for himself by saying that "everything is just fine." While i'm not saying that this /is/ the case, one must not forget that each side potentially has motivations beyond simple reporting of fact.

I tawt I taw...

[sulli]

Del. Jean Cryor, a Montgomery County Republican, said she came to the briefing thinking Rubin would be a "smart aleck." "I thought he was far more credible than I thought," she said.

Well, I thought I thought he was better than I thought you thought. So there.

Re:I tawt I taw...

[fishbowl]

"I thought he was far more credible than I thought"

This is a better example of "Begging the Question", than the incorrect usage in the article.

Vote Manipulation

[BelugaParty]

I understand the concern about e-voting, as a US citizen, I do feel that my vote should count. However, it doesn't. Because it isn't a representative vote. If 60 percent of the country votes for 2 candidates that have leftist views, but neither of them get a majority, the remaining 40 percent (the minority) of the country has an administration in power. Interesting, eh?
I find this disturbing. But thats just one way of vote manipulation. Others include: blatant lies during campaigns, smear campaigns, party affiliation (I don't know anything about this candidate, but it's a democrat! I'll pick it, n/m it's warhawk stance and corporate leanings), intimidation, money, and pre-political fame. Not to mention the manipulations of the present administration: free press conferences, interviews, wars (or the stopping of)... etc.
I think these are more pervasive than electronic tampering. Plus, since there are over 2 brands of voting machine being used, I think it could be easy to detect which ones are cheating: lets say diebold only picks republicans and brand x always picks democrats. When votes are tallied I think this manipulation will be obvious.

Beyond incompetence?

[miu]

So why is Linda Lamone so attached to the Diebold implementation of e-voting? I hope that if she is found to be on the Diebold payroll in any way that she does some jail time. My assumption is that her payoff will come in the form of an overpaid consulting job for Diebold because of her experience as an election official and early adoption of an e-voting system - I really hope she is not allowed to accept a payoff in that form.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Open source

[Espen]

So, where are the open-source alternatives ? I would have thought that there we enough open-source contributors and security experts worried enough about these closed-source products to start an open-source project to do the same thing. An enterprising touch-screen systems intergrator could take this to the market as fully independently audited by the community, and probably undercut Diebold etc in the credibility stakes.

of course the voting machines are rigged

[Negativeions101]

How do you think Bush won?... "A dissservice to democracy for revealing a flaw"??? Just die, pigs.

Re:of course the voting machines are rigged

[fishbowl]

>How do you think Bush won?...

Regardless of where you stand on the issue of election debacle, what should really concern you is the fact that enough people legitimately voted for Bush to make it a close race.

It should scare you that *millions* of people *adamantly* support the current administration, the status quo, the whole nine yards. Election fraud is the least of our worries -- the enemy is us.

Re:of course the voting machines are rigged

[Negativeions101]

moron

Re:of course the voting machines are rigged

[Negativeions101]

No, you're right, but I don't see why we shouldn't be just as concerned about rigged elections. It's not necessarily us. It's not me. And it doesn't seem to be you. Anyone can tell you. I mean, we all know the KKK = the NRA, etc... ever since the beginning of the United States of America the mindset of these people, the ones in power and the ones who support them, hasn't changed much. Psychosis in an epidemic in "America". It'll take the whole world with it. 2012.

disservice to democracy?

[oohp]

How can anyone warning of voting machine flaws be doing a disservice to democracy? The US election system is already flawed, buggy voting hardware is the last thing you need.

Security over Faith

[Kneo24]

This begs the question: Is it better for security researchers to avoid publicly criticizing e-voting flaws? Is public faith in the system more important than overall system security?"

Security, in this case, is extremely more important than public faith. The only way to get the public faith is to have a system that is secure. Think about it. Wouldn't you be more upset that you were lied to and told that your vote didn't count than if before you voted, you found out that voting wasn't as secure?

Besides, public scrutiny on processes that will have an impact on our every day life, on processes where we choose who will represent us, is necessary. If the system is secure, you'll easily gain public trust. If it's not, you have some work to do - work that involves making it more secure.

Just my two cents and then some.

What do you mean "begs the question?"

[NickFortune]

This begs the question: Is it better for security researchers to avoid publicly criticizing e-voting flaws? Is public faith in the system more important than overall system security?

See, this is exactly my argument about my paying my taxes. They shouldn't go checking up to see if people have paid or not. It just undermines confidence in society, and without that where are we. I mean people are basically honest and trustworthy, yeah?

Yeah, right. I can't see them buying that one.

So if the politicicians don't think think it sensible to trust us not to cheat them, why on earth should it be sensible for us to trust them not to cheat us.

And if anyone ever finds me begging such a blithering, brain-dead bonehead question, feel free to shoot me. I'd sooner be dead than be that short of ideas.

sheesh...

Solution...

[SharpFang]

I think the solution could be like this:
1 Find a security flaw
2 Keep it secret until next elections.
3 Exploit it to promote a candidate that was without chance. Just make some really mad wacko win.
4 Leave the note on the machines: "Go opensource or your candidates never win".
5 Vanish until next elections.

No matter if they cancel the results, if they investigate, if they say you're a terrorist or whatever, they will just HAVE to make the process secure. Simply the public will NOT allow them to go on with such a flawed system.

Time to apply for a job at Diebold...

[vidarh]

... if you want to sell votes.

The biggest problem with these systems being closed is that as long as large number of machines are being purchased from the same vendor, and the number of vendors are small, there's now a trivial way of fixing the elections.

A little trivia: We know the security at Diebold is ridiculous as is. But let's say they do code reviews. Lets say check ins are monitored.

Heck, maybe they even open source the system.

