More Diebold E-Voting Vulnerabilities

presmike writes "ok, it looks like Diebold has more to worry about now that it is possible to change votes with a 5 line VB script. 'The vulnerabilities involve the Global Election Management System, or GEMS, software that runs on a county's server and tallies votes after they come in from Diebold touch-screen and optical-scan machines in polling places.'"

Blimey

[ackthpt]

vbs script running in the background, well, they don't say it but it seems obvious that GEMS is running in Windows, the most breakable OS in the world. I'd think with that in mind that little scripts are the lease of their worries. If someone compromises their network and server enough to install and run a script, they've got considerably more at their fingertips.

"There's 14,375 votes for Bush, 14,374 for Kerry and 2,793,036 for Mr. Magoo, let's tell the public about this 4 years after the election, OK?"

Re:Blimey

[grub]

If someone compromises their network and server enough to install and run a script, they've got considerably more at their fingertips.

When you have the CEO of Diebold saying "I am committed to helping Ohio deliver its electoral votes to the President next year." why do you think the evilness has to come from outside Diebold?

Re:Blimey

[AKAImBatman]

vbs script running in the background, well, they don't say it but it seems obvious that GEMS is running in Windows, the most breakable OS in the world.

It's worse than that. From this link:

She has no way of knowing that her GEMS program is using multiple sets of books, because the GEMS interface draws its data from an Access database, which is hidden.

Getting a warm and fuzzy feeling yet?

Re:Blimey

[ackthpt]

why do you think the evilness has to come from outside Diebold?

Didn't imply it would. Much computer crime starts on the inside. All you need is a programmer or two who have strong political sentiments and enough knowledge and, BAM!, SCOTUS awards Bush another 4 years.

Re:Blimey

[ackthpt]

Getting a warm and fuzzy feeling yet?

I think it's nausea.

You know... Diebold does a lot of work with financial systems. Is this what they call the Harbinger of Doom?

Re:Blimey

[jmanforever]

"well, they don't say it but it seems obvious that GEMS is running in Windows"

Did you not RTFA? Page 2 of the article clearly states: "GEMS runs on the Windows operating system."

I can't belive they wrote such a mission critical app to run on Windows. Then again, it gives them something new to blame for "counting errors" in the flawed voting system. No one is going to buy the hanging chad thing any more.

Re:Blimey

That was just a rhetorical question. :)

Re:Blimey

[nightcrawler77]

Windows security is hard enough to get right when you try. But it sounds like the Diebold flaws would be present regardless of their platform choice.

Even running the GEMS software on OpenBSD would do nothing to make up for their lousy secuity design.

Re:Blimey

[TheCaptain]

"I am committed to helping Ohio deliver its electoral votes to the President next year."

Well...the president next year will likely have deserved them. Not sure if it'll be Bush or Kerry though...certainly not Nader, IMHO.

* Note to the disfunctional moderators out there: This is what I pass off as humor.

Re:Blimey

[Phisbut]

But it sounds like the Diebold flaws would be present regardless of their platform choice.

True, this is not a Windows flaw, it is a Dieblod flaw. However, if Diebold ran on another platform, it would probably take more than 5 lines of vbscript written in Notepad to decide who gets elected.

Part of having a stronger security is making it harder for the crackers to do things.

Re:Blimey

[TheLittleJetson]

indeed. if you live in a state with e-voting machines, vote absentee. tell your friends and family.

Re:Blimey

[Marxist+Hacker+42]

Given that- here's the five lines in pseudocode:

1. Set an ADODB Recordset
2. Open recordset with select statement for tables with the totals in them.
3. rs(fieldforcandidate)=new total
4. rs.update
5. rs.close

Or better yet, if you have a copy of access with you, skip the stupid script, open Access, and simply change whatever totals you want to.

Re:Blimey

2 lines of Bash most likely. (God, I love Bash.)

Re:Blimey

[displaced80]

Never fear!

Your votes will be safe.

Just so long as no-one holds the [Shift] key as they double-click the .mdb file :-)

Re:Blimey

[nizo]

Getting a warm and fuzzy feeling yet?More like a warm wet spot as I pee myself.

Re:Blimey

[merlyn]

At least in Georgia, "vote absentee" won't help. They take those absentee ballots... AND KEY THEM IN ON A DIEBOLD VOTING MACHINE!

Re:Blimey

Here is the only way I see this comming to full public attention. Some haxor changes the votes, not for Dem or Rep (that would be argued as America opinion), so that the green party or the american communist party or something like that won in a landslide then you'd open peoples eyes real quick.

It's kinda ironic that all of us nerds who love technology are the ones saying that this is a really bad idea. If we're saying this technology is bad you'd think they would listen to us....

NOTE to FBI, election officials and readers: This is not a suggestion on things to do. I am not saying that someone needs to hack the voting system, I'm just saying that if the worste case scenerio occurs people would notice. I don't want someone doing this and me ending up in Gitmo.

(For the first time in my /. life I will be posting Anonymously, soon I'll be buying my tinfoil hat...)

Re:Blimey

[WindBourne]

I think if I hacked it, I would have it do 100% for GWB in the heart of Chicago or any major city or do 100% for kerry in the burbs.

It would be interesting to see how the country responds.

For none-americans, cities tend to be heavy democrats while the 'burbs are at best mixed, but lean towards republican. The wealthier you are, the higher the likelyhood that it will be republican-leaning.

Re:Blimey

[Tarwn]

4 lines if you don't need declarations, set to nothings, etc:

Set conn = CreateObject("ADODB.Connection")
conn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\Path\To\Db\database.mdb;Persist Security Info=False"
conn.Execute("Your SQL Statement")
conn.Close()

Re:Blimey

[PedanticSpellingTrol]

Right, it would take 5 lines of perl (or php) written in emacs (or vi[m])... maybe we should use these machines to settle a few coder holy wars...

Re:Blimey

Actually, they do. I believe the exact quote was...
"GEMS runs on the Windows operating system."

And from Canadian's perspective, you guys (Citizens of the USA) are get fucked. The entire notion of eVoting needs to irradicated and buried in the deepest hole you can find -- how about the Republican party's arse.

Re:Blimey

[Thomas+Miconi]

What I don't get is, why do the US insist on having electronic voting machines ? I presume the 2000 fiasco prompted some kind of overreaction, but why not simply go to a plain paper system ?

In backwards socialist pro-islamofascist hellholes such as France, elections are 100% paper-based. People walk into the local voting point and (after registering and showing their elector card) are presented with a number of bulletins, each of them bearing the name of a candidate. They take several of them, walk into the booth and put the bulletin of their choice in an envelope. Then they walk to the ballot box and drop the envelope.

The integrity of the vote is ensured by the most primitive (and efficient) method around: after the vote is over, bulletins are counted by officials in each voting point in presence of the public. Bulletins are handpicked from the box, the main official reads the name aloud, and shows the ballot to other officials present and to the public. The names are also written down by two other officials. The total figures are then transmitted to a central office in Paris. On the next morning, people can check in the local newspaper that the vote count reported for their precinct corresponds to whatever was announced at the voting point.

This system is simple, efficient, and reasonably fool-/fraud-proof. Can someone explain me the exact problem with it ?

Thomas-

Re:Blimey

[AuMatar]

In perl? More like 5 characters.

Re:Blimey

[John+Courtland]

Can someone explain me the exact problem with it ?

It doesn't ensure victory?

Re:Blimey

They only have one question on the ballot. In the US there can be:
1 presidential
1 senate
1 house
2 state assembly
3 school board
2 judges
5 county ballot questions
5 state ballot questions

That is much more work to count by hand than just one parlimentary race.

Re:Blimey

[ZenCaser]

Jeez, even Mr. Magoo beat Nader.

Re:Blimey

[Artifakt]

There are several other companies making voting machines. Some of those alternates appear to be better (not necessarily safe enough for this job, but substantially closer). My own state uses machines that produce a partial paper trail (a copy of the aggregate results, per machine, not per individual voter). It's not the per individual paper trail some have discussed here, but it serves for newspaper reporters, party observers, and the general public to see, and helps block SOME forms of possible election fraud. My own state also still supports paper ballots, and it would take amending the state constitution to take away that alternative.
Right now, the evidence is that one company's voting machines are definitely below any remotely acceptable standard, and that company has indicated a motive for making them flawed deliberately.
It's not evidence that proves all forms of electronic voting should be rejected, or that paper ballots are axiomatically better. It sure doesn't prove that other forms of felonious electioneering, such as getting voters falsely dropped from the rolls, will stop too if we just go back to paper. It IS increasingly solid evidence of a crime. The public will better serve itself if it focuses on what the facts definitely prove about Diebold than what they may tenetively suggest about the overall principles of electronic information security.

Re:Blimey

[AJWM]

Given the political sentiments of many left coast programmers, it's as likely to be BAM!, Kerry wins in an upset. Or even, Nader wins in a surprise upset.

Of course, there'd be an instant call (on all sides) for an investigation that made Florida 2000 look like a picnic.

Re:Blimey

[AJWM]

The wealthier you are, the higher the likelyhood that it will be republican-leaning.

Well, except in Hollywood.

Re:Blimey

[Wybaar]

Are you thinking what I'm thinking, Pinky?

Yeah Brain, but where would we find enough Diebold programmers who have that much knowledge?

From the first part of the article:
But the vulnerabilities do show incompetence and indicate that Diebold programmers simply don't know how to design a secure system.

Another comment I found particularly interesting occurs on the third page of the article:
But speaking generally on the vulnerabilities Harris mentions, Diebold spokesman David Bear said by phone that no one would risk manipulating votes in an election because it's against the law and carries a heavy penalty.

Suuuuuuuure ... and no one would risk committing securities fraud because it's against the law and carries a heavy penalty *cough*Enron*cough* or would risk driving above the speed limit because it's against the law and carries a penalty (whether it's a heavy penalty depends on just how fast you were driving.)

Re:Blimey

[Warhaven]

She has no way of knowing that her GEMS program is using multiple sets of books, because the GEMS interface draws its data from an Access database, which is hidden.

*smashes forehead on desk* Please God, make the badman go away!

Re:Blimey

[SpaceLifeForm]

In Missouri, the republicans are asking for lists of voters that have requested absentee ballots. Here's one story.

Re:Blimey

[BigT]

none of which will be alphanumeric.

Re:Blimey

[John2583]

SERIOUSLY! Could he be anymore naive? I was going to quote that part of the article where Diebold's spokesman says no one would do it because it's against the law, but you beat me. Wow.

Here is my take on the whole electronic voting thing. Computer Scientists would generally like to promote the use of computers and technology to solve a problem, say like e-voting. Now if Computer Scientists are coming out in large numbers to say, WAIT! computers might not be the best way to tally votes, it's not secure, there's too much room for false votes, etc etc. Then you know there is something wrong with using electronic voting. It's crazy.

Re:Blimey

No, no, no! you've got it all backwards!
To quote a famous billionaire: "One line should be enough for everybody!"

Re:Blimey

[Saige]

I know that this is enough to make me never again touch a Diebold ATM if I can help it.

It also makes me wonder if my credit union has any Diebold equipment, and what it would take for them to change to a company that doesn't demonstrate total incompetence in designing secure, auditable systems.

Re:Blimey

Actually, the article does say GEMS runs on Windows.

Re:Blimey

[Kaa]

(For the first time in my /. life I will be posting Anonymously, soon I'll be buying my tinfoil hat...)

[insert evil laughter here]

Your IP address has been logged and associated with that post.

I suggest learning about the differences between pseudonymity and real anonymity. More useful that tinfoil hats, IMHO...

Re:Blimey

[shawn(at)fsu]

pseudonymity and real anonymity

I know it was part of the joke. I tend to deal with scary/stressfull/awkward situation with dark humor. And I find thinking about evoting scary and stressfull.

Re:Blimey

[AaronW]

It doesn't help that their lead programmer was arrested for embezzlement. There's so many holes and back doors in Diebold's software to make Windows XP default install look like Fort Knox.

Re:Blimey

Uh huh.

Re:Blimey

[wkytechhead]

That's the best i have heard in a long time. Kudos to TheLittleJetson.

Re:Blimey

[Le+Marteau]

I know that this is enough to make me never again touch a Diebold ATM if I can help it

Relax. Their money machines are rock-solid. After all, they handle things of importance, namely, money, unlike their voting machines, which handle only illusions.

Re:Blimey

[John+Hasler]

The Federal government objects to paper ballots because blind people need assistance to vote with them.

Re:Blimey

[Suidae]

Yes, because no one has yet invented a system of writing for the blind that works on paper.

Of course electronic touch screens work much better.

Heres an idea. Lets train a bunch of election officials really well, inject them with an amnesiac drug then put them in the booth to write down peoples votes. They'll do it well, but won't remember it later. (the best part is, we won't have to pay them overtime).

Re:Blimey

[Our+Man+In+Redmond]

You described the problem yourself. The system is simple, efficient and reasonably fool-/fraud-proof. What elected official is going to be in favor of that?

Re:Blimey

[lawpoop]

Or, one line of perl ;)

Re:Blimey

[NuclearDog]

<?
$db = mysql_connect("127.0.0.1", "diebold", "abcdef");
mysql_select_db($db, "votes");

while ($choice!='quit') {
echo "1) George Bush";
echo "2) John Kerry";
echo "3) CowboyNeal";

$vote = readline($vote);

if (!ereg("^[1-3]$", $vote) && $vote!='quit') {
echo "Invalid vote.\n";
} elseif ($vote=='quit') {} else {
$result = mysql_query("UPDATE `votes` SET `votes`=votes+1 WHERE `candidate`='$vote'", $db);
if (!$result) {
echo "Voting failed!\n";
} else {
echo "Vote successful!\n";
}
}

}

mysql_close($db);

?>

Of course, it would require much more error checking and the screen would have to be cleared after each vote, etc. etc.

If I 14 year old can program this in */me checks clock* 4 minutes, I'm sure Diebold could program something much better with the amount of time\money they have. If not, the only reason I can think of is that they are complete and total dumbasses.

Anyways, I know, being Slashdot, 10 other people will pipe up and tell me how I could have done it better. If not, I know someone will correct my grammar, and to you I say: 'telnet nucleardog.com'

That is all.

ND

Re:Blimey

D'oh. Forgot the newlines on the names of candidates.

Bah.

ND

Re:Blimey

[vsprintf]

I'd think with that in mind that little scripts are the lease of their worries. If someone compromises their network and server enough to install and run a script, they've got considerably more at their fingertips.

This story isn't news, it was linked from a Slashdot article weeks ago. Of course, you have to click through to part three to get to the part about the VB script, so I shouldn't be surprised if no one here acutally read it. Apparently the script has already been refined in preparation for the upcoming election, since it's gone from six to five lines.

While being compromised is certainly a risk, the big problem is someone with access to the district-level tallying computer. One politically motivated person involved in an election with physical access and a simple script or a two-digit code. That is not the "least" of my worries, it's the biggest one. Like most security hacks, it's the inside job that does the most damage and is hardest to defend against.

Re:Blimey

In backwards socialist pro-islamofascist hellholes such as France, elections are 100% paper-based. People walk into the local voting point and (after registering and showing their elector card) are presented with a number of bulletins, each of them bearing the name of a candidate. They take several of them, walk into the booth and put the bulletin of their choice in an envelope. Then they walk to the ballot box and drop the envelope

What do they do with the rest of the bulletins?

Re:Blimey

[Peaceful_Patriot]

(For the first time in my /. life I will be posting Anonymously, soon I'll be buying my tinfoil hat...)

Interesting how these days even the most innocuous statements cause Americans to look over thier shoulder to see who is listening. I've been around long enough to see many presidents and administrations. I have cursed and cheered them. But until now, I have never feared them. For all the rhetoric about freedom, this administration is the scariest and most oppressive I can remember.

Re:Blimey

[CleverSwede]

the fact that 5 lines of TEXT can compromise the Diebold system is just plain sick!! Kudos to Herbert Thompson at Security Innovation for finding the hack... heh heh

Re:Blimey

just one word sums this up.

F U C K!

Re:Blimey

[einhverfr]

I wonder how much they would sell the election for....

After all, no paper ballot, no paper trail....

Re:Blimey

So why is it the worst case scenerio if Communists or Greens get elected? I would have thought that another four years of Bush would have to be up there. And four years of Kerry would be pretty bad also.

I would love to live in a communist (read, classless, stateless, no money; not USSR or China, which aren't/weren't communist) community.

Re:Blimey

Unfortunately, all the Communist parties around are a lot closer to Stalinism than Marxism.

Re:Blimey

[Vintermann]

Blind people don't need assistance to vote with braille ballots. However, blind people's interest organozations don't like that solution, for some reason, which may or may not have anything to do with the funding they get from diebold :-/

Re:Blimey

[dario_moreno]

they drop it on the floor. Activists also hide tons of them in the voting booth in case you are a closet nazi and don't want to pick up the bulletin in front of people you know (ie you pick up only the one of the mayor in case you want social housing or whatever favor and in the booth drop it and change it for the nazi one)

Re:Blimey

[LoveLiberty2004]

Wouldn't it be an amazing show of integrity if W. stood up and said, "after the 2000 election controversy I don't want any debate this year. Let's save the computerized voting machines for the next election, so that each vote can be COUNTED BY HAND if need be... I want to win without a shred of suspicion this time!"

Well, I know... that's why it would be amazing. *sigh*

Check out http://www.verifiedvoting.org/ for more info about the electronic polls.

Re:Blimey

[LoveLiberty2004]

I had a debate with my fiance about this... he's the programming expert, I just love computers ;) Maybe you guys can chime in? Is there ANY WAY to ensure independantly that these machines will count votes accurately and reliably every single time? Is there ANY WAY to ensure that there isn't a little secret code someone can punch in on them to make scripts run? (Wasn't there just a controversy about a two button code left on a machine?)

Rush Limbaugh was on the radio saying that Democrats are always scared of change... which is a bass-ackwards statement if you ask me... but in this instance, he's right. It surely does seem odd to me that the usually staid repubs are the ones so gung ho for this while those of us liberals still wincing after the 2000 election controversy are going "nooooooooooooo!"

Re:Blimey

In backwards socialist pro-islamofascist hellholes such as France

I guess that's why they crack down on head scarves. Idiot.

Re:Blimey

[mink]

Diebold is based in Ohio. Not what I from experiance call left coast. I have no idea where they keep the programmers for the e-vote hardware, but I would not be amazed if they are in or near the base of operations.

A Better Voting Machine

After reading all these stories on Slashdot about Diebold voting machines having security holes, I did a little bit of research on my own. I believe I finally found the perfect voting tabulation and candidate selection system, impervious to cheating. Here is the website; it includes video of the machines in operation (Windows ASX format).

Perhaps some of you security experts could evaluate whether this machine is more or less accurate and secure than Diebold's machines, but I'm pretty confident in its ability to surpass Deibold's accuracy. (Note to foreign readers: To interpret the results from the videos: if the red ball 21 or less, that's a vote for Kerry; 22 or more, Bush.)

Re:A Better Voting Machine

[gorbachev]

Business2.0 had an interesting article on an electronic voting machine idea David Chaum has come up with.

Dieblod is taking shortcuts trying to maximize short term profits. Corporate greed at its best.

Re:A Better Voting Machine

You probably didn't follow the link in the original post and missed the humor; it goes to videos of the last six Powerball drawings. :-D

Re:A Better Voting Machine

it goes to videos of the last six Powerball drawings

Which explains why my company's 'websense' program blocked the site. Oh, well, I can only imagine how funny that would have been.

Re:A Better Voting Machine

[exhilaration]

Unfortunately the lowest bidder gets the contracts.

I think that's the ultimate flaw in this process - why spend money on quality when price is the only thing that matters?

Re:A Better Voting Machine

[protektor]

If the lowest bidder gets the contract does that mean that a free Open Source e-voting program would automatically get the contract? :)

Re:A Better Voting Machine

[lucabrasi999]

why spend money on quality when price is the only thing that matters?

Well, there's the problem. The data can either go directly from each machine to the county elections board, or it can be collected and counted at the precinct level, then sent to the elections board.

There are a couple of reasons why you would keep the preliminary counting to the precinct level: Cost is one.

The cost of centralizing the count would mean that every machine has to be given a secure, direct connection to the central computer. Personally, I wouldn't trust a phone line. Cost? Pretty high, since many counties around the US have thousands of polling places, each with multiple machines.

So, you are almost forced to use collect the data locally. If that is the case, then, that means you need a local election judge handling the data. That local election judge may be very honest, but probably doesn't know anything about computers. And, even though I don't like Windows, I don't think you have much of a choice. You are almost forced to use it. The cost of training all of the election workers on how to use Linux would probably be too high. You might look at Mac, but then you'd end up spending more money on a Mac programmer than you do on a MS programmer.

Don't get me wrong. Diebold obviously never thought about security. If they did, they would have found ways to control for VB scripts updating the data. But, I do understand why they chose Windows and Access. I don't agree with their choice, but I understand why they chose it. Cost.

Re:A Better Voting Machine

And, even though I don't like Windows, I don't think you have much of a choice. You are almost forced to use it. The cost of training all of the election workers on how to use Linux would probably be too high. You might look at Mac, but then you'd end up spending more money on a Mac programmer than you do on a MS programmer.

You don't have to train local election officials to do anything other than click some buttons. Why do they need to know how the underlying system works? Let the guys that write the program worry about that, then have some other guys that know code come in and audit it. It's that simple.

Re:A Better Voting Machine

Why wouldn't you trust a phone line? Using a program like GPG one can easily transmit and authenticate information even over the most insecure channels. It's not like we need to encrypt the results, is it? Given that, all we really need is a secure signing algorithm. The private key component can be distributed in a secure, physical fashion (i.e. flash memory or floppy disk) directly to the election judges. That component could be secured using some other technique so that even the election judges couldn't interfere with it (or bypass the voting machines).

The biggest problem with most of the digital voting systems is the lack of a paper trail that would allow for accuracy checks, dispute resolution, and all that other fun stuff.

Re:A Better Voting Machine

They have to make a bid first.

Re:A Better Voting Machine

[lucabrasi999]

It's not like we need to encrypt the results, is it?

Well, I would recommend encrypting every part of the message. But, essentially, you are correct. I had a brain cramp and forgot about public/private keys.

I was thinking of accuracy checks, dispute resolution when I was composing the note. I just didn't want to spend all day typing on /.

Re:A Better Voting Machine

[lucabrasi999]

Why do they need to know how the underlying system works?

Well, there are comfort issues with any unfamiliar system. I have put in new systems before. If it's on an unfamiliar platform, it makes users uncomfortable. Their level of comfort definitely has an impact on the number of mistakes.

Yes, you can give Linux a GUI. But, most of the senior citizens that staff polling places will be uncomfortable with using something that is not windows-based.

Re:A Better Voting Machine

[rhuntley12]

I actually work for a company that runs the Lottery system for a state and I must say MUSL is crazy about security. I can't get into specifics, but in my opinion they go completely overboard on some rules, which can only be good. Working with MUSL I certainly would trust them with our elections.

diebold

I hope no one uses them again.

Re:diebold

[ackthpt]

I hope no one uses them again.

'Diebold' is probably some obscure germanic dialect for

Lowest Cost Bidder

Re:diebold

I ran "Diebold" through Google's german to english.. got this..

"Thief old"

Amazing

[AKAImBatman]

You'd think a company who's been making ATMs since their inception, would have a good understanding of cryptographic security and the "gotchas" inherent in such systems. Yet it seems that this multi-billion dollar company is utilizing nothing more than junior level Microsoft programmers. I mean, who in their right mind would write a national voting system in Microsoft Access?!?

Maybe they should claim that all their security experts were hired by Google after they took the GLAT. ;-) Then they could get Congress to sanction Google instead! *rolls eyes*

(BTW, I love the "Politics" section color scheme. Can we do something similar for IT?)

Re:Amazing

[Kenja]

Given that the ATMs run unpatched Windows XP and have in the past been hit by internet worms I fail to see whats so shocking about any of this. I will not use a Diebold ATM, even if that means I dont eat lunch because there's no other source for cash handy.

Re:Amazing

I'm pretty sure they bought this technology from another firm and rebranded it "Diebold." Excuse? No, but any issues were likely not introduced by Diebold.

Re:Amazing

[kiolbasa]

A multi-billion dollar company rushed a voting maching product to market to take advantage of the buzz following the 2000 election. Marketing trumped proper design.

Re:Amazing

[quelrods]

Well, technically the db backend in access, not the system itself. The amusing thing about access is it supports subselects! There isn't a release of mysql that does this yet. As much as we all hate access, it may have been an ok choice for this. At least there isn't a slammer worm for access. Given the choice between access and ms sql server for our voting machines, I guess access isn't so bad. Though, user permissions on the db is probably something to worry about.

Re:Amazing

[theparanoidcynic]

Why would they want it to be accurate? If it fucks up enough the election will be basically invalid. Guess which way the Supreme Court is gonna throw it if that happens.

I'm sure after The Shrub is reinstalled he'll make sure that electronic voting becomes mandatory so Deibold doesn't get bankrupted for their part in this game and infact makes more money . . . . . .

Re:Amazing

[Frymaster]

You'd think a company who's been making ATMs since their inception, would have a good understanding of cryptographic security and the "gotchas" inherent in such systems

understanding? sure. motivation to implement it? maybe not. consider:

• if the bank machine borks my transaction i find out about it at month end in my statement. if the voting machine borks my ballot, i never know.
• the atm is just a snazzy client for the bank's server. the banks approves the transaction and returns the balance, the atm just spits out the cash.

remember: in every first year computing science class assignment #2 is "bank machine".

Re:Amazing

[AKAImBatman]

Actually, the Diebold machines were partly responsible for the 2000 election fiasco.

Re:Amazing

[Holi]

It has been awhile but I used to work for this evil entity and all the ATMs that I saw were running OS/2. Then again it was 7 or 8 years ago.

Re:Amazing

[T3kno]

No no no, it's the other way around. You should always use Diebold ATMs in the hope that you get someone elses money :)

Re:Amazing

[XMyth]

Want to buy some tinfoil hats?

Re:Amazing

I've never been able to get a Diebold machine to work. They can't read a DOwney or B of A card and they can never verify an out of network password. Downey Savings and B of A do not use DIebold machines in SOuthern California. Whenever I see that nameplate on the upper right corner of the screen I go to another ATM because there is no point anymore.

Re:Amazing

[mdfst13]

Access uses a stripped down version of MS SQL Server now instead of its own Jet DB engine.

Re:Amazing

from the MySQL documentation... http://dev.mysql.com/doc/mysql/en/Subqueries.html "Starting with MySQL 4.1, all subquery forms and operations that the SQL standard requires are supported, as well as a few features that are MySQL-specific."

Re:Amazing

[drinkypoo]

Why use access when you can use, say, sybase, oracle, DB/2, or whatever? Using oracle or sybase on linux (not their flagship version, just a small install) can't be any more expensive than using office on windows.

Re:Amazing

[natoochtoniket]

You'd think a company who's been making ATMs since their inception, would have a good understanding of cryptographic security and the "gotchas" inherent in such systems

I'm sure Diebold poeple do understand security, very well. Clearly, the complete absense of security in the voting systems is not a result of accident, oversight, or incompetence. I am sure the absense of security is absolutely intentional.

These machines are designed, from the start, to rig elections.

Re:Amazing

[lucabrasi999]

Marketing trumped proper design.

Wait a minute, you are supposed to design before you begin to code? Come on! The next thing you know, you'll be asking for documentation.

BTW, love the username.

Re:Amazing

[ednopantz]

Can use MSDE does use MSDE.

