Slashdot Mirror
Vote Tabulator Security Hole Exposed
Doc Ruby writes "Black Box Voting has exposed a security hole in Diebold machines that tabulate votes collected from electronic voting machines. A code entered into the tabulator's user interface duplicates the "secure" counts into an insecure count which can be changed, and counted instead. The "double books" vulnerability and exploit were reported to the manufacturer over a year ago, and confirmed, while major customers (California and Washington states) were notified shortly thereafter. In spite of some revisions, the latest version of the software remains insecure. Diebold voting machines running GEMS version 1.18.x are vulnerable, running in about three dozen states. Although the software is widely deployed, and scheduled for use in shortly upcoming elections, risk mitigations are available, mostly protocols restricting physical or network access to the machines. Other auditing/accountability measures for ensuring only trusted access to the system are recommended."
For all the banter that goes on here, we all know how this is going to turn out. Everybody bitches and moans about it, and the mainstream press runs toned down stories. In the mean time, people who know what's going on continue to look like crazy conspiracy theorists. End result: The public won't know or won't care until a massive mistake is uncovered after the person enters office and everyone realizes that they've been living under the authority of a false representative. Of course, that's provided said person doesn't pass a law to protect people in his situation once they're discovered.
...just how many of these "holes" or rather bugs were intended to be features.
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
Technology is a wonderful thing.
But come on. Are we so ADHD in this country we can't vote on paper and wait for real people to count them? Yes, there will be mistakes... but at least if a recount is needed, there's a paper trail.
If you don't have time to do it right, when will you have time (or in this case, an opportunity) to do it over?
Can it be? A free PC!?
I'm starting to get confused; If you can sue McDonalds for coffee, or just about anyone for not protecting me from myself - why hasn't someone taken Diebold on in court?
Is anyone else suprised by how bad diebold's coders are? I mean seriously. I know microsoft can't make their products secure, but they have millions of lines of legacy code and compatability issues. This isn't an excuse, but building a secure system from the ground up should be pretty straight forward, honestly.
Security should have been the top priority the whole way through, but apperantly it wasn't. Pretty amazing, IMO.
And wtf, they can't fix a bug in a year? They're not going to have it fixed by Nov? Jesus, what is it with these people.
Also, this is kind of boring. Anyone involved in the RNC convention or the protests around here?
autopr0n is like, down and stuff.
So let me understand. Entirely by accident, if you enter a specific code at the machine, a transparent and highly successful process takes the existing collected data and makes a duplicate of that data which can be altered and fed into the combining and counting process.
Someone must have REALLY misspelled an important constant, no? I mean, what are the odds? When I screw up, the code usually just fails to compile or takes out the vm. Someone needs to find the guy who "accidentally" did that and get him to buy lottery tickets for all of us.
wow.
The problem with quotes on the internet, is that nobody bothers to check their veracity. -- Abraham Lincoln
Public officials: If you are in a county that uses GEMS 1.18.18, GEMS 1.18.19, or GEMS 1.18.23, your secretary or state may not have told you about this. You're the one who'll be blamed if your election is tampered with. Find out for yourself if you have this problem: Black Box Voting will be happy to walk you through a diagnostic procedure over the phone. [Contact information here.]
Public officials: If you have these versions of the software, the votes can be tampered with by this simple procedure. Black box voting will be happy to give you a short course in how to rig your election.
Reminds me of the official corruption in Daily's Chicago - which was the "City that Works" largely because ANYBODY could bribe the officials equally.
By exposing this flaw and showing every election clerk who asks how to cheat, Black Box Voting is insuring that the vulnerable software WILL be used to cheat, and that elections WILL be rigged until the audit trails are installed and used.
I can think of nothing that will create a bigger push for audit trails on electronic voting than showing every election official in the US how to stuff the ballot boxes at this wholesale, vote-tabulation level. B-)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Sure, it's horrifying to see that someone could cheat, and most likely someone will try, but the polls have both parties monitoring, counting, and watching the process. Announcing the fact that the machines aren't fool proof or perfect is a wonderful thing for the process - aka more eyes will be watching and helping protect our election process.
