Vote Tabulator Security Hole Exposed
Doc Ruby writes "Black Box Voting has exposed a security hole in Diebold machines that tabulate votes collected from electronic voting machines. A code entered into the tabulator's user interface duplicates the "secure" counts into an insecure count which can be changed, and counted instead. The "double books" vulnerability and exploit were reported to the manufacturer over a year ago, and confirmed, while major customers (California and Washington states) were notified shortly thereafter. In spite of some revisions, the latest version of the software remains insecure. Diebold voting machines running GEMS version 1.18.x are vulnerable, running in about three dozen states. Although the software is widely deployed, and scheduled for use in shortly upcoming elections, risk mitigations are available, mostly protocols restricting physical or network access to the machines. Other auditing/accountability measures for ensuring only trusted access to the system are recommended."
For all the banter that goes on here, we all know how this is going to turn out. Everybody bitches and moans about it, and the mainstream press runs toned down stories. In the mean time, people who know what's going on continue to look like crazy conspiracy theorists. End result: The public won't know or won't care until a massive mistake is uncovered after the person enters office and everyone realizes that they've been living under the authority of a false representative. Of course, that's provided said person doesn't pass a law to protect people in his situation once they're discovered.
...just how many of these "holes" or rather bugs were intended to be features.
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
Technology is a wonderful thing.
But come on. Are we so ADHD in this country we can't vote on paper and wait for real people to count them? Yes, there will be mistakes... but at least if a recount is needed, there's a paper trail.
If you don't have time to do it right, when will you have time (or in this case, an opportunity) to do it over?
Can it be? A free PC!?
Is anyone else suprised by how bad diebold's coders are? I mean seriously. I know microsoft can't make their products secure, but they have millions of lines of legacy code and compatability issues. This isn't an excuse, but building a secure system from the ground up should be pretty straight forward, honestly.
Security should have been the top priority the whole way through, but apperantly it wasn't. Pretty amazing, IMO.
And wtf, they can't fix a bug in a year? They're not going to have it fixed by Nov? Jesus, what is it with these people.
Also, this is kind of boring. Anyone involved in the RNC convention or the protests around here?
autopr0n is like, down and stuff.
So let me understand. Entirely by accident, if you enter a specific code at the machine, a transparent and highly successful process takes the existing collected data and makes a duplicate of that data which can be altered and fed into the combining and counting process.
Someone must have REALLY misspelled an important constant, no? I mean, what are the odds? When I screw up, the code usually just fails to compile or takes out the vm. Someone needs to find the guy who "accidentally" did that and get him to buy lottery tickets for all of us.
wow.
The problem with quotes on the internet, is that nobody bothers to check their veracity. -- Abraham Lincoln
Public officials: If you are in a county that uses GEMS 1.18.18, GEMS 1.18.19, or GEMS 1.18.23, your secretary or state may not have told you about this. You're the one who'll be blamed if your election is tampered with. Find out for yourself if you have this problem: Black Box Voting will be happy to walk you through a diagnostic procedure over the phone. [Contact information here.]
Public officials: If you have these versions of the software, the votes can be tampered with by this simple procedure. Black box voting will be happy to give you a short course in how to rig your election.
Reminds me of the official corruption in Daily's Chicago - which was the "City that Works" largely because ANYBODY could bribe the officials equally.
By exposing this flaw and showing every election clerk who asks how to cheat, Black Box Voting is insuring that the vulnerable software WILL be used to cheat, and that elections WILL be rigged until the audit trails are installed and used.
I can think of nothing that will create a bigger push for audit trails on electronic voting than showing every election official in the US how to stuff the ballot boxes at this wholesale, vote-tabulation level. B-)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Sure, it's horrifying to see that someone could cheat, and most likely someone will try, but the polls have both parties monitoring, counting, and watching the process. Announcing the fact that the machines aren't fool proof or perfect is a wonderful thing for the process - aka more eyes will be watching and helping protect our election process.
These problems will be fixed, but there will always be voter fraud (ie dual voting - The paper found that 68 percent of the dual registrations are Democrats, 12 percent are Republicans, and 16 did not claim a party).