Re:Amazing

OK, so now someone runs the following script on the compromised server:

@echo off
copy bush_wins.mdb kerry_wins.mdb /Y
@echo Kathrine Harris not needed this time

Horray, Democracy

Re:Amazing

Nice Troll! Well done!

Re:Amazing

[Anonymous+Writer]

Want to buy some tinfoil hats?

Just make sure they're not made by Diebold.

Re:Amazing

[quelrods]

4.1 is a dev release and I'm sure not going to use it in a production environment.

Re:Amazing

who in their right mind would write a national voting system in Microsoft Access?!?

How about a company who has a vested interest in creating an insecure voting system that is easily manipulated?

Re:Amazing

[poot_rootbeer]

The amusing thing about access is it supports subselects! There isn't a release of mysql that does this yet.

WACKY CLOWN: Hey kids, what time is it?

SLASHDOT (in unison): Time for another pointless MySQL-vs-PostgreSQL advocacy flamewar!!!

(zany music)

Re:Amazing

[c13v3rm0nk3y]

They are working for the govt in this case, which is notorious for not paying attention until it becomes and a campain issue.

Dude, I love this word you created:

Campain \Cam*pain"\, n. [F. campaigne, It. campagna, fr. L. Campainia the level country about Naples strewn with band-aids, fr. campus field. See Camp, and cf. Champaign, Champaigne.]

1. An field of pain; a large, open pain without considerable pills. See{Champaign. --Grath.
2. (Mil.) A connected series of military operations which cause significant pain.
3. The feeling one gets during and after a political operations preceding an election; a canvass. [Cant, U. S.]
4. (Metal.) The period during which a blast furnace is continuously in operation while your face is in it.

Re:Amazing

Please pay attention. This is a MySQL-vs-Access flamewar, and MySQL is losing.

Re:Amazing

[MoebiusStreet]

To be correct, the system isn't "written in Microsoft Access".

Access is a RAD development system that uses Microsoft's JET database engine for data storage. (Actually, these days it prefers to use MSDE, which is a stripped-down SQL Server, but JET is still supported).

I have developed many departmental-scope apps in Access, and more in "real" languages using the JET engine. But anyone who would choose to use Access for such a large-scale system really needs their head examined. This isn't MS-bashing, they tell you what Access and JET are good for, and I don't think that Microsoft themselves would advocate this usage.

Reading through the Wired article, it appears that the Diebold programmers know very little about the correct usage of relational databases. Anyone who builds a data model that looks like what this article implies should not be entrusted with the keys to our democratic process.

Re:Amazing

>At least there isn't a slammer worm for access.
No, but did you know that there is an inherent flaw in Access (discussed in one of the MSDN blogs), that permits VB worms to spread much like the Word/Excel macro viruses. And the beauty of it is: it can't be disabled because it's how Access was writtent. Disabling it would break the whole program. Talking about bad design choices!

Re:Amazing

[illumin8]

You know what I was thinking just now: Wouldn't it be interesting if, instead of fighting Diebold tooth and nail like all the well educated and technically literate people nowadays seem to be doing (myself included), we simply said "Bring on the voting machines!", and used our superior intellect and computer knowledge to fix our own elections?

I've often felt that some of the more intelligent people on Slashdot could pick better leaders than the average dumb American. Maybe we implement a Slashdot based voting system and have everyone post in a story what their vote is and the reason they're voting for their candidate. The candidate with the most +5 insightful vote posts gets fixed^H^H^H^H^Helected by the VBS meisters.

Re:Amazing

I would strongly disagree on this one.

deleting a table with ~267000 records

Are you sure you want to delete 269000 records?
close,reset, start
Are you sure you want to delete 265050 records?
close,reset, start
Are you sure you want to delete 256000 records?

I kid you not!

This was everyday thing.

Guess what random selects return sometimes

(This is access2000)

Re:Amazing

[theparanoidcynic]

Oh! Trying to fool me are you? I'm onto your game. I know that you have the telepathic control chip inside the hat! A tinfoil trojan if you will . . . .

A tinfoil hat, in order to be fully effective must be hand-rolled by its owner out of foil that has been microwaved for no less than the time it takes to fry the magnetron on two separate microwaves. This insures that the nano-RFID tags are fully annihilated.

Re:Amazing

Gee, CBS News accusing Republicans of a conspiracy with the voting machine makers to steal an election. Who would have thought?

Re:Amazing

[HiThere]

The people who run them, install them, and sell them have the inside track on making the fix.

Do you think this is all by accident?

Re:Amazing

[illumin8]

The people who run them, install them, and sell them have the inside track on making the fix.

Do you think this is all by accident?

You are absolutely correct. My comment was firmly tongue-in-cheek. Your comment, however, is chilling because it's true and I really do think there is a master scheme to fix the election like this.

Re:Amazing

Next time you get some money out of an ATM, listen carefully... here that bzzt wurt wurt bzzt wurt wurt? Yes, that's right, it's printing a paper receipt!! that it stores internally, for all the reasons that we would want one for an election machine.

Of course with these election machines, Diebold says it's just totally impossible/impractical/ridiculous to do something that they already make on their ATM machines. Why?

Re:Amazing

[James+Turpin]

But think how much more money they can make under the table for selling people information on how to hack it? I don't mean to imply that the corporation would do this ... although they could ... but anybody in the company with decision-making power on technical issues for thid product could deliberately leave back doors - even obvious ones - for the purpose of selling their knowledge and/or skilled labor on the black market.

Re:Amazing

The problem is those "checks and balances". You know, the Diebold guy saysing "Waitaminit, that's not the assigned result!"?

Re:Amazing

Well you should've used a Delete Query (DELETE * FROM [table]). By either using the query designer or macro editor (and employing the RunSQL method). The query will likely be done and executed in under a second, as opposed to taking ages as the Table viewer likes to do.

But I agree with you that it's totally ridiculous that the table viewer can't handle the deletion of medium sized record selections. And that Access literally takes ages to remove a couple of records or come to the conclusion that the selection is too big.

Though my biggest pet peeve (disregarding bad error reporting and age old bugs like this one) with Access is that it doesn't support C#/.Net scripting, while Excel and Word 2003 do.

Oh well, I guess that when you need something like C# in an Access project, that you're better off by not using Access anyway.

Re:Amazing

I take it you've never looked at Oracle licensing costs.

Re:Amazing

[mpe]

You'd think a company who's been making ATMs since their inception, would have a good understanding of cryptographic security and the "gotchas" inherent in such systems.

Isn't this the same company which put Windows inside ATMs?

Yet it seems that this multi-billion dollar company is utilizing nothing more than junior level Microsoft programmers.

Maybe such "programmers" are now the "Industry Standard".

I mean, who in their right mind would write a national voting system in Microsoft Access?!?

Few people in their right minds, at least those who had some knowlage of systems analysis, would use computers at all for running an election. Especially an election where there are several months in which to make sure that the votes have been counted correctly.

Re:Amazing

[42forty-two42]

Simpler is better. Do you really need SQL? Berkley DB would probably be enough. Then you just need some sort of signed database logs, which could probably be done by inserting some hooks somewhere (though I'm not enough of a bdb guru to know where)

Re:Amazing

[John+Hasler]

> Given the choice between access and ms sql
> server for our voting machines, I guess access
> isn't so bad.

What gives you the idea that those were the only choices?

Re:Amazing

[aminorex]

By proclaiming yourself to be a vendor of tin-foil
hats, you just destroyed your credibility.

Re:Amazing

[Le+Marteau]

The Shrub

I am under the impression that this is supposed to be some kind of slur or something. Maybe it's just because I'm not a liberal, but I just don't get it... I don't see any wit in it at all. "Dumbya", sure, that's kind of funny. "Commander in Thief". OK, I can see that. But "Shrub"?

Could someone help me out here? Why is this such a popular thing to call Bush? What, is 'Shrub' somehow more pejorative than 'Bush'?

Re:Amazing

Well, not so long ago people were calling him "Baby Bush" or "Bush junior", and an under-developed bush is a shrub, so some wag jumped on the idea and much of the idiot world blindly followed, without bothering to comprehend the pun.

NB. This does not in any way shape or form indicate any support for bush. Its just my opinion that most of his opposers are no brighter than he is and lack his advantage when it comes to scriptwriters and advisors.

Re:Amazing

[nadamsieee]

According to this article, IBM is ditching OS/2 so NCR, Diebold, and the rest are only offering Windows XP based ATMs now. I think they are all foolish bastards :P

Re:Amazing

[Frizzle+Fry]

He is the son of the original President Bush. A shrub is a small bush. It's "more pejorative than 'Bush'" because it is calling him a minitature version of his dad (which just calling him by his last name wouldn't really do, except maybe implicitly) so is somewhat diminutive.

Re:Amazing

[Michael+Spencer+Jr.]

About that "making ATMs"... yeah, it strikes me as ironic too, but keep in mind these are two completely different classes of problem, ATMs and eVoting.

In ATM transactions, the ATM machine sitting in front of you is just a terminal -- it doesn't do a lot of work. OTHER COMPANIES than Diebold, who definitely DO understand security and have their own customers' (or their customers' customers') funds on the line when security fails, have created debit network standards. There is a specific kind of protocol that must be followed to conduct a transaction. Diebold would get a standards document, and they would design their terminal to conform to those standards.

Most details of these standards are confidental, but I can share a couple of design elements that Diebold must conform to when making ATMs, which pretty-much make security idiotproof.

First, a debit transaction is request-response. The terminal takes the card, gets all the information they need from the user through various input screens, and prepares a single transaction record. They submit that transaction record. A challenge/response happens for the pin number (more on that later). Then the ATM receives a response record, which tells it to do whatever it needs to do. They don't have access to the entire customer account -- they can only communicate with the bank using specific transactions allowed by the debit network.

Second, pin numbers are handled very carefully. There is tamper-resistant hardware in all ATMs (and even in those pin-pad-on-a-stretchy-cord things you see at some cash registers) which contains some encryption key material, and some tamper detection hardware which erases that key material if it thinks it's being tampered with. As part of the ATM transaction, the server sends a 'challenge' containing more key material, and the pin pad computes the response for that pin number and sends a response. Because the raw pin number never leaves the pin pad, and because Diebold (and other companies) have to conform to specific pin pad design guidelines or...get sued or something (I'm not a lawyer)... (hypothetical) crappy software never gets the opportunity to mishandle the raw pin number.

Third, the debit network describes what transaction data can be stored (for accounting and whatnot), and what transaction data MUST NOT be stored. They have designed the protocol in such a way that it's not possible to use stored data on an ATM to submit new transactions, without breaking the standard the ATM manufacturer agreed to comply with. (and then here come the attack lawyers after the ATM manufacturer again)

For the above reasons, a long history building ATMs doesn't mean much when it comes to eVoting. In eVoting they get to design the entire system, from data storage to communication to auditing. ATM network providers never gave them that kind of power before. In the ATM world, if the terminal blows up in the middle of the business day, existing transactions aren't lost -- they still get paid -- and debit network is smart enough to rebuild the lost information without the terminal. In eVoting, if the terminal blows up in the middle of the business day votes are lost.

And the same types of alleged eVoting problems you hear about in the news -- in the banking world, vicious bank-funded attack lawyers with sharp, pointy teeth would be unleashed as soon as they were needed if these same types of problems happened here.

(*rereads to make sure the above is safe to post non-AC*) (*flips a coin*)

I work for a major credit card processor (First National Merchant Solutions) as a tech support rep for point-of-sale hardware. I do NOT work on ATM machines themselves, but I would provide support for one of those cash registers with a pin-pad-on-a-stretchy-cord. So as part of my job I have to know just enough of how the protocol works to be able to troubleshoot problems with that kind of system -- but not so much that I'm dangerous, or have to treat the information as confidential.

Re:Amazing

[Mr.Sharpy]

Access uses a stripped down version of MS SQL Server now instead of its own Jet DB engine.

I'm sorry but that is just totally false. MS Access still uses the jet engine (as does Exchange server). Microsoft DOES have a scaled down version of SQL Server called MSDE, but it is totally unrelated to Microsoft Access. It would be exceedingly awesome, however, if access would replace JET with MSDE, if only for the joint use of T-SQL instead of Jet's bastardized implemntation.

Re:Amazing

[pyrrhonist]

These machines are designed, from the start, to rig elections.

Never attribute to malice that which can be explained by incompetence.

Re:Amazing

[theparanoidcynic]

Hey, I'm that wag you insensitive clod! :p

Re:Amazing

[jc42]

[W]ho in their right mind would write a national voting system in Microsoft Access?!?

Ooh, ooh; an easy one!

Answer: People working for a company that makes voting equipment, and whose CEO recently promised in writing that he would deliver Ohio to Bush in the next election.

It's looking more and more like he wasn't joking, and yes, he meant it in exactly the way it sounded.

Re:Amazing

[mink]

I think the important point is the issues are not being fixed by Diebold.

Re:Amazing

[mink]

Actually it maight also be popular due to the fact that it is the title of a book by Molly Ivins. AFAIK (I have not read it yet) it covers his early life as a baseball manager, business man, and his start in politics. I'm told it's a good read for the parts covering the Texas politics.

Re:Amazing

[mink]

Never explain away as incompetence what is clearly intent.
If you dont get why I say this read the e-mails and memos about the software.

Another good example

[Lord+Grey]

Ha!

[David Jefferson, a computer scientist at Lawrence Livermore National Laboratory said] that he doesn't believe that the vulnerabilities show deliberate malice on Diebold's part to aid fraud, as [voting activist Bev Harris] has sometimes contended in public statements. But the vulnerabilities do show incompetence and indicate that Diebold programmers simply don't know how to design a secure system.

Emphasis mine.

Another excellent example of why electronic voting software should be open source. Having many programmers looking over code doesn't automatically increase security, but it certainly increases the probability of finding and correcting asinine problems like the one discussed in the article.

We all know this. Now to convince the U.S. state governments, or the Feds (who should probably fund and sign off on it). Any representatives reading this?

Re:Another good example

[mrpuffypants]

Any representatives reading this?

No.

Re:Another good example

[stratjakt]

Now to convince the U.S. state governments, or the Feds (who should probably fund and sign off on it). Any representatives reading this?

Fund what? Who?

You want an OSS voting system, write one. Then lobby the government to use it. You've got it all backwards. The government does not fund software projects to reinvent the wheel (at least it shouldn't, not with my money).

DieBold already had a system when the government went looking, the OSS community didn't. Their choices were DieBold, a couple other vendors, or "fantasy vapor product that doesn't exist and even if they funded it's development there's no guarantee the thing will exist by election time".

I don't want my tax dollars bankrolling OSS dev efforts. If you wan't such a system, go ahead and create it. Put a paypal link on your sourceforge page, maybe someone will send you a buck.

Re:Another good example

Any representatives reading this?

If you make a reference to Guybrush Threepwood in your comment I always mod it up. Go Monkey Island!

So what you're saying is, we should elect Guybrush Threepwood for president? Viva la Threepwood!!!

Re:Another good example

[neitzsche]

Nice troll! When I do a search on sf.net for "voting" I get about a hundred projects. Almost half are silly web poll projects, but MANY of them are viable voting solutions.

Re:Another good example

[MillionthMonkey]

You want an OSS voting system, write one. Then lobby the government to use it. You've got it all backwards. The government does not fund software projects to reinvent the wheel (at least it shouldn't, not with my money).

"Reinventing the wheel" is a bad analogy in this case. The priority here isn't to save money, it's to correctly count votes. Saving money is a secondary consideration. (This is why we don't fire judges and outsource our courts to India, even though that would save money too.) On a national scale, the amounts of money involved with Diebold are relatively miniscule- they probably wouldn't fund the Iraq War for more than a few hours. (And it isn't even clear that buying Diebold saves money over an in-house solution.) But there is simply no way to know that the votes are being counted if you can't SEE how they are being counted.

DieBold already had a system when the government went looking, the OSS community didn't. Their choices were DieBold, a couple other vendors, or "fantasy vapor product that doesn't exist and even if they funded it's development there's no guarantee the thing will exist by election time".

You are making an assumption without realizing it here- that the Diebold system will be automatically superior to the card-based system that was in place in Florida's 2000 election. Which actually performed remarkably well under the extreme condition of a tie. There is no reason why these new systems have to be in place by 2004 when they may actually compromise the election compared to the system we had before.

I don't want my tax dollars bankrolling OSS dev efforts.

Maybe not GPL software (I'd agree with you that far) but if we're going to use a voting system we should all be allowed to see the code, even if we can't modify or distribute it. Otherwise only Diebold knows who really won, and in fact Diebold is put in a position where they can choose the next president. The key concept is transparency.
Counting votes isn't even a hard problem. Diebold (and the rest of the software industry) has succeeded in convincing the government that

numVotes++

is some ingenious discovery like penicillin. So you aren't allowed to see the code, which might really look like

if (vote equals BUSH || (vote equals KERRY && rnd() < 0.9))
numVotes++

Diebold's right to its "intellectual property" has superceded your right to know your vote was counted. Ironic, considering these mounting revelations that Diebold's intellectual property isn't very "intellectual" to begin with.

Re:Another good example

[LilMikey]

"fantasy vapor product that doesn't exist and even if they funded it's development there's no guarantee the thing will exist by election time"...I don't want my tax dollars bankrolling OSS dev efforts.

Instead we're spending billions on a missile defense system that never existed before the government asked for it. More than that, we're rolling it out and it's not even matured enough to perform a simple f'n test?! It's not like we're talking about a new commission or chair-level position. Slice off a million, hire some of the many talented out of work programmers, and in 3 months build a system vastly superior to the crap churned out by the monkeys at Dibold.

I WANT my tax dollars spent ensuring fair elections. That's step #1 in any real democracy.

Re:Another good example

[Eccles]

I don't want my tax dollars bankrolling OSS dev efforts.

Who do you think is Diebold's (and Microsoft's) biggest customer? You're bankrolling closed source, why not buy open instead?

Re:Another good example

DieBold already had a system when the government went looking, the OSS community didn't. Their choices were DieBold, a couple other vendors, or "fantasy vapor product that doesn't exist and even if they funded it's development there's no guarantee the thing will exist by election time".

This is, of course, exactly the wrong way to go buying things. Buying the best of what's out there only works if what's out there is any good. In general, having the desire to buy ASAP is the best way to get screwed.

Government organizations order contract work all the time. NASA doesn't just say "We'd like to send a probe to Mars, let's see what Boeing has available right now." They work with those aerospace companies to get exactly what they need! The military funds research projects all the time in order to get more advanced airplanes and the like.

I really wish the electronic voting thing had been handled that way. Unfortunately, voting isn't very centralized in the U.S. Everything varies from state to state, county to county. Ballots look different, polling places are handled differently, smaller elections (local ones, or votes on propositions and initiatives) are handled differently. So I guess this isn't a situation where the federal government can step in and say "We paid for the development of a secure voting system, now you have to use it." I'm not sure that they have the authority to do so, even though it might be a good idea.

Re:Another good example

First a disclaimer: I'm not a US citizen, although I have lived in the States for five years.

America is bringing democracy to the rest of the world. What is democracy? The rule of the people. In America, the people votes for who's to rule.

The principle of voting: One citizen, one vote.

As I take time out of my day to go voting, it is not because it is my duty. I want to be part of these choices, given candidates I can back. Many others vote, too. My particular vote cannot swing the results. The aggregate of votes is very powerful.

My consolation: We're all in this powerlessness together. Come what may, each vote is as strong and as weak as any other. This is ensured through complete openness of the voter verification and the vote counting processes, with the ballot box swallowing one and exactly one vote per voter, and releasing all only in due time.

Come Diebold; Come electronic records; Come the power of computing. Where is my vote? But in the computer, of course. How do I know it is safe? Oh the maker told me so. What does the maker want in this world; Where may benefit lie for Diebold?

Oh, but I am accusing Diebold, you say? No I am not. I do not care about Diebold, I know none there. I make no voting apparati. I merely want certainty, certainty that no man may usurp power and pretend still he reigns over democracy.

Call the dictator what he is: King or tyrant.

America shall have a president, a congress, not an evildoer and his councellors.

Therefore, let each American be entitled to that assurance: That the people elects, and not those who seek to be elected.

And therefore, let the tools be so simple, the process so straightforward, that each man may look for himself, and find certainty he is still a free man - an American.

Re:Another good example

[markh100]

I seriously think we need to start a grass-roots movement here. The trend to switch to electronic voting is inevitable, but it is imperative that we switch to an open-source model, as the example you have shown above clearly demonstrates. The key to this is demonstrating the need of using open-source software to our elected officials. I recently wrote a blog on convincing the government to give open source software a greater role in the democratic process.

And in a related story...

[Weaselmancer]

George Bush and John Kerry sign up for MSDN subscriptions.

Nothing new..

[Manip]

This isn't new at all, just an extreme example of what we have already seen. We already know that they are stored in an insecure access database - changing votes using 'just' a VBS script is nothing new or exceptional.

Re:Nothing new..

... but their mitigation for the insecure Access database was to not install Microsoft Office on the actual voting machine.

change to our type

[alatesystems]

Our voting machines are awesome in Louisiana. In my parish we use the AVC model. You go in and press buttons and then hit "cast vote" and it goes "doo doo doo" and it gives me great satisfaction.

I think it does have a paper trail and I've never heard of any vulnerabilities for it, and we have no hanging chads. Completely electronic.

Chris

Re:change to our type

[Politburo]

We use that machine here in New Jersey as well. AFAIK, it does not have a paper trail, aside from counting the total number of votes. This is the same paper trail that was used when we had mechanical machines.

Re:change to our type

In Louisiana, baaahhhh. Its pretty easy to verify seven votes that were cast, either electronic or manual anyway.

Re:change to our type

[DAldredge]

IOW, you don't know shit about them and you still think they are safe.

We are fscking doomed!

Re:change to our type

It's a Sequoia product. No built-in individual vot papertrail, but IIRC, this is similar to the model that Nevada got a workable paper-trail put onto. AND did a recount from the paper when one machine barfed its electronic output.

Re:change to our type

[lucabrasi999]

Our voting machines are awesome in Louisiana

Are you suggesting that every state in the US use an election model that has been tested in Louisiana?

No thanks. You might as well be suggesting it come from Chicago.

Re:change to our type

[Shakrai]

This is the same paper trail that was used when we had mechanical machines.

Of course with the mechanical machines you have several counters that need to agree with the paper trail that the election inspectors are keeping (at least in New York -- I've worked as one before). You can't subtract votes without resetting the machine and if you add extra votes the global counters won't agree with your paper trail and the fraud is fairly obvious.

It's a hellva lot easier to change an access database or a text file (why even use an DB for this? Wouldn't a tab or comma delimited text file be good enough?) then it is to reset counters on a machine that you don't even have access to. Breaking into said machine is also a hellva lot more detectable (seals, different keys required, etc) then a computer too.

WTF is wrong with the lever-type mechanical machines that my state has been using for the last 30 years?

Re:change to our type

[dgatwood]

IMHO, if you don't -see- a paper ballot being printed as you finish voting, then as far as I'm concerned, you should have no trust in the system whatsoever. The whole reason we're in this mess over and over again is because people can't be certain that they voted for the person for whom they intended to vote. -That- is the problem that we should be solving through electronic voting... not the hanging chads crap. That's just a smokescreen for the real issue.

Re:change to our type

[Idarubicin]

think it does have a paper trail and I've never heard of any vulnerabilities for it, and we have no hanging chads. Completely electronic.

You think it has a paper trail, but you're confident it has no vulnerabilities?

Oh. Well, that's okay then.

After you push the button for Jones, how do you know that the system recorded a vote for Jones? What if the screen says Jones, but (inadvertently or deliberately) incremented the count for Smith, instead?

A real paper trail is one that you can see when you cast your vote. It just has to print 'one vote for Jones' on it, then spit it out. You put that printed record into a sealed ballot box before you leave the polling place. (Otherwise, other people could verify your vote and eliminate the benefits of a secret ballot). Then you've got a real paper trail. If you don't trust the machine count, you count the paper ballots.

A 'paper trail' where the printer spits out whatever number the computer tells it at the end of the day has no verification value whatsoever.

Re:change to our type

[dr_dank]

it goes "doo doo doo" and it gives me great satisfaction.

I agree that Metamucil is a fine product, but what does that have to do with voting?

Re:change to our type

[krlynch]

if you don't -see- a paper ballot being printed as you finish voting, then as far as I'm concerned, you should have no trust in the system whatsoever.

As I point out every time one of these stories comes up, just because you see a paper ballot printed out that matches what your vote was, doesn't mean that the votes were recorded the same way ... if you are going to be paranoid, you have to go all teh way....

Re:change to our type

[Guru2Newbie]

You go in and press buttons and then hit "cast vote" and it goes "doo doo doo" and it gives me great satisfaction.

Hey, that sounds more like an adult movie preview booth (or an Orgasmatron) than a voting machine...why can't we combine the two?
Certainly more people would be coming to vote. (...ducks)

Re:change to our type

I think that (quoth the parent):

"I *think* (emphasis mine) it does have a paper trail"

says it all.

I also think that farmers with pitchforks and carts of burning hay should storm the HQs of those that make such machines and leave none alive.

Re:change to our type

[42forty-two42]

I think it does have a paper trail [...] Completely electronic.

How are these two statements consistent?

Get rid of E-Voting now!

[NIN1385]

This country wont elect a single representative for themselves until we go back to normal counting of paper ballots! I dont see why we wouldn't do this, it can only help. It is much more reliable and fool-proof and it does nothing but help our economy by having to hire people to count the ballots. In today's world the tech that made the machine is the one who oversees the counting process, not a trustworthy judge that cannot be bribed like it was back in the day.

Re:Get rid of E-Voting now!

[blueg3]

Ah, for the days of taking a pen and a sheet of paper with boxes next to names, and marking an X in the box next to the person you want to vote for.

Simple and relatively free from error. I'm sure optical scanners today should be able to process these damned quick, too.

Hopefully New York is not going to be using paperless electronic voting machines. I don't trust them.

Re:Get rid of E-Voting now!

[Paulrothrock]

The Scientific American article I posted about says that paper ballots are even more subject to jamming than punch card ballots. And while they're human readable, they take much longer to count than electronic ballots.

Their solution: A dual-method system. First, the person fills out a card with their choices. Then they put the card into a slot which reads it, so they get a chance to review their choices. If they want to make changes, the old ballot is stamped with "Void" and shredded, and a new one pops out, ready to use. If they accept the choices, the ballot is placed in a bin *and* recorded electronically.

Re:Get rid of E-Voting now!

Ok, paper and pen ballots might be fine for people that can SEE, but what about the people that are blind? If done in the right way, electronic voting machines can give voting access to the blind.

Re:Get rid of E-Voting now!

[xstonedogx]

I'm not wearing a tinfoil hat, but I more or less agree. :)

While no system is perfect, physically counting the votes would avoid many problems. While it comes with problems of it's own, many of these can be avoided by having multiple counters, and adding representatives of various public and private agencies, as well as random members of the public (perhaps like jury duty) to oversee the count.

I've never understood why we can do all this screwing around with alternative methods for calculating votes, but we can't invest time and money to do it the old fashioned way to ensure it's done properly.

Computers could be used, but they should be used to correct issues like bad handwriting that make handwritten ballots difficult to read. You make your vote on the computer (by selecting a candidate or typing in your own) and it prints out your ballot, which is human-readable. Then put your ballot in the box.

Re:Get rid of E-Voting now!

[Potatomasher]

Why even hire people ??

Here in Canada the counting is does by volunteers of each party. Get 2 republicans, 2 democrats supporters and another one for the other candidates, and count / recount until everybody reaches a concensus within +- a certain percentage.