These problems will be fixed, but there will always be voter fraud (ie dual voting - The paper found that 68 percent of the dual registrations are Democrats, 12 percent are Republicans, and 16 did not claim a party).
I'll probably be modded down for suggesting this, but here goes:
... the DMCA and others. Then, being the moral geeks I'm certain we are, we let everyone know what we did and let them reverse it... won't we.
Let's use this. Let's use this - as a method of civil disobedience. Well, not entirely civil, but certainly disobedience. Let's FORCE this to get noticed. Let's all "Vote RMS" for president, in all of the states that it's an option. One of three things will occur: One, people will realize they need a printed backup for recounts. Two, this becomes big news and the organizations that are supporting Diebold will have major issues. Three, RMS becomes president for a day, and enough other geeks elect themselves to office that they can remove certain inconvenient laws
Back in 2002, Miami-Dade had an election using touch-screen voting. In some circumstances there were more votes than registered voters, and in at least one instance an entire day's votes in one machine were "accidentally" erased. No paper backup means the votes were lost in the ether.
Since each state is responsible for operating the voting process, you'd think that Jeb Bush (the Governor) and former Orlando Mayor and now Secretary of State Glenda Hood would have been outraged. Jeb's reply was "why can't Democrats learn how to vote?". Glenda Hood's response was "that doesn't mean that we need to have a paper trail." She has this big bug up her ass that printed receipts would cause a repeat of the 2000 debacle when in reality the 2000 debacle was 100% caused by the old punch cards being difficult to scan. A paper printout would simply be a way to recount votes that aren't up to speculation by the person doing the recount (i.e. they know exactly which votes are cast.)
P.S. Diebold Sucks!
------
There's a fine line between cuddling and holding someone down so they can't get away.
While a lot of people will say that screaming about insecure voting machines is a bunch of FUD, I think there is a legitimate reason to be far more scared of insecurities in digital voting than in the traditional kind. The nice thing about paper/punchcards/crayon is that the scale of fraud is limited by the physical nature of the medium. It's tough to dispose of a lot of votes without anyone noticing a precinct is missing, and it's difficult to make much of a differece forging individual ballots. The problem with electronic voting is that like every other industry that's gone digital (accounting to spreadsheets for example), the scale and efficiency of mundane tasks is amplified by many orders of magnitude. It's tough to make much of a dent in an election by registering under ten names and voting ten times. It's easy (if you have an exploit) to to click once to change 10,000 votes in a manner that looks utterly plausible. So for all the talk of just giving red meat to the media to have another thing to panic about, I'd say why the heck can't we force Florida to print paper reciepts?
I asked this before and am going to ask again.
Why do we insist on using voting computers which are reprogrammable. These are all Von Neumann architecture machines. As computer scientists we should be able to find a more appropriate architecture for voting. Something where the code is not alterable, something where the counts are not chanegable.
Think about it. And if you dont understand the question then learn about computing architecture. There are computers other than the multi purpose kind. They tend to be single purpose and far more efficient at their designed jobs.
"# Financing smear groups to attack John Kerry: $ 1.75 million."
Do you get this worked up over 527's like moveon.org?
Diebold has a huge investment in this and sees dollar signs well into the future if their machines become the standard. Just think about how long the mechanical machines have been around. Diebold wants that kind of longevity for their product.
I am not against a company making money, far from it. However, making your money off the most important process in America cannnot be ethically supported. I left telling the Diebold guy that I enjoyed toying with him. He was left with a chagrinned look on his face, knowing that the road ahead is gonna be tough.
I was not willing to return and pay another entrance fee to bring materials back to prove this guy wrong so do me a favor- if you are planning on going to the MD State Fair, take along some materials to back up your arugment and take some potshots at the Diebold guys.
