Slashdot Mirror
Maryland Electronic Voting Systems Found Vulnerable
snoitpo writes "My fine state (Maryland) has hired some people I can respect to hack into Diebold voting machines. The Washington Post (read it free for 2 weeks) has the details. From this story and the one on NPR, the state hired a company and set up a test voting precinct and had the group try whatever they could to break into the machines. Most of the attacks would probably be noticed by an even-half-awake poll staff, but some vulnerabilities were exposed. The net seems to be that you could really mess up individual machines, but the grail would be to get to the central collection servers and send a megavote to your favorite candidate. The last paragraph mentions problems that voting machines had in the last election in Virginia; it's interesting to note that those use wireless networking--my jaw has dropped onto my keyboard and I can't comment any further." Other readers sent in two stories in the Baltimore Sun (1, 2), and one in the NY Times.
At a minimum, electronic voting machines need to print out a paper receipt. That would allow a recount and increase accountability in the system. Without a paper receipt, you may not even be able to determine that an attack has occurred.
Bruce Schneier, author of Beyond Fear and the fantastic Applied Cryptography, has an old but good commentary on the some security issues of electronic voting machines in his Crypto-gram newsletter.
I'd like to take this opportunity to coin the phrase "War Voting". :)
"History doesn't repeat itself, but it does rhyme." Mark Twain
Just print out a freaking report of what was actually registered in the voting machines database. If it doesn't match up to what you input, get it fixed. Sheesh, how hard is that? Heat registered paper just like at the gas stations, it's almost free.
Paper receipts open the system up to vote-selling. Not good, and not allowed!
The voter might be able to see the paper (under glass), but that's about it.
J
Screw wireless (wtf are they thinking) voting.
If you want accountability, put in some form of VERY hard to break security and go with it.
Voter apathy is going to occur whether people can vote online or not.
This is a rehash of all the other Diebold crap down in Fla. Until it's secure, imo this is non-news.
Is it because it's in a different state? Or because it's an attempt at accountability?
Sent from your iPad.
Electronic counting is okay, but they need to be counting physical ballots, not bits. There needs to be a physical paper trail that leads back to clearly-marked ballots that indicate what the voters intended.
The phone-in system is also a bit nonsensical. Ideally, the local counts should be published in each locality as quickly as possible, so that news organizations can do the math on their own, and any error introduced at any step in the way would quickly be noticed when numbers that are supposed to be the same don't check.
Diebold seems to be in the business of selling solitions that are worse than the problems they claim to solve.
Electronic voting will not help if two candidates are neck and neck or the election becomes complicated in some other way. They also throw in a very significant variable: hackability.
----
"Ours was a free culture. It is becoming much less so."-Lawrence Lessig
Paper voting works very well here, we are very wired but we use paper to vote and if a recount must be made we recount the paper. Why so much money on computer systems? Computer systems are very hard to secure. Paper has already been secured.
Isn't this a perfect example of the benefits of open source? Yes, you can hire a team of hackers to attack a black box, but it's just an ad hoc approach, and tomorrow or next week or next year some other hacker will find another weakness that wasn't found in the first pass. Wouldn't you end up with a much more secure system if you could openly and systematically apply those same efforts to reviewing the code inside that black box?
Thinking outside my Head
Great idea... cover the locks with tamper tape. So rather than rigging the election outright by going to the trouble and difficulty of changing the votes on the server, etc., criminals can do it by disqualifying voting machines by breaking the tape, disenfranchising thousands of voters at a time.
(Can they cover the software issues with tamper tape, too? That might be helpful.)
-Trick
There is a bill before the Maryland State House that would require a voter verifiable paper trail on all electronic voting machines in the state of maryland. The bill also calls for a random sampling of the paper ballots to ensure that the electronic count has not been tampered with. House Bill 53 was just read into the ways and means committee two weeks ago but with the release of the reports I hope there it can gain more support and pass the house.
Zambozay! My brain must've been eatin' a sandwich!
I don't understand why voting machines are being introduced in the first place. Is it just the stupid perception that "if it's automated, it must be better"? In fact, by introducing machines, you're just introducing a hell of a lot more problems, and possible failure points, as well as making the whole process more opaque.
In the Canadian federal elections, IIRC, as well as the Ontario provincial elections, voting and counting is still done by hand. At every stage a paper record is created, so that if any irregularities are suspected, the whole process can be audited. I believe such an inquiry was undertaken in Quebec after some tricky vote counting in Quebec after the last referendum.
What's going to happen? We'll elect someone who didn't get the most legitimate votes...?
wait..