It really isn't rocket science.

Getting volunteers is even better too, because you get the population actively involved in the voting process. Plus if they're actually taking time off their schedule to do that, you know they're dedicated to whichever party they're supporting and won't take their jobs lightly.

Re:Get rid of E-Voting now!

[tsg]

Ah, for the days of taking a pen and a sheet of paper with boxes next to names, and marking an X in the box next to the person you want to vote for.

Simple and relatively free from error.

Unless someone fills it out incorrectly. Or they're blind or can't read. Or from Florida.

I'm sure optical scanners today should be able to process these damned quick, too.

Optical scanners can be rigged, too.

Re:Get rid of E-Voting now!

[blueg3]

I was actually thinking the same thing but in reverse. Go to an electronic booth and select your choices, review your choices, and have it print out a human-readable and presumably machine-readable sheet with your choices marked on it for you to review. If all is okay, the computer records your vote and you drop the sheet in the box. Makes it easier to recount by machine that way, I guess.

Re:Get rid of E-Voting now!

[Shakrai]

Ok, paper and pen ballots might be fine for people that can SEE, but what about the people that are blind? If done in the right way, electronic voting machines can give voting access to the blind.

The blind can be helped by your friendly election inspectors/volunteers. In NY (and I'm assuming most other states) we can go into the poll and help somebody use the machine to vote -- but you need an inspector from both political parties. That's for the protection of the voter and the inspectors.

What's the problem with that?

Re:Get rid of E-Voting now!

[blueg3]

If you're blind, you probably can't use a touchscreen electronic voting machine or a punch-card ballot either. I think people with such disabilities are entitled to either (a) help in the voting booth or (b) absentee ballots.

That's the beauty of the blank square next to the name system, though. Even people who are easily confused can check a box next to a name with very high accuracy. Much better than the nonsense that was the Florida ballot. (You know, there are easily confused people in 49 other states that are getting off easy because of Florida.)

Optical scanners can be rigged, sure, but so can just about anything else. At some point there has to be some level of trust in reviewed systems.

Optical scanners have the secondary benefit that if you don't believe their results, you can fall back on the much slower and possibly less accurate human-powered counting machines.

Re:Get rid of E-Voting now!

[N3WBI3]

Are you kidding we cant get people to puch the whole in the right place, I can see an 80yo loving this system.

The best option would be a stand alone touch screen system (with big ol' picturesof the guy) and have the computer generate a 'recepit of the vote' for the polling place in case a manual recount needs to be done. When polls close each maching would generate a reports with its total vote and a list of who voted for what and that would be manually tabulated. In the even of another flordia the receipts could be used to recount..

Re:Get rid of E-Voting now!

[blueg3]

The blind either receive assistance with casting their vote using traditional ballots from a person (a volunteer, one or two inspectors, etc.), or they recieve "assistance", along with everyone else, from Diebold in casting their vote.

Re:Get rid of E-Voting now!

[lucabrasi999]

Here in Canada the counting is does by volunteers of each party.

In Pennsylvania (and probably most other states), the voting district (precinct) staff is volunteer. They do get paid a very small stipend, to make up for the day that most of them took off.

Re:Get rid of E-Voting now!

[Phisbut]

Why even hire people ?? Here in Canada the counting is does by volunteers of each party.

It's not exactly that way. The counting is done by employees of the government, but it's done out loud, in front of a bunch of witnesses, among which there are up to 2 people representing each party. Only the witnesses are volunteers, the person who does the actual counting (taking the ballot, reading the ballot, saying who the ballots votes for, showing the ballot to all the witnesses) is employed and paid by Election Canada.

P.S. I know all that because my wife did exactly that at the last federal elections.

Re:Get rid of E-Voting now!

[tsg]

If you're blind, you probably can't use a touchscreen electronic voting machine

There are interfaces available for the blind and electronic systems can also present the ballot in many different languages for those whom english is a second language if they speak it at all.

I think people with such disabilities are entitled to either (a) help in the voting booth or (b) absentee ballots.

Both of which compromise their anonymity and force them to rely on their helper filling out the ballot correctly.

Optical scanners can be rigged, sure, but so can just about anything else. At some point there has to be some level of trust in reviewed systems.

It is entirely possible to design an electronic system that is trustworthy and reviewable. That Diebold can't seem to (or won't) do it doesn't mean it can't be done.

Optical scanners have the secondary benefit that if you don't believe their results, you can fall back on the much slower and possibly less accurate human-powered counting machines.

Which is why most proponents of secure electronic systems insist on a paper trail that can be used in the event of a discrepancy or a recount.

Re:Get rid of E-Voting now!

[dgatwood]

Such a system would still make a significant number of mistakes unless you only read the vote once and store that vote. Otherwise, if you read it with a different reader, subtle problems could creep up from stray marks, etc. Then you end up having to have people to determine (manually) who they voted for, and you're back to the same chaos we used to have.

I would prefer something a little more sane: a split system. You vote on one machine. It keeps a tally of your vote along with a unique ID and a version number. It prints that unique ID, your vote, and the version, both in human-readable form and in a barcode. You walk to a separate scanner machine. It verifies your vote. If you decide it is correct, it drops your card into a bin and records a backup copy of your vote.

If you decide the vote is wrong, it ejects your card and tells you to walk to a voting machine and reinsert the card. That voting machine says "Oh, this has already been voted. I'll insert a subtraction record into my database and issue an add record after you're done voting."

At the end of the day, you get vote counts from each of the voting machines, add their add records, subtract their subtract records, and you have a vote total. You do the same thing for the vote verification machines. These numbers should be the same. If they are not, there may be a problem. Flag the district as a problem district.

To determine whether this matters, assume initially that the vote verification machines have the correct totals initially. For the losing candidate based on this assumption, in each problem district, take the higher of the two potentially-conflicting numbers and add those together. For the winning candidate, in each problem district, take the lower of the two numbers and sum them. If the new numbers show that a different candidate won, the paper votes from each reader must be recounted.

To prevent vote fraud by screwing up one total and inserting fake paper ballots, the votes should also be signed by an electronic key specific to the machine, which should be done through black box hardware in such a way that you can verify a vote against the device's key, but the key cannot be obtained (without destroying the hardware). The hardware should be able to generate a new key, but externally-provided keys should not be allowed.

Finally, an audit is performed of all the additions and subtractions. If a subtraction record exists without a corresponding add record (either no instance of that UID or no instance of that UID with the corresponding version), then that district must be recounted.

If a paper recount shows enough fake paper ballots to change the election results, the election results must be nullified and a revote scheduled. Any individual with access to the vote hardware should be jailed until the revote is over. Finally, it should require no less than three keys to access the paper ballot box. One should be held by an election official, one by the state's governor, and one by a representative of the U.N.

If all of those tests pass, you can be reasonably confident that votes were counted correctly, as any vote fraud would require simultaneous tampering in exactly the same way with both the vote counting machines and with the voting machines.

Re:Get rid of E-Voting now!

[Idarubicin]

Their solution: A dual-method system. First, the person fills out a card with their choices. Then they put the card into a slot which reads it, so they get a chance to review their choices. If they want to make changes, the old ballot is stamped with "Void" and shredded, and a new one pops out, ready to use. If they accept the choices, the ballot is placed in a bin *and* recorded electronically.

Close, but not quite. You never destroy the paper ballot. You can mark it 'VOID' or 'SPOILED', but it must be kept. Otherwise you get into difficulties with audits.

I agree about the benefit of human- and machine-readable ballots. One design I quite like has a broken arrow next to each candidate's name:

- -> Smith
- -> Jones
- -> Quayle

To vote, just fill in the gap in the arrow. You can visually confirm you voted for whom you think you voted. You can feed it to the machine as soon as you've filled out the ballot and it will beep at you if it can't read it. It's easy to count manually as a spot check on the machine.

I've seen them used in some municipal elections in Canada; I presume that they are also used elsewhere. Meanwhile, for our federal and provincial elections, we just mark an X on a paper ballot and count by hand. Works pretty well, though one could substitute the above human/mechanical system with a minimum of difficulty.

I'm also not sure where the savings are for mechanical systems. They require electricity and sometimes phone lines; the setup and takedown are more complicated. Any trustworthy system requires paper backups anyway. Verifying that the 'counter' is really at zero at the start of the day is much easier with a cardboard box, too.

Re:Get rid of E-Voting now!

[Coryoth]

The simple but effective electronic voting scheme (as proposed by other slashdotters here in the past):

You select your candidate at an electronic voting machine, with cute push button screen, and whatever other whizzy technology you want. The machine responds by printing out a ticket or card with your choice clearly printed in english on the ticket so you can read an verify that it got it right.

You then deposit this ticket into the tally box to make your vote, and leave.

The tickets can be designed so that they can easily be fed through a scanning system to read and tally the votes. Correctly OCRing the ticket should be easy given:

1. The limited possible texts (only the available candidates).
2. A specific known, easily OCRable font and font size.
3. Text is in consistently exactly the same place.

With those constraints (the ticket printer produces results specifically designed to be easy to OCR correctly) OCR software performs with absolutely stunning accuracy.

The system is relatively simple, allows voters to verify they're choices, can be counted extremely quickly, and has a verifiable paper trail (all the human readable tickets) should the results be called into question.

Such a system is certainly no easier to defraud than a normal paper ballot system, yet gains all the benefits of a computer voting system. Of course, if you have monkeys write the code to do the counting and collect and aggregate the tallies, you'll be fairly screwed, but at least you'll have a paper trail to prove the results were forged.

Jedidiah

Re:Get rid of E-Voting now!

[Anonymous+Writer]

I dont see why we wouldn't do this, it can only help. It is much more reliable and fool-proof and it does nothing but help our economy by having to hire people to count the ballots.

Like they say... if it ain't broke, don't fix it.

Re:Get rid of E-Voting now!

[feloneous+cat]

And while (paper ballots are) human readable, they take much longer to count than electronic ballots.

Yeah, try to count an electron. Man it is a bitch! Give me anything that isn't sub-atomic...

Re:Get rid of E-Voting now!

[StalinJoe]

Hrumph. You just want to spoil all our fun, don't you? What next? Have the two machines be built by manufacturers who support opposing parties?

I do like the vote identifier bit though. Just using the timestamps alone, our cronies staking out poll booths can then tell who voted for who, therefore whose knees get broken.

Joseph Stalin

Re:Get rid of E-Voting now!

[Enigma_Man]

Third Party Voters?

-Jesse

Re:Get rid of E-Voting now!

[Eccles]

Unless someone fills it out incorrectly.

Have the voter feed the card into an optical scanner. If the scanner cannot interpret the vote, it lets the user know the problem and either returns the ballot or shreds it and gives them a replacement.

The paper ballots can be randomly audited to make sure the optical count is correct.

Re:Get rid of E-Voting now!

[mOdQuArK!]

If all is okay, the computer records your vote and you drop the sheet in the box.

How do you make sure that what got printed out & what the computer recorded are the same?

Re:Get rid of E-Voting now!

I don't understand. We use paper ballots here in Canada and they never jam except maybe a little if you don't fold them tight enough when stuffing them in the box. As for speed, I would have to say that the counting is "fast enough" where "fast enough"=="within a few hours of polls closing".

Maybe you guys should try tinfoil ballots...at least they would be shiny.

Re:Get rid of E-Voting now!

[Suidae]

I won't care much about voting, electronic or paper, until we have instant runoff voting. IMO the one-person-one-vote system we have now is much worse than the possibility that some e-voting machines can be compromised.

Re:Get rid of E-Voting now!

[Suidae]

The Scientific American article I posted about says that paper ballots are even more subject to jamming than punch card ballots. And while they're human readable, they take much longer to count than electronic ballots.

And of course, here in the US, its more important that we know approximately how the vote came out instantly, rather than knowing exactly how the vote came out tomorrow.

Re:Get rid of E-Voting now!

[DataCannibal]

"they take much longer to count than electronic ballots."

Sorry to go on and on and on and on and on about this but WHO GIVES A FLYING FUCK AT A ROLLING DONUT WHETHER IT TAKES A FEW MINUTES OR A FEW DAYS as long as the count is correct.

I come from a country where paper voting is the norm . I can actually stand waiting until some time the following afternoon to find out who the government for the nex foru to five years is going to be. Ballot paper voting is not broken it doesn't need fixing.

Re:Get rid of E-Voting now!

Let me rephrase myself, if done in the right way, electronic voting machines can give voting access to the blind and allows them to vote in secret and allows them to be a little more independant.

Also, with paper ballots, what's to stop someone from replacing the paper ballet with their own ballets with the candidate of their choive or just simply throwing the ballots away? That would really affect the outcome of an election. No way is perfect, so, maybe what should happen is that the people can choose between electronic or traditional voting in an election. That way, if they choose electronic or if they have special needs, let them vote electronically, or if they don't like to vote electronically, let them vote using pen and paper.

Re:Get rid of E-Voting now!

[NIN1385]

It is broke, we dont even elect our officials now as it is! If you dont believe me check out this lady's website, she specializes in trying to make voting more secure and efficient and has plenty of evidence that people try to make loopholes in these machines with no record except a database file that can be altered however the tech sees fit. There are plenty of approved machine that produce paper copies in the case of a recount. I have donated money to her and I suggest you all do the same!

Click Here to see her website!

Re:Get rid of E-Voting now!

[jwilcox154]

Ther are E-Voting Machines other than Diebold. Here in Wayne County, Indiana, we are going to be using the iVotronic Machines which has full color capabilities and displays ballots, pictures, and multiple languages. Not to mention that it's fully ADA compliant, it has a headphone to insure total privacy when voting, as well as having Braille on the machine that will allow the blind to vote anonymously. As far as I know, there are no major problems with the iVotronic machines.

Worry

[MacGod]

it looks like Diebold has more to worry about

You mean, it looks like the American people (and the rest of the world) have more to worry about. Diebold has been incredibly resistant to being damaged, no matter how many problems arise with their software.

Re:Worry

[FriedTurkey]

Diebold has been incredibly resistant to being damaged, no matter how many problems arise with their software.

It must help that Deibold has some really strong connections to the Bush adminstration.

Bow to your next president...

[siskbc]

...Me. After 150,324,123 mysterious write-in votes.

Re:Bow to your next president...

I, for one, welcome, ah...you...as our overlord...or something.

Re:Bow to your next president...

[eyeball]

...Me. After 150,324,123 mysterious write-in votes.

I'm sure if you did this, your opponent would mysteriously have 150,324,124 votes.

Re:Bow to your next president...

[IronicCheese]

Welcome to Slashdot, Mister Bush.

hchange?

Is that in Hungarian notation? A handle to a change object?

Re:hchange?

[dcphoenix]

No, somebody ran that vbs script to rig the "letter" election. Instead of the c coming in first, the h did.

GEMS

[savagedome]

GEMS runs on the Windows operating system.

Truly a Gem!

But speaking generally on the vulnerabilities Harris mentions, Diebold spokesman David Bear said by phone that no one would risk manipulating votes in an election because it's against the law and carries a heavy penalty.

I am shocked. Shocked.

He also said that election "policies and procedures dictate that no (single) person has access or is in control of a (voting) system," so it would be impossible for anyone to change votes on a machine without others noticing it. And even if someone managed to change the votes, auditing procedures would detect it.

And this just is a killer. What is this guy smoking? Auditing is not done by default anyway. I am pretty certain Cthulhu is going to be elected.

Re:GEMS

Agreed regarding Cthulhu. Why vote for a *lesser* evil?

Re:GEMS

C'thulhu would be a step UPWARDS from Diebold's favored candidate. Same amount of evil, but at least C'thulhu doesn't lie about his intentions.

Priceless

[TheJavaGuy]

From Yakov Shafranovich's blog:

Microsoft Windows 2000: $200
Microsoft Access 2000: $200
PC: $500
Hiring an embezzler to put in three set of election results into your voting software controllable by a hidden combination of keys known only to you: $60,000 Changing the election results in favor of your candidate: priceless

"Of course, there are some elections that money can't buy. For everything else, there is Diebold."

Re:Priceless

Here is the link to the blog post from above.

Re:Priceless

From Yakov Shafranovich's [shaftek.org] blog...

In Soviet Russia, voting machines el-- oh, wait. My mistake.

diebold, worry?

[Triumph+The+Insult+C]

the ceo is a good buddy of dubya's. what has diebold got to worry about?

all he (Walden O'Dell) needs to worry about is following through on his promise to "help deliver it's electoral votes to Bush"

Re:diebold, worry?

[Paulrothrock]

Not only that, but he's also CEO of a major corporation, and thereby shielded from a lot of liability! Hooray!

It's not BREAKABLE!

Why, it's used by the FAA to for radio communications! They wouldn't use something like Windows if it wasn't safe...

uh-oh

[ch3ch2oh]

President CowboyNeal?

What will this do to homecomming?

The only real question is how will this effect the homecomming king and queen selections this fall? If geeks only need five lines to get whoever they want will they nominate their friends and win?

What will become of the High School social scene? Horror or Horrors.

Why even bother..

[N3WBI3]

I am all for touch screen voting with huge pictures of the candidates, electronic voting is a great idea but if I am reading this they are centralizing the results? wtf thats adding way too much risk just make good stand alone systems..

Re:Why even bother..

I would think putting two huge pictures of the current candidates in a voting booth is unconstitutional, as it violates the clause prohibiting cruel and unusual punishment.

Die, democracy, Die

[Doc+Ruby]

Diebold obviously has nothing to worry about - they're getting away with their demolition of democracy, despite the incontrovertible evidence pouring in for the past several years. It is we who have a lot to worry about. Not only are they destroying the vote, but getting away with it means that those running the system are benefitting, or they'd stop it. The stolen election nightmare in America is getting worse, even when it was already unacceptably bad.

Re:Die, democracy, Die

[Ba3r]

a couple months ago i was wondering how the hell Bush was going to get more than 20% of the vote. All the conservatives i know are infuriated with a pres that has increased spending, started a purposeless war, and generally increased power of the Federal gov't without limit. And of course every even remotely liberal person is dedicated to vote for the lesser evil this time. I was thinking.. theres no way he is gonna even remotely be elected, despite all the polls. And then i read the blackboxvoting stuff, and I thought "Aha! Of Course! Its the perfect coup!". So, when California votes for Bush.. don't say it wasn't obvious!

Time to start stockpiling (newly legal!) assault rifles for the war with the usurpers!

Re:Die, democracy, Die

[Doc+Ruby]

Don't you think the usurpers who gave you those legal assault rifles have a plan for you, too? You'll be mown down by the armed forces, newly trained in urban warfare in Iraq, and the people will welcome their tyrannical overlords who protect them from "crazy militiamen" like you. Its better to educate your friends about the scam, and participate in whatever organized, peaceful opposition we can muster. America was disgraceful in its complacency after the stolen 2000 election, but at least we didn't shoot each other in the streets, which would have destroyed democracy forever.

Re:Die, democracy, Die

[goldspider]

So in other words, the anti-Bush crowd are already making excuses for if Kerry loses the election?

Are you that blind to the possibility of Bush winning legitimately? In case you hadn't noticed, you guys don't exactly have a solid candidate either.

Frankly I think they both suck, but I suspect only one side would make accusations of impropriety should they lose.

Re:Die, democracy, Die

[goldspider]

What "stolen" election are you refering to? The certified results in Florida, after all the recounts were completed, indicate Bush won by 537 votes.

Re:Die, democracy, Die

[Ba3r]

my grandparent comment was 'in jest'.. but to set the record straight, the number of disenfranchised voters in Florida far exceeded 537 people. Not to mention that no scientist worth their salt would ever rely on a measurement where the determining factor was so far below the margin of error (given, oh, 250 million qualified voters or so, you are saying a valid result can be determined by a margin of 0.0002%) And I think the selection of the leader of the most powerful country in the world should have a little more confidence than two ten-thousandths of a percent.

Re:Die, democracy, Die

[Ba3r]

Eh, so it was wrong to accuse the results of the 2000 election of impropriety? That would be where Bush won leadership of the USA after winning by (as stated in earlier reply) far below a margin of error???

Re:Die, democracy, Die

[Ba3r]

like me, eh? I was in the streets of Washington in 2003 protesting the invasion of the Iraq back when everyone referred to us dissenters as 'traitors', as well as organizing on my college (at that time, since graduated) informational lectures and events to raise awareness of the shaky footing for the war, not to mention the wholesale disregard of International opinion etc. And yet I am still a supporter of gun rights... maybe it has something to do with loving liberty and this country and feeling outraged when it IS usurped.

Re:Die, democracy, Die

[Doc+Ruby]

No recounts were completed - that's the Supreme Court decision that let the partial counts stand, as per the Florida court decision. Your parroting that flimsy propaganda as if there wasn't even a problem shows your committment to Bush, and your trivial interest in democracy as merely a means to an end.

Re:Die, democracy, Die

I'll take this one.

Who certified those numbers? Are you sure it was a full recount that you're referencing? Check your sources, it's worth your time to know what the hell you're talking about.

Re:Die, democracy, Die

[Doc+Ruby]

You're threatening to do more than march, you're talking about shooting. I've been active in the streets, too, for the first time since Reagan. And elsewhere, where it seems to make more of a difference (although it's too early to tell). The greatest threat is apathy, because "all that is necessary for evil to triumph is for good men to do nothing". I'd agree more by updating to "tyranny" and "people", but democracy requires participation. The differences among participants tend to equalize statistically. What we're threatened with is a small group perverting the complacency of the majority. They're extremely clever. If I had an assault rifle, I'd consider what role was scripted for me, when accepting these weapons from the authors of the scene.

Re:Die, democracy, Die

[Ba3r]

btw if you read my other response to one of the child comments, my earlier comment was very tongue-in-cheek (i thought that was obvious)

Re:Die, democracy, Die

[goldspider]

"Your parroting that flimsy propaganda as if there wasn't even a problem shows your committment to Bush"

Actually I'm voting Libertarian this year, but thanks for trying!

Besides all that, there never should have been a recount, even a partial recount, because the provision for one was not in Florida election law. By demanding a recount, Gore basically attempted to re-write Florida election law during the election.

Now we can all agree that things were pretty close in Florida, and that Bush hasn't exactly done a stellar job at the helm. But I'm not inclined to trust a party that tries to change election laws (let alone during an election) to engineer a desired outcome. Trivial interest in democracy indeed.

Re:Die, democracy, Die

[Doc+Ruby]

In this country, laws are routinely changed in court when they're found not to accurately regulate the actions of the people. The problem with so many Libertarians (Party, that is) is exactly that kind of dogmatic fetish with the law. The law is a means to an end of governing the people. The results in Florida were a Constitutional crisis, and another method for measuring the people's decision was necessary. The court decisions gave us the mess we've had ever since, and it's getting worse.

Actually, there should have been a repeated election for the entire country. That sample was in clearly in error, and another should have been taken. That wouldn't be a bad precedent: best 2 out of 3 elections, across a month, would better measure the huge complex society we have to govern for the next 4 years.

Re:Die, democracy, Die

[Suidae]

And I think the selection of the leader of the most powerful country in the world should have a little more confidence than two ten-thousandths of a percent.

I agree. When it is that close we should force them to get married and share the oval office. They can alternate days in control and mud-wrestle for the monthly paycheck.

Re:Die, democracy, Die

Actually I'm voting Libertarian this year, but thanks for trying!

Thanks for changing!

Besides all that, there never should have been a recount, even a partial recount, because the provision for one was not in Florida election law. By demanding a recount, Gore basically attempted to re-write Florida election law during the election.

Er, no, it was a court challenge, to ensure the law was faithfully executed. No new legislation was involved.

Re:Die, democracy, Die

[incabulos]

Its pretty sad that these sorts of abuses of power are tolerated when not long ago they would have resulted in pubic outrage and calls for lynching. When American Democracy seems as broken
as the electoral process in a corrupt, 3rd-world dictatorship full of racists, thugs and general scum ( and the people that suffer under their tyranny ), you have to wonder where the world is headed...

Re:Die, democracy, Die

[mink]

You need to add the word "enough" to your quote about good men.

Re:Die, democracy, Die

[Doc+Ruby]

Bush sued Gore to grab the presidency in 2000.

Re:Die, democracy, Die

I think you mean Bush sued Gore to end the illegal recount he had initiated.

Re:Die, democracy, Die

[Doc+Ruby]

No, Anonymous propaganda Coward, but that's not what we're arguing about. Goldspider threw out the meaningless tone poem that perhaps implied that only the Democrats would accuse the Republicans of impropriety, that the Republicans wouldn't engage in such unseemly politics, and "just move on". But in fact Bush will do everything he possibly can, and even impossibly, to win the White House. Just like you prattling fascists will parrot any of the stock propaganda they've created to help destroy democracy. Why do you hate America, Anonymous fascist Coward?

Re:Die, democracy, Die

[Doc+Ruby]

American democracy is headed where German democracy tread before: fascism. That's corporate rule, where corporations are the body of the beast, and politicians are its human face. Europe will follow closely behind, as the national/continental distinctions are irrelevant to multinational corporations, and the consumers who feed them. This "Internet" thing, especially mobile messaging and filter sites, is a wildcard. Fascism will just mutate again, with freer humans living in the cracks. It's all strangely familiar.

Re:Die, democracy, Die

[Doc+Ruby]

Most versions of Edmund Burke's observation merely substitute "is that" for my "is for". Do you have a more conclusive quotation?

Re:Die, democracy, Die

[mink]

Wel I went looking for the place that made me view the "enough" as important to be there (I think it may have been a semantic discussion on a message board or something like that. I was thinking I might have gotten it from usenet, but I never read rec.guns and thats the only place the "enough" version turns up in groups.

In reading this I have had my eyes opened by his research and am open to his idea about it's life on the web.

In other news...

[blcamp]

I now have been elected governor in 15 states, plus chief justice in 4 others (but not in Caleefornya). I'm also now hold 22 of the Senate seats, 134 of the House, and I'm the Drain Commissioner in 2/3 of all counties in the US... ...and I am now also the Magistrate and/or District Judge everywhere I normally drive my car.

Re:In other news...

But can you repeal the DMCA?

Here's an idea!

[guido1]

hchange votes with a 5 line vbs script

Maybe we could use the same thing here for story submissions... ;)

Blown out of proportion

[pridkett]

This is blown WAY out of proportion. The GEMS system doesn't actually count votes, that is still left up to the board of canvassers for each state. What GEMS does is provide a very fast way to get an UNOFFICIAL vote count for the state. From that aspect it's almost completely designed for the media that wants to know who won right away.

Yes, it's a fact that GEMS is a web based product that utilizes off the shelf software as parts of interfaces (Windows, Access, etc). But it also should be noted, that web based does not mean connected to the web. If you read about the situation in Maryland, you'll see that the GEMS systems can only be connected to via modem and the modems have to be manually enabled to receive data. Thus you'd need to convince someone to turn on the modem and then call in to run this script. (Insert Kevin Mitnick social hacking commentary here.)

That being said, that doesn't excuse the programmers from anything. Yes, it's a bug. Yes, in voting systems it shouldn't be there. Yes, open source would be better. But this is misleading because it doesn't have anything to do with an individual vote or the official vote count for the state.

Re:Blown out of proportion

[zapf]

In my opinion, the issue is less that this particular bug is a threat to election security and more that it shows the continued incompetence of Diebold.

Re:Blown out of proportion

[jaeson]

They have been busted in California for using revisions of the software on their machines which were *never* reviewed. How can you (or anyone) say that turning on the modem is the only way to modify votes when you have no idea what that software release contained? It was certainly never reviewed by the state or the (ahem) "independent reviewers" that Diebold touts so vociferously.

