Slashdot Mirror
Voting Machines Vs. Slot Machines
dmh20002 writes "Being a Nevada resident and knowing people who write code for slot machines, I was aware of the stringent measures the state of Nevada uses to vet the security of slot machines. The Nevada Gaming Control Board audits everything about them, both physical and soft, for unintentional and intentional security holes. Hearing the hoopla on voting machines, the contrast was obvious. Slot machines are about money, which is more important than votes, apparently. Now the state of Nevada is looking at electronic voting machines and plan to apply some of the same safeguards. Just applying the Nevada technical standards for gaming machines and vendors to voting machines would be a start, since there don't seem to be any standards for voting machines. A funny/sad sideline is that in Nevada, every year or two a programmer or engineer goes to jail for exploiting slot machines."
Now that was a fun contract. However, yeah, the security restrictions were remarkable.
Ever heard of 'the magic wand'? Or the 'coin whip'? The minute a slot machine with 'new security measures' is released, there are people that break it the very next minute. The way they keep things going? Good surveilence and good guards.
Good luck putting cameras in every voting booth. People won't mind, right??
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
Honestly, I felt pretty bad after reading about that computer programmer who had two daughters and stole $50,000 dollars. Yes, it seems crazy, but the guy admitted to everything and he had never been convicted of anything, and then all of a sudden he's in jail for at least 28 months. Poor guy, and his daughters -- I'm sure they were quite shocked.
Sometimes, I think justice in the US may be too harsh. It's a bit out of place when you repent, and obviously don't have a record to show you'll continue with crime, but are still left to rot in a prison where raw grunts rape people. Oh well.
Well, at least he made the casino industry quite rich. They must've been happy.
While it's worth noting because it shows the potential to cheat even in a closely watched industry (which the voting machine racket clearly isn't), one should note that programmer or engineer (who) goes to jail for exploiting slot machines is trying to cheat the casino. When the casino uses the software to cheat the player ist's a completely different issue.
I'm an American. I love this country and the freedoms that we used to have.
And think about this. Every time you interact with the government, they want to see your ID, from a routine traffic stop, to buying a fishing license. The only time they don't ask is when I go vote in Maryland. What's up with that? They just ask for the name of whatever dead person your are pretending to be.
The poster notes:
The Nevada Gaming Control Board audits everything about them, both physical and soft, for unintentional and intentional security holes.
And further:
A funny/sad sideline is that in Nevada, every year or two a programmer or engineer goes to jail for exploiting slot machines."
The sideline article notes that convicted slot-hacker Ron Harris was a gaming board official for several years, and that he provided "more than nine hours of videotaped statements concerning questionable activities in the control board and the gaming industry."
Maybe Harris is covering his tracks by spreading dirt. Then again, maybe the Gaming Control Board is dirty. In any case, comparing voting with gambling makes me fear for my country.
-kgj
-kgj
If you look at things statistically, a little money is much more valuable to an individual than his one vote.
Consider first the probability that one vote will actually change the outcome of an election: it's nearly impossible. Odds of 1/10e7 are typical. Mathmatically, a vote is just as bad an investment as a lottery ticket. (Which are, as they say, a "Tax on people who can't do math")
Then consider the real difference choosing a different president or governor will make to your life: not much, really. The two dominant political parties have grown very similar to each other. They'll rarely try to make a significant change (and most changes they attempt will be cancelled out by the other party in the next election). So not only is a vote unlikely to pay off, but that payoff isn't likely to change very much.
Thus, looking at all the possibilities, a rationally self-interested person will not waste his time voting. The hour+ it takes out of your day is actually much more valuable than the tiny chance that the vote you cast actually has a benefit to your life.
This is why explicit selling of votes was criminalized: because if it were legal, the free-market would reveal how cheap each vote really is!
PS. Having computed that voting is a waste of time, why do people still vote? Altruism. They vote not only for themselves, but also to share their wisdom with the rest of the country. And for more selfish reasons- like the feeling of success when your guy wins.
PPS. Several mathmaticians have created alternative voting schemes (different from simple majority) which boost the chance that any single vote will change the outcome of an election. But the public, so far, has rarely been interested.
and experience the problem/controversy. You can do a google on this controversy for more info.
