Slashdot Mirror
Maryland Electronic Voting Systems Found Vulnerable
snoitpo writes "My fine state (Maryland) has hired some people I can respect to hack into Diebold voting machines. The Washington Post (read it free for 2 weeks) has the details. From this story and the one on NPR, the state hired a company and set up a test voting precinct and had the group try whatever they could to break into the machines. Most of the attacks would probably be noticed by an even-half-awake poll staff, but some vulnerabilities were exposed. The net seems to be that you could really mess up individual machines, but the grail would be to get to the central collection servers and send a megavote to your favorite candidate. The last paragraph mentions problems that voting machines had in the last election in Virginia; it's interesting to note that those use wireless networking--my jaw has dropped onto my keyboard and I can't comment any further." Other readers sent in two stories in the Baltimore Sun (1, 2), and one in the NY Times.
At a minimum, electronic voting machines need to print out a paper receipt. That would allow a recount and increase accountability in the system. Without a paper receipt, you may not even be able to determine that an attack has occurred.
Bruce Schneier, author of Beyond Fear and the fantastic Applied Cryptography, has an old but good commentary on the some security issues of electronic voting machines in his Crypto-gram newsletter.
Screw wireless (wtf are they thinking) voting.
If you want accountability, put in some form of VERY hard to break security and go with it.
Voter apathy is going to occur whether people can vote online or not.
This is a rehash of all the other Diebold crap down in Fla. Until it's secure, imo this is non-news.
Is it because it's in a different state? Or because it's an attempt at accountability?
Sent from your iPad.
Electronic counting is okay, but they need to be counting physical ballots, not bits. There needs to be a physical paper trail that leads back to clearly-marked ballots that indicate what the voters intended.
The phone-in system is also a bit nonsensical. Ideally, the local counts should be published in each locality as quickly as possible, so that news organizations can do the math on their own, and any error introduced at any step in the way would quickly be noticed when numbers that are supposed to be the same don't check.
Diebold seems to be in the business of selling solitions that are worse than the problems they claim to solve.
Electronic voting will not help if two candidates are neck and neck or the election becomes complicated in some other way. They also throw in a very significant variable: hackability.
----
"Ours was a free culture. It is becoming much less so."-Lawrence Lessig
Paper voting works very well here, we are very wired but we use paper to vote and if a recount must be made we recount the paper. Why so much money on computer systems? Computer systems are very hard to secure. Paper has already been secured.
Isn't this a perfect example of the benefits of open source? Yes, you can hire a team of hackers to attack a black box, but it's just an ad hoc approach, and tomorrow or next week or next year some other hacker will find another weakness that wasn't found in the first pass. Wouldn't you end up with a much more secure system if you could openly and systematically apply those same efforts to reviewing the code inside that black box?
Great idea... cover the locks with tamper tape. So rather than rigging the election outright by going to the trouble and difficulty of changing the votes on the server, etc., criminals can do it by disqualifying voting machines by breaking the tape, disenfranchising thousands of voters at a time.
(Can they cover the software issues with tamper tape, too? That might be helpful.)
-Trick
The voter might be able to see the paper (under glass), but that's about it.
Thats the WHOLE POINT of paper receipts! How useful is a machine if you can't verify it's results? The big thing with paper reciepts is that the voter then has proof for himself that *he* voted in a particular way.. he can't walk away with that proof... that proof is left for verification purposes only. How hard is that to grok?
Make sure everyone's vote counts: Verified Voting
I don't understand why voting machines are being introduced in the first place. Is it just the stupid perception that "if it's automated, it must be better"? In fact, by introducing machines, you're just introducing a hell of a lot more problems, and possible failure points, as well as making the whole process more opaque.
In the Canadian federal elections, IIRC, as well as the Ontario provincial elections, voting and counting is still done by hand. At every stage a paper record is created, so that if any irregularities are suspected, the whole process can be audited. I believe such an inquiry was undertaken in Quebec after some tricky vote counting in Quebec after the last referendum.
" Removable memory cards inside the machine can be tampered with if a lock is picked or if one of thousands of keys is stolen." - From the Article
If I could pick the lock or steal a key to the paper ballot box, I could tamper with the votes too.
