Slashdot Mirror
Vote Tabulator Security Hole Exposed
Doc Ruby writes "Black Box Voting has exposed a security hole in Diebold machines that tabulate votes collected from electronic voting machines. A code entered into the tabulator's user interface duplicates the "secure" counts into an insecure count which can be changed, and counted instead. The "double books" vulnerability and exploit were reported to the manufacturer over a year ago, and confirmed, while major customers (California and Washington states) were notified shortly thereafter. In spite of some revisions, the latest version of the software remains insecure. Diebold voting machines running GEMS version 1.18.x are vulnerable, running in about three dozen states. Although the software is widely deployed, and scheduled for use in shortly upcoming elections, risk mitigations are available, mostly protocols restricting physical or network access to the machines. Other auditing/accountability measures for ensuring only trusted access to the system are recommended."
It's COUNTING for chrissakes!
That this election is going to be utterly f'n rigged and even more of a controversy than the last one...
I can't believe they're actually trusting some random company with handling and counting votes. What makes this company so secure? I've personally never heard of them, and I'm sure most others haven't either, so why should I trust them?
I don't understand how you can go from traditional voting and in such little time completely switch to electronic methods. Case in point, these exploits that were found. Find one exploit and the whole thing is done for.
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
You give people too much credit. The level of complacency after the 2000 fiasco, which no doubt some very sharp minds took note of, underscored that people just really as a whole don't give that much of a damn about democracy in the US anymore.
So ironic in the face of what's been happening in Honk Kong, as people vie against the Beijing political machine to retain or advance their democratic cause -- the country which lit a the fire of democracy lacks passion.
It's sad to say, but this system could be hacked 10 ways from Sunday and people would grumble, but you'd hardly see the kind of response it should warrant.
A feeling of having made the same mistake before: Deja Foobar
It's about how someone will steal the election... It's not our fault that everyone immediately jumps to the Republicans as the theives.
The Mongrel Dogs Who Teach
http://www.blackboxvoting.org/?q=node/view/25' (SQL Injection vulnerability) You'd think that people who knew so much about what's wrong with Diebold security would do their own homework first. Not to let Diebold off the hook but we all have our due diligence to follow. Kudos to putting the pressure on Diebold but let's try to lead by example shall we?
Read the fine article, it is NOT a bug. It's a "double-booking" exploit which Diebold apparently put in on purpose.
From TFA:
This program is not "stupidity" or sloppiness. It was designed and tested over a series of a dozen version adjustments.
Liberal (adj.): Free from bigotry; open to progress; tolerant of others.
I other news, the novel innovation of marking "X" on a piece of paper found invulnerable against this exploit. Film at 11!
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."
Lemme guess. This is all about how the Republicans are going to steal the election... Again.
Insecure Republicans with superiority complex's always give my the best laughs. No, this is not about some vast liberal conspiracy theory. This is about someone with a bit of computer knowledge subverting the elections. Imagine your suprise if you woke one day to realize Calero won the election.
Lets see, a company whos leader claims to want to reform the US as a theocracy and has sworn to give the ellection to George Bush has a product used for e-voting that has a "feature" (sorry, this is not a bug) that allows someone to rig an election. Gee, I have no idea why anyone whould think this was anything negative.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Do you really think that people aren't too stupid to vote correctly electronically?
I doubt very much we could ever 'get it right' as you say. Realistically, it's about getting it as right as is reasonably possible, and at this point there just isn't an electronic voting system out there that doesn't introduce _more_ problems than are experienced with paper voting.
At least with paper voting, (as was mentioned above I believe as well) you have the paper trail you can always go back to, and these 'stupid' votes can be accounted for. Try finding the 'stupid' electronic votes.
No Comment.
In other countries were the election is likely to be bungled and/or falsified UN observers are often called in to verify the authenticity of the results.
I think concerned citizens should demand the UN make sure that we have fair and free elections.
Why is having a voter-verified ballot so hard? Here is how to do right:
1) Voter selects what to vote for
2) Computer punches holes in a paper ballot, _and_ prints a barcode representing the votes on the ballot.
3) Counting machine reads optically, and checks barcode.
See? It's simple! The person can't walk out with the audit trail; if the ballot isn't presented on the way out, it's not counted. We already have optical reading systems; the barcode removes any reasonable chance of error.
100% accurate, can be checked by hand, can be done [relativly] cheaply, you can fall back on paper if the computers go down. Why aren't we doing this?!?!