" Removable memory cards inside the machine can be tampered with if a lock is picked or if one of thousands of keys is stolen." - From the Article
If I could pick the lock or steal a key to the paper ballot box, I could tamper with the votes too.
Sorry, it's taken. "War voting" already means casting a vote for W.
My home and native land,
We use a simple paper ballot,
That all can understand.
Can't think of anything else to add to that comment.
"If you want to vote for Candidate A, you throw a pine cone in this box. If you want to vote for Candidate B you throw a birch branch in this box. After a while though, the boxes get pretty heavy and weigh a couple of kilometers."
I RTFA. But regardless of how poor this "AccuVote" implementation is, electronic voting can work -- and will prevail, if technophobic feelings are kept at bay. All it takes is some smarter dude to do the development.
The reasoning is simple:
ATMs exist.
Quem a paca cara compra, paca cara pagará.
The NYTimes article mentioned in passing the work started Bev Harris, as described in her book ,and said that "Diebold stated that the code used by the researchers, which had been taken from a company Internet site and circulated online...". What actually happened is that supposedly private code, which no one should have been able to get to, was left in a wide open FTP server. And these are the guys we're supposed to trust with our elections. At this point I can't figure out whether Diebold's lack of security is due to malice or incompetance.
I am officially gone from
It seems now that Maryland is finally catching on, too.
"Teleporting Rodents with D-Cell Battery Displacement" theory -- IgnoramusMaximus (692000)
Internet voting system for overseas Americans is vulnerable, security experts say - and their comments extend to a scathing debunking of *all* internet voting methods.
A slightly older, but very thorough, article by Scott Granneman entitled the Electronic Voting Debacle.
Oh, and I can't leave without mentioning the essential Black Box Voting site...
[posted as an AC as I don't want to whore the karma]
I worked for a nameless financial institution. We had a certain number of Diebold Windows XP ATM's. 100% got infected with a virus that exploited a well-known vulnerability. We demanded Diebold agree to forfeit admin control of the systems or patch them within a short window of patch release.
Their response: "We'll put firewall software on the machines."
Since the contract was already signed we had no leverage and that ended up being the solution. Nice, eh?
akad0nric0
This sentence no verb.
I heard the NPR story on yesterday's ATC and was struck by the reporter's failure to ask some hard questions. For instance, there was a statement by a Diebold spokesdrone to the effect that "we fix any security issues that we think could be a problem." There was no followup regarding earlier reports of a Diebold built-in backdoor to the systems "for maintainence purposes.' A back-door which, IIRC, required no password or user id to gain access to the server's databases.
Also, there was no discussion of the debate between those of us that believe that the e-voting systems should be required to use Open Source software vs. folks at Diebold and other vendors, who foist off the "trust us, we know what we're doing" line on the public. There was no real discussion of the effect that questionable e-voting results could have on the American political system. There was also no mention of the fact that Diebold's president is involved with raising money for the G.W. Bush re-election campaign and has pledged, IIRC, "to do everything I can to deliver the vote to George Bush." All in all I'm afraid that NPR really dropped the ball on this particular issue.
Just my $.02,
Ron
Impeach Barack Obama for violating the Constitutional requirement to be a "natural born" citizen to hold the office of P
Suppose I know the tendency of a district and I would rather that districts results are lost. Examples of activity to interfere would include:
- Cutting Power
- Electromagnetic Interference (burst device wiping out memory cards)
- Knocking out wireless infrastructure (cell towers, radio repeaters, whatever they use)
Some folks would say that we are overreacting and that all of these criminal activities have current-day equivalents. But without a paper-trail you only need to wipe one memory card remotely to kill hundreds of votes before they are sent to the server.Come play Moral Decay!
I'm one of the people who did this and you should take a look at the acutal report before you start ranting.
We witness not a fallen world, but falling every day - The Call.
Linda H. Lamone, the administrator of the Maryland State Board of elections, said that the group had produced "a very good report," and that the state would take its recommendations seriously.
Still, she noted that tampering with voting equipment is a felony. "I'm not sure how many people would be willing to get a felony conviction and risk going to jail over an election," she said. Citing the problem of easily opened locks on the machines, she said an attempt to unlock a machine "would be very unlikely to succeed, because it would have to occur in a public place."
This woman should be fired from her job. She basically states that because some act would be a crime that no one would do it!!!
Did that stop Richard Nixon?
Did that stop whoever blew valerie Plame's cover?
Did that stop the authors of MyDoom from writing the virus?
Did that stop all the people in the US who committed crimes last year?
Did that stop Ken Lay and the fine folk at Enron?
Did that stop Halliburton from overcharging the Army?
What a fucking joke. It could have been a Microsoft security advisory for all the good it will do.