What's wrong with the current system? The voter looks at the paper, and if they like it take it to the locked ballot box that's next to the exits, and if they don't they hand it to an offcial who stamps "VOID" on it and they get another blank to try again...
My home and native land,
We use a simple paper ballot,
That all can understand.
Can't think of anything else to add to that comment.
I RTFA. But regardless of how poor this "AccuVote" implementation is, electronic voting can work -- and will prevail, if technophobic feelings are kept at bay. All it takes is some smarter dude to do the development.
The reasoning is simple:
ATMs exist.
Quem a paca cara compra, paca cara pagará.
Washington Post, NPR, NY Times... All so-called "liberal" media outlets, huh? Any news about this in the Washington Journal or Fox News? Doubt it, cause we all know who Diebold's friends with...
Who's looking out for you?
+1 Insightful, -1 Troll. What can I say, I'm an Insightful Troll.
Suppose I know the tendency of a district and I would rather that districts results are lost. Examples of activity to interfere would include:
- Cutting Power
- Electromagnetic Interference (burst device wiping out memory cards)
- Knocking out wireless infrastructure (cell towers, radio repeaters, whatever they use)
Some folks would say that we are overreacting and that all of these criminal activities have current-day equivalents. But without a paper-trail you only need to wipe one memory card remotely to kill hundreds of votes before they are sent to the server.Come play Moral Decay!
I'm one of the people who did this and you should take a look at the acutal report before you start ranting.
We witness not a fallen world, but falling every day - The Call.
Linda H. Lamone, the administrator of the Maryland State Board of elections, said that the group had produced "a very good report," and that the state would take its recommendations seriously.
Still, she noted that tampering with voting equipment is a felony. "I'm not sure how many people would be willing to get a felony conviction and risk going to jail over an election," she said. Citing the problem of easily opened locks on the machines, she said an attempt to unlock a machine "would be very unlikely to succeed, because it would have to occur in a public place."
This woman should be fired from her job. She basically states that because some act would be a crime that no one would do it!!!
Did that stop Richard Nixon?
Did that stop whoever blew valerie Plame's cover?
Did that stop the authors of MyDoom from writing the virus?
Did that stop all the people in the US who committed crimes last year?
Did that stop Ken Lay and the fine folk at Enron?
Did that stop Halliburton from overcharging the Army?
What a fucking joke. It could have been a Microsoft security advisory for all the good it will do.
My premontion: There will be massive irregularities in the 2004 elections and guess who will win again?
Considering there's a vulnerability in almost anything (and just a matter of time before someone finds it), I think at *this* point in time it is a very bad idea to make something as important as VOTING something we can do online.
The last thing we need is a botched up election with later claims that the system was found vulnerable, etc..
It's handy, no doubt, but maybe we should wait a bit...
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
I really don't get it. Why are people so hard for getting the frickin' election results the night of the election? What is the rush? Why not do it the old fashioned way... paper ballots, counted by hand, by a team of old ladies. So we get the results a week after the fact. So what? Again, what is the big rush? I say, chill out, and do it by hand, with paper and pencil.
One more thing. Where are these people from, who authorized computerized voting. Have these people never used a computer before? Have they never lost their work due to a system problem? I can only assume that they don't give a damn about election integrity, and that is telling.
Mod down people who tell people how to mod in their sigs
Whenever I hear about the latest and greatest electronic voting scheme, it gives me pause to wonder who is behind this.
Mechanical voting machines have proved effective and relatively reliable for many, many years. I've heard the claim that the company that once manufactured them has gone out of business and that spare parts are no longer available. I say, BUNK. Given the amount of money that will undoubtedly be spent on engineering incredibly vulnerable systems which will be obsolete in a few years as compared to the previous systems which worked fine for a few decades, it would be a trivial task to have new parts designed and produced for the older machines.
Whose boondogle is the whole idea of electronic voting?
Put my fist through my alarm clock with its ding-dong death inside my ear. - The Blackjacks.
Isn't that pathetic? The guy below get a +5 funny while you get -1 flamebait for the same comment.
Slashdot is lame.
All moderators deserve to be fucked up the ass 'til they bleed to death.
was in August when we really need the fanning:t e.zhtml?ti cker=DBD&script=410&layout=-6&item_id=4897 44
http://www.corporate-ir.net/ireye/ir_si
Good point! All this talk about hackability of the system and paper receipts and back doors obscures what should be the basic necessary but insufficient condition for any electronic voting system. Let me lay it out:
If the code isn't open and viewable to the public, I don't trust it...and neither should you.