Ok, I know the answer, but I don't have to like it.
--
Complete an offer, get a free Orkut invite, Gmail invite, and a copy of The Core Media Player Pro, to boot!
"I am committed to helping Ohio deliver its electoral votes to the president next year." --Walden O'Dell, CEO Diebold Inc.
Untwist your knickers. If he had said something about helping to "defeat Bush" or whetever, it would all be an evil left-wing conspiracy instead.
0 1 - just my two bits
When less than two dozen congressional seats are actually contested at any given election due to gerrymandering, and the electoral college system restricts the salient portion of the electorate to less than a dozen states, one wonders why Americans are so apathetic when so many of them are clearly disenfranchised out of the federal electoral process by an archaic voting system (the electoral college), or partisan state legislatures that draw ridiculously shaped congressional districts.
My theory is that the media, with its constant attention on "poll numbers" and the presidency, neither of which have any bearing on actual electoral results, have conditioned the many Americans who didn't pay attention in history class that we actually live in a direct democracy instead of a representative one.
On the other hand, in some ways its difficult to argue "disenfranchisment" - after all, California still counts, despite the fact that the Republicans have no chance there, and so does Texas. So does voting for an individual legislator - but only if no one else does. Unlike in Hong Kong, we are afforded a democracy. The distinction here is that it takes far more attention than the average person has, be they American, Chinese, or North Korean to realize how arbitrary and disproportionate our democracy is.
That is why it is probably best to put away all this conspiracy theory stuff. Whether or not it's true, I don't know, it doesn't matter. Electronic voting has shown it is insecure and innaccurate. Even without tampering a lot of the machines have failed. It shows a real lack of planning more than anything else on Diebold's part. My best guess is that they are more incompetent than corrupt. They severly underestimated the issues involved and just rushed something out before the 2002 election in order to take advantage of the 2000 fiasco while it was still fresh in people's minds.
If Diebold was really evil, than they would have put much more thought into the machines. If they were evil, then they would have a very small numbers of difficult to find exploits, while producing a seemingly reliable machine. There are problems even with the basic protocol of going into the booth.
They are incompetent. They may be sinister, but it's not important to the argument, their incompetence should mean that the machines should not be used for elections. When people bring up the conspiracy theories, it just solidifies the resolve of the other side to use the machines.
If you explain to people that regardless of the vote and tampering that Bobo the Clown could end up governor of Neveda, then we may be able to have productive discussions.
Monstar L
One man's lack of rioting and civil war is another man's lack of rioting and civil war. GWB got in on a technicality. About half the country hates him for it. The other half hates the first half for being sore losers. And half of both sides really couldn't tell you what the president REALLY does anyway.
The Constitution is less about rights than about the orderly functioning of Government. Every handover of power in the US has been peaceful. No matter how bitterly contested, never has the victor been decided by shots fired in anger. (Ok, there was that massive civil war where the North basically burned the South to the ground... but that's merely an inconvient fact in an otherwise perfect theory...)
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
When we're placing votes on the Diebold machine, WE are the bank, except we are kept as far away from the accounting as possible. You try working that arrangement out with the bank. You ask for $100, they let you into the vault, and you show them the $100 bill when you leave.
They can trust ya!
The fact that Diebold makes a lot of ATMs does not make the electronic voting idea valid. They might be the most qualified to make the machines, but the idea is not sound.
That's right. The USA is not a true democracy. It never was. It is a Representative Republic. And sadly, the 'representative' part of that no longer seems to apply...
"Michael, I did nothing. I did absolutely nothing - and it was everything that I thought it could be."
Here in Canada, you vote by writing an 'X' in the box next to the candidate you want. Votes are then counted by hand, with representatives of each major party in at each polling station watching the counting. It's not likely anyone will do anything underhanded and mess with the tally. I'm sure there have been some issues, but I can't remember anything remotely close to the mess in Florida during any of our elections.
It's a fallacy that you need a high-tech solution for this. Voting is too important to be obscured through code and harware. It's something that should be transparent, where recounts are done where necessary, and where there is no room for ambiguity or interpretation when the numbers are reported.
"Why can't everyone just be straight with me?"
"Because we live in a bendy world, dear."
Call/write to your local news station. Upon checking Google News, only /. is covering this press release so far. The more informed people are about this, the more likely they are to complain. You might want to call your local congresscritter, too.