Back in 2002, Miami-Dade had an election using touch-screen voting. In some circumstances there were more votes than registered voters, and in at least one instance an entire day's votes in one machine were "accidentally" erased. No paper backup means the votes were lost in the ether.
Since each state is responsible for operating the voting process, you'd think that Jeb Bush (the Governor) and former Orlando Mayor and now Secretary of State Glenda Hood would have been outraged. Jeb's reply was "why can't Democrats learn how to vote?". Glenda Hood's response was "that doesn't mean that we need to have a paper trail." She has this big bug up her ass that printed receipts would cause a repeat of the 2000 debacle when in reality the 2000 debacle was 100% caused by the old punch cards being difficult to scan. A paper printout would simply be a way to recount votes that aren't up to speculation by the person doing the recount (i.e. they know exactly which votes are cast.)
P.S. Diebold Sucks!
------
There's a fine line between cuddling and holding someone down so they can't get away.
While a lot of people will say that screaming about insecure voting machines is a bunch of FUD, I think there is a legitimate reason to be far more scared of insecurities in digital voting than in the traditional kind. The nice thing about paper/punchcards/crayon is that the scale of fraud is limited by the physical nature of the medium. It's tough to dispose of a lot of votes without anyone noticing a precinct is missing, and it's difficult to make much of a differece forging individual ballots. The problem with electronic voting is that like every other industry that's gone digital (accounting to spreadsheets for example), the scale and efficiency of mundane tasks is amplified by many orders of magnitude. It's tough to make much of a dent in an election by registering under ten names and voting ten times. It's easy (if you have an exploit) to to click once to change 10,000 votes in a manner that looks utterly plausible. So for all the talk of just giving red meat to the media to have another thing to panic about, I'd say why the heck can't we force Florida to print paper reciepts?
I asked this before and am going to ask again.
Why do we insist on using voting computers which are reprogrammable. These are all Von Neumann architecture machines. As computer scientists we should be able to find a more appropriate architecture for voting. Something where the code is not alterable, something where the counts are not chanegable.
Think about it. And if you dont understand the question then learn about computing architecture. There are computers other than the multi purpose kind. They tend to be single purpose and far more efficient at their designed jobs.
"# Financing smear groups to attack John Kerry: $ 1.75 million."
Do you get this worked up over 527's like moveon.org?
Diebold has a huge investment in this and sees dollar signs well into the future if their machines become the standard. Just think about how long the mechanical machines have been around. Diebold wants that kind of longevity for their product.
I am not against a company making money, far from it. However, making your money off the most important process in America cannnot be ethically supported. I left telling the Diebold guy that I enjoyed toying with him. He was left with a chagrinned look on his face, knowing that the road ahead is gonna be tough.
I was not willing to return and pay another entrance fee to bring materials back to prove this guy wrong so do me a favor- if you are planning on going to the MD State Fair, take along some materials to back up your arugment and take some potshots at the Diebold guys.
Ok so you present a login where the user enters a voter registration number. You show a list of canidates. You double click. Type "yes" to confirm. Increment a number in the database and set that voters "HasVoted" property to true.
After a 10th grader finishes that project, have a real coder step in for 15 minutes, throw in a little encryption and all you've got to do is run this bad boy on a palm pilot locked in a box and chained to a desk. When the votings done, ship the locked up palm pilot off to some goverment facility where the data will be merged into a master database.
Wheres the challenege? I feel like I could make THE BEST VOTING SYSTEM EVER in one weekend and make it rich off government contracts...
http://brandonbloom.name
Don't tell anyone we have endemic corruption in the US political system! They might start gettting ideas and, gasp, start voting for other parties, or worse, get off their ass and really try to make some changes.
Shit, I'm an Anarchist, I'm for world revolution and all that, but at this point I'd be pretty fucking content with a government that doesn't put its citizens in what amount to concentration camps for smoking a fucking doobie. I mean come on!
What I really don't get is why so much of the right wing supports all the roll backs in civil liberties. Do you remember the clinton years? Ruby Ridge and other incidents should worry the hell out of you because there will be another Democratic Administration sometime, even if it isn't '04.
A blog about stuff.