Besides that, who knows if someone doesn;t go visit the machine and touch a few key places on the touch screen to modify votes. Who says it has to be done remotely by modem or otherwise?

Please pull your head out of your ass and realize that people are fucking stealing our elections; Elections which are supposed to represent the very core of our so-called "democracy". You are the fucking reason they are able to get away with shit like this.

Re:Blown out of proportion

From that aspect it's almost completely designed for the media that wants to know who won right away. How to say... Don't "stupid sheeple" partly base their inclination to vote based on if their candidate is winning by a Projected landslide. Or something like that. So via the media, one might ... heavily influence.. Just a thought....

Re:Blown out of proportion

Yes but at the same time, the media can end up influencing perceptions. Consider the intro sequence to Fahrenheit 9/11, or the fact that polls, despite bad methodology and ignored margins of error, can really effect momentum and become self-fulfilling.

Re:Blown out of proportion

[xstonedogx]

Here's the problem: Exit polls aren't perfect, but at least, unless the media is lying, they are somewhat representative of how people actually voted. If there is a wide descrepency between the exit polls and the actual election results, we know something is up. With the media getting information from GEMS we don't have that.

What's worse, the media influences how people vote. If non-Bush voters think Bush has already lost they'll be more likely to vote for their desired third parties (if any) rather than Kerry, which could very well result in a win for Bush. So I think it's a genuine problem if even the unofficial tally can be corrupted so easily.

Re:Blown out of proportion

[neitzsche]

Where *did* you get such confidence in your local election poll cronies? Why would you even for a second think that procedures are always followed flawlessly?

Why would you suggest that having the wrong candidate reported as the winner would not have any effect? What about other polls that are still open, or states that are three or more hours behind?

That is precisely what happened in Western Florida in the 2000 fiasco. It had been decades since a single vote even seemed like it could matter - so if you've heard the news that your state has already decided on a candidate, why drive out to the poll?

The combination of many factors (modems? MODEMS!? Web-based? Bugs? Untested? Lack of peer review?!) compromising the security of the system indicates premeditated culpability.

Where *is* my tin-foil hat?

Re:Blown out of proportion

[pridkett]

They have been busted in California for using revisions of the software on their machines which were *never* reviewed. How can you (or anyone) say that turning on the modem is the only way to modify votes when you have no idea what that software release contained? It was certainly never reviewed by the state or the (ahem) "independent reviewers" that Diebold touts so vociferously.

I call bullshit upon thee!

The system was extensively modified after dual reports from SAIC and RABB were commisioned by the both the democrats (legislature) and republicans (governor) in Maryland. If you're going to spew stuff about it not being reviewed at least know what you're talking about. Albeit, this was not a full code review by either of the parties, as far as I know, but it still is a review, so in that sense, it was reviewed by independent reviewers. As a note both SAIC and RABB are well regarded (I'm not sure if I have the name for RABB correct though). In any case, go online and read the SAIC report.

Besides that, who knows if someone doesn;t go visit the machine and touch a few key places on the touch screen to modify votes. Who says it has to be done remotely by modem or otherwise?

True, there is no way to ensure that there isn't some ultra secret back door. But that besides the point of the article. My point was that this flaw is being blown out of proportion with regards to what it effects. It has no effect on the actual voting systems at the precinct level. Nor does it have the ability to affect the official vote tally of a state.

Please pull your head out of your ass and realize that people are fucking stealing our elections; Elections which are supposed to represent the very core of our so-called "democracy". You are the fucking reason they are able to get away with shit like this.

And this is new how? Personally, I'd be much more worried about the intimidation that goes on around election day. With people posting false signs in housing projects saying if the weather is bad people can vote another day or refusing to register people to vote or the problems with the voter roles.

Yes, people are trying to steal our elections, but this bug will NOT allow them to do it. This bug does NOT affect the actual vote count. No matter where you sit, you still have to rely on the state board of canvassers to tally the official vote total. You can't get around it. At some point you need to place your trust in another human being for your vote. This isn't a problem restricted to E-voting or anything like that. Paper ballots have the same problems.

As for me, I'm stuck using antiquated lever machines for this election which have been shown to read values of 9 and 99, etc for the last digits of votes more often than statistically they should. That means that I know there is good chance that votes won't get counted here in Allegheny county. And yet, where is the uproar about them?

The situation is never as black and white as the majority of /. would like to believe.

Re:Blown out of proportion

Wow, and I thought 911 only showed me that big fat democrats only want to be rich fat democrats.

Re:Blown out of proportion

[Knuckles]

With people posting false signs in housing projects saying if the weather is bad people can vote another day

I really feel with you Americans on this issue, but LOL. I think you can be happy if people too stupid to know what this "election" thing actually is stay away from it

Re:Blown out of proportion

[Knuckles]

Now this is interesting. Is it really true that in the US the media can publish any results before the voting is closed? I can't believe it! People, get your act together!

Re:Blown out of proportion

[mOdQuArK!]

I think you can be happy if people too stupid to know what this "election" thing actually is stay away from it

It's not necessarily stupidity; in most cases people "trust" their neighbors & leaders not to deliberately mislead them about important things. Unfortunately, a great number of U.S. citizens are currently receiving really rude wake-up calls, when they realize how professional liars can take advantage of that trust.

It remains to be seen how many act on their outrage, and how many will go back to sleep & hope they were just having a bad dream. Unfortunately, in either case, the general level of trust in our society will go down.

Re:Blown out of proportion

Yes, it's a fact that GEMS is a web based product that utilizes off the shelf software as parts of interfaces

Bzzt. You lost all credibility on the use of `utilize.' Go away now.

Re:Blown out of proportion

[Knuckles]

I did mean "stupid" somewhat tongue-in-cheek, and agree with you.

Re:Blown out of proportion

[praedor]

Paranoid hat on.

Nay. It is irrelevant. The software could easily contain poison code to "flip" a certain percentage of Democratic votes to Republican (the brothers that run Diebold and ES&S are major Repuglicans and big donors). Better yet, it can be (or already could be there) "burned" into the firmware. The ONLY way to prevent this sort of thing is random spot checks. It is an easy thing to have a date check in the poison code that ensures that valid vote results are always produced any time the system is used (in a certification test for instance) on a non-election date/time. After the election date/time starts...boop!...start flipping vote. Even with a paper trail, you could have it set to accurately reflect the vote on the paper ballot but still alter the actual tallied vote. Shift the vote far enough from a squeeker and no recount is called for so the valid paper record would never be checked.

The canvassers are none the wiser because the printout that GEMS gives them contains the modified vote record and shows no suspicious signs of alteration or tampering.

Re:Blown out of proportion

The GEMS system doesn't actually count votes, that is still left up to the board of canvassers for each state.

In a word: no.

The board of canvassers simply rubber stamps the results offered up by the Diebold balloting machines. Under Diebold's system it is physically impossible for a human to legally count the votes.

Comment removed

[account_deleted]

Comment removed based on user account deletion

VBScript?

[ottergoose]

You have to do:
VoteForGuyA = VoteForGuyA + 1

Instead of:
VoteForGuyA++;

God I hate VBScript.

On another note, how much money does Microsoft stand to make from this? If they're running VBScript, they're using Windows (I suppose they could use DOS, but I doubt they do) - I would imagine MS makes quite a bit when hundreds of thousands of these voting machines all need a copy of Windows.

Kleptocracy

[Doc+Ruby]

Other Diebold tamper interfaces were installed apparently right after they hired a conviceted embezzler to lead programming. And the execs of all these eVoting companies have long business histories with the Bush family, some of them including stints flying cocaine into Florida for Iran/Contra. Along the way these scumbags ran companies that kicked as many as 40,000 probable Democrats off the Florida voter registry, without legal basis, in just one revealed abuse. Their mafia is running the country.

Re:Kleptocracy

[Takeel]

Citations, please?

Re:Kleptocracy

[Doc+Ruby]

Parts of this story are best told in Black Box Voting and The Best Democracy Money Can Buy. The evidence is everywhere - this is not an real secret, just a media blind spot. Some specific details about the cocaine and embezzlement are packaged in a (foreign) news story. A blogger's May 22, 2004 entry recaps the central role of Hank Asher, the cocaine pilot and Bush family voting database entrepreneur. There's lots of connections among a few players in this empire. Plug some of the names into Google and you'll see their interwoven trails. But you won't be seeing any of this treason on the front page of your newspapers. Funny.

SciAm

[Paulrothrock]

If you'd like some more in-depth knowledge about voting machines, Scientific American is running a great article in their 10/2004 issue.

Re:SciAm

[birdman17]

Scientific American is running a great article in their 10/2004 issue.

They are, and the title page for the article is great. It says:

Electronic Voting Machines Promise To Make

F I X I N G

Elections More Accurate Than Ever Before

I wanted to scan in the image and post it, or at least post a link to the graphic on SciAm's site, but the former is not currently practical on /. and SciAm does not have the current issue freely available on their site yet.

What they're really saying is two things, interleaved with different colours and fonts. The title of the article is "FIXING THE VOTE". Interleaved is the subtitle, "Electronic Voting Machines Promise To Make Elections More Accurate Than Ever Before, But Only If Certain Problems - With The Machines And The Wider Electoral Process - Are Rectified."

The way they chose to interleave the title and the subtitle results in what I consider to be a much more accurate statement! I almost can't believe that they didn't see this as they were designing the page, and so maybe they are putting out their own subliminal opinion on e-voting without necessarily having to take a lot of heat for it if anyone complains.

Re:SciAm

[Paulrothrock]

I didn't think of it that way, but that's still funny.

I thought of it as a play on words. That is, "fixing" the broken way we voted last time.

Or at least that's how they spun it.

Re:SciAm

[birdman17]

I thought of it as a play on words. That is, "fixing" the broken way we voted last time.

Sure, the main title is a straightforward play on words as you note. That's how you're meant to read it. But when I first saw the page, and I'm sure I'm not alone, I didn't read the main title first and then the subtitle - I read in standard English left-to-right, top-to-bottom order. And the sentence I got that way was almost certainly not the intended one, but just as clearly could not have escaped the notice of the page's graphic designer. I have to wonder what that person was thinking!

Futurama

I am pretty certain Cthulhu is going to be elected.

Morbo: The presidential candidates are Puny Human #1, Puny Human #2 and Morbo's good friend, Cthulu, the unspeakable horror from the abyssal dephts.

Economist article

[rm007]

For those interested, the current issue of The Economist has an article on voting technology. It does not, of course, discuss this latest development, but gives a good overview of the area, with a great deal of attention given to the issue of paper, paper trails, and making the whole system more transparent.

Bow?

[Chineseyes]

You must have us confused with some EU monarchy in America we denigrate and on occassions spit-on and curse at our presidents. But if you still want the job let me be the first to welcome you with a warm mucus filled batch of spit and a middle finger.

Re:Bow?

Be carefull it is unpatriotic to spit at the next president, and you know what they do to people who are unpatriotic dont you?

white hat

[w3weasel]

Would it be white hat hacking to apply this script to cast votes for Michael Badnarik??
Even if it would be considered 'black hat'... for god's sake, someone please do it!!!

Access

[YrWrstNtmr]

While MSAccess is assuredley not the tool to use on a system like this, probably no tool would be good in the hands of these clueless cube monkeys (I hesitate to use the word programmer).

They appear quite capable of screwing up a wet dream.

Re:Access

They appear quite capable of screwing up a wet dream.

I now have a new way to describe the numpties I deal with daily. Thank-you!!!

Re:Access

[gurps_npc]

It should be noted that the programmers that work for Diebold are rumored to heavily complain to the chairman about the restrictions he puts on them.

Supposedly they are aware of the problems with the machines and want to fix them, but the chairman (a heavy Republican supporter) refuses to let them do it.

At least, that is the rumor.

Nice Diebold quote

"Diebold spokesman David Bear said by phone that no one would risk manipulating votes in an election because it's against the law and carries a heavy penalty."

Yeah, that's why there's never been any vote fraud in this country...I gotta remember to keep my shotgun loaded this November, that's when the dead people come out to vote in Chicago...

Re:Nice Diebold quote

[spitzak]

Aha! That's why nobody murders or robs anybody else. It's that heavy penalty! Thanks for explaining it, mr Bear!

Well now

[TiggertheMad]

Hey Dibold, you ever hear that old saying, 'Vote early, vote often'?

Well, don't worry, I will...

Obviously...

...the person that wrote the VBScript is a terrorist and should be sent to jail for bum rape.

I'm not serious, but I bet there are plenty of people who would agree with that sentiment.

In Canada

[Sophrosyne]

...we just put an "X" in a "box" on something called a piece of paper. On this piece of paper, which we call a "ballot", there is a list of perhaps 4 or 5 names depending on the number of candidates running. You mark an "X" beside the name of the person you wish to vote for... then you take this "ballot" and place it in a cardboard-box.
It may be a little high-tech but this method could catch on in developing democracies like the U.S.

Re:In Canada

[tsg]

...we just put an "X" in a "box" on something called a piece of paper.

Sounds neat. What do you do if the person marks the ballot incorrectly?

Re:In Canada

[Blakey+Rat]

Is there an archetype for this yet? The "annoying foreign holier-than-thou asshole?" Is that it? Or maybe the "smirking Canadian dipshit?" Or how about the "sarcastic off-topic dumbass?"

Let's have a decision here so I know the proper kind of insult to reply with.

Re:In Canada

[CheechBG]

Or happens to be 90 years old and suffering from dementia and fills in all the marks, but draws a big circle around 2 of the names?

Re:In Canada

[sylvester]

It's called a spoiled ballot, and you don't count it.

-Rob

Re:In Canada

[Beardo+the+Bearded]

You mark an X or your vote doesn't count. It's a built-in safety mechanism.

We believe that if you're too intoxicated, stupid, or incompetent to mark a clear X in a circle, then you shouldn't be voting.

Re:In Canada

[tsg]

It's called a spoiled ballot, and you don't count it.

So, in other words, tampering with a vote is intolerable but it's okay to throw them out?

Re:In Canada

[jstave]

Actually we do the same thing in some small towns in the US (like mine). The major technological difference is that we put the ballots in a wooden box when we're done.

Re:In Canada

[Paulrothrock]

If you can't tell who they voted for, yes. They should have been more careful. Voting is a right; voting correctly is a responsibility.

Re:In Canada

[tweek]

It's funny. I think that person shouldn't even be allowed to vote. For Christ's sake, they aren't allowed behind the wheel of a car, they've probably been removed of all legal decisions to a relative, why should voting be any different? I consider it a much greater issue than driving and giving your money to some gypsy conartist.

The real problem here is that we're trying to measure the intent of a ballot when we should just throw a fucked up ballot out the window. I'm firmly convinced that people who can't read simple fucking directions are even allowed to vote. This is such an important process!

I'd also like to warn people that this can effect BOTH sides of the aisle. A poster above mocked the argument that a government lawyer made to the Supreme Court that "*THIS* president wouldn't do that". I can't wait for the first time the republicans trot out the voting fraud issue to democrats when they lose an election. You have to apply the same standard to BOTH sides, folks.

Re:In Canada

[value_added]

"The "annoying foreign holier-than-thou asshole?"

Foreign to whom?

"Let's have a decision here so I know the proper kind of insult to reply with."

I think we'd all prefer you leave your insults at home. I'd suggest you stay at home, too, but getting out more often may do you some good.

Re:In Canada

[tsg]

You mark an X or your vote doesn't count. It's a built-in safety mechanism.

We believe that if you're too intoxicated, stupid, or incompetent to mark a clear X in a circle, then you shouldn't be voting.

So it's a test, is it?

What if the X goes outside the circle? How far is it allowed to go?
What if it doesn't fill the circle?
Who decides whether or not it's valid? Can they be bought?

How about if they can't see or can't read? Should they be allowed to vote?

So tampering with a vote is absolutely intolerable but throwing them away is okay. You don't see the contradiction?

Re:In Canada

[tsg]

If you can't tell who they voted for, yes. They should have been more careful. Voting is a right; voting correctly is a responsibility.

So if they don't get it correct in the first try they lose their right to vote?

It's not a bloody test. If there were some way to validate the vote without compromising anonymity, don't you think it's worth exploring? Or would you rather write off a whole concept because one implementation of it was done poorly?

Either the vote is sacred or it's not. If it is then there should be mechanisms to ensure the intention of the voter is counted correctly. If it's not then the concerns about security are overblown. The assumption that paper systems don't have problems is extremely naive.

Re:In Canada

Yeah it's kinda sad that when it comes to war there is no expense spared and no task too hard, but when it comes to voting it's OMG hand-counting votes, that's going to take too much time and be too expensive.

Re:In Canada

[tsg]

It's funny. I think that person shouldn't even be allowed to vote. For Christ's sake, they aren't allowed behind the wheel of a car, they've probably been removed of all legal decisions to a relative, why should voting be any different?

People who are mentally incompetent are already not allowed to vote. Driving depends greatly on your ability to see. What exactly about having poor eyesight makes someone not qualified to decide who should be in office?

Re:In Canada

[MoneyT]

No expense spared? No task to hard? You've obviously never been within 100 miles of a military unit.

Re:In Canada

What if the X goes outside the circle? How far is it allowed to go?

If the ends of the X go outside the circle, it's still an X. An X in a circle is an X in a circle, regardless whether it goes beyond the edge of the circle. This really isn't that complicated.

What if it doesn't fill the circle?

Um, it's still an X in a circle, even if it's a small X. Again, why is this so complicated for you to understand? It's a freakin' X in a circle.

Who decides whether or not it's valid? Can they be bought?

One more time.... it's a freakin' X in a circle! This is not rocket science. Either there's an X in the circle, or there isn't an X in the circle. Sometimes there's multiple Xes in multiple circles. That would be a spoiled ballot. Other times there's no X at all. That, too, would be a spoiled ballot. Otherwise, how bloody difficult is it for you to comprehend an X in a circle? Sheesh!

How about if they can't see or can't read? Should they be allowed to vote?

There are alternate means of voting for people with disabilities that prevent them from putting an X in a circle. I don't have such a disability, so I will admit that I don't know what those means are, but I do know that they exist.

Re:In Canada

If you spoil your ballot, you can take it to the people running the poll station and ask for a new one. If you shove the spoiled ballot into the box, it's your own fault if it doesn't get counted. The regulations allow for ordinary mistakes, and the only spoilage comes from maliciousness or complete incompetence.

Re:In Canada

Let me get this straight... you're an American and you're calling a Canadian a "holier-than-thou asshole"? Now I'm in the twilight zone...

Re:In Canada

[tsg]

If you spoil your ballot, you can take it to the people running the poll station and ask for a new one. If you shove the spoiled ballot into the box, it's your own fault if it doesn't get counted.

This all relies on the voter being able to tell that the vote will or will not be counted: a subjective decision being made by another human being. He has no feedback and cannot get it without violating his anonymity. And he can't even find out later that he did it wrong. He could vote wrongly for his entire life and never know it.

The regulations allow for ordinary mistakes,

If by "ordinary" you mean "blindingly obvious".

and the only spoilage comes from maliciousness or complete incompetence.

Define "complete incompetence". The inability to read an unknown person's mind?

Re:In Canada

[tweek]

Well the parent poster said the voter had dementia and checked all the boxes and circled two names. I would call that incompentent.

Re:In Canada

[tsg]

One more time.... it's a freakin' X in a circle! This is not rocket science. Either there's an X in the circle, or there isn't an X in the circle. Sometimes there's multiple Xes in multiple circles. That would be a spoiled ballot. Other times there's no X at all. That, too, would be a spoiled ballot. Otherwise, how bloody difficult is it for you to comprehend an X in a circle? Sheesh!

So if my X is super tiny or fills the whole page it will still be counted? What if it's on the edge of the circle? Which side of the circle mark defines "inside". What if my hand is shaky and the lines aren't straight? What if I draw a "V"? The point is that the voter should have some way to know that his vote is valid without having to guess. Some form of feedback that doesn't compromise his anonymity. People make mistakes. Validation would reduce a lot of them. If the vote is important, then reducing mistakes should be important. If it's not, then neither is security.

There are alternate means of voting for people with disabilities that prevent them from putting an X in a circle.

In most cases the solution is to have someone else fill out the ballot for them which compromises their anonymity and, in the cases where the voter is blind or can't read english, forces them to trust the person is filling it out correctly.

Re:In Canada

[Knuckles]

Where I live they can just nominate some other person (relative, friend ...) to help them when they know they have problems. Or some of the voluteers that oversee the voting (1 of each party). If they don't do that, tough luck.

Of course it also helps that we have a somewhat sane voting system where 1 vote up or down is exactly that, 1 vote up or down, not flipping in entire fucking state. Therefore the issue of throwing out invalid votes is much less sensitive

Re:In Canada

[cybergrue]

Sounds neat. What do you do if the person marks the ballot incorrectly
Any clear mark counts. A X, Check Mark, circle filled in completely, smiley face, etc. The point is that the voters intention is considered to be more important then the method. A ballot is spoiled if the Scruteneers cannot determine the voters intention, ie two or more names are marked somehow.

OK, some background on how a Canadian Federal Election is held. First of all, there is a fedral agency who handles all fedral voting in Canada, called Elections Canada. These guys take their political nutrality very seriously. Every riding is diveded into polling districts. There is a polling station for a max number of elegable voters in a geographic are (1000 I think, I dont think there is a minimum. I saw polls in the last election returning 6 votes)
Many times multiple polls share the same voting station. Upon entering the station, you are directed to the correct poll, where you show your elegable voter card (they mail this to you a few weeks before the election, I don't know why they don't ask for photo ID) and you name is marked off on the voter list. You then get the ballot. Its one issue per ballot, where the candidates are listed in alphabetical order, with party affiliation after the name. The ballots are printed on a brown construction paper with a ballot ID number printed twice, one on a tear off strip. There is a black bar vertically down the right side of the ballot with a blank circle next to each candidates name. After getting the ballot, you walk to a table in an isolated area with a white shield set up for privacy. You mark the ballot, and fold it up before returning to the poll. There the staff take the folded up ballot, rip off the tear off strip in sight of you, and hand it back to you (although I have seen places tear off the strip before giving you the ballot). You then put the ballot in the ballot box (white cardboard again) and the staff puts the strip in a seperate box. This keeps track of the ballots without identifying who cast it. This way if you spoil your ballot, you can ask for annother one with out them worrying about having extra ballots in the box. btw, the person who crossed you name off the voter list is never the person who gives you the ballot, so no one knows which vote you got, or who you voted for. Also, it allows the staff to determine if a bollot has gone missing. (There is a bizzar tradition of people eating their ballots as a form of political protest.)
Besides the poll staff, there are observers (usually from the political parties) These observers are called scruteneers. They observe the balot box is empty before the poll opens, and is not tampered with durring the course of the election. After the poll is closed, the ballot box is opened, and the counting begins. Technically, any scruteener can void any ballot by claiming it is spoiled, however this is rarely the case (Yes this can lead to vote tampering, as happened in the last Qubec referendum where the Yes side began declaring No votes to be spoiled, however the No side began spoiling an equal number of Yes votes to keep things equal, and reported the abuse afterward)
After the votes are counted, the ballots are put back in the box, and it is sealed again (in case a recount is necessary), and the numbers are reported to the riding (the area that a candidate will represent) level, usually by phone. I believe the repults from each polling station are suppost to bepublished somethere so the observers can double check the caounts, but I don't know how exactly this is done. Anyways, because there should only be a few hundred ballots to be counted in each polling area, the results are usually known in a few hours. A Federal judge can order a recount if a candidate shows just cause, and I believe an automatic recount is called if two candidates are within 100 votes of each other.

To sum up, the major difference between Canada and the US in voting is that there is a (non-partisan) Federal agency responsable for setting up and running the election, with standardised ballots. Provincial elections are run similarly to Federal ones, while Local ones have started using electronic vote counters, but using and keeping paper ballots.

Re:In Canada

[Beardo+the+Bearded]

I guess this is the difference between the US and Canada, isn't it?

Election Official: Put an X in the circle.

Canadians: Okay. *scratch scratch*

Americans: What do you mean by X and circle? What if I'm given a pen with disappearing ink?

If there's an X in the circle, which is a white circle on a black background, your vote counts. If there's anything else, your vote doesn't count. If you can't do it yourself, you can get someone to help you.

The way we do election oversight is that the party in power counts the ballots but is supervised by the opposition. Or maybe it's the party in power supervises the counting, which is done by the opposition. I can't quite remember. This way, we know that everyone has a vested interest, but the two sides cancel each other out.

Re:In Canada

[Idarubicin]

What if the X goes outside the circle? How far is it allowed to go?
What if it doesn't fill the circle?
Who decides whether or not it's valid? Can they be bought?

How about if they can't see or can't read? Should they be allowed to vote?

The ballots are black with white block type and a good-sized white circle next to each name. Very clear instructions are provided to mark an X in the circle next to the name of the candidate for whom you wish to vote. Check marks are also acceptable, if I remember correctly. (I counted ballots a few years ago; I don't remember the precise rules.) Two or three hundred ballots went past my nose, nobody had trouble with the 'X' concept.

If the X extends outside of the circle, it's still valid, unless it enters another circle. It doesn't have to fill the circle; it just has to be an X or a check mark of any size.

The blind are allowed to vote. Templates are provided, printed in Braille, with holes that line up with the circles on the ballot. In areas where other languages (beyond English and French) are spoken, translations of instructions and candidates' names are posted and readily available. The infirm or people with specific handicaps that prevent them from marking their own ballot may be accompanied by an assistant of their choice. (The assistant must swear an oath and sign a declaration, if I remember correctly; I believe there is a limit on the number of people one person may assist, as well.)

The handling and counting of ballots at the polling place are both handled by a pair of individuals. The two parties who received the most votes in the previous election in that area provide lists of acceptable officials to Elections Canada, who assigns one from each list to each polling station. (In other words, in the U.S. it would be one Democrat and one Republican per poll). Observers (called scrutineers) may be sent by any candidate to monitor the voting and counting process. In practice, there are very few challenged ballots, though there does exist an appeal process. Judge-supervised recounts are mandatory when the margin of victory is smaller than a certain number of votes; recounts may also be requested by candidates.

So tampering with a vote is absolutely intolerable but throwing them away is okay. You don't see the contradiction?

Look, if someone can't understand the concept of "make an X next to the correct candidate; one X only", then I'm hard pressed to come up with a voting system that would be able to accurately gauge that voter's intent. It's as voter-verifiable as it gets. The only ballots that I've seen rejected have been deliberately spoiled by the voter by marking X in all of the circles or scribbling across the entire ballot.

Re:In Canada

[FlyingOrca]

Your whole argument is, IMNSHO, kind of daft. I've been an election scrutineer in more than one election in Canada, and while this kind of theoretical criticism might be fun, the fact is our election system works. Really well, even, unless you want to get into various styles of election and representation reform - but that's not what we're talking about here.

We don't tend to value anonymity to the fanatical degree that people in the US do, though - if people want help voting, they can get help voting. Kind of a common-sense thing, I would think. We're pretty big on common sense... Also on anonymity, my folks (my family is from the States) report that people here talk about who they will vote for much more freely than people in the US. It's no big deal.

The system: voting locations are set up within relatively easy reach of every registered voter. Each location contains a number of polls (a glorified cardboard box), each to be used by the people residing at a certain range of addresses. You get your ballot, you mark it, you fold it, you put it in the box.

When the polls close and it's time to count the ballots, the counting is scrutinized by Elections Canada officials AND by volunteers appointed by each candidate on the ballot. I have yet to see a disagreement as to what constitutes a properly marked ballot, but there are resolution procedures in place to handle disputed ballots. Really, it's not a problem the way you seem to expect that it would be. Your comments about "blindingly obvious mistakes" and mindreading are, frankly, out to lunch. It's not a problem.