Ok so you present a login where the user enters a voter registration number. You show a list of canidates. You double click. Type "yes" to confirm. Increment a number in the database and set that voters "HasVoted" property to true.
After a 10th grader finishes that project, have a real coder step in for 15 minutes, throw in a little encryption and all you've got to do is run this bad boy on a palm pilot locked in a box and chained to a desk. When the votings done, ship the locked up palm pilot off to some goverment facility where the data will be merged into a master database.
Wheres the challenege? I feel like I could make THE BEST VOTING SYSTEM EVER in one weekend and make it rich off government contracts...
http://brandonbloom.name
"They probably make the ATM's you use, among other things that need to be secure." but aren't. I walk away from any ATM that says DIEBOLD. I once saw one crashed to the Windows XP desktop. Scarry to say the least. I'll stick with the old B&W OS/2 based ATMs.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
With all the security holes exposed in the electronic election gear it should be easy to hack them in such a way that any abuse can be made visible.
Log incidents, put them online and show the world that some very powerful people have a strong interest in these pieces of machinery being insecure to such an extent that the election becomes a joke.
Expose the vulnerabilities and use them to make it impossible to use to the advantage of those who have a strong interest in influencing the outcome of the election.
Nope. Many Diebold ATM systems are unpactched Windows XP installs with a internet connection and no firewall. Here are some images someone setup as an MP3 player after it crashed to the desktop.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Yeah every time I use one of their ATMs I get really nervous. I'm not being sarcastic. Ever since all of this crap with their voting machines has happened, I've had to wonder -- how secure are my account number and PIN with them?
Error 404 - Sig Not Found
Don't tell anyone we have endemic corruption in the US political system! They might start gettting ideas and, gasp, start voting for other parties, or worse, get off their ass and really try to make some changes.
Shit, I'm an Anarchist, I'm for world revolution and all that, but at this point I'd be pretty fucking content with a government that doesn't put its citizens in what amount to concentration camps for smoking a fucking doobie. I mean come on!
What I really don't get is why so much of the right wing supports all the roll backs in civil liberties. Do you remember the clinton years? Ruby Ridge and other incidents should worry the hell out of you because there will be another Democratic Administration sometime, even if it isn't '04.
A blog about stuff.
They do indeed. Though what they build is things that their clients want.
In the case of ATM's, their clients not only want, but rather insist most absolutely, that they be secure and fully auditable.
In the case of these voting machines, their client would like a machine that gives them a voting advantage.
Damned, it's near genius really in an evil way. The exploits in point don't even need to be used at all to be used as a tool in manipulating the outcome of the next election. Should they win, well they can stand firmly behind the technology. Should they loose, well look at this exploit that must have been used. These are insecure and invalid! Seed of doubt.
No Comment.
There's a javascript demo of the Diebold Election System on the Diebold site.
e n1.html
Guess what? In Safari 1.3 at least, it doesn't work.
(Try voting for one candidate on each ballot, then on the next page, you appear to have cast no votes, confirmed by 'review').
Try it here: http://www.diebold.com/dieboldes/OnLine_Demo/scre
I'm not wrong. You haven't thought about it hard enough.
Why vote? The Electoral College is the group who will actually determine which of the candidates is elected. That is, which ever candidate pays the most money to have the members of the Electoral College to buy their votes.
For example, if everyone in the country voted for candidate A and the Electoral College wants candidate B (or if candidate B pays the most money) to be elected, then, candidate B will win. I can't prove this is true and you can't prove it is false because the votes are secret, which aids the Electoral College immensely.
Oh come now, you do realise that the Electoral College is just as corrupt as any other agency who has that much power, right? If not, you're extremely naive.
Voting is a waste of time. Get rid of the Electoral College and I will be the first in line to vote.
Did you have a link that shows fraud? Or are you saying fraud was unlikely? The links you post, especially the latter, show a well designed system.
http://invisibleballots.com/
3 2
http://www.torrentreactor.net/torrents/view_228
Why? Because the loser has to concede to the fact that he has lost. We do not force the loser to lose, the loser allows the winner to win. "I lost in a fair fight. Better luck next time." The concession speech is just as important to democracy as the acceptance speech.