My experience went as follows. I stepped in the voting booth. It was a very nice touch screen layout.
1/2 way through making my selections.. Up popped a message that my laptop battery was about to die, and that I'd better plug the machine in, etc. Well, I looked, and it was plugged in.
It turned out that these were not very secure systems at all. The basic platform was Windows on a laptop running non-networked. Storing the data on each machine, to later be combined / counted.
We're a long way from having anything better than punching a card, and eating chads. A hacker could easily do way more damage.
In the above case.... I was at the voting place early. I was #14 in my precinct to vote.
Actually there are a shitload of rules in place to ensure the odds are high but the casino doesn't cheat you. Its pretty much regulated. As for the voting machines, they too have methods of making things secure, and a lot of research is done on the subject e.g:
.. - Magkos, Burmester et al. - 2001
A public key cryptosystem and a signature scheme based on di.. (context) - ElGamal - 1985
Receipt-free secret-ballot elections (context) - Benaloh, Tuinstra - 1994
A practical secret voting scheme for large scale election (context) - Fujioka, Okamoto et al. - 1992
Multi-authority secret ballot elections with linear work - Cramer, Franklin et al. - 1996
Verifiable secret-ballot elections (context) - Benaloh - 1987
Universally verifiable mix-net with verification work indepe.. (context) - Abe - 1998
Designated verifier proofs and their applications - Jakobsson, Sako et al. - 1996
Elections with unconditionally- secret ballots and disruptio.. (context) - Chaum - 1988
How to prevent buying of votes in computer elections (context) - Niemi, Rendall - 1994
Public-key cryptosystems based on discrete logarithms residu.. (context) - Paillier - 1999
Some remarks on a receipt-free and universally verifiable mi.. - Michels, Horster - 1996
Receipt-free electronic voting schemes for large scale elect.. - Okamoto - 1997
A secure an optimally efficient multi-authority election sch.. (context) - Cramer, Gennaro et al. - 1997
Receipt-freeness in largescale elections without untappable
An Improvement on a practical secret voting scheme (context) - Ohkubo, Miura et al. - 1999
MoFscker
called Oasis Technologies.
The strictest of reviews are applied at both the hardware and software levels.
We dealt with finite based slot machines (like an electronic scratch-n-win ticket; all of the winners/losers are precomputed instead of relying on normal distribution). All of these winners/losers were stored in a database for later retrieval. The w/l lists are entirely randomly generated based on the number of w/l (essentially the payout) that the client desires.
One of our win/loss lists was rejected because it wasn't "random enough".
The only change needed would be to have the voters deposit their receipts in a ballot-box on the way out. Most places have laws which prevent voters from getting any kind of receipt for their vote. This is to try to keep politicians from being able to easily buy votes.
include $sig;
1;
Actually its much more compilcated than that, involving probability and what is actually on the virtual reels. It would be easy if you could change what certain winning compinations payed out, but generally you can't in software because of the signs on the machines. So inorder to change payout percentages you need to change what is on the reels and, at least where I work, it can take a good week to create and verify a reel strip.
Think about electronic breathalizers, for example.
At least for the State of North Carolina, all the elements of an exploit are present:
It would be trivial for an insider to rig the machine such that if the name of the person to be tested matched some internal structure, the readout would always be two tenths below whatever the calibration sample read.
And with that kind of exculpatory evidence on your side, one could drink and drive to one's heart's content and never have to worry about a drunk-driving conviction: just demand a breathalizer test to "prove" your innocence and the case would never make it to court for a closer examination.
The thing about things we don't know is we often don't know we don't know them.
That guy wasn't just some programmer, he's the same guy who rigged the Keno game out in Atlantic city and got caught.
Keno, as a refresher (and correct me if I'm wrong) is similar to the lottery, except that you have to choose eleven numbers, and in order to be a big winner, your numbers must match the ordering of the pulled numbers.
In fact, it is so unlikely that anyone would match all 11 numbers in order that no one has done it in the history of the game. (Except this guy, who rigged the game).
*ANY* other person who has the same amount of greed and exploits his position to gain his means deserves the same punishment.