Then it would be safe, wouldn't it?

WRONG

Without an audit trail in physical form, verified by the voter, these systems will NEVER be safe.

Consider this little todo list if you decide that voting fraud would be an interesting career choice:

• On their build machines, replace the compiler binary with a compiler modified to inject malicious code when it detects a pattern present in the voting system source. (this is a computer science classic, and can be strengthened by making the compiler detect the compiler source as well, and modify the generated binary so that any compiler rebuild won't remove your code and won't differ from the one you planted)
• Place a cron job that regularly patch built binaries with one with malicious code inserted
• Install an extra component in the device that will modify the data fed back from the voting terminals to their database servers
• Make any code changes you do trigger only on specific dates, or on other conditions that makes it unlikely to be a certification test
• "Fix" their production line so that the software image placed on the voting machines differ from the one built, for instance mess with the BIOS / boot flash or other place you can place code that is unlikely to be verified.
• Insert a little hardware device that let you inject wrong data from the touch screen interface remotely.
• Find a good justification for partitioning voting data in a specific way in memory, and make sure the hardware design is adjusted so that the memory chips are spread nicely out over the design. Now, in the shipped units, short circuit a suitable set of pins on the right memory chips, or perhaps ensure they will be short circuited if something specific is done. Insta-vote-wipe...

The list of fun stuff to try would be endless.

Creating a paper audit trail is cheap, compared to verifying the hardware design (of the actually delivered boxes, not of what was supposed to be manufactured), verifying the binary images of all the software actually on the delivered boxes, INCLUDING BIOS, drivers, microcode on any "interesting" chips in the system (it would not be surprising if the touch screen had a programmable CPU on it, for instance - after all the good old Amiga keyboard had an embedded CPU with on chip RAM and ROM and a 6502 compatible instruction set - all you'd need to modify the data stream), and how it all works together (see the memory arrangment suggestion).

Seemingly innocent changes to various parts of the system might have distasterous effects once they are combined.

Without an audit trail you will NEVER, EVER have a reliable, safe, tamper proof system - electronic solutions are simply too complex to prevent someone from finding comparatively easy exploits.

Somebody's lying

[Quila]

Linda Lamone, director of the state elections board, largely dismissed Rubin's concerns and insisted Diebold had completed all the recommended changes in its software.

and

Russell Doupnick, the state's deputy chief information officer, rejected Rubin's call for full disclosure of the SAIC report. He said officials did not want to provide "a road map to intrude into the system."

If Diebold has made fixed all of the vulnerabilities, then how is a report of the vulnerabilities going to tell people how to exploit them? Any system should be able to maintain high security with full disclosure of all code and APIs. If not, they're relying on security through obscurity, and we all know that works pretty well until some 14-year-old reverse engineers it.

Protesters will be digitally removed from all news

...and replaced with cheering, smiling crowds.

According to the Bush administration, such 'artistic' molding of reality is an expression of free speech.

Blow a goodbye kiss to your democracy, America!She's already walking out the door.

Do posterity a favor and beat the shit out of the nearest GOP dickhead.

If I lived in Maryland

[reboot246]

I think I'd be trying my best to get Linda Lamone fired and replaced by someone who has an IQ above room temperature.

Re:If I lived in Maryland

[c4ffeine]

Wow, room temperature must be really, really low over there...Glad I live in Illinois!

Re:If I lived in Maryland

Around here room temperature is considered to be about 70 degrees. My guess is that finding somebody in Maryland with an iq higher than 70 would be rather difficult.

Re:All Britons: bash Bush!

Next on the list of countries to conquer - England! Kill the limey bastards.

GWB

what a question!

[samantha]

"Is public faith in the system more important than system security?" Why on earth would any rational person ask such a thing? In a democracy the accuracy and integrity of elections are paramount. All the "faith" in the world counts for zip if the elections are rigged or so incompetently run that the results cannot be trusted. Should the truth about possibly dangerously skewed election results be suppressed in a free country? Again, this is a stupid question. Freedom is about NOT suppressing the truth, especially when it comes to the direct exercise of that freedom.

affirmative

[kavau]

Is public faith in the system more important than overall system security?

YES! If you live in a totalitarian state, that is...

Enough already, someone start a petition

[Corpus_Callosum]

Would someone with appropriate credentials (e.g. Computer Scientist, Security Researcher) please start an online petition requesting that only Open Source Software be allowed to be used in elections.

Without transparency, there is simply no assurance. This issue is incredibly important. I don't know how else a movement to push Open Source in elections can be started, perhaps there is a better way. But for now, perhaps a petition is a decent door-opening move?

like calling a smoking-bashing doctor a smartaleck

[MattW]

Calling Avi Rubin a "smart aleck" after he criticizes e-voting machines is like saying the AMA is a bunch of smart alecks when they decry smoking as cancer-causing. We don't have a 'Security General' like we have a Surgeon General, but if we did, Rubin would be qualified by the job -- and only one of a handful of people I'd want to see in it.

This has really gone from, "Wow, what is that crazy county thinking?" when they selected Diebold e-Tyranny systems to absolute insanity. After so many major vulnerabilities were found and a bevy of absolutely insane catastrophes have occurred (like the number of votes being 10x the number of registered voters?), these systems should be done forever. Fix them? Wrong. Throw them away, and let Diebold make something they're qualified to make, like... bubble gum dispensers.

The shocking thing is that the security experts are raving about how intentional compromises could occur -- but these machines are so pathetic, they can't even function properly due to accidental bugs! If they can't even function when used normally, what happens when we introduce maliciousness?

The ACLU should have lawsuits coming out the wazoo for this. Hanging chad? Hanging chad has nothing on these machines.

