Slashdot Mirror
San Diego Diebold Poll Worker's Report Posted
James Renken writes "I was a poll worker in San Diego for this year's primary election. It was the county's first using Diebold voting machines, and as you may have heard, we ran into some problems! My full report of the goings-on can be found at Live from the Nuke Free Zone. Enjoy!"
Uncle Diebold's Clubhouse
On March 2nd, I was a poll worker for this year's California primary election. More specifically, I was a Systems Inspector in San Diego county, whose problems with voting machines and procedures received some coverage in the national media.
First, a summary of my personal opinion: I think that current electronic voting systems are better than the traditional systems in terms of security, and also in terms of usability for most people. However, I share the opinion of many bloggers that major security issues remain in the new machines and implementations, and that these issues should already have been fixed.
More details below...
This was San Diego's first election using electronic voting machines - specifically, Diebold AccuVote-TSx stations. Previous elections in the county used punch cards. The county failed to make the mandated upgrade prior to the last election, and a federal court ordered that it be done for this primary.
Previously, precinct boards in the county were made up of an Inspector, an Assistant Inspector, and clerks. As of this election, a Systems Inspector and an Assistant Systems Inspector have been added at each precinct. According to the Registrar of Voters, this is because a four-hour training session would have been required in order for Inspectors to learn both the general procedures and how to operate the machines. Instead, most of the technical details are left to the Systems Inspectors.
I was contacted and assigned as a Standby Systems Inspector, meaning that if necessary, I would stand in for a missing Systems Inspector or Assistant Systems Inspector in my part of the county. The standby system is apparently not used very much; they forgot to handle some details, like sending me a copy of the poll worker's manual, or notifying me that the location for the mandatory training had changed. Fortunately, I'm fairly resourceful, and the classes were running late anyway.
In the class, we were introduced to how the system works. Along with the usual paperwork and supplies, each precinct has:
* A Precinct Control Model (PCM).
* A number of voting stations (either four, six, or eight).
* Two Voter Access Cards (VACs) per station, plus one or two extras.
* Two Supervisor Cards.
A poll worker (usually the Systems Inspector) sits in front of the PCM. One poll worker has each voter sign the roster, while another checks the voter's address on another list. That second worker points to the appropriate line on the address list, and the PCM operator sees which party to program a ballot for - with the party name never said aloud.
The PCM operator then selects the party on the PCM's touchscreen, and inserts any one of the Voter Access Cards (VACs) for programming. The VAC is then given to the voter, who inserts the VAC into any one of the stations, and is then presented with the ballot for their party. After casting their ballot, the voter's VAC is ejected, and the voter is instructed to give it back to the poll staff. The VAC itself is not a ballot at all - it just authorizes a voting station to bring one up, and tells it which party's ballot to display. After a ballot has been cast using a VAC, it must be reprogrammed on the PCM prior to being used again.
We were warned that some voters might try to cheat by claiming that they received the wrong party's ballot. We were advised that, should this happen, we should insert the card in a station to make sure that it had not been used to cast a ballot already; then, add one to the tally sheet of programmed but uncast ballots, and reprogram the VAC after checking the voter's registered party on the street address list.
That was about it. We were shown the startup and shutdown procedures for the machines, and cast a few sample ballots with them. The regular poll workers were noted on a list, and some paperwork or other was handled. I asked about getting ahold of a poll worker's manual, and was promptly given one from a large box that was sit
and i didnt have any probs. corse im familiar with computers and i showed up midday, not at the beginning
Yeah, I think pretty much anyone who reads slashdot probably heard about it.
And this.
And probably a few more links I could karma whore with.
I didn't think so.
The simple truth is that interstellar distances will not fit into the human imagination
- Douglas Adams
RTFA... the machine prints a paper ballot after each voter completes the process. So unless the machines are systematically compromised there shouldn't be an issue.
Physically compromising the paper storage area presents the same risk as traditional ballots, so the risk presently by the undoubtedly insecure Diebold implementation is the only real concern. Of course, if the machines aren't accessible by any remote hosts, then bit-by-bit or hash verification of the drives before and after voting should provide some degree of safety against tampering that would generate false paper ballots (assuming as always that the master itself is unaltered in the case of bit-for-bit checking).
---
According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
t seems like these Diebold systems have all sorts of features like smart cards and locks that make them look secure, but when you actually kick the tires you realize things are not as secure as they should be.
Seems like Diebold's Automatic Teller Machines (ATMs) are no more secure. Until I'd clicked that link, I'd never seen the Windows Media Player playing on an ATM.
This crap is supposed to save us from another Florida chad-count? Or have we just decided that democracy isn't really important enought to make secure?
Opinions on the Twiddler2 hand-held keyboard?
I did a search on Money in Politics Database and found 27 records of DIEBOLD employees donating to political campaigns, and 16 of which to the Bush-Cheny 04 Campaign.
Indefinitely Detained US Citizen
More at http://midnightspaghetti.com/news.htm.
As other people have posted here are pictures of a Diebold ATM crashed here on campus that dropped to the Windows XP display. We poked around at it for a while because the monitor was a touch screen (and a very, very crappy one that that). Interesting things:
- Windows media player was installed (as seen in the pictures)
- It's a P4 2GHz with 512mb of ram (wtf?! why on earth does it need that)
- There's a CD-RW installed
- There are two partitions and C: can't be accessed
- There's the standard crap that comes in My Documents (like the Beethoven playing)
- The printer is an Epson USB printer
- There was a device listed for ATM Driver or something, I presume what actually feeds cash.
- We never were able to get the network up, but there's an Intel network card in there.
- For some reason there are speakers so we could hear the Beethoven.
- It's running XP Embedded, didn't catch what version or what patches it had.
- There was some sort of Text-to-Speech (or maybe S-to-T) program
- As you can see Acrobat is installed
- Remote Desktop was enabled! (might have been turned on by one of us though)
That's what I remember from the 5 minutes before running to class.
Hmm... maybe we should check those facts.
I don't like the guy either, but this Florida crap has to stop. Complain about his policy in Iraq, in Afghanistan, domestically, whatever - there's plenty of good fodder for criticism - but sour grapes won't win you any minds.
RTFA yourself - I live in San Diego and we didn't have any printer or any paper trail. I know the machines are capable of it, and the State of CA had mandated it by 2006, but we did not have them for this election.
I think you're mistaken. These machines have an enclosed printer that prints a total at the end of the day. The voter is not given a paper receipt. Diebold is in fact complaining that many legislatures are starting to amend laws calling for electronic voting to mandate a certifiable paper audit trail.
Diebolds voting technology was actually put to the test by some security experts this year who found that:
- It was an "easy matter," they reported, to reprogram the access cards used by voters and vote multiple times.
- They were able to attach a keyboard to a voting terminal and change its vote count.
- And by exploiting a software flaw and using a modem, they were able to change votes from a remote location.
"Diebold, the machines' manufacturer, rushed to issue a self-congratulatory press release with the headline "Maryland Security Study Validates Diebold Election Systems Equipment for March Primary." The study's authors were shocked to see their findings spun so positively."
kinda looks like it has an "official feature" to microsofts product too. the unknown windows in the one picture is probally a worm logging all the pin numbers and acount information.
I wonder if there is actually anything that would stop an atm like this from getting a virus? i didn't see a scanner running in the taskbar.
frightning if you think about it.
A Q/A transcribed (by me) from the scanned manuals distributed to poll workers:
"what about the issue of Open Source Code?"
Diebold's ballot tabulation source code is checked extensively by an independent testing authority which tests according to voting software standards developed by the Federal Election Commission. Once this test process is successfully completed, the source code is placed in an escrow facility.
Source Code is not open to the public to protect not only the companies intellectual property, but also to prevent the possibility of tampering or other fraudulent manipulation of the tabulation program.
in Georgia, the Secretary of State challenged a citizen to try to tamper with the ballot tabulation program after this citizen made claims about the program's vulnerability. When the citizen learned the source code was not available, she abandoned the effort to tamper with the program.
Enable 3D printed prosthetics!
I used to work in mainframe operations at a bank in the 1980s and my opinion of the Diebold ATMs of the day were that they were the skankiest, poorest-designed, and just general pieces of crap. If you want to see decent ATM, you have to go to Japan. Their ATMs from 10 years ago are worlds better than the ones we have now. For years, Japanese ATMs have accepted loose coin and loose bills. Just put the coins and bills into the bill and coin hoppers, and they will be accurately counted and deposited to your account. I never saw a Japanese ATM make a mistake, but if it does, you can make it count the money again. And, from an ATM at just about any bank or post office, you can do a wire transfer to any other bank account in the country for a small fee. Of course, they ATMs all speak and have Braille keypads as well.
Knowing that the same company that produced those abominable Diebold ATMs is now making our voting machines is pretty scary.
There were flash cards moved around, but no paper.
I voted in the SD election as well, and in fact, I was one of the people who asked for a paper receipt. It was denied.
There is a printer, but it's used only to print a tally of votes received at that machine. Nothing says that the data can't get corrupted before it gets there.
If these machines are more difficult to operate and more expensive to maintain, and require the hiring of additional personnel to administer, why are they being used?
Most poll workers report that people found them fairly easy to use, even relative to the old paper systems. So ease-of-use is there.
It's very expensive to run an election (just ask California... we got to spend $50 million on getting a new governor, so that he could do just what the old one was doing, but with a funny accent). A lot of the cost is printing up ballots. In addition, it's difficult to make last-minute changes... when I voted in California, the Democratic primary ballot included candidates who had dropped out more than a month ago. There are many new costs with electronic balloting, but there are a lot of costs you get rid of at the same time.
The biggest savings is time and money on vote tabulation. Even when it's punch cards, someone has to stack those up and feed them into the machine. With an electronic ballot, the votes are tabulated instantly. Even if you do a 5% sample of the paper record to double-check, you save a huge amount of resources on counting.
So e-voting isn't necessarily a lot more expensive than paper voting. Sure, it can be, but there's the potential for significant cost savings if it's done right. (I reserve judgement on whether or not it's being done right by most jurisdictions.)
Don't you wish your girlfriend was a geek like me?
I started poking around the root filesystem looking for a link to the executable. I noticed a directory called "autoexec" so I checked it out only to find that it contained neither the executable nor a link thereto. I finally found the actual location of the executable--it seemed to be on a datacard of some sort--and started it for them.
That's absolutely rediculous. You obviously don't understand the responsibility of the job.
You CAN NOT do something like that! What if you found the wrong executable? Maybe it was an earlier debug version that doesn't actually register the vote? Or it has a bug and actually casts the wrong one?
What if that executable required some other software to be run first, but fails quitely if that doesn't happen??
That's just crazy; the machine has to be started as per instructions. If it does not it is taken off-line. It's as simple as that, no questions and certainly no fucking around to 'fix' it.
In fact it's insane that you even had the level of control that you did. It's obvious these machines are not ready yet for prime time.
You must do a routine recount from at least as many of the machines as represents the margin of the election, and make sure you have a good way to randomly select which machines are recounted. Otherwise you have no way of telling if corrupted (intentionally or not) electronically counted ballots affected the outcome enough to change the election.
"Unheard of means only it's undreamed of yet,
Impossible means not yet done." ~~ Julia Ecklar
That was a funny comment, but do remember that in all the recounts that occurred in Florida AFTER the whole bru-haha, Dubya still came out ahead.
To say Bush won every media recount (those are the recounts that happened after the election) is a distortion. The truth is Bush won every recount using only undervotes (i.e. where the problem with the ballot was a hanging chad or there was only a dimple) (See USA Today). That is the most widely used standard, and the one that Gore was asking for, so ultimately Bush won. Fine.
But I think it might worth at least mentioning that if you include the overvotes (such as where people checked Gore and wrote in Gore) Gore won. That is to say, if the standard is voter intent, in every recount more people went to the polls intending to vote for Gore than Bush. So when you say Bush won every recount, be sure and include that little footnote, because otherwise people may think you are being dishonest. See Guardian. See USA Today. See Salon. See Washington Post.
And you know, maybe if minority votes counted for as much as a non-minority vote, that would make a difference. See New York Times.
Personally before Florida, I thought the voter's intent was the standard. How silly.
Then there was the minorities being intimidated at the polls thing. Then there was Republican officials writing on a bunch of ballots to "fill in missing information." I'm not saying they didn't just fill in missing social security numbers, but it is obviously a violation of election standards to have partisan non-election officials writing on ballots. There are media references for all this stuff too. Go find them yourself. I'm tired.