Four fifths of all our troubles in this life would disappear if we would just sit down and keep still. -C. Coolidge
Would you like to steal an election? Here's a quick survey of how to do it. I'm absolutely serious: I've been involved in political campaigns for years, and have held elected public office. And one of the reasons I'm no longer actively involved in party politics (per se) is that I caught one of my committee people doing some of the shenanigans I mention below.
First--don't waste your time trying to cheat inside the polling place.
You would think the obvious place to steal votes would be in the voting booth, right? After all, bank robbers rob banks--so election crooks would gravitate toward polling places. Right?
Wrong. The place to steal elections is in absentee ballots.
Absentee ballots: the mother lode of vote fraud
Let's suppose that you learn that you've been scheduled for a trip out of state that will keep you from voting. You can call your county courthouse and ask for an absentee ballot application. They'll send you a form, which you fill out and return, and then you'll get an absentee ballot in the mail. You fill out the ballot and send it back to the courthouse by the due date--congratulations! You have voted absentee, and your vote has made the nation stronger. In a perfect world, that's how absentee ballots are supposed to work.
Over the past twenty or twenty-five years the absentee ballot process has, um, changed. In a blowout absentee ballots are meaningless--but in a closely-contested race a handful of absentee ballots can be the difference between a "moral" victory and the real thing. (As a college student I functioned as an "absentee ballot captain"--identifying college students in the Philadelphia area who lived in the 10th congressional district in Illinois. I got them registered to vote at home, and made sure they voted absentee. I put in scores of hours of work--and turned in something like a dozen votes. In 1978 we lost the election by 6 votes--in a special election in 1979 we won by something like 120.) As the value of absentee ballots has become more apparent, people have started to cheat. (The rules for absentee ballots, and the opportunity to cheat, really expanded dramatically with the "Motor Voter" bills that got jammed through state legislatures in the early 1990s.)
How to steal absentee ballots
The simplest way to steal absentee votes is to work your way through nursing homes. The ideal method is to have a dedicated party worker who is a resident of the nursing home--but you can also send in a "volunteer." Nursing homes love volunteers who come to visit--so it's easy to plant somebody. However you do it, your party worker announces that she (or he) wants to help everybody participate in the election. Nothing wrong with that, right? So she distributes voter registration cards (perhaps with your party already checked), and promises to make sure that all the cards get turned in to the courthouse. When election time rolls around, she points out that senior citizens can get absentee ballots without question, and without anything like a doctor's note. All you have to do is ask. So Helpful Sally signs up everybody for absentee ballots. And since the absentee ballot is a bit confusing, Helpful Sally helps everybody fill out their ballot. As a general rule, Helpful Sally is going to get in trouble if she tries to buffalo people into voting for her candidate for governor--but practically nobody knows the names and/or positions of candidates for judge, for district magistrate, for local races--even for state legislative positions. All Helpful Sally has to do is say, "if you don't know the candidates, just leave the ballot blank." Oh, how helpful Sally really is. And to be really helpful, Helpful Sally offers to save the voter the cost of the stamp: she'll take the ballot to the courthouse herself, so your vote won't get lost in the mail.
Once the ballot is done, Helpful Sally can do two things. If the voter picked the wrong office, Helpful Sally can simply "lose" the ballot. Unless the senior citiz
Maybe instead of putting fully networked machines in front of the voter, we should look at this a different way:
1) Start with each machine being configured to run stand-alone.
2) The voter places their votes, and is issued a paper reciept containing who you voted for, and what booth you used (perhaps a machine readable only side to give to the attendant, and a human readable side that you keep, for privacy) with their entries encoded into a bar code of sorts, as well as being recorded locally.
3) They bring the reciept to the person administrating the voting at that location, who takes their reciept and runs it though a reader which tabulates the votes for the whole voting session.
In the end those results are tallied against the individual voting booths, and as well as having a paper trail to fall back on, and it prevents someone in the booth from being able to do any more damage than corrupt whatever was done on their machine. And if the attendant tries anything with his machine, the count between the different booths will also be thrown off, and it would be very difficult (never say impossible) to destroy reciepts for one specific person because of the encoding.