As to voting by disabled people, there are other mechanisms in place (advance polling, for example) that allow people to vote via alternative means. If someone chooses to have assistance in casting their vote, and chooses someone that is untrustworthy (which strikes me as unlikely, but I suppose it could happen), they should really make better choices.

That being said, though, we tend to frown upon taking advantage of disabled people, and as someone who has professionally supported people with disabilities for over a decade, I would be mightily surprised to see that kind of vote fraud. People who work in my field don't do it for the money (it doesn't pay very well), we do it because we like to help people and help them live fully determined lives; casting that aside for the sake of a vote that is extremely unlikely to affect the outcome of an election would be morally repugnant and statistically insignificant.

So, yeah, people do have to mark the ballot properly, and yeah, it will be thrown out if the scrutineers (NOT one person, a bunch of them representing all the interested parties) agree that it should be. Maybe somebody, somewhere, somehow, could conceivably vote improperly all his or her life... but I really doubt it.

Personally, I agree with throwing out improperly-marked ballots. It's really easy to indicate your preference, and assistance is available. If you choose to vote unassisted and your preference cannot be determined, tough beans. We don't want election outcomes affected by people who can't either follow simple directions or get help doing so.

I like our system; you might prefer yours. Ours works, and yours has problems, at least from what I read on /. I'll stick with ours, thanks. Cheers!

Re:In Canada

[tsg]

Look, if someone can't understand the concept of "make an X next to the correct candidate; one X only", then I'm hard pressed to come up with a voting system that would be able to accurately gauge that voter's intent.

The point is that there are a million ways to fill out that ballot that accurately indicate the voter's intent but because he didn't do it that specific way his vote won't be counted and he will not be told it won't be counted and has no way to correct his error. And this isn't counting elections where the voter is expected to select multiple candidates (say, two open seats for five candidates). It is placing more importance on the voter following arbitrary directions than communicating his intentions.

The only ballots that I've seen rejected have been deliberately spoiled by the voter by marking X in all of the circles or scribbling across the entire ballot.

So it is your contention that it is impossible to fill out that ballot in such way that two people would have differing opinions on whether or not it was valid?

Re:In Canada

If you can't tell who they voted for, yes. They should have been more careful. Voting is a right; voting correctly is a responsibility.

So if they don't get it correct in the first try they lose their right to vote?


If you make a mistake marking the ballot, you have the right to get a replacement ballot. There is a procedure for this sort of thing.

Re:In Canada

[mOdQuArK!]

Where I live they can just nominate some other person (relative, friend ...) to help them when they know they have problems.

Interesting - so an abusive spouse or boss could threaten someone to let the abuser "help" them vote? Kind of reduces the effectiveness of anonymous voting.

Re:In Canada

[tsg]

Any clear mark counts. A X, Check Mark, circle filled in completely, smiley face, etc. The point is that the voters intention is considered to be more important then the method. A ballot is spoiled if the Scruteneers cannot determine the voters intention, ie two or more names are marked somehow.

Beardo the Bearded and an AC say it's an X and only an X.

Idarubicin claims it's an X and possibly a check mark.

And you believe it's just about anything.

It's funny how the four people who've remarked on this can't even agree what the right answer is but it's not a problem.

Re:In Canada

[tsg]

My point is not that the Canadian system of voting doesn't work. My point is that paper systems do have problems that can be solved by electronic systems that people tend to ignore when they smugly recommend paper as a solution to Diebold's incompetence, thus writing off an entire technology simply because one implementation of it was piss poor.

If you don't think discounting whole ballots because they were incorrectly filled out is a problem, fine. If you think following arbitrary directions is more important than ensuring the vote is counted, fine. If you believe a mistake in following those directions means the voter is incapable of making the decision his vote represents, fine. I disagree.

Re:In Canada

[gobbo]

The point is that there are a million ways to fill out that ballot that accurately indicate the voter's intent but because he didn't do it that specific way his vote won't be counted and he will not be told it won't be counted and has no way to correct his error.

No, we're pretty common-sense oriented, so it's simple and reliable: intent is nearly always obvious, and there's a small group of people (read: sensible canadians) who look at each ballot, and figure it out without difficulty, even if it's just a tiny pencil scratch: in the rare case they can't agree, it's a spoiled ballot. Now, I think that our electoral system overall is badly flawed, but the voting process itself functions very reliably with decent accountability and few errors (not including civil referenda; that's another issue, the politics of semantics).

Unintentionally spoiled ballots are easily and securely destroyed and re-issued and assistance is available for non-literates or physically handicapped. I've seen some comments about people getting assistance and losing a degree of anonymity with their vote. You have to realize that we just aren't very hung up on that particular privacy at the interpersonal level, since we don't have the same degree of risk, being on the whole more tolerant of differing political opinions than our southern neighbours.

Re:In Canada

[Knuckles]

Basically no, this is of course only allowed if the voter has some disability and can prove to have such (e.g., doctor's statement).

Of course, a disabled (in a way that makes voting by drawing an X in a circle impossible) person with an abusive spouse may be vulnerable to that, but as I said, a few votes up or down may not matter that much if you have a proportional voting system.

And I guess even taking this into account this system would have much less faked votes than you will have in November with this voting scam you are getting set up for.

Re:In Canada

[tsg]

No, we're pretty common-sense oriented, so it's simple and reliable: intent is nearly always obvious,

Well, I've had four Candadians (I'm assuming) explain to me what those simple rules are and have gotten three different answers.

in the rare case they can't agree, it's a spoiled ballot.

I believe a system which could eliminate spoiled ballots altogether has some merit. There seems to be a dichotomy of opinion when it comes to this: either humans make judgement calls or make the rules so rigid that the ballot is easily discounted. The third option people are ignoring is a system that provides validation to the voter.

but the voting process itself functions very reliably with decent accountability and few errors

An electronic system could be built with decent accountability and few errors also, with the added benefit of verifying the voter's intention very clearly.

I've seen some comments about people getting assistance and losing a degree of anonymity with their vote. You have to realize that we just aren't very hung up on that particular privacy at the interpersonal level, since we don't have the same degree of risk, being on the whole more tolerant of differing political opinions than our southern neighbours.

So you're saying that although it works great in Canada, the US has problems that make it less practical. Funny, so am I ;-)

Re:In Canada

[tsg]

Americans: What do you mean by X and circle? What if I'm given a pen with disappearing ink?

So these instructions are so simple only an idiot could screw them up, but the four of you who explained them to me can't even agree on what the instructions are. I wonder which of you are the idiots.

Re:In Canada

Their ballot is spoiled and is not counted. What would happen on an electronic system? How can you be sure?

Re:In Canada

What kind of system would be simpler than writing a X in a circle and safer than having all votes counted by hands by representatives of each party?

Re:In Canada

So if they don't get it correct in the first try they lose their right to vote?

Heavens no! The vote is sacred. They simply have to get a new ballot (nescessarily a slightly complicated process but no big deal). The example given is tantamount to mashing your hand across the screen or pulling several levers: you should (and do) get a "do over".

As an aside, you explicitly have the RIGHT to spoil your ballot. They are counted. Since most Canadians are competent to operate a pencil, a large number of spoiled ballots is generally taken as a sign of voter dissatisfaction over the choices available.

Re:In Canada

The better way to do that would be to "encourage" your victim to cast an absentee ballot. Even so, such influence would be small and distributed compared to the potential for systematic abuse in a automatic system.

Re:In Canada

[gobbo]

The grandparent poster you're interrogating is misinformed. Scan the thread, other canadians with insider knowledge of the system have pointed out that the "x" is a guideline because it's the most reliable mark, not mandatory, and the vote counters just don't have dificulty figuring out intention. If you mark more than one candidate, then you don't understand the very simple electoral system, and your ballot is (rightly) rejected. Mistakes don't commit you, you can get a clean one and start over. Here are the rules for determining validity, note that it merely requires a "mark" -- appealing to common sense. Anonymity is only partly compromised for the assisted, and we don't generally harass each other over votes anymore anyway--it's a cultural difference (we have more variety in our representatives and tolerance in our opinions).

Here's an example of how the regulations work around this:

243.1 (1) On application of an elector who is unable to read, or who is unable to vote in the manner described in this Division because of a physical disability, and who is unable to personally go to the office of the returning officer because of a physical disability, the designated election officer shall go to the elector's dwelling place and, in the presence of a witness who is chosen by the elector, assist the elector by
(a) completing the declaration on the outer envelope and writing the elector's name where the elector's signature is to be written; and
(b) marking the ballot as directed by the elector in the elector's presence.
Note on outer envelope
(2) The election officer and the witness who assist an elector under subsection(1) shall indicate, by signing the note on the outer envelope, that the elector was assisted.

You really have to see these ballots for yourself to understand, I guess; mistakes pretty much have to be intentional or truly incompetent or from those who refused assistance. Those conditions are acceptable, given the alternatives and small numbers of rejected ballots (under .5%, that's half a percent, not bad considering some of those are protest abstentions--figures from Elections Canada).

Re:In Canada

There are clear instructions as to what is a legal vote in every single voting booth. They are quite visual and easy to understand. Do you really expect every single person who responds to this thread to know all possible voting trivia by heart?

Re:In Canada

[mpe]

To sum up, the major difference between Canada and the US in voting is that there is a (non-partisan) Federal agency responsable for setting up and running the election, with standardised ballots.

It's more a case of "rest of the world" than just Canada. The US is also unusual in that registers of voters record party membership rather than just being a list of people who can vote.

Provincial elections are run similarly to Federal ones, while Local ones have started using electronic vote counters, but using and keeping paper ballots.

Having real paper ballots means that if there any question about the results or the machine breaks down a manual count can be done.

Re:In Canada

I believe the posted instructions in the booth specify an "X" but inctructions given to the scrutineers specify the "intent" criteria above.

It's done that way to minimize confusion (ie: the "press any key" problem). While the software (scrutineer) might accept a wide vareity of inputs, a very specific instruction (such as "press enter" or "mark an X") is less likely to cause confusion.

Re:In Canada

[gobbo]

OK OK, you must be google-challenged or never volunteered for an election. From the Elections Act:

Rejection of ballots
284. (1) In examining the ballots, the deputy returning officer shall reject one
(a) that has not been supplied by him or her;
(b) that has not been marked in a circle at the right of the candidates' names;
(c) that is void by virtue of section76;
(d) that has been marked in more than one circle at the right of the candidates' names; or
(e) on which there is any writing or mark by which the elector could be identified.

Re:In Canada

[TMB]

I believe a system which could eliminate spoiled ballots altogether has some merit.

Why, exactly? If I want to spoil my ballot, why shouldn't I be allowed to?

[TMB]

Re:In Canada

[Idarubicin]

I believe a system which could eliminate spoiled ballots altogether has some merit.

Some people deliberately choose to spoil a ballot as some sort of protest vote. I'm willing to let them have it.

Well, I've had four Candadians (I'm assuming) explain to me what those simple rules are and have gotten three different answers.

Perhaps, but it's a false dichotomy. The answers have been essentially the same with respect to content. If you're interested, the full Elections Act is here. Particularly salient in this discussion are Parts 12 ("Counting Votes") and 9 ("Voting"). Rejecting a ballot is governed mostly by Section 284 of the Act:

284. (1) In examining the ballots, the deputy returning officer shall reject one

(a) that has not been supplied by him or her;
(b) that has not been marked in a circle at the right of the candidates' names;
(c) that is void by virtue of section 76;
(d) that has been marked in more than one circle at the right of the candidates' names; or
(e) on which there is any writing or mark by which the elector could be identified.

Section 524(1)(b) of the Act allows any elector (not just candidates) to contest the results of any election on the grounds that "...there were irregularities, fraud or corrupt or illegal practices that affected the result of the election." Section 283(1) requires that the counting of votes be conducted by the Poll Clerk and Deputy Returning Officer (who are each drawn from lists supplied by two different political parties) plus at least two other electors (voters) or candidates' representatives.

Cheers.

Re:In Canada

[Eric+S.+Smith]

Beardo the Bearded and an AC say it's an X and only an X.
Idarubicin claims it's an X and possibly a check mark.
And you believe it's just about anything.

I endorse cybergrue's version, as I recall "unambiguous mark" and "voter's intention" from my civics/politics/history classes. In practice, an X is understood to be the proper way to mark the ballot, and is shown in examples given by Elections Canada.

I do not, however, endorse cybergrue's funetic spelling.

Re:In Canada

[myowntrueself]

but what if, for religious reasons, you don't want to make the sign of the cross?

(BTW this is how Jews got the 'kike' nickname; illiterate Jews would use a circle (or kikel (sp?)) instead of a cross for their mark).

Re:In Canada

[gobbo]

Well, I've had four Candadians (I'm assuming) explain to me

First of all, we resent youze amurricans confusing us with a yeast infection! We have more culture than that! Typical :-P

But seriously, some of us spoil ballots as a protest. It isn't given a proper category, so it has limited value, but there you are, people do it anyway and it's their right.

An electronic system could be built with decent accountability and few errors also, with the added benefit of verifying the voter's intention very clearly.

There's another benefit to hand-counting that I haven't seen noted in this story yet: civic involvement. More labour-intensive elections involve more people at the grassroots to get the work done. I don't see how automating things is more desireable than an involved electorate. And, really, there just aren't many unclear ballots. Just how much hand-holding do you have to do? is a citizen who can't negotiate a very simple ballot exercising their responsibility? if they aren't exercising their responsibility, don't they forfeit their rights along with it? maybe this is a cultural distinction, related to things like changing "through" to "thru."

So you're saying that although it works great in Canada, the US has problems that make it less practical. Funny, so am I ;-)

Perhaps this is the crux of why outsiders are so perplexed by The Great Democracy (well, republic, but whatever). Isn't there some way you can work to make your electorate more responsible so that they don't have to be spoonfed at the polling station? Or, perhaps, make the paper ballots undeniably dead simple? Can't you lower the risk associated with losing the complete anonymity of a vote for those who need assistance? Maybe there's some connection to the poor turnouts at polling time. Seems like a sociocultural fix is in order, not a technical fix.

Re:In Canada

[gobbo]

"I wonder which of you are the idiots."

Hm. So now you're confirming the stereotype of bellicose american, instead of saying to yourself "this is /. -- I should look for the posts that quote sources or have obvious personal experience."

The instructions really are that simple. The ballot says "use an X" -- but the rules for officials say "look for a mark." Everyone who responded to you has valid reason to believe they're right, there aren't really contradictions, and you're baiting.

Re:In Canada

[tsg]

Some people deliberately choose to spoil a ballot as some sort of protest vote. I'm willing to let them have it.

Fine. Let them verify that they intend to submit a spoiled ballot. My concern is solely for the people who wish to submit valid ballots.

Perhaps, but it's a false dichotomy. The answers have been essentially the same with respect to content.

Actually they weren't. Two people suggested only an X and if you can't manage that you shouldn't be voting, and one suggested as long as the voter's intention could be determined.

If you're interested, the full Elections Act is here.

Whatever it is isn't important. I just found it interesting that the rules which were so simple and obvious couldn't be agreed on.

Re:In Canada

[gobbo]

paper systems do have problems that can be solved by electronic systems that people tend to ignore when they smugly recommend paper as a solution

Look, I'm a futurist, and await personal transporters and immortality with bated breath. I also think our electoral system of "first past the post" is hosed, eh. But I am firmly convinced that our paper ballot system works well and is difficult to corrupt or fsck-up. It's simple, and can work by candlelight. It has lots of checks and balances. It is fault-tolerant, because we use some degree of consensus for validation. There are always going to be problems with rejected ballots, but they're very low percentages, and can be mainly accounted for by people who wanted to have the ballot rejected or weren't fulfilling their duties as a voter. A reasonable compromise is made between anonymity and access. For the most part, it is a very unambiguous user interface.

Even more importantly, the power of scrutiny in the canadian system is distributed somewhat amongst the electorate, rather than concentrated in the hands of the mages who make the machines, and the officals who mandate them. Solve that problem, make voting machines impervious to blackouts, backdoors, millions of lines of inevitably buggy code, viruses and other electronic monsters, intervention by the makers of the machines, oh, and make them simple to use and as cheap as a few tables and cardboard boxes, and you'll have me convinced that they might be good for democracy.

Humans are inventive enough to figure out a way to fool or abuse any system. The point is to minimize such things in a way that doesn't introduce greate problems. Centralized technology concentrates power, which is undemocratic. Introducing unnecessary complexity just means you've imported problems you don't understand yet.

Re:In Canada

[gobbo]

Either the vote is sacred or it's not.

Untrue. Voting may be on/off, but all the social values and ideologies surrounding how voting is done are definitely analog. This includes balancing the rights of the individual voter against the rights of the overall citizenry (e.g. perfect anonymity vs. resistance to election fraud). Some in the US have raised the rights of the individual at the expense of the rights of the citizenry to the level of religious dogma.

It's not a bloody test.

Actually, in one sense it is. You need a minimum level of competency to decide on life-or-death matters like electing officials. The bar for being able to vote successfuly in an election in Canada is set very low. Frankly, if you can't figure out our very simple ballots even with assistance, please abstain, because your completely confused vote would likely be a form of electoral abuse.

No one is assuming that paper systems don't have problems, that's a straw man you're burning there. People here are mostly saying that these systems have the fewest problems compared to the other options! I know it's a nuance, but you seem intelligent enough to grasp that--unless you're trolling.

Re:In Canada

[tsg]

First of all, we resent youze amurricans confusing us with a yeast infection! We have more culture than that! Typical :-P

I'm trying to type with a broken finger. Sue me.

But seriously, some of us spoil ballots as a protest. It isn't given a proper category, so it has limited value, but there you are, people do it anyway and it's their right.

That's fine. Have a "protest" or "no vote" option, or simply confirm yes, I know my vote is invalid, submit it anyway. I'm only concerned with people who wish to submit a valid ballot having it counted correctly.

There's another benefit to hand-counting that I haven't seen noted in this story yet: civic involvement. More labour-intensive elections involve more people at the grassroots to get the work done. I don't see how automating things is more desireable than an involved electorate.

There is plenty for volunteers to do besides hand-counting ballots. A lot of paper ballots in the US are read by machine anyway, other areas have mechanical voting machines. An electronic system that produces a paper ballot (as should be absolutely required) will still have a need for hand-counting for audits or recounts.

is a citizen who can't negotiate a very simple ballot exercising their responsibility? if they aren't exercising their responsibility, don't they forfeit their rights along with it?

I fail to see how a voter's performance in a single instance of trying to follow a set of arbitrary instructions in any way determines his fitness to choose his elected officials. Especially when that voter will never know if he's done it wrong.

While Canadians may not consider it important, there have been numerous occasions in US history where entire groups of people have been denied their right to vote by others making arbitrary requirements to disqualify them. This is even more dangerous when the disqualification isn't obvious such as in the case of an invalidated ballot.

Isn't there some way you can work to make your electorate more responsible so that they don't have to be spoonfed at the polling station?

This isn't about spoonfeeding voters. People make mistakes. I don't think they should lose their right to choose their elected officials because they made one.

Or, perhaps, make the paper ballots undeniably dead simple?

What could be simpler than a ballot that is capable of telling you when you've made a mistake that could cost you your vote?

Can't you lower the risk associated with losing the complete anonymity of a vote for those who need assistance?

If anonymity is important, it's important for everyone.

Maybe there's some connection to the poor turnouts at polling time. Seems like a sociocultural fix is in order, not a technical fix.

People aren't voting because they think it doesn't matter, not because they don't know how to do it.

Re:In Canada

[tsg]

There are always going to be problems with rejected ballots, but they're very low percentages, and can be mainly accounted for by people who wanted to have the ballot rejected or weren't fulfilling their duties as a voter.

No one has yet proven to me that failing to follow a set of arbitrary instructions once is sufficient grounds to disqualify the voter from having his voice heard, especially when he will never know that he was disqualified. But another point, would you be willing to accept the same low perentages of vote tampering?

Solve that problem, make voting machines impervious to blackouts, backdoors, millions of lines of inevitably buggy code, viruses and other electronic monsters, intervention by the makers of the machines, oh, and make them simple to use

All of this is entirely possible. The same things that make paper ballots secure, the processes surrounding them, can make electronic voting machines secure with the added benefits of validation and equal access to the sight impaired or those who cannot read or don't speak english. Obviously it's going to take time and I'm certainly not suggesting we use Diebold's machines tomorrow. I'm just not as willing to write the whole concept off simply because one implementation was done poorly.

and as cheap as a few tables and cardboard boxes, and you'll have me convinced that they might be good for democracy.

I don't think cost should be an issue if the benefits are there.

Centralized technology concentrates power, which is undemocratic.

The entire purpose of voting itself is to centralize power.

Re:In Canada

[tsg]

So now you're confirming the stereotype of bellicose american,

Just conforming to the stereotype that was offered. If he's going to discount my argument on the basis of being a stupid american I don't see why I shouldn't have the luxury of acting that way.

I should look for the posts that quote sources or have obvious personal experience.

I was assuming that anyone explaining the rules to me would have had personal experience with them. Two of them claimed to have worked at elections. Silly me. But beyond that it was the fact that these "simple and obvious" rules, so simple that anyone who couldn't follow them should disqualify them from voting, weren't understood by the people claiming they were so simple and obvious.

Everyone who responded to you has valid reason to believe they're right, there aren't really contradictions,

"Only an X counts, everything else is invalid" and "any mark counts" are contradictory. That they don't agree supports my argument.

and you're baiting.

Just responding in kind.

Re:In Canada

[tsg]

Untrue. Voting may be on/off, but all the social values and ideologies surrounding how voting is done are definitely analog.

I cannot see how someone can simultaneously claim that tampering with a vote is unacceptable but throwing it out is not. If the vote is important, make every effort to determine the voter's intent. If an electronic system can do that without violating anonymity, then I say it's worth looking into.

Actually, in one sense it is [a test].

Then it's a bloody poor one. I fail to see how a person's performance on one instance of following arbitrary instructions is in anyway indicative of their ability to choose their elected officials.

The bar for being able to vote successfuly in an election in Canada is set very low.

Ideally, there shouldn't be a bar at all.

No one is assuming that paper systems don't have problems, that's a straw man you're burning there. People here are mostly saying that these systems have the fewest problems compared to the other options!

They are saying these problems do not need to be addressed. Even if paper is the best available now, there is still room for improvement.

Re:In Canada

[tsg]

The US is also unusual in that registers of voters record party membership rather than just being a list of people who can vote.

This is only used in the primaries and is supposedly to prevent people from one party voting for the weaker candidate in the other party. In actuality, there's nothing preventing people from registering as one to screw up the primary and voting for the other in the general election (except that they can't vote in their own party's primary, but in the case of an incumbent running, that's largely academic).

Re:In Canada

[FlyingOrca]

No one has yet proven to me that failing to follow a set of arbitrary instructions once is sufficient grounds to disqualify the voter from having his voice heard, especially when he will never know that he was disqualified.

Um... how is putting a pencil mark inside a circle any more arbitrary than operating a voting machine? You have to follow instructions either way. Or are you thinking that the machine should just divine the voter's intentions?

But another point, would you be willing to accept the same low perentages (sic) of vote tampering?

Vote tampering, you say? Like what? And is it somehow more likely in a paper ballot system overseen by neutral officials AND the candidates' volunteers than it would be in a black-box electronic system? It's all about the transparency.

...with the added benefits of validation and equal access to the sight impaired or those who cannot read or don't speak english...

Yeah, 'cause, you know, we have such trouble validating our election results. And blind people, they can't vote. And neither can people who can't read or don't speak English.

Oh, wait a minute, what was I thinking? Yes they can vote, and they do, and sometimes I help them, and it works fine. Sorry, I'm being a bit of a smartass here, but really - you're reaching.

Waiter, I'll have some of whatever HE's smoking. ;-)

Re:In Canada

[jc42]

(d) that has been marked in more than one circle at the right of the candidates' names;

So if I'm counting votes in a Canadian election, I can bias the vote by simply keeping a #2 pencil in my shirt pocket, and adding an extra X or two when some silly voter voted for the wrong candidate.

(That's how it's done in the US in places that still use paper ballots. ;-)

(Now if we used "acceptance" voting, this would be much less of a problem - though it would still be a minor problem.)

Re:In Canada

[Beryllium+Sphere(tm)]

The instant somebody other than the voter tries to decide what a ballot means, the voter is no longer in charge. The ballot interpreter is.

Voters have the root password of democracy. They work in secret and nobody can overrule them. And y'know, when you're running as root you want a system that does what you say or does nothing, rather than a system that does what it thinks you mean.

Re:In Canada

[gobbo]

People make mistakes. I don't think they should lose their right to choose their elected officials because they made one.

Well, that's true. Weigh the inevitability of some making mistakes against the ability of some to make fraud, and you'll understand the argument--a paper system like the Canadian one is the best compromise at the moment, serving the greatest good. So few make the mistake you're talking about, using our system.

What could be simpler than a ballot that is capable of telling you when you've made a mistake that could cost you your vote?

One that has no moving parts and a social arrangement that makes it tamper proof. This isn't just about user interface.

If anonymity is important, it's important for everyone.

I take back what I wrote about your ability to grasp nuance. Of course it's important. Security of the electoral system is more important. It's a compromise based on priorities.

there have been numerous occasions in US history where entire groups of people have been denied their right to vote by others making arbitrary requirements to disqualify them. This is even more dangerous when the disqualification isn't obvious such as in the case of an invalidated ballot.

Hm. funny, we don't have that problem in federal elections. See my point about keeping the ballot paper obvious, and about educating the voter. Not that we are above disenfranchising sections of society... just that it would be difficult to do using our current poll system.

I notice your response doesn't touch the issue of the centralization of social power ennabled by voting machinery, or any of the other more serious vulnerabilities caused by involving complex machinery, but hammers away at protecting 3 out of 1000 people (Canadian stats for rejected ballots) from making a stupid and avoidable mistake. You wouldn't be astroturfing for diebold, would you? Maybe merely cranky and hard case.

Re:In Canada

[gobbo]

No one has yet proven to me that failing to follow a set of arbitrary instructions once is sufficient grounds to disqualify the voter from having his voice heard, especially when he will never know that he was disqualified.

It's not something you can prove easily, it's an opinion based on an attitude towards personal responsibility, which rights are dependent upon. It's a basic notion of democratic sovereignty: you want to participate in running your country? Follow some very simple rules, at minimum. The instructions, to the literate, are not arbitrary, they're coherent with the convention of selecting an item from a list.

But another point, would you be willing to accept the same low perentages of vote tampering?

No. There aren't any stats but I'd be willing to bet that rejected ballots represent noise in the system, in that they're distributed quasi-randomly across party preferences. Tampering, on the other hand, is an intentional attack on the system. What's worse, someone stepping on your foot in the elevator by accident, or someone walking up and kicking you? Why are you having trouble grasping this?

The entire purpose of voting itself is to centralize power.

Oh.... Wow.

Re:In Canada

[tsg]

It's not something you can prove easily, it's an opinion based on an attitude towards personal responsibility, which rights are dependent upon. It's a basic notion of democratic sovereignty: you want to participate in running your country? Follow some very simple rules, at minimum.

Fine. Let's make it a real test then. You get as many sample ballots as you like but you can only turn one in. If that one isn't valid (determined by whatever means you like so long as it's consistent with determining the validity of a real ballot) then you are denied your right to vote. I don't know about Canada, but I know if anyone tried this in the US it would be a bloody revolution. The only difference between this and the discarding of invalid ballots is that the public knows the first is happening. Let me ask you this: Have you never had a ballot discarded because it invalid? How would you know? You wouldn't and that's the point. For all you know not one of your ballots has ever been counted.

The instructions, to the literate, are not arbitrary, they're coherent with the convention of selecting an item from a list.

They are arbitrary in that they were not selected to determine the voter's ability to vote yet are being used as the sole basis to judge that ability.

What's worse, someone stepping on your foot in the elevator by accident, or someone walking up and kicking you?

Providing both injuries were comparable it doesn't matter one whit to me whether or not it was intentional. One was careless, one was malicious, both hurt my foot. Neither should have done it. Whether my vote is uncounted (or counted wrongly) because a counter couldn't interpret it or because someone else changed it the end result is the same, my vote has not been counted correctly. That one was malicious doesn't change the outcome. Both should be prevented.

>The entire purpose of voting itself is to centralize power.

Oh.... Wow.

Is that a refutation? Casting a vote to put a person into office is the granting of power to the few over the many.

[combining threads original parent is here]

Well, that's true. Weigh the inevitability of some making mistakes against the ability of some to make fraud, and you'll understand the argument--a paper system like the Canadian one is the best compromise at the moment, serving the greatest good. So few make the mistake you're talking about, using our system.

My point exactly. It's a compromise that need not exist. It is possible to have both. But those satisfied with the compromise are unwilling to even entertain the notion that there might be a better way.

One that has no moving parts and a social arrangement that makes it tamper proof. This isn't just about user interface.

Strictly, paper doesn't satisfy this either. If, for the first generation, the electronic machine does nothing but print paper ballots, and print out totals at the end. The paper ballots are still hand counted, their total is the one that is official, but they are compared against the electronic terminal as a kind of audit. All we've done is change the pencil to a computer screen and everything else is the same. The voter still has a piece of paper he can look at and verify it is correct, but the terminal gives him the error checking that makes sure his ballot will be counted and doesn't violate his anonymity. How is this insecure? This, at the moment, is all I'm asking for. Most of the benefits with none of the risk.

Of course it's important. Security of the electoral system is more important. It's a compromise based on priorities.

Like I said, it's a compromise that need not be made.

Hm. funny, we don't have that problem in federal elections. See my point about keeping the ballot paper obvious, and about educating the voter. Not that we are above disenfr

Re:In Canada

[tsg]

Um... how is putting a pencil mark inside a circle any more arbitrary than operating a voting machine?

Nothing. But I'm not the one claiming that the ability to put a pencil mark inside a circle is necessary and sufficient to determine a voter's ability to choose elected officials.

You have to follow instructions either way. Or are you thinking that the machine should just divine the voter's intentions?

No, but the machine can ask and notify the voter if he's made a mistake (such as selecting too many candidates). Paper can't.

Yeah, 'cause, you know, we have such trouble validating our election results. And blind people, they can't vote. And neither can people who can't read or don't speak English.

Oh, wait a minute, what was I thinking? Yes they can vote, and they do, and sometimes I help them, and it works fine. Sorry, I'm being a bit of a smartass here, but really - you're reaching.

This has been discussed already. If you're going to jump into the middle of an argument you might at least have the courtesy of reading it first.

Re:In Canada

[FlyingOrca]

So if I'm counting votes in a Canadian election, I can bias the vote by simply keeping a #2 pencil in my shirt pocket, and adding an extra X or two when some silly voter voted for the wrong candidate.

Well, no, not very easily, because the scrutineers (volunteers appointed by each candidate, I've done it myself) are watching and counting and looking at the ballots along with you.

It's a fun social time, really, and everyone enjoys it. ;-)

Re:In Canada

[FlyingOrca]

This has been discussed already. If you're going to jump into the middle of an argument you might at least have the courtesy of reading it first.

Actually, I have read the whole thread and I don't see you offering any proof of Canadians - blind, quadraplegic, developmentally disabled, black, white, puce, mauve, or fucking Martian - disenfranchised by our system.

So I have to conclude that you're trolling, though rather more skilfully than most. Cheers!

Re:In Canada

[tsg]

Actually, I have read the whole thread and I don't see you offering any proof of Canadians - blind, quadraplegic, developmentally disabled, black, white, puce, mauve, or fucking Martian - disenfranchised by our system.

Try looking here

I never claimed to prove anything, only that the issue of the procedures used for people unable to read or mark a paper ballot in most cases violate their anonymity has been discussed.

Re:In Canada

[FlyingOrca]

I never claimed to prove anything, only that the issue of the procedures used for people unable to read or mark a paper ballot in most cases violate their anonymity has been discussed.

Yes, it violates their anonymity to the extent that someone they trust has to help them. Not quite the same as excluding them from voting. I honestly don't understand your objection, if indeed you're NOT trolling. Do you think that voting machines are somehow more accessible to people with disabilities, and if so, how? I'm professionally curious. (Oh, and at the risk of being repetitive, we don't tend to sweat the whole anonymity thing quite as much.)

That being said, I have no problem with electronic voting, provided that it improves accessibility, is more secure and accountable than the existing system, and is cost-effective. Until it is, though, I like paper ballots just fine. The only good argument against them I have seen - in the context of US elections - is the fact that many more positions are elected in the US. Here, we basically vote for one representative at each of three levels - civic, provincial, and federal. Oh, and school board trustees and mayors. But most of these are separate elections, anyway.

Hmmm... seems to me that there's usually something like a fixed "Election Day" in the States, and many positions are elected on the same day... would it work to give each position a separate ballot, or even separate polls (in the sense of ballot boxes, not locations)? Still might be cumbersome, I guess....

Re:In Canada

[tsg]

Yes, it violates their anonymity to the extent that someone they trust has to help them.

Which is exactly my point. They have to trust someone, others who aren't similarly disabled don't.

Not quite the same as excluding them from voting.

I never claimed it excluded them from voting.

Do you think that voting machines are somehow more accessible to people with disabilities, and if so, how?

There are a number of technologies on the market from speech synthesizers and screen readers that can enable the blind to use a computer to vote without violating their anonymity. While they may not have all the bugs worked out, it's certainly an avenue worth exploring.

(Oh, and at the risk of being repetitive, we don't tend to sweat the whole anonymity thing quite as much.)

Well, a number of people here do. Saying "your concerns aren't important" doesn't satisfy those concerns. We might be a little more paranoid, but that's not going to change because someone said it doesn't matter. The whole security issue could be fixed entirely by simply printing the voter's name and how they voted in the paper the next day. Then it wouldn't matter what mechanism you used to vote because the input and the output could both be verified. But I am in the minority by a bunch on this one.

That being said, I have no problem with electronic voting, provided that it improves accessibility, is more secure and accountable than the existing system, and is cost-effective.

That is exactly what I am asking for.

Until it is, though, I like paper ballots just fine.

My issue is with the people who smugly suggest "this thing called paper" as though it was the perfect solution and any problems paper has are so negligible as to be non-existant. The fact is that there are problems with paper that can be addressed by electronic systems. I'm also not looking for them tomorrow. But I'm tired of the argument that there is no need for them at all.

Re:In Canada

"Fine. Let's make it a real test then. You get as many sample ballots as you like but you can only turn one in. If that one isn't valid (determined by whatever means you like so long as it's consistent with determining the validity of a real ballot) then you are denied your right to vote. I don't know about Canada, but I know if anyone tried this in the US it would be a bloody revolution. The only difference between this and the discarding of invalid ballots is that the public knows the first is happening. Let me ask you this: Have you never had a ballot discarded because it invalid? How would you know? You wouldn't and that's the point. For all you know not one of your ballots has ever been counted."

Idiot. The only reason those ballots are discarded is that NOBODY KNOWS WHAT TO MAKE OF IT. You have a better idea that still keeps a secret ballot secret?

"Providing both injuries were comparable it doesn't matter one whit to me whether or not it was intentional. One was careless, one was malicious, both hurt my foot. Neither should have done it. Whether my vote is uncounted (or counted wrongly) because a counter couldn't interpret it or because someone else changed it the end result is the same, my vote has not been counted correctly. That one was malicious doesn't change the outcome. Both should be prevented."

First, in real life, if someone kicks you, there's a good chance that they'll do it again (or something else that's aggressive). If they did it by accident there's much less chance.

Now look at voting. If someone is tampering with one ballot, he's probably doing the same thing with others, and in a consistent manner, and may affect the election. If it's by accident, it's probably evenly distributed AND WILL ALMOST DEFINATELY HAVE NO IMPACT ON THE OUTCOME OF THE ELECTION.

"If those numbers held for the US, that would have been 18,000 ballots in Florida thrown out where the election was decided by 527. Here's another interesting statistic: In the March 2 primary in San Diego, Diebold was accused of miscounting 3000 votes. Reported voter turnout for the county [source] was 621,429. That's only 4 out of every 1000 votes and people were crawling out of the woodwork to criticize Diebold. They at least had the excuse that it was unintentional (whether you believe that is up to you). However, as you claim, 3 out of every 1000 votes being thrown out, on purpose, is okay."

But they would be evenly distributed, and would give no advantage to any particular party. And those votes being thrown out on purpose because they are indecipherable - you make it sound like it's trying to rig the election! You have to be a complete fucking retard to not be able put an x in a large circle next to your candidate's name.

Re:In Canada

Any other clear mark in a circle will count as well.

Re:In Canada

[tsg]

Idiot.

Scathing argument asshole. From an AC no less. The rest of your comment is hereby ignored.

They're not Evil

[mod_parent_down]

he doesn't believe that the vulnerabilities show deliberate malice on Diebold's part to aid fraud... But the vulnerabilities do show incompetence

There's such a fine line between clever and stupid.

Speaking of e-voting vulnerabilities

[bobpence]

Why haven't we heard more about Venezeula, where apparently many machines recorded exactly the same number of pro-recall votes in opposition to Mr. Chavez? Sounds like tampering to me...

Re:Speaking of e-voting vulnerabilities

[djeca]

http://en.wikipedia.org/wiki/Birthday_paradox

Re:Speaking of e-voting vulnerabilities

[Knuckles]

Mods on crack again ... sure, a comment about e-voting in other countries sure is offtopic in a story about e-voting in the US. sheesh

As an outside observer

I'm totally stunned to watch what is going on in the US right now.

After the Florida disaster the last time around you would have thought that things would change for the better, but they seem to only get worse.

Soldiers sending in their votes by email and waiving their right of a secret vote.

Yet again the top Florida election official doing everything she can to make sure Bush carries Florida.

And all these stories about Diebold, that would be tremendously funny if they weren't so important.

Wtf is wrong with the US?
Really, this is not meant as an anti-American troll, but I really have a hard time understanding it and most of all I get the impression that most Americans don't really care about these problems and that is probably the scariest part.

Re:As an outside observer

Wtf is wrong with the US?

perhaps as a nation they just aren't ready for democracy and real freedom ?

in a nation that has more of its people in jail than the rest of the entire western world *combined* speaks volumes about the direction they are heading

Re:As an outside observer

The scarier part is everyone here knows its happening and is powerless to stop it.

Re:As an outside observer

[Maul]

Your impression is correct for two reasons.

The first is that this issue isn't played up as a big deal in the popular media, where most Americans get their "news." Right not the media is focusing on things that don't really matter in the election. Basically, crap like military record discrepancies from decades ago that really have not bearing on current issue.

The second is that many people have been conned into thinking it is "Patriotic" to trust the Government at all times, no matter what.

It seems completely ignored that the company who makes these things is a strong supporter of one of the parties, and that there are lots of ways for these machines to be tampered with. I feel that votes could be "tweaked" without much proof available that tweaking was done in a very close election.

Re:As an outside observer

[Thunderstruck]

To be fair, its not the whole Union that has you disgusted, its just the state of Florida and one particular voting machine Manufacturer. Lets not take down every other state just because our sister to the southeast can't get things right.

The mechanics of Elections, particularly presidential elector elections, are not something that can even be regulated by Washington DC. (Outside of 14th amendment powers)

Re:As an outside observer

It's not really baffling, when you think about it.

As mentioned in another comment, the CEO of Diebold says "I am committed to helping Ohio deliver its electoral votes to [Bush] next year."

With that in mind, what incentive do the Republicans who control Congress have to force any change?

All of these problems you mention are real, and the American people (and the Democratic party) are powerless to do anything about it. It's corrupt, ugly, and it fucking stinks.

why not this

[codepunk]

del stupidaccess.mdb

Password protection?

[the_skywise]

The article doesn't say, but I thought the Diebold Access databases were, at the very least, password protected?

Even so, I'm not quite sure what they expect any voting machine company to do. Let's say they use Linux and a custom and encrypted database format. All you have to do is have somebody reverse engineer the format, get root access to the Linux box and then run a custom script to update the values.

If it's an open source solution, this is worse because... everybody will know what that format is.

I'm not supporting Diebold here, but I don't see any solution here that can't be hacked in someway. (just increasing levels of difficulty of doing so... and if Diebold didn't even bother to password protect their Access databases, well they deserve what's coming...)

(And sure, a paper receipt will correct THAT problem, but then why need a computer? Why not just go back to pencil and scantron and a display of your vote to you after its scanned?)

Re:Password protection?

[stratjakt]

The only thing that could be tainted with this exploit are the early results given to the media. I personally feel the media shouldn't be allowed to disclose ANY results until the entire country has voted since EST results tend to disenfranchise PST folks.

AT ANY RATE, the actual counting is done by humans, and those humans are accountable for the results.

Paper ballots are counted in the end. The computers are just so that Fox's "Decision 2004" coverage can have something new to report every 20 minutes.

Re:Password protection?

[TigerNut]

Even so, I'm not quite sure what they expect any voting machine company to do. Let's say they use Linux and a custom and encrypted database format. All you have to do is have somebody reverse engineer the format, get root access to the Linux box and then run a custom script to update the values.

-If an encrypted database were used, along with a strong password phrase and algorithm, there would be very little for anyone to hook into to reverse engineer the format.
-Getting root access on the Linux box is also not a trivial task, especially if you don't have physical access to the machine.
-If you don't have root access and you write the database access procedure so that root-level or some special group permission is required, then you're not even going to get to the database in the first place.

As Jefferson said in TFA... the coders/designers for that system look like amateurs. Even within a Windows framework there would have been a LOT better ways to implement the database to decrease its vulnerability to casual access by other applications.

Re:Password protection?

[the_denman]

Why not just go back to pencil and scantron

Scantron cards arn't exactly acurate either, When I have taken scantron tests in school (bolth hs and colledge) they have always come back with a few misreads. Heck even hand counting the pencil filled in ballots is subject to human error. With an evoteing system with paper backup it would hopefully be bolth acurate and acountable... good luck at doing that though!

Nader beats John Kerry?

[Damon+C.+Richardson]

Diebold. I'm on to you.. Your going to give Nader all of Kerrys votes!

Re:Nader beats John Kerry?

[Beardo+the+Bearded]

Wait a minute - that's a pretty good idea. What if you folks got together and screwed the election results such that Nader won? Everybody would know that the whole system was rigged and exploitable if that was the result. Even Ralph would wonder what the hell happened. I'm not saying vote for Nader; I'm saying make the machines vote for Nader.

(I'm not going to vote in November; I'm not from the US.)

Re:Nader beats John Kerry?

Better still, have a hidden, fictional candidate - one that exists in the database but is not selectable on the touch screen. If this candidate recieves any votes the election is null and void.

Anti-hacking laws will have to be temporarily amended to allow anyone worldwide to have a go at cracking the system - to prove it is crackable.

Re:Nader beats John Kerry?

[Beardo+the+Bearded]

I suggest that fictional candiate's name be George W. Bush. If he gets any votes, then you have to hold a new election.

This will either go to +5 funny or -1 troll. Bets?

obligitory plug for blackboxvoting.org

[dogas]

black box voting has 5 (!) different demonstrations on how easy it is to hack these things. There is also an online book (in PDF format) all about how bad the situation really is.

This is serious. Not only are they using a microsoft access (!!) database to store your vote, they are using a non-password protected access database.

Not only are they using a non-password protected access database, you can gain access to the .mdb by hitting a certain key on the touch screen and manipulating at will. Are we living in crazy world?

Re:obligitory plug for blackboxvoting.org

You are hereby found to be in contempt of the legally binding consumer protection laws as described hereforth at the Halfbakery:

http://64.233.179.104/search?q=cache:KXtKuHTgyksJ: www.halfbakery.com/lr/idea/Legally_20Binding_20Use _20of_20Factorials+factorial+halfbakery&hl=en

Utilising a factorial in an attemp to add hyperbole to your point is now a punishable offense. Unless you can prove the existance of (5! = 120) "Different demonstrations", we ask that you cease and desist in violating this new code.

Thank you,
Management

Re:obligitory plug for blackboxvoting.org

That key would be SHIFT.

Re:obligitory plug for blackboxvoting.org

[Evangelion]

The expression in question isn't 5!, it's 5 (!) -- the 5 is outside of the parenthesis, and is not part of the term with the !.

Since the expression is malformed, you cannot make a meaningful statement about what the factorial applies to.

US Elections 2004: Battle of the Scripts

[Control-Z]

What's the big deal about voting machine fraud? If you see any fraud being commited, just write an NEGATIVE SCRIPT to offset those fraudulent votes. That way we'll keep the election nice and balanced.

BSOD

[sleepnmojo]

I don't see a problem here. No one will be able to use the machines anyway. They will all be blue screened, so we will have to go back to the old way.

Re:BSOD

Speaking of the old way, what the hell is wrong with paper ballots anyways? At least that way you have a hard copy of each vote. I'd rather have the fiasco from Florida than the fiasco I see comming out of these machines in the future. If it's a matter of man power, enlist people for elections and ballot counting like we do for jury duty.

And Bush Wins By A Landslide...

Florida 2000 election repeat, only in all states.

Joy.

nice to know

[simontek2]

I was trained to fix those here in Georgia. Sad thing I find out bout this thru /. not them.

By the book ?

[Tsiangkun]

"When we wrote the book, we thought the election system it described was a bit far-fetched," Thompson said. "We thought it's impossible that any real voting system would have these problems. Then we saw the GEMS software, and it had four of the vulnerabilities that we wrote about in the book."

Four vulnerabilities described in a book, at what point is it beyond a reasonable doubt that the diebold system is intentionally compromised to allow the results of an election to be altered ?

Re:By the book ?

[tsg]

Four vulnerabilities described in a book, at what point is it beyond a reasonable doubt that the diebold system is intentionally compromised to allow the results of an election to be altered ?

There's an old saying: "Never attribute to malice that which can be adequately explained by incompetence." Unfortunately it assumes that the malicious aren't also incompetent.

Voting machines designed by Sting?

[FunWithHeadlines]

"You go in and press buttons and then hit "cast vote" and it goes "doo doo doo"

Then it goes "de da da da," and finally it tells you, "is all I want to say to you."

Oh, no one would do _that_!

[bujoojoo]

But speaking generally on the vulnerabilities Harris mentions, Diebold spokesman David Bear said by phone that no one would risk manipulating votes in an election because it's against the law and carries a heavy penalty.

Yeah, and no one robs banks, or counterfeits, or traffics drugs either.

2 brothers will count 80% of the vote

[puke76]

I submitted this in April, crack mods rejected it.

Two brothers will count 80% of the vote.

In a country where no-bid contracts and the VP's corporate relationships aren't questioned, this is worrying.

Re:2 brothers will count 80% of the vote

In a country where no-bid contracts and the VP's corporate relationships aren't questioned, this is worrying.

Indeed!

Re:2 brothers will count 80% of the vote

[Rayonic]

> In a country where no-bid contracts and the VP's corporate relationships aren't questioned

They certainly are questioned, but said questions never get far because:

1) No actual evidence has ever turned up.

2) Halliburton was awarded it's long-term LOGCAP contract back in 1999 -- before Bush took office.

Sue 'em

[quantaman]

Just thinking that lawsuits seem to be very popular in the US and this seems to be the perfect time for one. Wouldn't it be possible for some group of you down there to sue Diebold on the grounds that either they're disenfranchising you, or at least being reckless and making it easy for a third party to disenfranchise you, via the horrible security and lack of paper trail of their voting machines?

Probably wouldn't win but at the very least it would make a heck of a splash in the media and might cause something to be done about it.

Re:Sue 'em

[tsg]

Just thinking that lawsuits seem to be very popular in the US and this seems to be the perfect time for one. Wouldn't it be possible for some group of you down there to sue Diebold

RTFA. They are.

at the very least it would make a heck of a splash in the media and might cause something to be done about it.

It hasn't.

Re:Sue 'em

[quantaman]

Just thinking that lawsuits seem to be very popular in the US and this seems to be the perfect time for one. Wouldn't it be possible for some group of you down there to sue Diebold

RTFA. They are.

You can't be serious. That was in like the 3rd paragraph, I would of had to read over a hundred words to get there!!

What do you want your money going to then?

[TiggertheMad]

I don't want my tax dollars bankrolling OSS dev efforts. If you wan't such a system, go ahead and create it. Put a paypal link on your sourceforge page, maybe someone will send you a buck.

Do you want to pay for buggy, easily exploitable software then? I can understand your desire not to waste money on "fantasy vapor product that doesn't exist..", but you are paying for Diebold's mess. And you are paying for paper voting, recounts, and all the supporting infrastructure. Personally, since money is being spent regardless, I'd like to see it go towards a rock solid solution that will last awhile. It seems that OSS would be an excellent candidate.

Re:What do you want your money going to then?

[Blastrogath]

Do you want to pay for buggy, easily exploitable software then?

AFAIK there is no OSS voting software to choose. How can you use software that does not exist yet? If you think that a OSS system would be a good idea, make one! And after it's made, we can look at it to see if it's better than Diebold's software or paper ballots.

More importantly, it's not like we have to use Diebold's crap if we don't use an OSS system. I am happy with written paper votes. They're fairly secure, proven technology with a good audit trail. I don't see any point in thinking of switching from written paper ballots til a better solution is made, and then thouroughly tested.

And you are paying for paper voting, recounts, and all the supporting infrastructure. Personally, since money is being spent regardless, I'd like to see it go towards a rock solid solution that will last awhile.

I do support the idea of spending for voting infastructure improvements, but we need to keep funding the systems that are proven to work until a replacement is finished. We should stick with what works til we have something made and tested that works better.

Besides, I don't think elections are the best place to be overly frugal. I want our elections done right, even if it costs us taxpayers a little more.

Re:What do you want your money going to then?

You make several classic errors in your post.

1. Diebold had a voting system first, then the government bought it.

2. Open Source = Free (as in no money)

Diebold may have had some voting projects under way, but nothing like the current strain of horrible software that was made in response to the 2000 election fiasco. This stuff is what's being installed everywhere, and it's new stuff, still being written. Badly.

To say there's no such thing as an open-source voting solution is also not true. There are plenty of hobby-level software voting projects around, it's just not at the level you'd notice, because nobody is marketing these things like in the case of Diebold.

Lastly, you say elections aren't a place to be frugal. This is irrelevant. Nobody is suggesting that the government should choose Open Source software since they can "get it for free."

This is completely not the point. I'd expect any government contract would pay contributors very well for their work on the project, as well as pay for the overall project itself (whether it be an LLC like Gentoo or some other kind of business entity). The entire point is, choosing Open Source software is the right choice because of the way it reflects our democratic ideals, not because of the potential to "get it for free."

Anyone would be allowed to download the voting software for free, but this is irrelevant. This ensures the transparency of the system, and is essential to an application like this.

Re:What do you want your money going to then?

[Blastrogath]

You make several classic errors in your post.

1. Diebold had a voting system first, then the government bought it.

2. Open Source = Free (as in no money)

I didn't agree or dissagree with either of these in my post. You are missing my point:
1 Cost realy doesn't matter much.
2 Functionality matters a great deal.

I think we should use the best tools, whether they're free or not. I agree that code transparency is better for software in areas like this, but until someone has a piece of software that preforms better than paper ballots we shouldn't be using software at all.

The entire point is, choosing Open Source software is the right choice because of the way it reflects our democratic ideals, not because of the potential to "get it for free."

Paper balots are hardly un-democratic. They are pragmatic though, and I think our government and society needs a good dose of pragmatism. You should pick the best tool for a given job.

Anyone would be allowed to download the voting software for free, but this is irrelevant. This ensures the transparency of the system, and is essential to an application like this.

I agree that transparency is essential, I do not agree that electronic voting software is essential. I think electronic voting is a good idea, and I'll be glad to support using it as soon as I see a good enough implementation to use, be it OSS or not.

Besides as I said in my post: "I do support the idea of spending for voting infastructure improvements, but we need to keep funding the systems that are proven to work until a replacement is finished". I'd like to see a government funded OSS project to make voting software, because there's a very good chance it would eventually be the best tool to use. And if it did become the best tool, I'd support it's use. But until a better solution than written paper balots comes along I will not support their replacement.

Re:What do you want your money going to then?

[myowntrueself]

"Do you want to pay for buggy, easily exploitable software then?"

I just wish that people would figure out one of the axioms of the modern world. That is;

'The quality of software is inversely proportional to its cost.'

Re:What do you want your money going to then?

[vsprintf]

More importantly, it's not like we have to use Diebold's crap if we don't use an OSS system. I am happy with written paper votes. They're fairly secure, proven technology with a good audit trail. I don't see any point in thinking of switching from written paper ballots til a better solution is made, and then thouroughly tested.

Then you should complain to the feds, who mandated the new voting systems following the 2000 elections and provided several billion dollars in funding. Diebold is raking it in along with Sequoia Systems. Many districts won't give voters a paper ballot option. Some will only offer paper ballots if you use an absentee ballot. If your district gives you the option of a paper ballot, you're lucky.

Re:What do you want your money going to then?

[Blastrogath]

Sucks to be you guys then.;) I'm from Canada where it's paper or nothing. You have my sympathy, your government seems even more dissfunctional than ours.

Re:What do you want your money going to then?

[vsprintf]

You have my sympathy, your government seems even more dissfunctional than ours.

That is something I can't argue with. Thanks for the sympathy - it may not help the situation, but it's comforting. :)

Only one? - we should be so lucky!

[gillbates]

There is one way in which changing vote totals in GEMS might not work.

So I guess this implies that almost any other way of changing votes will work?! Isn't this the complete opposite of good security, where you have many ways that don't work, but only one that does?

I'm sorry, but there shouldn't be any way of changing votes without detection; ideally, there wouldn't be any way of changing the recorded votes at all.

Voting machines vs. other machines

[upsidedown_duck]

I wonder what medicine and aviation would be like if their devices were allowed to be built like Diebold builds their machines. Lives on the line vs. the life of our democracy on the line...I don't see that great a distinction.

Re:Voting machines vs. other machines

[jthayden]

There are alot of lives on the line in this election, both American and Otherwise. People haven't paid much attention over the last 3 years if they don't realize that.

Re:Voting machines vs. other machines

[fishbowl]

"I wonder what medicine and aviation would be like if their devices were allowed to be built like Diebold builds their machines."

You slept in yesterday.

http://it.slashdot.org/article.pl?sid=04/09/21/2 12 0203&tid=128&tid=103&tid=201

Diebold Execs: Stupid or Crazy?

[Paulrothrock]

Diebold spokesman David Bear said by phone that no one would risk manipulating votes in an election because it's against the law and carries a heavy penalty.

WTF?!? Murder is against the law and carries a heavy penalty and people still do it, numbnuts.

Diebold is saying essentially what the Bush administration and, really, all NeoCons. "Trust us, we'll do what's right. Why shouldn't you trust us? We're respected people in power."

Hell, that was an argument a White House attorney made in front of the Supreme Court! When asked whether a chief executive could falsify documents he said something to the effect of "Yes, but *this* chief executive wouldn't do that."

Why not create a system with ways to keep people from doing things that we don't like, instead of *trusting* people you *don't know* to do the right thing. We could call it something like "checks and balances."

"Global management"? Sounds obvious to me

[ShatteredDream]

What's all the hubub over this? The GMES or whatever it's called is doing it's job. It's a **GLOBAL** management system. Who are we to tell the Nigerians and Chinese that they cannot cast a vote in our elections? Are we not a free country? As the self-appointed leader of the free world, don't we owe it to these poor, miserable third world serfs to taste pure democratic freedom? What is more democratic than a 5 line VBScript that lets them feel the awesome touch of freedom that comes with choosing leaders?

Sure it may be changing **YOUR** vote, but stop being selfish. Will somebody please think of the (Nigerian spammers' and Chicom's) children?

Election complexity higher ....

[gstoddart]

Yes. It's true we Canadians get a single piece of paper which gets an X.

But in Canadian elections we're typicaly voting on a single issue. 'Pick your candidate for this one issue, go home'.

My understanding is that any given ballot in the US will contain a lot of other elected offices and possibly other issues (think voting for a given measure or bill).

You'd need a big sheet of paper to get all of the check boxes, and counting for the individual issues would get complicated since you can't have a single pile for each issue and you would need to move them around.

Cheers.

Re:Election complexity higher ....

[Knuckles]

In Austria were I lived a while there were also often several votes during one go, and we had, gasp, one piece of paper and one box for each one.
I guess in the US there are more votes still, so I don't know if this would be possible

Re:Election complexity higher ....

[gobbo]

Provincial and municipal elections in Canada often have multiple issues voted on in a single poll: electing officials, approving major borrowing, large capital projects, referenda on contentious legislation, etc. IIRC (other canucks pls correct me here) there is usually a very simple electoral ballot and a separate referendum sheet with some explanatory background on the issue and several separate issues being polled on the same sheet.

As for all those in this thread questioning the simplicity and reliability of our method of marking in the circle for a single candidate: do you really have problems like that in the 'States? You mean the stereotypes* we have are true?

(*US-based link... in case you think I'm pulling your jambe.)

Re:Election complexity higher ....

[red+floyd]

In my precint in California, there's often somewhere in the vicinity of 40 or more decisions on the ballot.

President (or Governor, they're on different cycles)

Senator

Representative

Statewide offices

Statewide initiatives

Local offices

Local initiatives

Local measures requiring a vote (usually tax related)

Plus, don't forget the infamous CA recall election, which had 135 listed candidates for one office.

Re:Election complexity higher ....

The municipal elections are like that. "Select 1 for mayor, 10 for alderman, 2 school trustees, yes/no on the referendum etc"

We just use several ballots (one for mayor, one for aldermen etc).

This is written up in detail...

There is a more detailed technical and legal analysis over at Politics Web. It seems that Diebold may face federal sanctions as well as lawsuits from several state Attorney Generals. It is a very sticky issue for Diebold indeed, it seems like their time may come, but the damage already done by states that have irreversably replaced their voting machines that they cannot get rid of in time for elections this fall. link to articke.

har har (Re:In Canada)

[cascadingstylesheet]

...we just put an "X" in a "box" on something called a piece of paper. On this piece of paper, which we call a "ballot", there is a list of perhaps 4 or 5 names depending on the number of candidates running. You mark an "X" beside the name of the person you wish to vote for... then you take this "ballot" and place it in a cardboard-box.

Tee hee.

There was never a technical problem, just a political, or perhaps social one, of losers who were willing to do anything, even attack faith in democracy, to win.

I'd love a simple paper ballot. But thanks to Al Gore (Al Gore! All that for Al Gore ... shakes head) we live in the world of the post modern election (how did the person mean to vote).

I can't wait to see what the left's lawyers would do with paper and pencil - hanging serifs on the X, instead of hanging chads?

Let's blame Microsoft ...

[dioscaido]

... for Diebold's absolutely retarded system design and configuration. Come on people, if you are building a 'secure application', you do not place the interface and the voting data at the same user protection level. Hell, you probably don't want to place the voting data in the same physical location as the interface.

But really, this is somehow Microsoft's fault. I know it!! :)

Re:Let's blame Microsoft ...

[dioscaido]

What don't you understand? Read the replies to this story. Plenty of them smirk at the fact that Microsoft products are in use, and imply that it's why the system is vulnerable.

If the system were running linux, and the voting interface ran as root, as did the admin socket listener app, and any other process on the machine, would people call the developer stupid, or call linux insecure?

Dangling Chads and Codgers

Ok, let's keep this in perspective. Which is the more EVIL of the two?

One that old people can't use, and can still be skewed. One that old people can use and can still be skewed.

How do all the codgers feel about this issue?

Yeah I'm sure they're awesome...

...when they show up on time...

Re:Where's FP?

I hate to break this to you - but to be a First Post it has to be the FIRST FUCKING POST.

Re:GEMS - and the graveyard shift

>But speaking generally on the vulnerabilities Harris mentions, >Diebold spokesman David Bear said by phone that no one >would risk manipulating votes in an election because it's >against the law and carries a heavy penalty.

And every two years, as Chicago princint captains make their semi-annual pilgrimige to the graveyards, they are only looking after the voting intent of the dead.

evilness

[phyruxus]

>> All you need is a programmer or two who have strong political sentiments and enough knowledge and, BAM!, SCOTUS awards Bush another 4 years.

You say that like Scalia won't do it anyway. You laugh, but I'm not joking. See you all in Gitmo...

Re:evilness

[phyruxus]

You know, I don't troll or disrespect the forum. But the militant conservatives are beginning to annoy me. So since you're pissing on my parade, I'm going to go make a nuisance of myself on some right-wing site.

Ta.

Re:evilness

Do you seriously believe Slashdot is a right wing site? If so, you are so far left you probably believe that AIDS is caused by a lack of federal funding.

Re:evilness

>>Do you seriously believe Slashdot is a right wing site?

Umm.... no??? you misread my post, and badly. If slashdot was rightwing, why would I "go" to a rightwing site? But thanks for playing our game, we have some lovely parting gifts for you.

Secure Voting Machines

Nog that, we have real security in our voting machines in Louisiana. The delivery guys didn't even deliver about 600 or so of them to the polls around New Orleans for the last election until about 6 hours after the election had started!!

Talk about super secure there!

Exploits in ATMs

[Halo-]

I'm too lazy to find the actual paper, but there is a great one out there about errors made in early ATM design. (Dunno if they were Diebold's or not). For quite some time, the PIN used to access and account was stored on the magnetic stripe on the back of the card. When you "authenticated" to the ATM, it compared the PIN keyed in using the keypad to the PIN on the back of the card! Eventually criminals figured this out, and would steal people's wallets, take the ATM cards, and encode a new, known PIN on the stripe, and access the victims account.

I've worked with banks on other security systems, and in my experience they often "know what they want" but fail to ask the right questions. Of course, as soon as they start losing money, they get the point quickly. :)

(Okay, laziness over, I think this may be the paper I'm thinking of: Why Cryptosystems Fail)

Re:US Elections 2004: Battle of the Scripts

[Niles_Stonne]

Sounds somewhat like "Core Wars"... One of the very first games - can your program destroy enough memory in another program for it to crash before that progam destorys enough of yours?

Open Source E-Voting?

[protektor]

Isn't this exactly the kind of project that is perfect for Open Source. Its something a lot people (states/countries/etc.) could/would use and its something that would benefit from lots of people working on it to amke sure it is secure and works well? It doesn't seem like once it is made that there needs to be a ton of extra upgrades or features added to it.

Seems this kind of tool/program is exactly the kind of thing that should be done Open Source and stands a lot better chance of being a better program and more secure due to peer review and public scrutiny. Not to mention the amount of public tax dollars it would save since it would free and costs could be shared by all states for any support or maintance that was needed.

In related news, Diebold denies any backdoors

[Takeel]

Yesterday, Diebold sent out a PR piece over BugTraq saying that "Diebold strongly refutes the existence of any 'back doors' or 'hidden codes' in its GEMS software" in response to a BugTraq post in August that announced the discovery of a backdoor in GEMS. The backdoor announcement wasn't substantiated with any technical details.

While this Slashdot aricle appears to reference a vulnerability rather than a backdoor, I just thought that some might find this to be an interesting related story.

Here it is from the horse's mouth:

http://www.securityfocus.com/archive/1/375954/2004 -09-19/2004-09-25/0

Re:In related news, Diebold denies any backdoors

[Takeel]

The backdoor was also covered on Slashdot here:

http://politics.slashdot.org/article.pl?sid=04/0 8/ 30/2322208&tid=172&tid=1&tid=219

Re:Bow to your next president(Shouldn't that be)

[ginbot462]

I for one welcome me as my new overload.

And can I just make a comment about what a wonderful job I am doing.

talk about robust ATMs...

I once crashed a Windows-based Diebold ATM by just putting in my card, punching in my PIN, and then accidentally hitting "Spanish" instead of "Enter".

Brazil's Voting System

[gihara]

Why not simply license Brazil's Voting System? I am working as a volunteer in Brazil's city elections this years. The machines are simple and reliable, here are the specs. CPU: Geode National - 200 MHz. RAM: 64mb on board. 2 USB and 1 parallel on board. IDE and Floppy interface. 2 30mb flash disks - one for program and the other for the results. 1 floppy disk drive - sadly that's how we deliver the votes... but its quite error free because the votes are also printed. and theres also the flash disk. 9,4" LCD Here's the new model http://www.procomp.com.br/projesp.asp The only real bug in Brazil's votting system is the elector heehe... We elected a drunk last election for president... well... better than Bush... but still a drunk... ehehee

Re:Brazil's Voting System

I think the difference is that the CEO of Diebold doesn't care about delivering Ohio's votes to Brazil, whereas he does care about delivering them to Bush. The system you use down there does not make it easy for him to engineer the election.

Re:Brazil's Voting System

[AuMatar]

Still- how do you know your vote counted for whom you wanted it to count for? Do you have a paper trail, and do you check the paper trail? If not, your system is only slightly better, if at all. If you do- why not just skip the easily monkeyed with electronic systems and stick with the millenia old paper system instead? Despite all the FUD, the old chad system worked and only a fraction of a percent were miscounted. Most of them were because the voter was too stupid to check if the chad got punched cleanly. Penciling in boxes is good too, it just takes more time. Putting a computer in the system is just an unnecessary weakness.

Re:Brazil's Voting System

[Turmio]

BTW also the Americans elected an old drunk (well they didn't elect Bush, judges did but that's another story). And Lula rules ;) (speaking as a Finn).

Re:Brazil's Voting System

[meffie]

The Procomp machines are Diebold terminals. Procomp is Diebold Procomp, purchased several years ago.

Re:Brazil's Voting System

[jbartone]

Why don't you adopt Australia's voting system? Pen and paper all the way!

Re:Brazil's Voting System

[einhverfr]

We did. That is why our ballot system is called the "Australian Ballot." :-| See the recent interview with Badnarik for more information.

Re:Brazil's Voting System

Well... last election we knew who was our president on the next day, while america took 1 or 2 weeks am i right? the expectation in my city to know the major will be 2-4 hours after the election. It works like this: After the election is finished, the votes are recorded to a disk, then the disks are collected and transmited to the central agency where they are computed. The disks of course are under heavy criptografy. I live in manaus, amazon and deep in the forest even the indians can vote. the vote in their case is transmited throught a notebook conected to a Globastar phone. Ohh... the best part... the voting terminal is windows-free! ehehe... it runs a OS named Virtuos 3.2

Re:Brazil's Voting System

[N3WBI3]

Well we just got over a sex addict, so whats so bad about a drunk??

You have 40 days

[YrWrstNtmr]

Now to convince the U.S. state governments, or the Feds (who should probably fund and sign off on it).

Design, build, test a prototype system. Not just the code...the entire system.
Get government acceptance
Rebuild after the gov't doesn't like a few features
Get gov't acceptance again
Build several thousand copies of the user terminals
Install them
Train the poll workers
Use your system to conduct an election with between 100 and 200 million users. Must run flawlessly. The very first time.

You have 40 calendar days
Go

Re:You have 40 days

[E_elven]

I'm almost done:

$tally = {"Bush" => 0, "Kerry" => 0, ...}

def vote candidate
if $tally.keys.find candidate
$tally[candidate] = $tally[candidate] + 1
else
puts "Incorrect choice. Try again."
end
end

def show_tally candidate = nil
if defined? candidate
if $tally[candidate]
puts "#{candidate}: #{$tally[candidate]} votes."
else
$tally.each do | k, v |
puts "#{k}: #{v} votes."
end
end
end

Just need to write a GUI. You can peer review it in the interim.

Re:You have 40 days

You missed an end tag.

Re:You have 40 days

[E_elven]

Open source!

ignore me... head cold

[phyruxus]

ignore me, I have a head cold today.

Ehc-thphbt*honk* ugh...

For the dogs

In America, even the dogs can vote electronically. This one doesn't appear to have been tampered with yet since it says that most people (er, dogs) don't like Bush.

Re:For the dogs

[NoMonkeys]

Yeah, yeah. I checked it out. that funny. Tidbit the Tyrant [my dog] voted. she thinks gw bush bites the big one.

pwn the vote!

EOM

Paperless Machines CAN be good. Here's How:

[EaglesNest]

Requirements for paperless machines

Essential: Build the machine and software from the ground up starting with the proposition that you will have to recount the votes. All other considerations are secondary.

Parallel testing. On the day of election, randomly select a machine, pull it out, and run a simulated voting process on it. Compare the results with what they should be. Video the entire process. If the results are wrong, go back and investigate the video tape. It should be done for each polling place. This is expensive. The machines cost $3,000-$5,000.

Test before, during, and after elections.

California requires mandatory recounting for a random 1% sample of all ballots. This was introduced after optical scan ballots. This should be a national law.

New Hamphire allows any candidate to demand a recount for up to a 3% margin. Experts know how to count.

Florida did not know how to count votes correctly like many other states.

Issues like blind access are important to the blind, but remember our priorities! Recounts are the essential priority!

Ways to Cheat

Don't activate the cheating until after the election starts.

Only cheat with a few machines. Only a margin is required to swing a close election.

No verifiable audit trial. Design a paperless machine that counts votes and is not voter verifiable.

Get access to the machine before or after the election. The machines are almost always kept in insecure storage and shipped via insecure delivery.

Randomly change a number of votes each way each time you check the results. Change some votes for Kerry and some votes for Bush. Just weigh the cheating for your candidate. This way, you can't tell whether the cheating is a bug or malicious code.

This is great.

[blueforce]

Diebold is headquartered here in Canton, OH where I work. I have some buddies that are programmers over there.

Unfortunately, none of my buddies work on the voting software but man, oh man, is this gonna be fun.

I especially love the quote about "...incompetence and indicate that Diebold programmers simply don't know how to design a secure system." We've always had the friendly "our programmers are better than your programmers" competition but I guess it's obvious we win.

5 line VB script?

[Jugalator]

Sub RegisterVote(Voter As String, Candidate As String)
' LOL OMG IN GUNNA ROOL DA WORLD!!
' Votes.Item(Voter) = Candidate
Votes.Item(Voter) = "Joe Hacker"
End Sub

My e-voting experience last Tuesday

[dtjohnson]

My voting precinct has recently began using an optical scan voting system in which you blacken in little circles on the paper ballot for your choice and then feed your ballot into the vote scanning machine which then tallies the results and records them electronically. At the end of the day, the results get sent electronically to some central point where they are supposedly tallied. Anyway, I voted last Tuesday in a statewide primary and when I arrived about 20 minutes after the polls opened, there was already a long line of people waiting to feed their ballots into the vote scanner machine which was refusing to accept any of them. The voting supervisor guy was a gentleman in his 80s who obviously did not have a clue about what to do to either fix the machine or report the problem. People kept arriving, filling out their votes, and then lining up until the place was jammed. (There were 6 precincts using one vote scanning machine). Finally, one of the poll workers got a cardboard box, wrote 'votes' on the side, and said we could just leave our ballots in the box and they would feed them into the vote scanning machine later when it was 'fixed.' So...that's what everyone did since people had to get on to work and such. My conclusion was that this e-voting system was extremely vulnerable to any sort of problem, easily circumvented with fraud, and, in this case, didn't preserve ballot secrecy. This stuff never even got a mention in a newspaper which reported instead how well the voting went.

Re:My e-voting experience last Tuesday

[SocietyoftheFist]

Did you leave your ballot in that box?

Re:My e-voting experience last Tuesday

[fishbowl]

"This stuff never even got a mention in a newspaper which reported instead how well the voting went."

You didn't call the newspaper, and neither did anyone else.

Re:My e-voting experience last Tuesday

[SocietyoftheFist]

It's always somebody else that is supposed to do that, don't you know that?

Re:My e-voting experience last Tuesday

[stefanb]

It's a minor detail, but why is it that elections in the US are on workdays?

Finally, one of the poll workers got a cardboard box, wrote 'votes' on the side, and said we could just leave our ballots in the box and they would feed them into the vote scanning machine later when it was 'fixed.' So...that's what everyone did since people had to get on to work and such.

To the best of my recollection, most elections in Europe are held on a Sunday, so that voters have a real opportunity to cast their vote. Since having the election on a workday disadvantages people who have to actually work to earn a living, I have to wonder whether that's intentional...

Bullshit!

[natoochtoniket]

Jefferson added that he doesn't believe that the vulnerabilities show deliberate malice... But the vulnerabilities do show incompetence and indicate that Diebold programmers simply don't know how to design a secure system.

I call bullshit!

I'm sure the Diebold people do understand security, very well. Security is their main business. Clearly, the absense of security in the voting systems is not a result of accident, oversight, or incompetence. I am sure the absense of security is absolutely intentional.

These machines are designed, from the start, to rig elections.

Re:Bullshit!

[Sarin]

These machines are designed, from the start, to rig elections.

yes and I bet that after the elections this comes to light. only when Bush looses them ofcourse, these 'rigged' machines were the ones that made him lose the elections after all.
the votes made by those machines will be found invalid.

if he wins these 'rigged' elections will kept quiet in the censored media.

Re:Bullshit!

[kalislashdot]

No they know nothing of security. I know their ATMs well and they are piles of junk. It makes me sick to see the gapping open wounds we use to get money with.

Re:Bullshit!

I would agree. The naive programmer would make many of the same mistakes but would not maintain multiple sets of books: that is extra work and extra complexity which only offers the advantage of being able to offer different data to the audit process than to GEMs.

Anyone who has written a database consider the design process here (perhaps I'm oversimplifying but not much):

- Write a database.
- Add a few entry forms
- Write a few reports to check on the data

You need to print one of those summary reports to a different device for the "real tally"so what do you do:

-Duplicate the entire database (including the reorts)
- Write a utility to synchronize the two
- Write a few more utilities to sort out the inevitable inconsistencies.
- Set the report to print to the other device.

From a database standpoint, their solution to the simplest part of the problem is more complex than the rest of the problem put together.

Re:Bullshit!

[Rayonic]

> I'm sure the Diebold people do understand security, very well.

Funny that most of your theory rests on this erroneous assumption. Haven't you heard stories of their ATM work?

Nothing new.

[ScytheBlade1]

At my school, I was asked to write a voting booth for the school. It's done via PHP and MySQL.

I wrote it. I've got the access which I technically don't have.

Pedro for President, anyone?

Let me guess

[The+Real+Nem]

Diebold said Harris' claims are without merit and that if anyone did manage to change votes, a series of checks and balances that election officials perform at the end of an election would detect the changes.

Let me guess, if the series of checks and balances show Bush lost, someone cheated, we need a recount.

Uhhh....1

[dotslasher_sri]

change votes with a 5 line VB script.

Uh...i never knew VBScript is that efficient..

Why is it called GEMS?

[Dark$ide]

"Global", I'd guess that's following the same rules that make your domestic baseball contest into the "World" Series.

When will you Americans start to think about the fact that there's a world outside your borders? Some of which, like the UK, are still using a tried and tested paper ballot for their voting system.

GEMS

[Kozar_The_Malignant]

>obvious that GEMS is running in Windows

I thought GEM ran on Atari STs. :-)
Actually, it's still around

More Diebold E-Voting Vulnerabilities

fagots

Re: "diebold" (German) == "theif old" (English)

[neitzsche]

Oh my, I thought that was pretty funny, and that you were just joking, but NO! translate.google.com really DOES translate that just so.

I blew my mod points a while ago, hopefully someone else will be gracious to you (even though you did post as AC.)

postgres has subselects...

but you hippys can't deal with the Berkley License.

Still More Diebold E-Voting Vulnerabilities

oh boy fagots

Did anyone notice this part in the article?

[CodeMonkey4Hire]

Harris and the activist stand to make millions from the suit if they and the state win their case.

Why the [fh][eu][cl][kl] would he get any money? This is like a whistleblower suing a company for fleecing its investors and paying all the money to him instead of the investors.

Re:Did anyone notice this part in the article?

[Tarwn]

feck?
full?
hull?
huck?
hulk?
fulk?
hecl?
f ecl? :P

Re:Did anyone notice this part in the article?

[Peyna]

California has a whistleblower statute that would allow them to collect up to 30% of any reimbursement paid to the state.

It makes sense, the state is awarding people for bringing things to their attention which save them money. A lot of employers engage in the same practice.

Even More Diebold E-Voting Vulnerabilities

Jesus fagots

NWO

Make no mistake about it folks, what you are seeing here is preparations for this years vote rigging.
Bush is going to get re-elected no matter how big Kerry _really_ defeats him vote-wise.
He will set CIA and Mossad on launching more "terrorist" attacks on US soil, to coerce the public into accepting martial law.
He will re-institue the draft.
He will put America in a state of Martial law.
He will send more of us off to fight for him and his buddies making the big $$, and for Israels interests in the middle east.

The next world war is coming, and with it the New World Order. America is NOT going to play the "good-guy" part this time.

The ones of you who are currently passively sitting there DOING NOTHING about these rather grim outlooks will surely regret your inaction later.

Tell your friends and family, tell anyone you know, tell people you don't know. Call / fax your congressmen, senators (emails are ignored). Call / fax your local newspapers / tv stations / radio stations, ask them why they don't say a bloody peep about any of these issues.

http://www.whatreallyhappened.com
http://www.infowars.com

in switzerland ...

[hinterwaeldler]

Did you know that in some provinces in switzerland, we weight votes instead of counting them?

Yes, you heard right. We make two big piles with the yes and no votes, and weight them with an ordinary scale. We then compare the result with the weight of say 100 votes to see how many yes and no votes we have.

Good Description with Pics

[canfirman]

Jim Marsh's webpage, http://www.equalccw.com/deandemo.html"The Howard Dean Demo" shows in pictures how easy it is to manipulate the votes. It makes you wonder why the government pushes ahead with electronic voting when they know there are problems.

Re:Good Description with Pics

[taustin]

It makes you wonder why the government pushes ahead with electronic voting when they know there are problems.

I used to wonder. This makes me certain.

In Soviet Russia...

[SeanDuggan]

Or at least in Rostov-on-Don in 1996, they had about the same system. How do I know? One of the other people on our trip cast a vote for Yeltsin when our host family took us to the polls.

I will admit that staging an exchange trip in Russia during the election season was interesting. We were told at the beginning of the trip that if Gennady Zyuganov has announced as the winner, there was a plan to quickly move our group out of the country. *wry grin* Remember, this is the Communist candidate who promised to take back Alaska if elected...

Again, the real problem...

[robson]

...isn't that Diebold is going to fix all the elections. It's that whoever loses will have solid grounds for a legal challenge, simply because of the inherent insecurity in the system.

It would be really unfortunate to see another election end up in the Supreme Court.

Can anyone explain to me

[edremy]

The SciAm guy's idea for removing paper ballots in favor of an audio stream? This makes no sense to me at all- the entire point is that the paper ballot isn't on the computer.

I go vote, I hear the "You voted for John Kerry for President" audio. He's claiming that saving this audio stream is valuable. But I can save and alter any computer data I want- a bit of work (or malicious backdoor code) and the audio stream is nothing but "You voted for Cthulu for President"

Cthulu/Yog-Sothoth in 2004. When you're tired of the lesser of two evils!

Why is this so complicated? KISS!

[ohad_l]

I don't see why e-voting machines have to be running such complicated programs - Windows, for example. What the hell for? If it were up to me, an e-voting machine would be a box with two buttons on it. The buttons would be labeled for the appropriate candidates, and pressing a button would increment the counter for that candidate. Once a button is pressed, the machine gives an audible beep and waits for 60 seconds before any button can be pressed - and the officials make sure that no individual has any more than 30 seconds inside the booth (they should make the actual decision outside). When the day is over, the box is unlocked (it would have a traditional, physical lock) and connected to a printer/monitor via some port which is inside the box (read: box has to be unlocked or broken to connect for output). Finally, the inside of the box also has a 'reset' button, and an uptime timer (to make sure the box has actually been counting for as long as the operator thinks it has).
More complicated situation? Add buttons. I can't imagine any scenario that would mandate a machine running software complex enough to run a frickin VBScript interpreter.

Re:Why is this so complicated? KISS!

[kalislashdot]

Why only two buttons?

You know there are more then two political parties.

I am sure the Democrats and Republicicans would love a machine with two buttons so they can keep their monopoly on telling us how to run our lives. Cause you know what, they are both exactly the same.

Where's the NSA when you really need them?

[garyok]

Given that one of the 2 main directorates of the NSA is the Information Assurance Directorate, with the mission statement

IAD's mission involves detecting, reporting, and responding to cyber threats; making encryption codes to securely pass information between systems; and embedding IA measures directly into the emerging Global Information Grid. It includes building secure audio and video communications equipment, making tamper protection products, and providing trusted microelectronics solutions. It entails testing the security of customers' systems, providing OPSEC assistance, and evaluating commercial software and hardware against nationally set standards.

the question is "How come the NSA haven't gone all Enemy of the State on Diebold's collective ass?" I mean we are talking about the most important set of communications in the world's most wealthy democracy: who the people want to run their country.

Someone isn't doing their job.

Mind you, maybe their Signals Intelligence Directorate will intercept this on the way to your servers in the US (I'm in the UK) and they'll take the piss out of the other Directorate until they can't stand the shame and get their fingers out their asses.

Re:Where's the NSA when you really need them?

[ohmypolarbear]

the question is "How come the NSA haven't gone all Enemy of the State on Diebold's collective ass?" I mean we are talking about the most important set of communications in the world's most wealthy democracy: who the people want to run their country.

All the hoopla in Enemy of the State only happened when a corrupt politician was in danger of getting caught being corrupt. Since the NSA hasn't had to "go all Enemy of the State" on anyone, it must be reasonable to infer that our corrupt politicians are safe... how comforting.

The real question is:

[The+Real+Nem]

If you are unable to mark a simple X in a circle, are you any more able to work an electronic voting machine? If the paper is to confusing is an electronic voting machine any less confusing?

Consider we are talking about a system most people have used for years (a 90 year old grandmother is likely to have voted before) as opposed to a brand new system no one has ever seen.

Re:The real question is:

[tsg]

If you are unable to mark a simple X in a circle, are you any more able to work an electronic voting machine? If the paper is to confusing is an electronic voting machine any less confusing?

An electronic machine can inform the voter he's selected too many candidates (especially when the voter is supposed to pick two or three out of ten or twelve). An electronic machine can verify ("You have selected X. Is this correct?") the voter's intentions. An electronic machine would also allow the voter to correct a mistake without having to get a new ballot. If the interface is designed correctly, it need be no more confusing than a paper ballot (which can also be designed poorly a la Florida's butterfly ballot). It would eliminate the discounting of an improperly filled-in ballot because the computer would simply not allow it. It's called input validation and computers have been doing it for years.

Consider we are talking about a system most people have used for years (a 90 year old grandmother is likely to have voted before) as opposed to a brand new system no one has ever seen.

My guess is even your 90 year old grandmother can be shown how to use an electronic voting machine in a couple of minutes. But also have plain paper ballots available for those who want them.

Isn't it interesting

[Aexia]

that the exit polls indicated Gore was the winner in Florida in 2000 and that they were right?

Once, of course, you factor in the mind-boggling number of shennanigans that occured. The exit polls proved to only be an accurate measure of the number people who *thought* they voted for Gore.

This year, though, there are no exit polls so there'll be no independent confirmation of what's going on.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Not That Worrying

[angst_ridden_hipster]

Let's face it people, voter fraud is easy with or without computers.

Personal Anecdote:
My polling station got upgraded from the punch-out-the-chad-with-a-stylus system to a poke-the-spot-with-an-ink-stylus system between the last two elections.
My area is heavily Democratic. For efficiency's sake, the polling area has five carrels for Democrats, and two carrels for Republicans. As part of the semi-legendary radical socialist wing of the Republican party, I was waiting for one of the Republican carrels to open up. It was taking a long time, as an elderly Republican neighbor of mine was trying to vote. He complained to the polling place staff that the stylus was not poking out the chads. To demonstrate that it was OK, they pulled a blank ballot off the pad, stuck it in the machine, and stamped a few (possibly) random votes, and pulled it out to show him that the machine was, in fact, working. They then tossed the ballot away. (He was convinced they were trying to invalidate his vote, so he ended up punching each vote all the way through anyway).

But no-one batted an eye that they had just created an illegal ballot. When I called the election office to complain, they gave me a song and dance about how it would have been impossible for them to insert it into the ballot box without raising red flags, how the register would not match, etc. But they don't let you insert you ballot directly into the box yourself; you hand it to someone and you watch them put it into the box. It would be trivial to do a quick palming of one ballot and insertion of another.

With the last election being so close, it would only take a few votes per polling station to throw an election. Bruce Schneier calculated it out in a recent article in terms of cost per vote, and it was quite low. Sure, it would be more expensive and would involve more people to do it in the old-fashioned low-tech way than it would with Diebold's patented cheating system, but the difference is only a factor of two or so. Given the stakes in a national election, that's down in the noise.

So basically, you either have to trust the system and believe that people will not cheat in the election, or assume that cheating is ubiquitous regardless of the physical system used.

#cynicism on
OK: cynicism mode on

In other words, We The People are fucked, we have been fucked, and we will continue to be fucked.

#cynicism off
ERROR: Cynicism mode cannot be disabled.

Re:Not That Worrying

[elpapacito]

Any system can be cheated somehow, given enough motivation to cheat. The big point is how easy it is to cheat ! There's no reason to make a system weaker because the -supposed- future order of difference is one or two points. It smells of apathic depressed behavior, exactly how many politicians would like us to be, apathic and careless.

Maybe you remember the first times newspaper started talking about the "evil computer pirates" (then "hackers" , then "black hat" then god know what they invented) and how they exploited banks' computers.

Remember how people was -totally stunned- by the fact one person could steal millions without actually robbing a bank ? It was fuckinbelievable, yet it was 100% true, it could be done without a trace or a smoking gun. TODAY security is much tighter in many financial systems thanks to hackers exposing or exploiting the loopholes.

So why should we TODAY make the voting system even more cheatable ? We know that computers can be used to manipulate millions of votes in a split second, so for what goddammed reason are we throwing ourself in a predicatable and predicted disaster , with all our past experience with computer abuses ?

The "we must face it" attitude is that of losers.

Oooh, libertarian voting!

Sounds like a libertarian voting system. No rules or monitoring organizations necessary! Saves tax money! You're free to use whatever means you can think of to give yourself/your candidate as many votes as you can. The candidates deserve whatever votes they're able to acquire! Might = right! It may seem unfair, but really, it's the more fair system because it's the more free system! If your candidate loses, he must just not have been trying hard enough.

Here is what is wrong with today's journalists

[FunWithHeadlines]

"But speaking generally on the vulnerabilities Harris mentions, Diebold spokesman David Bear said by phone that no one would risk manipulating votes in an election because it's against the law and carries a heavy penalty."

You were right to highlight that quote for it is truly astounding. Now this was Wired and it was a better report than most, and Wired has done a great job of highlighting this issue. So my rant is a general one and not specifically directed at Wired, but more directed at the general state of journalism today.

What Mr. Bear said was laughable! It has always been against the law and carried a penalty for vote tampering. Yet in every major election (and probably lots of minor ones too), there has been vote tampering. Every single one, folks. It happens every time, and will happen this year like clockwork. Journalists know this, and yet today's media has been cowed into thinking balanced writing means you quote from Opponent A and then you counter-quote with Opponent B and then you hand it in to your editor. Today's politicians, and other sleazes, know this so they play the game this way: When asked for a quote, they make something up, anything to push their side or detract from the other side. They know that no matter how patently and obviously false their statement is, it will get printed and no journalist will call them on it.

Mr. Bear could have said, "Tomorrow the sun will not rise and gravity will cease to exist." All the journalist would do is find a scientist who would give a counter-quote and be done. I say why can't the journalist write the article this way:

"But speaking generally on the vulnerabilities Harris mentions, Diebold spokesman David Bear said by phone that no one would risk manipulating votes in an election because it's against the law and carries a heavy penalty. Although such has been the case in every election ever held and yet voting fraud has been widespread anyway, clearly showing that such penalties do not prevent voter fraud."

I mean, if it's obvious a guy is saying something irrelevant, call him on it!

You stupid woman

Can't spell "Nietzsche", can't see that the common practice in automatic web-based translation is to leave words that aren't found in the dictionary unchanged in the translation.

Re:You stupid woman

I know is not a "real" translation. It was just relating to the comical post about 'diebold' meaning 'lowest cost bid' or something as such. Don't be so serious. :-)

Diebold replies on Bugtraq

Right after this reply I think the executive was seen sticking his head firmly back up his as.. err in the sand.

Diebold strongly refutes the existence of any "back doors" or "hidden codes" in its GEMS software. These inaccurate allegations appear to stem from those not familiar with the product, misunderstanding the purpose of legitimate structures in the database. These structures are well documented and have been reviewed (including at a source code level) by independent testing authorities as required by federal election regulations.

In addition to the facts stated above, a paper and an electronic record of all cast ballots are retrieved from each individual voting machine following an election. The results from each individual machine are then tabulated, and thoroughly audited during the standard election canvass process. Once the audit is complete, the official winners are announced. Any alleged changes to a vote count in the election management software would be immediately discovered during this audit process, as this total would not match the true official total tabulated from each machine.

Deibold is between a rock and a hard place

At this point the world+dog knows that either:

A) Diebold's programmers fscked up monumentally in which case one must conclude that ATM security is no better.

or B) The programmmers did a fine job which means that these types of vulnerabilities were designed in from square one.

All of the major banks have got to be asking: "which is it?" and "What are the chances that our systems have similar vulnerabilities?" The execs can play the reasonable doubt game with the courts and the governnent but I don't believe that a conpany with billions of dollars of potential liability on the line is going to take "maybe" for an answer. If the answer is (A), the banks will be replacing those ATMs as fast as they can on Diebold's dime but if it is (B) the board will go to jail AND the banks will be replacing those ATMs.

Dear Diebold

I would argue that the people in question here may understand your
system "better" then the engineers who designed it. Hacking, in it's
original coinage, was something along the lines of "understanding and
manipulating a system beyond it's originally designed intentions". In
a perfect world your system would likely stand the test of time
without a single attempt of coercion or malicious intent, however; we
do not live in a perfect world. Our government is even designed in a
way to prevent malicous use via checks and balances. Therefore quotes
such as "Diebold spokesman David Bear said by phone that no one would
risk manipulating votes in an election because it's against the law
and carries a heavy penalty." sadden me deeply. It shows an inability
to cope with the realities of this world. And if you and your company
truely believed that then we wouldn't need to enter our PIN number
when we use your ATM products, would we? Robbing another person of
their money via your electronic transfer system is heavily prescribed
as illegal yet you've taken considerable time to improve the ATM
system.
All the voting populace asks is that you take the same effort to
protect our sacred right as voters by designing a system that will not
only withstand attacks from outsiders, but insiders as well. I
realize this complicates the design by a thousand fold, but we are
talking about the new backbone of our election system. And without
free and fair elections we would lose the foundation of our entire
country. Isn't our democracy worth it?

Signed,
A concerned voter

Write-once/read-many ?

Big table, one row per voter, one column per candidate, write-once, read as much as you like (CD-ROM, or whatever else). Use simultaneous writes if you're scared of errors.
Source for writing the data readable by all. Publish the memory contents on the web once the vote is over.
What else do you need for traceability ?

Oh yeah you need to buy a new storage for every election. So what ?

Reference number for each vote?

[jgoemat]

How about print out a receipt for each voter with a unique number identifying their ballot and the votes they did encoded or just on it. Distribute the vote data on the web. Each voter could then download it and see their votes, as well as total all the votes and summarize any way they want to make sure the counts are correct. As an individual, I'd like to be able to count the votes myself (with a computer program), and to see that my vote was actually there and was counted. The way the system works now, we don't know if our vote is ever counted. We trust the machines to count correctly and the workers to report the numbers correctly. I just shove my ballot in a box and take it for granted. Also the people running the polling station could pretty easily fill out a bunch of ballots themselves and stuff them in, I don't think there's really anything stopping them. The only thing may be that I believe representatives from each party are there and they would watch each other, but what if one is corrupt?

The only problem would be that people might be forced to vote a certain way, either paid to do so or blackmailed. Maybe someone's boss would ask to see their voter receipt and look up how they voted, then fire them if they voted for the a candidate he dissapproves of. We could make penalties in the law for that though...

its dead already

[myowntrueself]

Demolition of democracy started with television coverage of election campaigns.

After that, it was just a matter of who either had enough money for the best media campaign or who had the ear of the media corporations.

Nowadays, in the western world, democracy is almost entirely extinct.

Even if the individuals vote is counted accurately, the more influential factor is how the individual decided what to do with that vote.

If you can influence that, then you control democracy with no need for easily detectable voting fraud.

And guess what? There is a well developed technology for influencing what people do with 'tokens' such as money. Its called advertising.

My bet is that it works for votes too.

In fact, I'd call that a 'duh'.

If ONLY the dogs could really vote

[AdGeek]

I'm pretty sure if dogs could REALLY vote that sanity would prevail. Hey - what if dogs could RUN for president?! Tidbit the Tyrant couldn't be as bad as the tyrant we already have in their and his IQ is probably double "our guy". Cute website. The biscuits crack me up. They should consult on electronic voting - they must have some high-tech way for the dogs to use the mouse.

Thats it then

[Bayleaf]

Somebody wins, other person says 5 lines of script blew me away, so lets see how the courts handle things. Who runs the US of A whilst we wait for this to be cleared up (and how long will that take)?

and the dudes who get "elected" in...

[zogger]

...with the scam voting automagically become "de law", so who is gonna investigate themselves willingly and honestly? Joe prez has a lot of power, he can tell various bureaucracies what to do and they all click heels and sieg heil and follow orders. Whistelblowers get persecuted and ignored in the press for the most part. Just like the presidential appointed 9-11 government coverup ommissions hearings, they started with a default "oh, it was all raggyheads did it" and investigated from that point.

bigfatjoke if it wasn't so serious.

I'm still gonna vote but I'm gonna do what I did in 2002, write in some candidates (well, actually I write ME in someplace where whomever is running unopposed) and see if it shows up in the result. In 2002, it didn't, first time I used diebold machine.

Conservative Media

I wish the media would pay more attention to this. But alas they are to busy trying to make people focus on thing that won't hurt bush.

Why Is VB Installed On These Servers At All?

[John+Hasler]

And if there is some reason why it needs to be there, why is it possible to write and execute a new script? Does Microsoft Windows have no equivalent of noexec and readonly?

Patriotism

[Dovregubbens+Hall]

NOTE to FBI, election officials and readers: This is not a suggestion on things to do. I am not saying that someone needs to hack the voting system, I'm just saying that if the worste case scenerio occurs people would notice. I don't want someone doing this and me ending up in Gitmo.

Excuse me for yet again being so anti-american, but I thought that the american concept of patriotism was that you would proudly hack the voting machines if it was needed to demonstrate that the election was easy to steal?

That any patriot would take the risk of being shipped off to Gitmo when it was needed to preserve democracy and freedom?

So WTF happened to patriotism?

The fact is that the voting machines needs to be hacked, at this point the only way to ensure that democracy survives in the US is that CowboyNeal is elected for President.

It means that some patriotic hacker has to do it, and I see nothing wrong with advocating it.

If you want to improve your chances of not going to Gitmo, you may want to hack the machines and hop on a plane to somewhere more free and stage a press conference there just as election officers discover the hack.

Diebold or Paper, it will not matter IF YOU

[elpapacito]

forgot to register to vote. Deadline is very close, more info in the linked government website.

No worries - its against the law

[blackpaw]

Your election results are quite safe, as the Diebold rep says (in the article)

"But speaking generally on the vulnerabilities Harris mentions, Diebold spokesman David Bear said by phone that no one would risk manipulating votes in an election because it's against the law and carries a heavy penalty."

Incredible - looks like you can remove all the locks off your homes and banks because robbery is against the law !

I suspect no matter who wins the next American election, the results are going to be suspect. Perhaps you'd like some election monitors ? Cuba volunteered some last time didn't they ?

Re:Use Canada's voting system - More Reliable

Our system is more reliable than Brazils:

Vote Selection Interface:
- Piece of Paper

Write Mechanism:
- Pencil

Storage Device:
- Cardboard Box with Slit on top.

Authentication Mechansism:
- Human sitting in a chair.

Convicted Felons on Staff.

When they hire convicted felons (see www.gregpalast.com for details) to run their operations the CEO may be the least of their worries.

Most unfortunate

[HangingChad]

That the current administration is so concerned about democracy in Iraq but has such little regard for it here at home.

If I were going to venture into tin foil hat territory, I might say that if the voting went against the current administration they'd claim voter fraud from the voting machines. If it goes their way, they'll be happy to look the other.

Still helps

[einhverfr]

You see-- no paper ballot, no paper trail.

You vote absentee to create a paper trail and help prevent anyone interested in voter fraud from getting away with it.

Re:Still helps

[merlyn]

Well, from what I was told, they also shred your ballot immediately after entering it, because "it's been counted now".

Any system can be attacked. Which is why you....

[einhverfr]

use a well-designed electronic voting system with a paper trail.

Unfortunately ballot boxes can be stuffed :-( However, it would be more difficult to defeat if you had multiple systems (paper ballot, electronic db, etc) all checked against eachother.

You do have one real weakness of the electronic system. A ballot box can be easily examined, as can most voting machines. These are run by public institutions. When you have private institutions creating "black-box" voting systems which are quite complex, then you have a greater likelihood for fraud. :-(

You are what you eat

[hey!]

I wouldn't dismiss the platform issue entirely. You are what you eat. Your systems are what components you decide to put into them.

While it's true that the basic problem is Diebold's apparent incompetency, it's also true that a real RDBMS like Oracle or even MS SQL server (or Postgress I guess, but I don't have direct experience with that system) would go a long way to making tampering detectable. These systems keep independent audit files, for media failure recovery mainly, but very useful for things like hot backups and debugging. On more than one occasion I've dealt with customers who swear up and down that a system I've designed has mishandled data, and I've simply gone to the audit trail and showed that Joe Shmoe entered/deleted/mishandled some data entry task on a certain date at a certain time, and then gone back to show that he needs training because it is part of the pattern of how he uses the system all the way back to the day the system was installed. I have systems that have been in the field for six or seven years, and I can go back and tell you what people were doing on them the day after they were installed, or recreate the exact state of the database at any minute of any day of any year you choose to name, and tell you exactly how any value in any field got that way.

This isn't because I'm a database god. It's because I'm at least minimally competent to design computerized record keeping systems. True, making a critical system secure is very difficult; if it were me I'd probably want to hire independent security experts to audit my decisions and management of the development process. But these guys completely muffed the easiest thing to get approximately right, which was the platform decision.

Right out of the gate the chose tools, not for their appropriateness for the mission, but their "ease of use". I put this in quotes because they aren't really easy to use if they don't work for the problem. My swiss army knife is easy to use, but not for removing the lug nuts when I'm rotating my car's tires. Access is a tool that is NOT aimed at the professional developer market; it's aimed at non-technical "power users" creating personal or departmental databases. It's actually pretty good for this purpose, although arguably not the best in this space. But it's not for anything where accuracy and reliability really matter. This system sounds like the hordes checkbook balancing programs made by amateurs in QBASIC during the early years of the IBM PC.

Fools.

[Sj0]

The arguement against e-voting is irrelevant, Diebold should have lost the contract after the first two or three security flaws. Overcomplication of the machines by using embedded windows is stupid. If they took security seriously, they would never have tried to use it in the first place.

Linux isn't the answer either. Personally, I'd drop x86 for a cheaper embedded processor, I'd demand engineers with experience in creating hardened systems from scratch, and I'd spend the extra money to make DAMN sure I didn't drop the ball on this projects, which has the potential to be INCREDIBLY profitable for a company willing to do the job right.

The Diebold GEMS HW/SW environment explained

[JimMarch(equalccw)]

The GEMS (Global Election Management Software) program runs on a fairly standard P4 "server grade" box supplied by Diebold, usually a Dell of some sort. It "tallies the vote" on election night from both optical scan and touchscreen voting terminals.

Counties that use touchscreen terminals still use large-model optical scanners to process absentee votes back at county elections headquarters where the GEMS box is.

It's got the usual server stuff, lots of RAM, fair amount of disk space, etc. Funky stuff: a Digiboard multi-port serial card, usually 16 ports on PCI, sometimes two. A CD burner for backups...floppy, USB, etc. I examined the one in use in Fresno County California pretty carefully.

Software:

Most now are running Win2k; there are hints of XP here and there and some old ones have NT. They've had NT or better at least since 2000 (the year that is).

It's got the MS-Jet database engine and related goodies...including an MS-Access runtime. All the libraries to run Visual Basic script files are also present.

GEMS is itself an MS-Access application, and it's data files are fully readable by MS-Access.

IF MS-Access is loaded on the same PC as GEMS and it's data files, it's dead obvious that the data can be diddled with in Access without leaving an audit trail record and without requiring a password. Votes can be changed, the audit trail can be edited in a fashion that can't be detected later (because Diebold disabled automatic line numbering that would show a sequence problem!), etc.

We've known that for a while. And we knew that since GEMS was basically a "giant MS-Access script file itself" in compiled form, it would be possible to write small "hack scripts" to alter vote data.

What Professor Thompson has shown is that it's possible to write VB scripts in the notepad to do alterations to a vote data file. These scripts can be so small they could be typed in via MS-Notepad on election day.

Mind you, Diebold wouldn't need to go to even that much trouble.

Election observers (myself included) have personally seen Diebold techs on elections night with full access to either the terminals feeding PCMCIA cards from the field into the GEMS box, or the server itself.

We know that on 3/5/02 during the California governor's primaries, a Diebold tech in San Luis Obispo County stole the complete early results file right off of the server at 3:31pm, hours before the polls closed, and uploaded it to a Diebold FTP site. We know because we found it later. The ZIP password was defeated by a dictionary crack and turned out to be "sophia" - the Diebold tech on duty that day in that county was Sophia Lee.

So they damned well DO have enough on-site access to load hack scripts of the size range Prof. Thompson demonstrated.

Remote access:

We've played with various GEMS versions on various PCs. IF you run it on a box with firewall software like ZoneAlarm, you get random warning that GEMS is trying to make an outside connection of some sort. We call this the "ET phone home problem". We don't know where it thinks it's calling but that's how you'd beat a firewall on a county LAN if the GEMS box is so connected...set up GEMS to start the conversation from the inside.

Are GEMS boxes on such LANS? We know the IP addys that the Alameda GEMS box modem ports were set up at: 166.107.248.210 to 220. Now go ping the Alameda County website (www.acgov.org)...hmmmmm? Sure made 'em compatible, didn't they?

On those modems: the software behind them is MS-Remote Access Server (RAS). Diebold regularly tests the connections with laptops. They also know the phone numbers of these modem banks that the terminals dial into on election night to do early results. Looks like a security hole from hell to me!

As to the actual GEMS "double set of books" hack, here's the screenshots and explanation:

http://www.equalccw.

I bet they're checking that the voters are real.

[Ungrounded+Lightning]

In Missouri, the republicans are asking for lists of voters that have requested absentee ballots. Here's one story.

I bet what they're really after is checking whether the voters are real.

The motor-voter law makes it trivial to create an army of phantom voters:

- Go to the DMV (or any of several other government offices) and ask for a few boxes of registration forms "for a voter registration drive". (Yeah, right!)

- Fill them out for imaginary voters at suitable maildrop addresses.

- If the registration form lets you request permanent absentee status, do so. Otherwise request it, or an absentee ballot for this election, when the voter information form comes in the mail.

- Vote your thousands of phantoms any way you want.

But by getting the lists - especially the late entries - and calling them up to "educate voters on how to vote absentee" the party can kill two birds with one stone:

- Impress real voters with how nice they are (possibly giving them a more favorable opinion of the party) and help them get their vote in.

- Detect if a massive fraud is being committed if, for instance, a bunch of absentee voters turn out to be all at a bunch of nonexistant set of apartments in a single-family residence or a storefront office, or using the same post office box and giving empty lots for their residence addresses.

Democrats don't like it? Then they can do the same thing to check whether the Republicans are creating thin-air voters, too. B-)

Diebold ATM (again)

[ImaLamer]

Every time Diebold comes up I post this:

Crashed Diebold ATM

Re:Diebold ATM (again)

Your link doesn't work. Can you check if perchance the server has melted?

It's now 15%, not 30%...

[JimMarch(equalccw)]

When California AG Bill Lockyer joined in the suit, our cut ("our" being myself, Bev Harris and our attorney) went from 30% max to 15% max. Fine by us: it means first that Diebold is more likely to settle, and second Lockyer is inviting other counties to join in the suit. How many more (on top of Alameda County) is unknown right now but it could be a substantial number - Solano County agreed to pay Diebold $415k to "go away" (to break the contract, in other words) whereas the Harris/March/Lockyer suit allows counties to get rid of Diebold and GET PAID :) based on Diebold's software being an illegal, unsecure piece of crapola. You tell me which the counties will like better. Solano's contract was worth about $5mil or so. Alameda's is worth $14mil. San Diego is the biggie, at $33mil. Others vary across that spectrum. If enough join in based on Lockyer adding his professional credibility to the suit Bev and I started, the total actual contract (refund) amount could hit $70mil pretty easily. So instead of 30% of $14mil, we could end up with 15% of God knows how much more than that :). That works :). And that's not counting how there's a triple damages multiplier if we prove fraud, although Diebold will probably settle for less. Once we actually have the winnings, if it's by settlement our attorney Lowell Finley gets 25%, if by court decree, 33%. I consider that fair. When Lowell came to me back in October of '03 to propose all this, the first thing I said was "we're bringing Bev Harris in". That means I caused my cut to drop in half as the first choice I made in this case...so saying I was in this for the money is...well, silly. Lowell knew he needed a lead plaintiff who had generated new info on Diebold, who lived in California. He picked me based on work I'd done to that point. --------- Last detail: because this is a whistleblower suit, the government doesn't just get our info (valuable enough). Whistleblower suits have the damage tripler for fraud. That gives the government a much "bigger stick" to beat Diebold into submission (settlement) with. Jim March PS: yes...knowing that I'm probably going to be worth a lot more money pretty soon is cool. As it is...my only ride is a motorcycle that was a great deal at $300 once I got the dead spider out of the left carb :).

ATM security, for comparison

[Beryllium+Sphere(tm)]

Pick up Ross Anderson's book, Security Engineering, and read about the horror stories he's found in UK ATMs.

If the US does better it's because the banks are on the hook financially if there's a screwup. The incentive to get things right is in the same place as the authority to order things done right.

It's even conceivable that someone at Diebold reasoned that voting machines don't have any critical security needs because they don't handle money.

Australian Capital Territory election - electronic

[brindafella]

There is still time, America... An electronic voting and counting system (EVACS) is alive and well in the Australian Capital Territory election on 16th October 2004. The source code for the Linux based system is available for anyone to check, and this is it's second outing: It was used in the election of 2001.

Dude - it's the month, not the swamp :)

[JimMarch(equalccw)]

Sheesh :)

(yes, that's my page )

That problem was solved - with Open Source

Look at this article in The Register and follow the links:
the Dutch have produced remote, Open Source voting software and are actively planning to use it. It appears the security of the code is mathematically proven, and you go and download your own copy to play with.

That means there is (1) a cost effective way of remote voting and (2) a really good argument to upgrade those Diebold machines to Open Source and (3) absolutely NO NEED WHATSOEVER for US soldiers to have their privacy and vote secrecy violated by the proposed manual process.

Unless democracy wasn't the actual aim, of course..

= Ch =

It wasn't crashed

[commodoresloat]

It was just in Spanish.

Gambling and Slot Machines are more regulated...

[flowerp]

...than e-voting machines.

No machine can ever be operated or installed legally before its hard- hand software have been certified by the Nevada Gaming Commission (Electronics Services Division).

"The Electronic Services Division examines, tests and recommends gaming devices for approval or denial by the Board and Commission. The Division inspects gaming devices in its laboratory and in the field to ensure continued integrity, and assists in resolving gaming patron disputes through analysis of device electronics and software."

Would it be so hard to do the same for voting machines? Have some REAL experts look into the subject matter?

Trust me!

[Cro+Magnon]

Even ASSuming that you do trust the Republicans, what happens if Hilary Clinton buys Diebold before 2008? Should we still trust them? And wasn't it a Republican who said "Trust, but verify"? Where did that party go?

*blink* Overrated?

[SeanDuggan]

Given no one's modded it up and it basically makes an informational point? I get the feeling that someone tired of "In Soviet Russia..." jokes and modded me down without reading content... *shrug* Life.

Dieblod spokesman: Relax ....

"Diebold spokesman David Bear said by phone that no one would risk manipulating votes in an election because it's against the law and carries a heavy penalty."

PInch

[The+Ape+With+No+Name]

I have a thought. What if someone walks in with a great bing fuckoff EM pinch and sets it off in the voting booth. Or, even, a degausser placed strategically?

Re:PInch

[JimMarch(equalccw)]

Hit the dang thing with a 9v stun gun (zap!) and it'll puke and die right quick.

Re:Gambling and Slot Machines are more regulated..

[JimMarch(equalccw)]

Oh, it's funnier than that.

The Nevada Secretary of State hired the Nevada Gaming Commission to take a look at the Diebold system.

The Gaming Commission promptly published a four-page report saying basically "you gotta be KIDDING! This shit stinks!" :)

Discussed on /. previously:

http://slashdot.org/articles/03/12/04/1443257.sh tm l

French voting system

It's probably because the system has no major flaw that some french cities are testing computer voting systems...
Most people using them were quite upset, so officials choosed to... continue to use them.

Concerning blind people (and other people) bulletins are not only available at the voting point, but are sent to every citizen by the post.
You can prepare your bulletin and put it into the envelop at home, and then go to the voting point. In fact, vote is quite harder with a computer, for blind people.