My premontion: There will be massive irregularities in the 2004 elections and guess who will win again?
Duh...
We'll never have a valid e-voting system until the software is treated as a critical-systems type of application. I mean, it's not like the software is doing something like figuring the interest on a loan. The developers need to treat this software as seriously as they would the software in emergency medical equipment.
And for bonus Karma, that quote is from The Simpsons:
"Me fail English??? That's unpossible!"
-Ralphie
Another favorite by Ralphie:
"And so the doctor said I wouldn't get as many nose bleeds if I just kept my finger outta there"
Sibling post is an idiot. It was Ralph Wiggum.
I don't need no instructions to know how to rock!!!!
Considering there's a vulnerability in almost anything (and just a matter of time before someone finds it), I think at *this* point in time it is a very bad idea to make something as important as VOTING something we can do online.
The last thing we need is a botched up election with later claims that the system was found vulnerable, etc..
It's handy, no doubt, but maybe we should wait a bit...
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
I really don't get it. Why are people so hard for getting the frickin' election results the night of the election? What is the rush? Why not do it the old fashioned way... paper ballots, counted by hand, by a team of old ladies. So we get the results a week after the fact. So what? Again, what is the big rush? I say, chill out, and do it by hand, with paper and pencil.
One more thing. Where are these people from, who authorized computerized voting. Have these people never used a computer before? Have they never lost their work due to a system problem? I can only assume that they don't give a damn about election integrity, and that is telling.
Mod down people who tell people how to mod in their sigs
William A. Arbaugh, an assistant professor of computer science at the University of Maryland and a member of the Red Team exercise, said, "I can say with confidence that nobody looked at the system with an eye to security who understands security."
Mr. Wertheimer said the application of security was inconsistent, with encryption applied in some places without the accompanying technology of authentication to ensure that the machines that are communicating with each other are the ones that are supposed to be communicating and that an interloper has not jumped in. "It's like washing your face and drying it with a dirty towel," he said.
Whenever I hear about the latest and greatest electronic voting scheme, it gives me pause to wonder who is behind this.
Mechanical voting machines have proved effective and relatively reliable for many, many years. I've heard the claim that the company that once manufactured them has gone out of business and that spare parts are no longer available. I say, BUNK. Given the amount of money that will undoubtedly be spent on engineering incredibly vulnerable systems which will be obsolete in a few years as compared to the previous systems which worked fine for a few decades, it would be a trivial task to have new parts designed and produced for the older machines.
Whose boondogle is the whole idea of electronic voting?
Put my fist through my alarm clock with its ding-dong death inside my ear. - The Blackjacks.
http://www.capc.umd.edu/rpts/MD_EVoteEval.pdf
Que Deus te de em dobro o que me desejas
[May God give you double that which you wish for me]
...we will never have the perfect voting system. If these electronic voting systems prove to be worse than the infamous punch-card ballots (which is what people seem to be suggesting) then electronic voting may have defeated its purpose. Maybe we should stick to the kind of ballots we have where I live in Iowa: you mark the ballot with a marker, and it gets read by computer, much like standardized tests do. It's reasonably accurate and can be counted by hand if needed, and is not so prone to hacking. P.S. - sorry if I submitted an empty comment earlier - my mistake
Remember to use a Mac when you hack the machines . . . it's the latest tip from the FBI. --Tsiangkun
hacking into the voting computers. It's the insiders with an agenda that I am concerned about. The ONLY way to get around this is with a voter-verifiable paper trail AND taking the vote counting away from corporations that create the machines and putting the counting where it belongs: citizen groups.
Diebold and ALL the other commercial vote machine vendors are heavy Republican donors and, particularly in the case of Diebold, run by individuals devoted to getting Republicans elected and Bush elected (I can't say "re-elected" as he didn't get elected in the first place). THESE criminals have the means and motive to taint the vote...in secret! They are in control of the machines and the vote tallies. They cannot be trusted, given how openly partisan they are.
It is NOT the random outside hacker we need to worry about that much (sure, protect against it), it is the machine makers and vote counters themselves that have to be protected against. Ask yourself this: Why is it that EVERY vendor of voting machines are so adamantly opposed to any paper trail possibility? Why are they so strenous in their arguments against it? Because it would queer their ability to tamper with the vote tallies.
Voter-verifiable paper trail. It's the only way to be sure.
In Bushworld, they struggle to keep church and state separate in Iraq as they increasingly merge the two in America.
I mean, we remember what happened a while back right? If I recall there were a number of security related risks regarding customer information... or did they release that information on a voluenteer basis?
who knows? It might just take a result of "George Bush: 99.9%, xyz 33.5%, 105% of precincts reporting, 803 million registered voteres" for people to wake up and realize that there is a problem here.