I currently have no clever signature witicism to add here.
In my experiences with all things electronic, there is a certain amount of error that you just come to expect. Being forced to use a Windows system, I have encountered, on many occasions, all my data simply giving up and failing to exist any longer. In the last election where Florida had to recount their votes, they at least HAD something to recount. What are you going to tell the people of Nevada if the system crashes and their votes are lost? "Sorry, if you voted, we need you to come back?" Personally, I would be more than a little annoyed. Furthermore, no system is fool-proof entirely. Since the computer programmers who set up the system will more than likely know how to manipulate the system, any corrupt government official will try to buy his (or her) votes. The programmers will have all the power, and what was that saying... oh, yes... "Absolute power corrupts absolutely."
I saw your smiley, but damn, you're absolutely right. Bush hired convicted criminals to work in his cabinet. Worse, they are convicted of acts against their country! It's amazing.
If, on the other hand, there's a problem with a type of voting machine then what do you do? You can't just put off an election. The timing of those is usually mandated by law.
This is to me the scary side of the recent voting shennanigans.
First, implement flawed voting scheme, but do it slowly so as to keep it under the radar. Once enough people accept it, use it for the next BIG election. A short while later (ie: while still in office), notify the public that the vote didn't work, and the system is broken. Of course, it will take months at the very least to figure out what went wrong, some more months to implement a new voting scheme, etc, etc. Sorry, the election can't be counted, and we'll have to keep the current administration around until things get sorted out.
Does the US constitution or law have anything that deals with a situation like this? Sounds like a good way to stay in power a lot longer than you normally would otherwise.
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
I don't know about one person buying all the tickets to a lottery, but about twenty years ago, a group in California tried to get all possible tickets for the lottery as a publicity stunt. The convenience store chain they were working with managed to print out about 75% of the possible tickets before the drawing, when they had to stop. The group won, and managed to make a profit.
"They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
Bugger the electronic petition, and send a paper letter. That way, there is a verifiable paper trail of your request, and you know your representative (or at least his office) got it.
"They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
So, where are the open source voting projects?
:[ ). Rather than spend $6 million tax dollars on voting machines, the state could use free software on machines donated or on-loan from local white-box PC makers or big-name vendors who get to advertize: e.g., "Welcome to the 2004 State-wide elections. Powered by ViewSonic, the clear choice."
Voting is not that hard. A few developers could probably build software that would be useful for 80% of the voting use cases world-wide. And, it would likely be more secure and run on a range of inexpensive hardware.
Such an open source project would be a real social good, a work-around for a part of the software industry that is pretty clearly failing to represent the public interest, and a good demonstration that development of critical systems should happen more in the open.
It would also save money for debt-ridden state and local governments (thanks again, Bush
In New York your polling place has a book with a copy of your signature from when you registered to vote. When you vote you sign your name next to the signature copy (they cover it while you're signing). You'd have to have a copy of the dead guy's signature and be able to replicate it, assuming the poll volunteers are diligent.
Counting the votes is not the biggest fix in the system, choosing who gets a vote is. Back in the 1950s the southern seggregationist states had 'litteracy tests' which in practice were tests of skin color. A white guy no matter how illiterate always passed, A black guy could be a school teacher and would still be failled.
In Florida the fix was in long before the vote. Most folk know about the 'choicepoint' company that was paid to purge the voter rolls of 'fellons' and did so with an accuracy of less than 15%. Choicepoint were originally contracted to perform extensive cross checking of the scrub list but when Bush and Harris took over someone told choicepoint not to bother with any checking at all. Harris also sent numerous demands to the country returning officers on the implementation of the scrub list even though several districts were reporting astonishingly high error rates.
Click on my sig line to see the details. A postscript here is that when the Republicans had to diss the report on this fiasco they chose the same American Enterprise Institute 'fellow' to do the hatchet job who had previously been found peddling bogus statistics claiming 'More Guns Less Crime'. In fact as several researchers have shown the data Lott produced was fixed and when this spilled over into the blogosphere Lott was found to have been posting articles defending himself under a false name.
If you are worried about Diebold read the Pallast article, then work out how you can help to kick this scum out of office.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/