In Response to Fnkmaster & HeyLaughingBoy

[Prince+Vegeta+SSJ4]

In Response to Fnkmaster & HeyLaughingBoy.

Maybe the ATM wasn't that good of an example

I agree that we wan't to be able to validate the system until trust is earned. Nevertheless, even the paper trail is a BLACK BOX unto itself? Maybe you can look at a list and see (validate)your own vote, but what about a vote from Frank N. Stein - do you know that vote is real?

Maybe an auditing service can match actual votes to registered voters. But that in and of itself would not tell you actually who voted and who didn't. Someone's name could appear as having voted, even though they haven't seen a poll in 20 years (how would we know, how would they know?) Then, you would have to rectify all of the audits in various, counties, districts, states, etc. (for antional elections). And DO THIS BY HAND if you want to eliminate any computer glitches.

Do you trust thousands (?) of ballot counters to not make any mistakes? Are the ballots they are counting genuine? Does Mr. Chad rear his ugly head again? How can the average person verify this? even with a paper trail

To mangle a Matrix quote - 'The Problem is Trust'

There are genuine trust issues with either, system, all I am saying is that BOTH have their BLACK BOX aspects

Keep in mind, I am not for or against either system - whichever works out best is fine for me

Hit dogs bark

[jschrod]

So, Avi Rubin, a well-known security expert, said effectively that Mrs. Lamone does a shoddy job.

Mrs. Lamone is highly critical of telling that she does a shoddy job, facts not withstanding. Hmm, why am I not astonished?

The real problem is that Rubin's testimony won't have any effect, since politicians are too far away from the real world to take over responsibilities for their work. OTOH, that bands them together with CEOs of large companies - so maybe they're not so far away from the real world after all... :-)

Re:Hit dogs bark

"Mrs. Lamone is highly critical of telling that she does a shoddy job, facts not withstanding. Hmm, why am I not astonished?"

What should astonish you is knowing that she will keep her job, and even get raises and promotions like clockwork all the way to retirement, as state jobs tend to do. You on the other hand, will be replaced the instant someone in India or China can do your job remotely.

Re:Hit dogs bark

[jschrod]

You might be right about her, but not completely about me.

I'm not in the US, and the US outsourcing crazyness hasn't reached us (yet?). In addition, I don't do a lot of tech work any more, but hand helding on the management level. As a CEO of a consulting company, I'm not so easily replaced as software engineers or other techies. Basel II is more of a problem for me than outsourcing is.

This is a question?

[quantaman]

Is it better for security researchers to avoid publicly criticizing e-voting flaws? Is public faith in the system more important than overall system security?"

Ummm. No. An educated public is one of the foundations of democracy, withholding information about vital flaws to the election system for the mere purpose of public faith is precisely contrary to this goal! Of course this should be disclosed, withholding this information cannot have any benefit to the public and can only lead us to a situation were these inexcusable flaws will be forgotten.

Re:Protesters will be digitally removed from all n

[Peaceful_Patriot]

Wish I had some mod points today. I don't blame you for posting anonymously due to the right wing mods which cannot tolerate comments which are unflattering to the Grand Ol' Party (GOP).

There is an assault on your civil liberties taking place. Some is obvious, some not. The net effect is chilling. I have voted in every election for the last 25 years. I have cheered and cursed our government, but I have never feared them.

The US is like a frog slowly boiling in a pot of water. Is it just me, or is it getting pretty fucking warm in here?

God help the USA

Baltimore Resident Here...

[annielaurie]

This needs to be a very much past due wake up call for people (read taxpayers) in Maryland. We've had our collective pockets picked time and time and time again by totally inept state procurement processes when it comes to information systems. I started to cite examples in this reply and realized that it would soon become article-length. But I am thinking of school systems and our motor vechicle administration among others. Our records weren't even protected from August's virus onslaught.

It's time to make the fraud potential of these voting systems known to the general taxpaying public--in Maryland as well as in other places. We just have the misfortune to have feather merchants in charge of most IT here where we need smart, tough-minded computer people who know how to ask the right questions and to make themselves heard by the pols.

I have no clue what I can do as an individual, but I'm going to start by assembling what I've read here on /. (especially the comments) into a letter to the editor of the Baltimore "Sun." There are good technology companies here, and there are good people working in them. Perhaps if a few more of us did the same, it might attract the bloodhound interests of whoever's in charge at the Sunpapers these days.

Also, and on another topic: JUST BECAUSE ADOBE DECIDES TO USE ATROCIOUS GRAMMAR IN ONE OF THEIR ADS DOESN'T MEAN YOU SHOULD. PLEASE GO LOOK UP THE DEFINITION OF "TO BEG THE QUESTION." (sorry).

Anne

The message is about her, after all...

[billstewart]

Ok, not her as an individual miscreant, but her as a participant in a politically-inspired movement to get everybody to buy into non-auditable voting machines being sold and promoted by Friends of Bush. If she's viewing Rubin as somebody who's opposing this because they oppose Bush, rather than because he actually cares about the results, then that kind of response is appropriate political tactics. On the other hand, if she doesn't care whether that's the case, but is trying to defeat him because he's opposing her political position, then her use of those tactics is a bit more cynical. Either way, of course, she ought to be bounced out of office, but she is responding to a political risk of getting bounced out of office for being part of the Election Machine Machine if they lose.

well nothing

The only reason a woman's statement was attacked was because Avi is a heterosexual misogynist. A woman is always the source of truth and compassion.

Or if you're like me, you think a woman is as likey to be a nitwit as a man.

Former is a Howard Dean liberal, latter is a Libertarian. And besides, with the Diebold voting system, only pro-abortion candidates will win.