This isn't the type of esoteric security vulnerability that only nerds are going to understand. Your average voter will grasp the issue pretty quickly.
When trying to alert people to the problem, you may want to mention that there are serious concerns that Venezuela may have suffered electronic election rigging in the recent Chavez recall election.
You can't test a program or system of any complexity with some code in, pronounce it "good", and then take out some of the code.
Its new code at that point. Which is perhaps why its left in. If they take it out, then they have to re-test and re-certify.
But fundamentally, it shows that Diebold is, at best, incapable of understanding what it takes to produce this kind of code. It sounds like a bunch of junior programmers coding under the "direction" of a mid-level programmer.
What I'm surprised at is the local government accepted binaries from the vendor without (a) having full access to the source code (b) a mechnism to ensure the source code they audit matches the binaries in the machine.
When you think about it, the whole thing reeks of a company looking to make a quick buck and local governments too stupid to understand that they lack the expertise to judge this kind of software and make an intelligent decision about deploying it.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
I think you're close, but just a little off: maybe the US in general didn't like either candidate in 2000.
--RJ
The worst are full of passionate intensity
And the best lack all conviction...
But I suspect that that is always true - the best are by their nature capable of empathising with people on both sides of a question, and capable of seeing the logic on both sides. Hence they find it hard to be passionate.
True passion, I fear, probably comes from ignorance stoked by fear and testosterone.
But seriously, did anyone else shiver when they read that?
Those who cast the votes decide nothing. Those who count the votes decide everything. - Stalin
Not sure exactly what was insightful in this post.
"The Constitution is less about rights than about the orderly functioning of Government."
Excepting that you are conveniently forgetting that attachment to the Constitution called the Bill of Rights, which is about nothing but rights, especially noteworthy being the Tenth amendment:
"The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people."
This amendement is the sweet one and was put there by the founding fathers, who had amazing wisdom, vision and foresight, because they dreaded the prospect of a power grab by a central government, a party, a President or Congress, especially if they acquired imperial aspirations much like we are seeing today.
The Republican party really seems to have concluded that they are the only party able to run America and the Bush family is for all intents and purposes attempting to form a dynasty to lead the empire. The Founding Fathers really dreaded the prospect of a President acquiring the trappings of the monarchy they hated so much in the King against whom they rebelled. His name was George too. How far America has fallen and how ironic that we once again seem to have a King George, just like the one the founding fathers rebelled against.
The Republicans are no doubt rationalizing to themselves that what they are doing is in the best interest of America, its OK to rig the election to stay in power, since they are the one true defender of the nation. Its OK they are destroying the foundations on which America was built in the process of "saving" it from its enemies, whether they be Muslim extremists or Democrats.
You can slam me for conspiracy theory but I can retort with the simple fact that Richard Nixon, also a Republican, was forced out of office for engaging in illegal activity to insure his reelection and hold on power. There is precedent. The Bush's just seem to have taken it to a whole new level today by exploiting computers.
Sorry to say it to you but you really don't live in the free country you thought you did unless everyone bands together to take it back.
@de_machina
that we once again seem to have a King George
Another King George the Third, no less.
Of course, you don't give the British enough credit. Rebeling against the king was largely a symbolic gesture. The Brits had a parliment then, and while the house of Lords was hereditary, the house of commons at least was somewhat representative.
Halfway through the Revolutionary war, the Brits actually offered America their demand of representation, but they turned it down. They'd gone too far.
The reasons for the revolution were partly economic, incidentally, and similar to the later civil war since we've brought that up. The more industrialized sector (England, the North) needed the supplier of raw goods (America, the South) but the supplier of raw goods didn't like the terms that the industrialized sector was offering. So they rebeled.
I agree with you completly. Parts of the Republican party have really started to believe their rhetoric about how they're the "Only Moral Party" and the end result will be an assault on democracy, coupled with the inevitable justification that their adversaries somehow started it.
___
It's the end of my comment as I know it and I feel fine.
Why? Because the loser has to concede to the fact that he has lost. We do not force the loser to lose, the loser allows the winner to win. "I lost in a fair fight. Better luck next time." The concession speech is just as important to democracy as the acceptance speech.
If a loser of an election disputes the results and the winner cannot defend the vote count, then the loser has every right to appeal to other means--in most countries, violence.
In the last American election, the loser disputed the vote count. The winner could not defend the results, so the loser appealed to other means--the Supreme Court.