Would you like to steal an election? Here's a quick survey of how to do it. I'm absolutely serious: I've been involved in political campaigns for years, and have held elected public office. And one of the reasons I'm no longer actively involved in party politics (per se) is that I caught one of my committee people doing some of the shenanigans I mention below.
First--don't waste your time trying to cheat inside the polling place.
You would think the obvious place to steal votes would be in the voting booth, right? After all, bank robbers rob banks--so election crooks would gravitate toward polling places. Right?
Wrong. The place to steal elections is in absentee ballots.
Absentee ballots: the mother lode of vote fraud
Let's suppose that you learn that you've been scheduled for a trip out of state that will keep you from voting. You can call your county courthouse and ask for an absentee ballot application. They'll send you a form, which you fill out and return, and then you'll get an absentee ballot in the mail. You fill out the ballot and send it back to the courthouse by the due date--congratulations! You have voted absentee, and your vote has made the nation stronger. In a perfect world, that's how absentee ballots are supposed to work.
Over the past twenty or twenty-five years the absentee ballot process has, um, changed. In a blowout absentee ballots are meaningless--but in a closely-contested race a handful of absentee ballots can be the difference between a "moral" victory and the real thing. (As a college student I functioned as an "absentee ballot captain"--identifying college students in the Philadelphia area who lived in the 10th congressional district in Illinois. I got them registered to vote at home, and made sure they voted absentee. I put in scores of hours of work--and turned in something like a dozen votes. In 1978 we lost the election by 6 votes--in a special election in 1979 we won by something like 120.) As the value of absentee ballots has become more apparent, people have started to cheat. (The rules for absentee ballots, and the opportunity to cheat, really expanded dramatically with the "Motor Voter" bills that got jammed through state legislatures in the early 1990s.)
How to steal absentee ballots
The simplest way to steal absentee votes is to work your way through nursing homes. The ideal method is to have a dedicated party worker who is a resident of the nursing home--but you can also send in a "volunteer." Nursing homes love volunteers who come to visit--so it's easy to plant somebody. However you do it, your party worker announces that she (or he) wants to help everybody participate in the election. Nothing wrong with that, right? So she distributes voter registration cards (perhaps with your party already checked), and promises to make sure that all the cards get turned in to the courthouse. When election time rolls around, she points out that senior citizens can get absentee ballots without question, and without anything like a doctor's note. All you have to do is ask. So Helpful Sally signs up everybody for absentee ballots. And since the absentee ballot is a bit confusing, Helpful Sally helps everybody fill out their ballot. As a general rule, Helpful Sally is going to get in trouble if she tries to buffalo people into voting for her candidate for governor--but practically nobody knows the names and/or positions of candidates for judge, for district magistrate, for local races--even for state legislative positions. All Helpful Sally has to do is say, "if you don't know the candidates, just leave the ballot blank." Oh, how helpful Sally really is. And to be really helpful, Helpful Sally offers to save the voter the cost of the stamp: she'll take the ballot to the courthouse herself, so your vote won't get lost in the mail.
Once the ballot is done, Helpful Sally can do two things. If the voter picked the wrong office, Helpful Sally can simply "lose" the ballot. Unless the senior citiz
Maybe instead of putting fully networked machines in front of the voter, we should look at this a different way:
1) Start with each machine being configured to run stand-alone.
2) The voter places their votes, and is issued a paper reciept containing who you voted for, and what booth you used (perhaps a machine readable only side to give to the attendant, and a human readable side that you keep, for privacy) with their entries encoded into a bar code of sorts, as well as being recorded locally.
3) They bring the reciept to the person administrating the voting at that location, who takes their reciept and runs it though a reader which tabulates the votes for the whole voting session.
In the end those results are tallied against the individual voting booths, and as well as having a paper trail to fall back on, and it prevents someone in the booth from being able to do any more damage than corrupt whatever was done on their machine. And if the attendant tries anything with his machine, the count between the different booths will also be thrown off, and it would be very difficult (never say impossible) to destroy reciepts for one specific person because of the encoding.
Throw strong encryption and a minimal and hardened OS into the mix, and it might actually be reliable.
The most frustrating part is that my county already had perfectly good voting machines: paper-based scantron-type forms where you mark the appropriate rectangle and a simple scanner tabulates the results. Effective, verifiable, well-understood, and relatively inexpensive. In other words, the complete opposite of what the state just bought for us.
--Approve Approval Voting Now!
As a longtime Maryland voter, in my observations this situation has far outstripped the technical problems with the Diebold systems. The problems have been well documented--from the issues in California, to testimony of various experts before our own state legislature, and now another group of experts. We've had secret e-mails exposed, we've had experts from Johns Hopkins (Maryland's academic Holy of Holies), and ample warnings from all manner of well qualified individuals. Now people from the NSA (Maryland's second governmental Holy of Holies, next after Social Security) have weighed in.
What does all this tell us? Well, I think anybody with a modicum of sense can see that the Diebold system is badly flawed. The Baltimore Sun has spelled it out in words that even non-technical people can understand.
What we have here is an elections board made up of political hacks, all trying to cover their individual and collective arses so they can continue to feed at the government trough. They made an ill-considered and ill-advised purchase of these machines, and they'll stop at nothing to excuse themselves and to see that we're forced to vote under the ridiculous circumstances they've imposed on us. Trying to make logical sense of what they say is an exercise in futility.
Didn't somebody once say that the OSI model had an eighth layer--the political layer? Well, fellow Marylanders and assorted interested parties, that's where we're functioning now. The merits (and lack of merits) of the Diebold system are a moot point, and I fully expect to be voting on one in November.
I have to echo a question asked by someone else: What is/was wrong with the voting machines we used for so many years?
Anne
DUCT TAPE: The Election Supervisors' Secret Weapon
From the old software deployment methodology, why can we have the computer stations that work on the Operation (that childrens game) model. After you punch down your punch is counted in the computer and you still have your card. Spend a few years counting both and see how that works out. By then should be on version 3 or so and service pack 5.
Perhaps the hackers were respectable, finding the clearly serious flaws. But at least one decision maker still seems to have reached the wrong conclusions:
It's apparently "impossible" to put some of the recommendations in place in time, but they're sticking with the system. How do they add a paper trail without patches of some kind, assuming they don't just make everyone vote twice?
"I don't disagree with what they say -- they're the experts," Lamone said after the Senate hearing. But, she added, "I think it's a very good system."
And how do they put "tamper tape" on a phone number whose answering system the consultant says is "easily" breakable and can't be patched in time?
Their higher priority appears to be that the Diebold systems will fly in March, not that they will use a trustworthy system.
No, we DON'T need paper trails or receipts or anything like that. There is absolutely no sense in using a backup that is guaranteed to be wrong.
No, there is NO problem with using a wireless network; if a vulnerablility is created just because it happens to be wireless then you have bigger problems to deal with.
All that is needed is a good implementation of public key and a very small amount of thought as to where an individual vote needs to be guaranteed accurate.
It's perfectly feasible to create an all electronic system that's perfectly accurate, nearly hackproof, massively verifyable, and almost instantly countable. It's a problem a high schooler could lay the foundation for.
So why are we wasting our time with the trash presented so far? Because the states haven't been asking the providers to go through the extra trouble. Let them take the easy way out and of course they will.
But get off this nonsense about paper trails, receipts, and outrage over wireless.
The problem with paper voting wasn't the counting system, but the innacurate/non standardized methods of presenting the cadidates, and making people put a hole through a piece of paper paper. Instead, let voters select their candidates on screen, have the ballot be printed (maybe with a barcode!) and have them hand it in to the moderators. It solves the problem of clarity/standardization, and you're not doing electronic tabulation.
Electronic voting is ill-fated on many levels. If you have the time please, PLEASE listen to "The Annoying Gap Between Theory and Practice" audio found here. Just do a search for "The Annoying Gap Between Theory and Practice" in the search window in the left column. It fills many gaps as far as understanding the fundamental "problems" with e-voting, and it's quite an eye opener. Good luck.
"The greatest obstacle to discovery is not ignorance - it is the illusion of knowledge." - Daniel Boorstin
Actually, voters in Oregon are required to sign the envelope before they put it in the mail. While it's not foolproof, it's obvious if every ballot has been signed by the same person.
Nathan
i read many of the posts here about disrupting the process, or tampering with votes between submission and counting.
my question is: suppose someone DOES manage to wipe out or tamper a bunch of votes, and the volunteers realize it. would the county actually admit they just lost 10,000, 20k, 30k votes by accident? there's no way you could sue the county, so all these folks would be denied their constitutional rights with no way for recourse.
in the neon of agrajag:
be afraid, be very afraid...
https://www.accountkiller.com/removal-requested
Of course voting machines are vulnerable. They were designed by Diebold that way, so Bush can once again steal an election.
With no audit, no paper trail, and no accountability, it'll be a cake walk. Of course if they get exposed, they say "We didn't know" and then put the decision into the hands of the Supreme Court of Kangaroos and you know how that story goes.