This happened once before, under the New York City mayor Ed Koch. He cut a deal with a supplier of lever voting machines. As long as Ed's candidates won, the supplier got the support contract. Eventually, the supplier was arrested and did jail time, but Ed never shuts up.

Re:Protesters will be digitally removed from all n

I don't suppose you can offer some information on the subject?

Smart Alecks

[billstewart]

Hey, at least she seems to have been convinced that there are people actually concerned with the issue, because the Republicans _have_ been getting a lot of partisan flack from anti-Republicans who view it as a way to attach the Bush Machine.

Smart alecks are people like me who say that the reason the Bush Machine likes unauditable voting machines is that "Stuffing ballot boxes the old-fashioned way is manual labor, and Republicans don't like to do manual labor."

People in the background in GWB's speeches

That's actually something that's really bugged me for a long time.

I mean every time this guy gives a talk, there's an "audience" of military personnel behind him. I guess his spinmeisters' goal is to project an image of a strong state and a strong leader, but as a European it find it too close to Hitler's propaganda.

Re:People in the background in GWB's speeches

Yeah....

I'm glad I'm not the only one that's noticed this.

I'm just wondering when Mussolini and the Bush are going to jump out from behind the curtians and assualt a French pesant that just happened to be walking across the stage.

It'll happen. You heard it here first!

Sue the state?

[theolein]

I was under the impression that one could practically sue for almost anything in the US. Would it not be possible for someone to start a class action suit against the state election commission for willfully damaging the saftey of the democratic process in that state (MD)?

Re:Sue the state?

"I was under the impression that one could practically sue for almost anything in the US."

Yes, you can petition the court to hear almost any argument. In some states, you are guaranteed a hearing on any issue whatsoever (it's in the Texas Constitution, for example), in other states it is up to authorities of the court what may be heard.

"Would it not be possible for someone to start a class action suit against the state election commission"

I don't think "class action suit" is quite what you're looking for. The problem is defining the class, defining the damages, and finding an appropriate individual or group of individuals who may reasonably represent that group in court.

Such a class would have to represent every person with the right to vote in a given state. I don't think you could reasonably expect a ruling that allows anyone to represent such a class, because it is impossibly diverse, and the dissent would be enormous.

It would be much more plausible to seek criminal sanctions, not a lawsuit. In order to do that, you must have evidence that there was intent to defraud the voters, manipulate the electoral process, or intentionally fabricate evidence related to certification. (There could be evidence to that last one, if we could get more credible data on the infamous "Diebold Memos".)

As it stands, there hasn't really been any damage done, only a very arguable, very tenuous position that damage could be done. And there isn't any evidence of a conflict of interest that would be inappropriate enough to seek action. I don't really appreciate that the execs of Diebold happen to be supporters of the Republican Party, but that's a common enough thing that it could hardly be used as the sole reason to disqualify their product.

You need grounds to press charges. You need evidence, and damages, to sue. Outrage that "something must be wrong here", and an unfocused clamor that "something has to be done" isn't really going to get anywhere.

Outline the specific problems, in a way that can reasonably be interpreted as true problems that must be addressed, severe enough to terminate contracts and rewrite state budgets and change their plans for upcoming elections, and maybe you have a start.

Deciding after the fact that there should be a law that requires Diebold to open their systems to public scrutiny just shows that people don't care until it's too late to take action.

Where were all these people 10 years ago? Were they writing to their congressmen seeking proactive legislation to prevent this situation? Or did they only think of it AFTER it became a problem?

Hate to say it.....

[AsimovBesterClarke]

'This begs the question: Is it better for security researchers to avoid publicly criticizing e-voting flaws?' No, it seems it begs the quesion: Do we make decisions based on who can shout the loudest? Given most management type meetings I've suffered through, I would say: yes. But, this is only a tiny subset of reality (I would prefer it was an alternate one....).

Re:Hate to say it.....

[fishbowl]

Actually, "begging the question" is a method of fallacious argument by which one presents premises which must be accepted in order to accept the conclusion, which merely restates one those same premises.

I think what they meant was "this raises a concern that...", not "this begs the question."

Okay, I understand what they mean, but, it's just like when someone uses a big word that they don't understand, and can't bother to lookup in a dictionary. Anyone who does know that word won't be impressed, and clearly sees the speaker for the clown he or she is. It's the same here. Someone uses a term from a freshman critical thinking course, one that he or she obviously failed.

Re:like calling a smoking-bashing doctor a smartal

Throw them away, and let Diebold make something they're qualified to make, like... bubble gum dispensers.

Cool! - where can I find a Diebold bubble gum machine? -- Put in a quarter, get twelve pieces of gum and three dimes in change.

Public Faith in electronic voting is critical.

Both parties clearly understand the importance of public faith in a system that will allow them to rig elections. The real question is: which party will get control of the election system first?

congratulations

[waspleg]

you figured it out, welcome to America

the public has no faith, our democracy isn't one, never has been (you in doubt? i have two words for you: electoral college), never should have been (that's right, ONE REPUBLIC UNDER GOD). what we are is an Oilgarchy (and that's not a typo)

Great...

Great, now we've gone from security by obscurity to security by "Shut the fuck up!"

Scientists seek help boosting Sunspot activity

re: E-Voting Expert Testifies

The next Woodward and Bernstein?
Couldn't hurt. I followed the handy links
to the Sun, clicked on 'suggest a follow-up',
and sent them the note below.

I hope you'll all consider doing likewise.