Throw strong encryption and a minimal and hardened OS into the mix, and it might actually be reliable.
As a longtime Maryland voter, in my observations this situation has far outstripped the technical problems with the Diebold systems. The problems have been well documented--from the issues in California, to testimony of various experts before our own state legislature, and now another group of experts. We've had secret e-mails exposed, we've had experts from Johns Hopkins (Maryland's academic Holy of Holies), and ample warnings from all manner of well qualified individuals. Now people from the NSA (Maryland's second governmental Holy of Holies, next after Social Security) have weighed in.
What does all this tell us? Well, I think anybody with a modicum of sense can see that the Diebold system is badly flawed. The Baltimore Sun has spelled it out in words that even non-technical people can understand.
What we have here is an elections board made up of political hacks, all trying to cover their individual and collective arses so they can continue to feed at the government trough. They made an ill-considered and ill-advised purchase of these machines, and they'll stop at nothing to excuse themselves and to see that we're forced to vote under the ridiculous circumstances they've imposed on us. Trying to make logical sense of what they say is an exercise in futility.
Didn't somebody once say that the OSI model had an eighth layer--the political layer? Well, fellow Marylanders and assorted interested parties, that's where we're functioning now. The merits (and lack of merits) of the Diebold system are a moot point, and I fully expect to be voting on one in November.
I have to echo a question asked by someone else: What is/was wrong with the voting machines we used for so many years?
Anne
DUCT TAPE: The Election Supervisors' Secret Weapon
There was no attempt made to change the 'electoral process', only to cause it to adhere to its principles (i.e., the electoral college votes for a given state being cast for the candidate that got the most votes in that state).
Surely you understand the difference between "I am not accusing you of intentional wrongdoing" and "I believe you did not engage in intentional wrongdoing"? This is standard language when one's case does not pivot on intent; if in fact the behavior violated the rights of black voters, it becomes irrelevant from a *constitutional* standpoint whether or not that violation was intentional. Thus the NAACP gains nothing by accusing someone of wilfully violating the Constitution, and the opposite party is more likely to concede an inadvertent violation than an intentional one.
It's simple to make unfounded assertions. Do you understand what "vested interest" means? You gave no information that suggested anything other than Mr. Palast belives that George Bush is a Bad Guy, not that there was any vested interest in that position for him. Explain to me what Mr. Palast's 'vested interest' is (like, for instance, Cheney's Vested Interest in the Iraq war is that he will profit from the assignment of Halliburton as the primary contractor - that is a 'vested interest') in this issue is? You haven't illustrated any of the 'ignorant facts' (what the hell is an ignorant fact, anyway/) 'blatant mistruths' (I'm assuming you mean 'untruths' or 'lies',right?), or logical fallacies you mention, and have no evidence I seethat Mr Palast engages in 'artisan rhetoric' other than the fact that he's not a GeeDubya supporter.
Thinking outside my Head
The problem with paper voting wasn't the counting system, but the innacurate/non standardized methods of presenting the cadidates, and making people put a hole through a piece of paper paper. Instead, let voters select their candidates on screen, have the ballot be printed (maybe with a barcode!) and have them hand it in to the moderators. It solves the problem of clarity/standardization, and you're not doing electronic tabulation.
He led the discussion with the whole Diebold 'committed to raising $100,000 for GWB' thing.
Actually, I think he should have led with the paper trail issue - as others have said before, the GWB fund-raising thing is a red herring that makes voting machine critics look like tin-foil hat-wearing nutcases.
At the end of the day, the Diebold people are clearly incompetent, and the system is hugely flawed. Those facts are hard-to-dispute.
The idea that large groups of Diebold staffers are involved in a massive right-wing conspiracy is significantly harder to prove, and fails the Occam's Razor test - why ascribe to malice what can easily be ascribed to incompetence?
I agree that Diebold got off the NPR hook too easily on their security flaws...
Of course voting machines are vulnerable. They were designed by Diebold that way, so Bush can once again steal an election.
With no audit, no paper trail, and no accountability, it'll be a cake walk. Of course if they get exposed, they say "We didn't know" and then put the decision into the hands of the Supreme Court of Kangaroos and you know how that story goes.