If a loser of an election disputes the results and the winner cannot defend the vote count, then the loser has every right to appeal to other means--in most countries, violence.
In the last American election, the loser disputed the vote count. The winner could not defend the results, so the loser appealed to other means--the Supreme Court.
The fact that there was no outbreak of violence (at least of any significance) was not due to the voters' acceptance of the count. It was due to the voter's acceptance of the Supreme Court as the final word in American government. The loser accepted the Supreme Court decision and allowed the winner to win. The voters (some begrudgingly) accepted the decision.
But please note: the last disputed election had something that the next one will not: chads--a paper trail--transparency. Win or lose, everyone had the hope that eventually, the truth would be known. It may take days, weeks or months to determine, but the truth would be known. The system would work.
Ignore conspiracy theories. Ignore software companies. Ignore programming bugs. The threat of the next disputed election is the notion that even if the election is honest, even if every vote is counted, even if the outcome truly matches the intent of the voters, the loser will be able to dispute the outcome and the winner will not be able to defend it.
Imagine the turmoil if after the last election, over a million of the punch ballots had gone missing. It does not matter who wins this fall. The loser will dispute the result and the winner will not be able to defend it.
As counter-intuitive as it may seem, Bush may be the most likely candidate to suffer from the paper-less voting system. If Kerry wins, I do not believe Bush will have much of a case for vote tampering as the systems are being used primarily in districts controlled by Republican party members. If Bush wins, it is very likely that the results would be thrown out altogether for the sake of another election. The anger pent up by Democrats in the last election fraught with claims of 'unfair' would be mild in comparison to an election that lead to charges of treasonous fraud. Nixon was impeached for election tampering and all he did was spy on his opponents.
Many comments have offered ways to counter the threat of the new systems and most them are good. Yes, it is helpful to point out the possibility of fraud. Yes, it is helpful to write/call representatives demanding change. Yes, it is helpful to create more transparent technical solutions (yes, open source is one option, but not the only one). In the meantime, the best way to ensure that 1.) your vote is counted, 2.) your vote can be recounted, 3.) your vote will not be disputed is to ask, NOW, for your absentee ballot. It is exactly the reason that both the Republican and Democratic Parties have started a "get out the absentee vote" campaign in areas where the new systems are being installed.
If the Supreme Court does not ask for a recount, they may look to the absentee ballot as the measure of voter intent. The next President may be elected by the absentee voter.
Well it is a tribute to how easy would be to pull the wool over your eyes and the eyes of the American people that you refuse to believe its possible they were assassinated by powerful people and not lone wacko's and accidents.
I assure you there were a lot of powerful people that wanted JFK dead. The military was royally pissed at him for not invading Cuba during the Cuban missile crisis.
The powers in the CIA were royally pissed at him for denying air support at the Bay of Pigs and letting Castro destroy their little army. JFK gets blamed for the Bay of Pigs but the plan was actually hatched under Eisenhower and the army of Cuban expats was already formed on U.S. soil when JFK came to power. There is a chance that he was more than a little reluctant to go through with it which may explain why he denied it the air cover it needed to succeed and disposed of an Cuban expat army he didn't want in the process.
There is a chance JFK also didn't want to escalate Vietnam which also put him at odds with the CIA and the Pentagon.
Of course RFK was in the middle of all of these same problems so is it so hard to believe that the same powers that whacked JFK would whack RFK to prevent another Kennedy administration.
And then there is Martin Luther King. I can assure you J. Edgar Hoover hated King with a passion as did most of the white men who ran the U.S. at the time. He was a major threat to white supremecy in the U.S.. MLK alone was giving black people the hope that they could aspire to something greater than the next to nothing the U.S. had given them until he cam along. He was also a really vocal opponent of the War in Vietnam, both because he was a pacisfist and it was disproportionately killing black men. Black men had a much harder time ducking the draft while affluent white men like Geroge W. and Dick Cheney had no such problem. It is more than plausible that the powers in Washington whacked King because he was a real threat to their power.