-jim

"Veis no imminicht vat dein
kschtinken badges ist.
"

---
This is an important story. Thank you for publishing it. I hope you will consider
doing a follow up -- this story definitely has legs. I can offer that a good follow
up source would be Dr. Rebecca Mercuri, another expert on electronic voting, whose
congressional testimony (which supports Dr. Rubins) has alarmed the nation.
Not that the issue at hand actually *requires* such expertice -- nearly anyone
even remotely familiar with computer security can verify much of what Dr. Rubin
has testified to. His statements were not controversial.

The Ehrlich administration is apparently quite naive, perhaps dangerously so.
Unfortunately for all of us, they are not alone. Please help educate our country's
legislatures, inform the voting public, *and* sell more newspapers by continuing
to take the lead on this story.

(By the way, a more accurate lead might help drive the story -- I believe that my mother
qualifies as a 'voting system critic' -- wheras your actual story attributes the warning to
a 'voting system expert', a 'security expert', or 'Security Institute'. Many of your readers
no doubt noticed the mis-lead, but one could expect that some readers would be thrown
off by the accidental dilution. And finally, to capitalize on the moment, you might consider
grabbing the spotlight with something like 'Security experts warn the homeland').

Again, my thanks for a great story, and a great service. We need you.

Sincerely,

Jim Sawyer

---

Source contact info:

(from the web, via last citation below)

Rebecca Mercuri, Ph.D.
P.O. Box 1166 -- Dept. EV
Philadelphia, PA 19105

215/327-7105 or 609/895-1375 (try the 609 number first)
mercuri@acm.org

I am available for comment, consultation, expert testimony,
and lectures on electronic vote tabulation, and can be contacted
via the information above.

Members of the press and researchers seeking interviews
and quotation permissions may find it helpful to look at the
guidelines posted at
http://www.notablesoftware.com/manifesto.txt
and background material posted at
http://www.notablesoftware.com/evote.html

---

That's why I call US & EU the Capitalist Repub

[OldHawk777]

Folks,

_____If public faith is lost, then the system (democracy) fails. System security must always support the public faith in democracy by assuring legitimate, veracious, and verifiable results. It is better that the nation and citizens die or fade into history, then allowing democracy to fail.

_____A democracy is a nation where the citizens feel individually responsible for deciding their destiny. Corporate, religious, and plutocratic institutions are disenfranchised in a democracy, because of the human psychology/society premise of "Power corrupts, Absolute power corrupts absolutely."
_____This is part of the reason for the separation of powers in our USA Constitution, but though implied we have never been able to completely protect the election process and/or eliminate corruption of elected officials that vote/act in the interest of the corporate, religious, and plutocratic interest while verbally patronizing US citizens with "FRIENDS, ROMANS, COUNTRYMEN", "IN THE NATIONAL INTEREST", ... or other such poppycock [AKA: BS] rhetoric.

_____Rhetoric is frequently the only skill most preachers and politicians have, and without honor and ethics they are puppets of any megalomaniac in power. Plutocratic factions promoting their interest know that they always have allies (religious terrorist (Christian Moslem and Jew), Nazis, ... whatever they are called) and need one great leader that will help murder the opposition literally.
_____The nonsense rhetoric of some politicians and preachers is at this level. Just pay attention to Jerry Falwell, his colleagues, and followers [http://www.funnystrange.com/quiz/], and their close politician friends), and never forget the "Honorable for some" Louis Farrakhan. Fortunately the claptrap rhetoric has not been able to subdue the commonsense of US citizens and our birthright for skepticism of authority's self-interest and delusions of grandeur.

_____We can still vote for better citizens to take any politicians place in Washington DC, state capitals, and locally. Politicians are all (for now) replaceable. This is the way to put a politicians head up their own self-important ass and let them know their shit truly stinks. For preachers, let GOD judge them. For the Corporate and plutocratic institutions lets disenfranchise them from our democratic process and return to one person one vote by eliminating the purchased sound-bite rhetoric elections.

_____Do you feel more secure today then you did on 2001/09/11? Do you feel national interest, economy, and security are the priority of today's politicians? I agree with JFK "Ask not what your country can do for you, ask what you can do for your country." I would add, be responsible to the USA Constitution and Democracy, "ask every politician and preacher what have they done for the NATION?", If they wear $500 to $2,000 dollar suits, have a personal income of more than $250,000.00 annually, and ask for any citizen to sacrifice and donate money to GOD or a cause then they are frauds.

OldHawk777

Reality is a self-induced hallucination.

Re:Protesters will be digitally removed from all n

I don't suppose you can offer some information on the subject?

Just two URL's are necessary.

http://www.foxnews.com/

and

http://graphicssoft.about.com/gi/dynamic/offsite .h tm?site=http%3A%2F%2Fwww.nodeception.com%2Farticle s%2Fpixel.jsp

You're kidding, right?

[Jackmon]

"Is it better for security researchers to avoid publicly criticizing e-voting flaws? Is public faith in the system more important than overall system security?"

Yeah, it's really better that we keep our concerns about the voting system to ourselves. We wouldn't want to upset all those fragile, sensitive voters by letting them find out their democracy's a sham.

You can build a system which mimics that

The paper trail part would be fully identical, and you could also put part of the system in a sealed box and design the interface so it can fundamentally only take incremental updates or be erased completely (fully equivalent to the empty boxes).

The unit is slotted in the booth, the witnesses verify it is fully erased before the election starts.

You have a box with a database, and each entry is the exact equivalent of a paper ballot ... if you can understand it on paper you can understand it in bits.

Re:You can build a system which mimics that

[Crash6-24]

So far I haven't seen such a system proposed.

Your solution is a good one - paper trail for recounts, quick responses for the candidates and news media. You should patent the idea, quick.

Corporate Superpowers; a world in flux.

[myowntrueself]

So far as I can tell, American democracy is nothing more than a front for corporate superpowers.