The fact that there was no outbreak of violence (at least of any significance) was not due to the voters' acceptance of the count. It was due to the voter's acceptance of the Supreme Court as the final word in American government. The loser accepted the Supreme Court decision and allowed the winner to win. The voters (some begrudgingly) accepted the decision.
But please note: the last disputed election had something that the next one will not: chads--a paper trail--transparency. Win or lose, everyone had the hope that eventually, the truth would be known. It may take days, weeks or months to determine, but the truth would be known. The system would work.
Ignore conspiracy theories. Ignore corporate donors. Ignore programming loopholes. The threat of the next disputed election is the notion that even if the election is honest, even if every vote is counted, even if the outcome truly matches the intent of the voters, the loser will be able to dispute the outcome and the winner will not be able to defend it.
Imagine the turmoil if after the last election, over a million of the punch ballots had gone missing. That is what these systems offer. It does not matter who wins this fall. The loser will dispute the result and the winner will not be able to defend it.
As counter-intuitive as it may seem, Bush may be the most likely candidate to suffer from the paper-less voting system. If Kerry wins, I do not believe Bush will have much of a case for vote tampering as the systems are being used primarily in districts controlled by Republican party members. If Bush wins, it is very likely that the results would be thrown out altogether for the sake of another election. The anger pent up by Democrats in the last election fraught with claims of 'unfair' would be mild in comparison to an election that lead to charges of treasonous fraud. Nixon was impeached for election tampering and all he did was spy on his opponents.
Many comments have offered ways to counter the threat of the new systems and most them are good. Yes, it is helpful to point out the possibility of fraud. Yes, it is helpful to write/call representatives demanding change. Yes, it is helpful to create more transparent technical solutions (yes, open source is one option, but not the only one). In the meantime, the best way to ensure that 1.) your vote is counted, 2.) your vote can be recounted, 3.) your vote will not be disputed is to ask, NOW, for your absentee ballot. It is exactly the reason that both the Republican and Democratic Parties have started a "get out the absentee vote" campaign in areas where the new systems are being installed.
If the Supreme Court does not ask for a recount, they may look to the absentee ballot as the measure of voter intent. The next President may be elected by the voters that do not even show up.
A Democracy doesn't scale beyond a few thousand people.
I guess Switzerland, amonst others, would take issue with that statement...
Come on, discuss, do not moderate.
/some/ black mayors. Did you have any black governors in the last 40 years?
I would rather have you prove me flamebait, but you can't.
My point was: there was no black president; there was no black governor.
Come on, prove me wrong, get a black guy voted in the f'ng primaries and I'll get back to you.
I will offer you one closing argument. (Score:-1, Flamebait)
by hummassa (157160) on 2004.08.31 9:21 (#10116689)
Who is the black man who was elected president in the last 40 years?
Better: which black person was allowed to run for president in the last 40 years?
Ok, you do have
If so, how many, how many terms? If said number is > 0, divide it by 500 (number of governor terms in the last 40 years?) and give me a percentage. Now compare it with the percentage of black people in the USofA.
Ok, rinse and repeat for the last 20 years (allowing a 20 year period for the racial thing to "settle"... notwithstanding the LA riots were in '92).
The prosecutions rests.
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
Um, unless I missed something in the news, California has a REPUBLICAN gov. In fact, I believe he's speaking at the RNC... admittedly he's only slightly more republican then Kennedy... but for some reason, the RNC doesn't want us normal people to focus on the gay marriage ban that bush has pushed with every ounce of strength.
/.?
As far as NY, NY has a republican gov. AND NYC has a republican mayor. You might have heard of him? Very wealthy guy, could buy and sell
Bitching creates a lot of noise, voting creates change (albeit slowly). get off your ass and vote. The last presidential election was decided by 35% of the (total) population. That's not right. Register to vote, and VOTE people, perhaps if people stopped whining about their votes not counting, and actually voted some of these red and blue states would switch colors. As the guy from hardball said on Bill Maher, go vote, not for the person, but for where you want America to be in 20 years. If you are happy with the go it alone cowboyness of GW, then by all means vote for him. if you believe that exporting our jobs, and importing foreign products is good for us, then vote for him. if you want someone who will work with our allies and treat the rest of the world with respect (not just the parts that agree with us) then vote for Kerry. Just *VOTE*. Think about where you want to be and then act accordingly. It takes a lot for Americans to wake up, but once we do. Watch out. I'll refrain from preaching as to which way you SHOULD vote, but for god's sake vote.