And then you have Wellstone and Mel Carnahan. Not a lot of people are killed in small plane crashes in the country. The odds are somewhat stacked against TWO Democratic Senate candidates dieing in plane crashes in two years. Add in the fact that they happened at a time when Republican's were DESPERATE to maintain their grip on power in the Senate, power crucial to passing their extremist agenda, and a conspiracy is pretty ripe. When Wellstone died the Democrats lost his seat to the Republicans which would have never happened if there hadn't been a crash. His death helped swing power in the Senate and a LOT OF MONEY and POWER swung with it. The circumstances of the crash are more than a little mysterious. For example it is quite possible powerful people could lay there hands on an EMP weapon that would be more than capable of downing a small plane without leaving a trace.
If you recall none other than John Ashcroft was running for a Senate seat agaisnt Mel Carnahan who was also killed in a something mysterious plane crash. In this case, if it was a plot, it failed since Ashcroft sucks so bad he lost to a dead guy or actually his wife.
@de_machina
Several congress critters have done just that, and from what I understand, there will be international observers here... I read it a couple of days ago on one of the media sites like CNN or something.
Not sure how many there will be, where they will be, what they are going to do, what authority they will have, etc.
Note - I'm in California, and have already requested my absentee ballot. I did use the touchscreen systems in the primary - they seem to work ok - but I am definitely against the idea of 'lectronic voting.
Like someone else posted above, the main reason we seem all fired up about using a touchscreen is that it will enable vote tabulating faster, so that we don't have to wait as long to find out who won.
Personally, I'm fine with waiting a day or two (if it even took that long) to do it the way Canada et al. handle it... X in a box on a piece of paper, fold it up, and drop it in a box. Then when all votes are in at that particular center/precinct/whatever, open up the box in front of whoever wants to watch, count the votes out in front of everyone (ok, maybe use a spreadsheet or other "manual" tallying system), then call the county offices on the phone and tell them the numbers (ok, maybe email it in or something).
That's all there is to it.
It probably really doesn't matter but the dismantling of the Republic and the creation of the Empire will probably move along more smoothly under Bush with a Republican dominated Congress, and if the current Neocons reamin in control of the Pentagon. Its lost on everyone but Kerry and Bush have nearly the same position on all the volatile issues of the day. Both are fans of the Patriot Act, both support the Iraq war, Kerry is just quibbling on implementation details because he has to to keep the Democratic base happy.
I need to do some research on what happened in Iowa. I gather a dozen or so wealthy people funded attack ads that ran only in Iowa that associated Dean with Bin Laden and started his slide in Iowa. His slide in Iowa finished him before the media finished him off over the "I have a scream" speech. Chances are the Democratic nomination was decided by a dozen people with some money and well placed attacked ad, much like the November election may well be decided by a handful of Republican's funding attack ads like the Swift boat ads. As nearly as I can tell our government is chosen by a few wealthy people, with a few well placed attack ads, which precipitate a media stampede and the American people just follow the ring in their nose.
Its even stranger that Dean is a Yale grad too though I don't think he is Skull and Bones. It kind of shows how the moneyed elite that sits in Connecticut and around Yale had locked up the Presidency before the American people were even consulted.
And then Dick Cheney was also groomed for Yale but he barely survived two years there, his grade were apparently so bad he probably would have flunked out if he hadn't left voluntarily. Don't think he had the family connections George W. had to insure he got passing grades since he was as apparently as intellectually challenged as Cheney was at Yale. George W.'s grandfather Prescott was a former Senator from Connecticut, Yale's home state, insuring George W. would never be flunked no matter how bad his academics sucked there.