This applies to a greater or lesser extent to other democracies, but the USA has it bad; very bad.

Not only do corporate superpowers have effective control over the mass media by which most people decide how to vote (think Chicken Noodle News and tabloids), over the means by which people working in government beauraucracies actually go about their jobs (think desktop operating systems and 'office productivity software') but they are gaining power over the very means of voting itself (think evoting).

We are witnessing a subtle and insidious change in the the governance of modern societies.

Re:Corporate Superpowers; a world in flux.

[t0ny]

The problem isnt democracy. America is what it is because it has two opposing dynamics- democracy and capitalism. The problem we are seeing with Bush, however, is that he is allowing the capitalists to bleed their power into what has traditionally been the realm of democracy (government has generally servered the greater good than business interests- EPA, OSHA, etc.)

Once special interests can use their monetary resources to hand-pick who runs the country, things can only go downhill. Imagine if companies werent liable for polluting the environment, bankrupting the public coffers, defrauding investors, or other abuses. GWB has taken the USA on a big step in that direction.

Re:Corporate Superpowers; a world in flux.

[myowntrueself]

Totally; the problem isn't democracy in and of itself. The problem is that in the presence of corporate superpowers, democracy is extremely easily subverted.

Putin appears to be making an effort to control this sort of thing, trying to tame the power of the new Russian corporate superpowers (oligarchs) and keep them out of politics.

As for 'downhill' it depends which side you look at it from; if one were part of the corporate superpower structure one would probably believe that the rule of corporations is best as one would view oneself as being better suited to running a large organisation (such as a nation state) than a democratically elected body.

Personally, I don't think thats true, but its relativistic :-/

And 'Once special interests can'?? You don't think they already do?

Re:Corporate Superpowers; a world in flux.

[t0ny]

I dont think special interests were technically in control beforehand, but they definitely had a great deal of influence (which is not necessarily a bad thing, in every case).

However, the Bush administration has really taken an unprecidented step to overtly showing people who is really in charge. Heck, most people are calling Iraq "Haliburton's War", the EPA and SEC have had their budgets slashed so much they cant even provide enforcement for laws they are supposed to, etc.

There was an article a few years ago where they interviewed a few people Bush had set his policies (supposedly 'advisors'). One guy said they were basically told to come up with a 'wish list' of what they wanted done. They were thinking within normal bounds, but eventually somebody started talking about repealing laws, ignoring environmental concerns, etc. At that point, he said they "were giddy" with the possibilities.

A very sad day for democracy, indeed.

faith in the system?

[alizard]

Mrs. Lamone was highly critical of Dr Rubin's testimony, stating that he was doing 'a great disservice to democracy. They're telling the public: Don't trust them, don't trust the voting equipment.' This begs the question: Is it better for security researchers to avoid publicly criticizing e-voting flaws? Is public faith in the system more important than overall system security?"

The only reasons to not want real e-voting flaws criticized are:

• because it might interfere with getting paid
• because it might interfere with the ability to deliberately fsck an election, or to allow others to do so.

Linda Lamone should be immediately terminated for incompetence. Her comments show that she is unworthy of public trust.

She should be told privately that if she protests, she can always find herself under investigation for conspiracy to commit election fraud or conspiracy to defraud the state government, i.e. facilitating the purchase of voting machines she knew were inadequate for the job.

Mod parent "Overrated"

People with a +1 karma bonus have a moral obligation to withold that bonus when they post stupid shit like this.

You would be wrong, its special intrests...

[Shivetya]

Sorry but its far from Corporate control, its a world of special intrest. Just as the US Congress is controlled by special intrest, having long lost a will or need to obey the public intrest so goes the EU.

The EU "constitution" is a perfect example of Special Intrest and no public intrest.

E-Voting is yet another form of this, most of the people against e-voting as a means are only so because they cannot exploit it. They don't care that its not auditable, they can't abuse it yet. They would prefer it to be without a trail, so the dead can vote again, people vote twice, and etc.

When you have politicians stand up and say picture IDs are not required for voting how can you expect them to care about fraud in e-voting?

Re:You would be wrong, its special intrests...

[OldHawk777]

I agree with you. This stuff is getting scary.

I cover Special Interest (SI) with the word plutocrat,
because wealth is implied by "SI" in a Capitalist Republic.

Also, the "Capitalist Republic" is not limited to financial
Wealth as associated with WMF/WTO, money, banks, .... Wealth
is anything with a recognized exchange/control value (it could
be property, military, weapons, subservient people, ... this
would include a religious regime, aristocracy, and/or China.
Never consider the US and EU as in a different basket (just a
more, then most, affluent and comfortable one). Without democracy
(Government by "ALL" the People) we all will suffer except the
select few, and the select few should always consider the
repercussions: (1) Religious Wars, (2) French Reign of Terror, (3) the purging of Nazis' "Brown Shirts", Stalin's Paranoia, MS Mao's Cultural Revolution, (4) many more throughout recorded history (including Japan, Egypt, Greece, ...), (5) whatever comes next ....

plutocracy (pl-tokre-se) noun

___1. Government by the wealthy.
___2. A wealthy class that controls a government.
___3. A government or state in which the wealthy rule.

[Greek ploutokratia: ploutos, wealth + -kratia, -cracy.]

plutocrat (plte-krat) noun
plutocratic or plutocratical adjective
plutocratically adverb

OldHawk777

Re:like calling a smoking-bashing doctor a smartal

We don't have a 'Security General' like we have a Surgeon General

We do have a secretary of homeland security , and in his first speech in that role he mentions candor as a very important part of security.

And we will operate from a few basic principles. First, candor. No one should be wary of coming forward when they see a problem. It's the only way to define a solution. The urgency of our task dictates candor about our challenges and confidence in our ability to solve them.

Seems to be a pretty clear refutation of Linda Lamone's statement.

I'd say that the manner in which our reps are elected falls pretty clearly under essential infrastructure. Maybe they can send Ms. Lamone to Gitmo or something.

Trusted Systems ?????

[Sam+Nitzberg]

I like computers and technology - I really do.

However, unless computers will do a job better than previous methods, they shouldn't be used.

Voting systems are what I would have to call mission-critical systems. They should have all the rigor, analysis, and verifiability that can be brought-to-bear towards making systems accurate and robust. They should be very formally designed and tested, and placed under the most rigorous configuration management and control.

Why these sytems aren't being built (or required) to undergo what would have even been considered best-practices in the 1970s or 1980s eludes me. I consider the lure of the technology, coupled with a general apathy towards the genuine intracacies and consequences of failure, to be a big part of the problem.

There should be damned strong requirements on how any system used in any governmental election are designed, proven, built, etc... I would actually want to start with proven security/OS kernels in any such designs. This machine does not even have to be based on a commercially available OS platform - it has to perform a specific type of task very reliably.

Sam Nitzberg
http://www.iamsam.com

It doesn't beg that question...

...it raises it, you fucking ignoramus.

Re:All Britons: bash Bush!

Maybe, just maybe, you should read and learn a little before opening that shithole you call a mouth.
READ THIS

Osama Bin Laden and Saddam Hussein had an operational relationship

It's what we've been telling you fucking morons all along and not a damn one of you was smart enough to understand it.

Sovereign immunity

[Beryllium+Sphere(tm)]

Suing someone means you're asking the state to settle your argument with that person.

Suing the state means you're asking the state to decide who's right, you or the state. Oh, and they're supposed to make that decision based on the same laws that the state enacted.

Google for, or check a law textbook for, the concept of "sovereign immunity". You can sue your state government, but the scope for doing it is limited.

Consult an actual lawyer if you're seriously considering this and need legal advice.

Re:Sovereign immunity

[hey!]

You're right as a matter of law and tradition, but not necessarily as a matter of logic. Sovereign immunity is a corrupt Restoration era concept. You can't sue the king because the king is above the law: he is the law. However, in our system we do not have to accept that the State (or more precisely the State Government) is above the law. The government serves the people, it does not own them. And it is the people who are sovereign, not their agents in the government. It is the people who settle disputes through the jury system.

Trust is important

[peacefinder]

If the system is secure, public trust is helpful.

If the system is not secure, public distrust is vital!

This begs another question:

Isn't it better for democracy to avoid e-voting systems in the first place? Is public faith in the system more important than overall system itself? I'm serious. We are not talking about our email, the ATMs or some fucking lottery. We are talking about the democracy.

WHAT?!?!

[Featureless]

"Is public faith in the system more important than overall system security?"

A high-school educated adult can actually ask this question in seriousness?

Man the rockets. It's time to abandon the planet.

--

As an aside, I am desperately trying to find any sources not employed or otherwise funded by a voting machine company - think respected professors, prominent scientists, engineers, heads of standards bodies or trade groups - who will go on record saying that it's OK to skip per-vote paper records.

I have been searching off and on; I can't find a single credible expert who will say electronic voting without paper records is a good idea. Not one. In fact, even slashdot trolls devil-advocating the issue are rare. All I have found so far, from Harvard, Princeton and M.I.T., to the ACM, to acquiantances with the appropriate background, is 100% uniform agreement that per-vote paper records are absolutely necessary for the system to be trusted.

Do they even have a single person to trot out, to give them even a thin film of legitimacy? Or is actually true that every relevant expert is uniformly condemning these paperless systems? Are states across the nation actually adopting voting systems in opposition to every known academic standard?

You know, once upon a time, quite a long, long time ago now, in a very different age, people put their faith in things BECAUSE THEY WERE ACTUALLY SECURE.

The question cant be serious

[steveoc]

If the aim of the system is to provide a proper representative democracy, then it is critical that the system works and is secure. In this scenario, trust is secondary, since the untrusters will be in the minority, and not in a position to rock the boat too much - natural forces will balance out a level of distrust. Even if a paper audit trail is available, Joe Avg is not in a position to personally audit the results, so its all down to faith at the end of the day.

If the aim of the system is to install a fascist autocracy, then it is critical that public trust and perception comes first. The actual workings and security of the system (and indeed the results themselves) are largely irrellevant. Votes are conducted in a dictatorship scenario as a simple mechanism to make people think that they had their say, and therefore are being fairly represented.

Either way, there is going to be a small portion of the population who dont trust the result, and blame it on some conspiracy. Fact is, come the next general election in the USA (2004 ?), we are just not in any position to know which version of reality we are living in.

In another 20 years time anyway, voting will be conducted via SMS, and people will be openly encouraged to post multiple votes - Elections will be a combination of public circus, TV entertainment and money spinner.

They will start with 100 presidential candidates, and each week voters will have to tune in to TV to listen to their addresses, and then vote via SMS to evict a bunch of candidates who failed to perform in the speeches, singing and bathing costume sections of the election.

And tune in next week viewers, as our surviving presidential candidates have to negotiate the crocodile infested obstacle course in their speedos whilst singing 'I Did It My Way'. The real government of the day can then go about their business unmolested, whilst Mr Popular stands out before the TV cameras as the public face of the party.

Is there a way to test this?

[mhotas]

Is there any way to independently validate the system, in a way that prevents tampering on election day? Please don't forget that Diebold's CEO is the one whose been shmoozing with the Republican aristocracy at $1000 / plate dinners and promised that his company was "committed to helping Ohio deliver its electoral votes to the president next year".

YOU FAIL IT!

Wow, that's convincing. A memo from the Office of Special Plans (which does nothing more than compile and pass on reams of intelligence data from various sources without actually performing checks on it) containing nothing more than extremely sketchy single-source information. You sure showed them!

And to answer that question

[PotatoHead]

one would need to take a look at the entire system no?

I don't like electronic voting though I see plenty of ways to make it trustworthy. What I like less is groups seeking power through the manupulation of our very laws and process designed to protect against just that sort of abuse.

Too many elections showed too many suspect results. The amount of effort taken so far just to broach the subject and review the issue reveals to me an unacceptable level of risk.

The big problem is

[PotatoHead]

the simple fact that technology has outpaced the ability for society in general to deal with it and those in the know are taking advantage.

The law regarding technology is in the dark ages right now. We are fighting basic battles over information. Our ability to even process our own information freely is under attack. Our very ability to think and discuss things with one another is under question today.

Our leaders, in general, are behind the times with regard to technolgy and its potential effect on society today. Sure they have advisors, but who do they represent? Can we be sure their advice is in our best interests? This assumes our leaders are true in their desire to better the American People. Maybe they know full well how technology works today. What of their decisions then?

At least ignorance preserves some of the faith we have in our system of government... The alternative is an exercise for the reader. --You.

The general public is only now reaching a basic level of use competency. Lots of people have computers, but very few of us really understand them. Fewer still understand the potential long-term effects they promise.

Those who produce the technology of today have a huge advantage over those it affects. They have understanding and power without any high degree of direct accountability for their actions.

These things together really point to a problem that has been bothering me for quite some time, namely: how can we, as a society, represent ourselves in a fair and informed manner when we do not yet possess the understanding necessary to know the potential result of the choices we are being asked to make?

This whole voting affair finally illustrates, on a level many people can understand, the danger present in the unbalanced state of things here in the US. We are rapidly reaching a state where the companies call the shots while the citizens (or consumers as they like to call us) live with the consequenses.

Folks, this should not be happening by any measure. This is exactly the sort of thing our founding fathers did not want to happen. The words:

We the People of the United States, in Order to form a more perfect Union, establish Justice, insure domestic Tranquility, provide for the common defence, promote the general Welfare, and secure the Blessings of Liberty to ourselves and our Posterity, do ordain and establish this Constitution for the United States of America.

were not intended for corporations. They were meant for us, you and me and the guy down the street. They were meant to express the idea that we are governed by ourselves. We are judged by our peers. We control and participate in the process that forms the society we must live with.

The fact that this crap has even happened reveals a problem far greater than which machine works best or is more trustworthy, or who paid off who.

The problem is not about technology. It is about who controls it and how it gets used and what people in general know about it.

For many people, computers are these mysterious things that process information in ways not easily understood, yet we trust them. Why is this? Are we lazy as a nation? Do people just not care? Maybe they feel stupid and are afraid to ask. Nobody else seems to be asking why should they?

As a kid I used to ask. Did not get answers then. As an adult I am asking again. Are you?

Until the Information age, all political discourse happened in ways one could trace to a degree. Sure, two people talking behind the fence are tough to audit, but the paper trail they leave as they execute on their plan is. Moving information required people to be involved back then. Recorded information was in a form not easy to change without somebody knowing about the nature of the change at a minimum. This brought with it a level of accountability we could ultimatly trust.

Today these things are not true anymore. Computers process and store information in ways that b

begging for answers, are we?

[MegaFur]

This begs the question: Is it better for security researchers to avoid publicly criticizing e-voting flaws? Is public faith in the system more important than overall system security?

Answer: No.
(And that's pretty gutsy--trolling at the end of the article itself. :-) )

To answer the question...

Is it better for security researchers to avoid publicly criticizing e-voting flaws? Is public faith in the system more important than overall system security?

HELL YES!

We should have faith in our government. They know what's best for us. As our democratically elected representatives, they will look out for our interests.

In the words of a famous republican

[hey!]

"Trust but verify."

Language: a clear, precise means of communication?

[Dwonis]

However, if people allow a language to change too quickly, then what you end up with is a large numbers of colloquialisms that basically form a new, incompatible language.

Because of the length of time over which this generally occurs, I fail to see the problem.

Please re-read what I wrote. I am talking specifically about the case where this length of time is short. Also, there are reasons why that length of time has been short in the past, which might include:

1. the lack of cheap, efficient means of global communication
2. so-called "language lawyers"

(Confused? Consider these: HTML, CSS, XML, Perl, PHP, Java... you get the idea.)

HTML, CSS, XML, Perl, PHP, Java, and PDP-11 still mean pretty much the same thing they did a year ago. They aren't changes in existing language, just additions to it.

There is already an efficient means of stating that something "raises a question", and this is different from "begging the question". Merging these two logically distinct phrases in our language makes the language a less efficient tool for communicating.

Also, in this case, we are discussing a term which is specific to the science of Logic. I think that when a non-logician tells a group of logicians that they need to invent a new phrase because "language evolves" simply demonstrates the non-logician's ignorance. It's no different than a PHB who, when corrected, tells Bruce Schneier that ROT-13 really is a "strong cipher", just because he and his friends have been calling it one (or that Sun Java really is "open source").

I agree that language evolves, but people have lately been using that fact as a means to justify their ignorance.

Contact info for Ms. Lamone

[elb]

Generic email address: sep@elections.state.md.us

other modes of contact are here.

Aussies do it right: E-Voting

[t_kleinster]

http://www.wired.com/news/ebiz/0,1272,61045,00.htm l