@de_machina
Having gone to these "elite private schools" in NYC and Connecticut, having an uncle who went to 1-12th grade and Yale with the elder George Bush and who was his roommate, I have to say that the idea of a Connecticut/Yale/Tory/whatever conspiracy is simply amazingly unlikely.
A lot of the people in these schools aren't that smart (though there is a pecking order academically, all of them have their share of the less-smart (or don't-care) legacy-types). Pretty much the primary determinator of who goes to these schools is who a) can afford it, and b) wants to. After those are passed, then legacies, academics, and other factors (attempts to provide a somewhat diverse enrollment, etc) are considered. Most have (through various scholarships, foundations, etc) a moderate percentage of "disadvantaged" students.
A classmate of mine was another of the Bush crony's kids: Doug Baker, James Baker's (former chief of staff to G.H.W. Bush) son. (This was 1977-1980.) Not shall was say one of the sharp ones in the class (hardly), but a good football/lacrosse player and partier. At my 15th reunion (1995) he had become a lobbyist (what a shock). Others I went to school with include JFK. Jr, David Duchovny, and various sons of very well-off businesspeople. There was a sizable contingent at boarding school from Midland TX around 1980; sons of oil men and the like (many of them like Bush, transplants following the money).
My uncle went to day school with G.H.W. Bush, then to boarding prep school, then to Yale with him. In prep school they were roommates at one point. Both flew in WWII, but my uncle was in P-51's over Germany, and unlike Bush didn't go back to Yale. He continued to live in CT (New Canaan), and was a stock broker and staunch Republican for many many years, was Chief of Police in New Canaan after got tired of hunting and fishing in retirement, etc. When G.H.W. Bush was running for re-election, Frontline interviewed my uncle about Bush's school days. One of my uncle's comments: Bush was an idiot. Almost all of it (including the idiot comment) was edited out. Today he's an independant who REALLY wants to see W go down in flames. He supported Dean in fact.
Which brings me to the comments I'm replying to. While in theory there could be a conspiracy by some nebulous east-coast preppy elite, the reality as I see it from having grown up and gone to school with many in Bush's circle is far more simple and easy to swallow - the Bushes (and most presidents, with the odd exception like Clinton) are from rich families, and those families have connections to other rich families, and draw on them for their closest advisors and supporters. A lot of these people get into prestigious schools, colleges, and jobs via family connections and history (legacies). Not everyone in these schools does, in fact it's probably a minority nowadays, but it was and still is common in many of them if not most.
These people are rich, they go to school mostly with other upper-middle-class or rich people, and they form friendships for life with the people they went to school with (and often with others of similar backgrounds, which is hardly unique). This applies to the majority of politicians, especially at the upper levels. It takes money and even more so connections to get to elected office, especially high office (and promises for a lot of back-scratching).
This isn't to say that none of them do bad/questionable things - hardly. Many do. But as others I'm sure have said here, never attribute to malice (or conspiracy) what is adequately explained by stupidity (or just plain normal social class cliquiness (sp)). Honestly, these people _aren't_ smart enough to pull such a huge conspiracy (let alone for so long) off.
p.s. While I attended these schools and have a long family history associated with them, I was not one of the "rich" kids or legacies - my mother was director of development at one (which got us in, free I think), and the other I went to not as a legacy, though my father and grandmother did pay for it. I'd be considered probably one of the middle/upper-middle class students with a family tradition of prep schools.
No one ever prevented a recount and in fact the recounts proved Bush would have won under any possible scenario.
Wrong. The recounts proved that under any of the scenarios Gore requested that Bush would win.
If they had recounted the whole freaking state as they should have in the first place, then Gore would have won.
Just because Gore was a fuckwad about how he wanted the recount doesn't excuse the fraud and outright treason which is all that lead to Bush currently holding power.
Small-aircraft crashes are a lot more common than you give them credit. Personal aircraft are often built from low-cost components, and are often not as well maintained as a commercial airliner. They are far lighter and much more suceptible to weather. They often carry one of each instrument whereas a larger plain would have 2 or three redundant units.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming