Slashdot Mirror
More Diebold E-Voting Vulnerabilities
presmike writes "ok, it looks like Diebold has more to worry about now that it is possible to change votes with a 5 line VB script. 'The vulnerabilities involve the Global Election Management System, or GEMS, software that runs on a county's server and tallies votes after they come in from Diebold touch-screen and optical-scan machines in polling places.'"
"There's 14,375 votes for Bush, 14,374 for Kerry and 2,793,036 for Mr. Magoo, let's tell the public about this 4 years after the election, OK?"
A feeling of having made the same mistake before: Deja Foobar
Our voting machines are awesome in Louisiana. In my parish we use the AVC model. You go in and press buttons and then hit "cast vote" and it goes "doo doo doo" and it gives me great satisfaction.
I think it does have a paper trail and I've never heard of any vulnerabilities for it, and we have no hanging chads. Completely electronic.
Chris
Ah, for the days of taking a pen and a sheet of paper with boxes next to names, and marking an X in the box next to the person you want to vote for.
Simple and relatively free from error. I'm sure optical scanners today should be able to process these damned quick, too.
Hopefully New York is not going to be using paperless electronic voting machines. I don't trust them.
Well, technically the db backend in access, not the system itself. The amusing thing about access is it supports subselects! There isn't a release of mysql that does this yet. As much as we all hate access, it may have been an ok choice for this. At least there isn't a slammer worm for access. Given the choice between access and ms sql server for our voting machines, I guess access isn't so bad. Though, user permissions on the db is probably something to worry about.
:(){
For those interested, the current issue of The Economist has an article on voting technology. It does not, of course, discuss this latest development, but gives a good overview of the area, with a great deal of attention given to the issue of paper, paper trails, and making the whole system more transparent.
I've finally got around to changing my sig
understanding? sure. motivation to implement it? maybe not. consider:
remember: in every first year computing science class assignment #2 is "bank machine".
2 1337 4 u!
I'm totally stunned to watch what is going on in the US right now.
After the Florida disaster the last time around you would have thought that things would change for the better, but they seem to only get worse.
Soldiers sending in their votes by email and waiving their right of a secret vote.
Yet again the top Florida election official doing everything she can to make sure Bush carries Florida.
And all these stories about Diebold, that would be tremendously funny if they weren't so important.
Wtf is wrong with the US?
Really, this is not meant as an anti-American troll, but I really have a hard time understanding it and most of all I get the impression that most Americans don't really care about these problems and that is probably the scariest part.
Their solution: A dual-method system. First, the person fills out a card with their choices. Then they put the card into a slot which reads it, so they get a chance to review their choices. If they want to make changes, the old ballot is stamped with "Void" and shredded, and a new one pops out, ready to use. If they accept the choices, the ballot is placed in a bin *and* recorded electronically.
I'm in the hole of the broadband donut.
I was trained to fix those here in Georgia. Sad thing I find out bout this thru /. not them.
SimonTek
I submitted this in April, crack mods rejected it.
Two brothers will count 80% of the vote.
In a country where no-bid contracts and the VP's corporate relationships aren't questioned, this is worrying.
London's finest organic fairtrade coffee
I wonder what medicine and aviation would be like if their devices were allowed to be built like Diebold builds their machines. Lives on the line vs. the life of our democracy on the line...I don't see that great a distinction.
-- "Makes Little Debbie look like a pile of puke!" - Moe Szyslak
WTF?!? Murder is against the law and carries a heavy penalty and people still do it, numbnuts.
Diebold is saying essentially what the Bush administration and, really, all NeoCons. "Trust us, we'll do what's right. Why shouldn't you trust us? We're respected people in power."
Hell, that was an argument a White House attorney made in front of the Supreme Court! When asked whether a chief executive could falsify documents he said something to the effect of "Yes, but *this* chief executive wouldn't do that."
Why not create a system with ways to keep people from doing things that we don't like, instead of *trusting* people you *don't know* to do the right thing. We could call it something like "checks and balances."
I'm in the hole of the broadband donut.
Why even hire people ??
Here in Canada the counting is does by volunteers of each party. Get 2 republicans, 2 democrats supporters and another one for the other candidates, and count / recount until everybody reaches a concensus within +- a certain percentage.
It really isn't rocket science.
Getting volunteers is even better too, because you get the population actively involved in the voting process. Plus if they're actually taking time off their schedule to do that, you know they're dedicated to whichever party they're supporting and won't take their jobs lightly.
A million monkeys and this is the best sig they could come up with...
They are, and the title page for the article is great. It says:
Electronic Voting Machines Promise To Make
F I X I N G
Elections More Accurate Than Ever Before
I wanted to scan in the image and post it, or at least post a link to the graphic on SciAm's site, but the former is not currently practical on /. and SciAm does not have the current issue freely available on their site yet.
What they're really saying is two things, interleaved with different colours and fonts. The title of the article is "FIXING THE VOTE". Interleaved is the subtitle, "Electronic Voting Machines Promise To Make Elections More Accurate Than Ever Before, But Only If Certain Problems - With The Machines And The Wider Electoral Process - Are Rectified."
The way they chose to interleave the title and the subtitle results in what I consider to be a much more accurate statement! I almost can't believe that they didn't see this as they were designing the page, and so maybe they are putting out their own subliminal opinion on e-voting without necessarily having to take a lot of heat for it if anyone complains.
I've worked with banks on other security systems, and in my experience they often "know what they want" but fail to ask the right questions. Of course, as soon as they start losing money, they get the point quickly. :)
(Okay, laziness over, I think this may be the paper I'm thinking of: Why Cryptosystems Fail)
Where *did* you get such confidence in your local election poll cronies? Why would you even for a second think that procedures are always followed flawlessly?
Why would you suggest that having the wrong candidate reported as the winner would not have any effect? What about other polls that are still open, or states that are three or more hours behind?
That is precisely what happened in Western Florida in the 2000 fiasco. It had been decades since a single vote even seemed like it could matter - so if you've heard the news that your state has already decided on a candidate, why drive out to the poll?
The combination of many factors (modems? MODEMS!? Web-based? Bugs? Untested? Lack of peer review?!) compromising the security of the system indicates premeditated culpability.
Where *is* my tin-foil hat?
"God is dead." - Frederik Nietzsche
Yeah it's kinda sad that when it comes to war there is no expense spared and no task too hard, but when it comes to voting it's OMG hand-counting votes, that's going to take too much time and be too expensive.
Speaking of the old way, what the hell is wrong with paper ballots anyways? At least that way you have a hard copy of each vote. I'd rather have the fiasco from Florida than the fiasco I see comming out of these machines in the future. If it's a matter of man power, enlist people for elections and ballot counting like we do for jury duty.
Diebold is headquartered here in Canton, OH where I work. I have some buddies that are programmers over there.
Unfortunately, none of my buddies work on the voting software but man, oh man, is this gonna be fun.
I especially love the quote about "...incompetence and indicate that Diebold programmers simply don't know how to design a secure system." We've always had the friendly "our programmers are better than your programmers" competition but I guess it's obvious we win.
If you do what you always did, you get what you always got.
My voting precinct has recently began using an optical scan voting system in which you blacken in little circles on the paper ballot for your choice and then feed your ballot into the vote scanning machine which then tallies the results and records them electronically. At the end of the day, the results get sent electronically to some central point where they are supposedly tallied. Anyway, I voted last Tuesday in a statewide primary and when I arrived about 20 minutes after the polls opened, there was already a long line of people waiting to feed their ballots into the vote scanner machine which was refusing to accept any of them. The voting supervisor guy was a gentleman in his 80s who obviously did not have a clue about what to do to either fix the machine or report the problem. People kept arriving, filling out their votes, and then lining up until the place was jammed. (There were 6 precincts using one vote scanning machine). Finally, one of the poll workers got a cardboard box, wrote 'votes' on the side, and said we could just leave our ballots in the box and they would feed them into the vote scanning machine later when it was 'fixed.' So...that's what everyone did since people had to get on to work and such. My conclusion was that this e-voting system was extremely vulnerable to any sort of problem, easily circumvented with fraud, and, in this case, didn't preserve ballot secrecy. This stuff never even got a mention in a newspaper which reported instead how well the voting went.
"fantasy vapor product that doesn't exist and even if they funded it's development there's no guarantee the thing will exist by election time"...I don't want my tax dollars bankrolling OSS dev efforts.
Instead we're spending billions on a missile defense system that never existed before the government asked for it. More than that, we're rolling it out and it's not even matured enough to perform a simple f'n test?! It's not like we're talking about a new commission or chair-level position. Slice off a million, hire some of the many talented out of work programmers, and in 3 months build a system vastly superior to the crap churned out by the monkeys at Dibold.
I WANT my tax dollars spent ensuring fair elections. That's step #1 in any real democracy.
LilMikey.com... I'll stop doing it when you sto
Let's go Hurricanes!!! 2006 Stanley Cup Champions!!!
You know what I was thinking just now: Wouldn't it be interesting if, instead of fighting Diebold tooth and nail like all the well educated and technically literate people nowadays seem to be doing (myself included), we simply said "Bring on the voting machines!", and used our superior intellect and computer knowledge to fix our own elections?
I've often felt that some of the more intelligent people on Slashdot could pick better leaders than the average dumb American. Maybe we implement a Slashdot based voting system and have everyone post in a story what their vote is and the reason they're voting for their candidate. The candidate with the most +5 insightful vote posts gets fixed^H^H^H^H^Helected by the VBS meisters.
"When the president does it, that means it's not illegal." - Richard M. Nixon
Let's face it people, voter fraud is easy with or without computers.
Personal Anecdote:
My polling station got upgraded from the punch-out-the-chad-with-a-stylus system to a poke-the-spot-with-an-ink-stylus system between the last two elections.
My area is heavily Democratic. For efficiency's sake, the polling area has five carrels for Democrats, and two carrels for Republicans. As part of the semi-legendary radical socialist wing of the Republican party, I was waiting for one of the Republican carrels to open up. It was taking a long time, as an elderly Republican neighbor of mine was trying to vote. He complained to the polling place staff that the stylus was not poking out the chads. To demonstrate that it was OK, they pulled a blank ballot off the pad, stuck it in the machine, and stamped a few (possibly) random votes, and pulled it out to show him that the machine was, in fact, working. They then tossed the ballot away. (He was convinced they were trying to invalidate his vote, so he ended up punching each vote all the way through anyway).
But no-one batted an eye that they had just created an illegal ballot. When I called the election office to complain, they gave me a song and dance about how it would have been impossible for them to insert it into the ballot box without raising red flags, how the register would not match, etc. But they don't let you insert you ballot directly into the box yourself; you hand it to someone and you watch them put it into the box. It would be trivial to do a quick palming of one ballot and insertion of another.
With the last election being so close, it would only take a few votes per polling station to throw an election. Bruce Schneier calculated it out in a recent article in terms of cost per vote, and it was quite low. Sure, it would be more expensive and would involve more people to do it in the old-fashioned low-tech way than it would with Diebold's patented cheating system, but the difference is only a factor of two or so. Given the stakes in a national election, that's down in the noise.
So basically, you either have to trust the system and believe that people will not cheat in the election, or assume that cheating is ubiquitous regardless of the physical system used.
#cynicism on
OK: cynicism mode on
In other words, We The People are fucked, we have been fucked, and we will continue to be fucked.
#cynicism off
ERROR: Cynicism mode cannot be disabled.
Eloi, Eloi, lema sabachtani?
www.fogbound.net
About that "making ATMs"... yeah, it strikes me as ironic too, but keep in mind these are two completely different classes of problem, ATMs and eVoting.
In ATM transactions, the ATM machine sitting in front of you is just a terminal -- it doesn't do a lot of work. OTHER COMPANIES than Diebold, who definitely DO understand security and have their own customers' (or their customers' customers') funds on the line when security fails, have created debit network standards. There is a specific kind of protocol that must be followed to conduct a transaction. Diebold would get a standards document, and they would design their terminal to conform to those standards.
Most details of these standards are confidental, but I can share a couple of design elements that Diebold must conform to when making ATMs, which pretty-much make security idiotproof.
First, a debit transaction is request-response. The terminal takes the card, gets all the information they need from the user through various input screens, and prepares a single transaction record. They submit that transaction record. A challenge/response happens for the pin number (more on that later). Then the ATM receives a response record, which tells it to do whatever it needs to do. They don't have access to the entire customer account -- they can only communicate with the bank using specific transactions allowed by the debit network.
Second, pin numbers are handled very carefully. There is tamper-resistant hardware in all ATMs (and even in those pin-pad-on-a-stretchy-cord things you see at some cash registers) which contains some encryption key material, and some tamper detection hardware which erases that key material if it thinks it's being tampered with. As part of the ATM transaction, the server sends a 'challenge' containing more key material, and the pin pad computes the response for that pin number and sends a response. Because the raw pin number never leaves the pin pad, and because Diebold (and other companies) have to conform to specific pin pad design guidelines or...get sued or something (I'm not a lawyer)... (hypothetical) crappy software never gets the opportunity to mishandle the raw pin number.
Third, the debit network describes what transaction data can be stored (for accounting and whatnot), and what transaction data MUST NOT be stored. They have designed the protocol in such a way that it's not possible to use stored data on an ATM to submit new transactions, without breaking the standard the ATM manufacturer agreed to comply with. (and then here come the attack lawyers after the ATM manufacturer again)
For the above reasons, a long history building ATMs doesn't mean much when it comes to eVoting. In eVoting they get to design the entire system, from data storage to communication to auditing. ATM network providers never gave them that kind of power before. In the ATM world, if the terminal blows up in the middle of the business day, existing transactions aren't lost -- they still get paid -- and debit network is smart enough to rebuild the lost information without the terminal. In eVoting, if the terminal blows up in the middle of the business day votes are lost.
And the same types of alleged eVoting problems you hear about in the news -- in the banking world, vicious bank-funded attack lawyers with sharp, pointy teeth would be unleashed as soon as they were needed if these same types of problems happened here.
(*rereads to make sure the above is safe to post non-AC*) (*flips a coin*)
I work for a major credit card processor (First National Merchant Solutions) as a tech support rep for point-of-sale hardware. I do NOT work on ATM machines themselves, but I would provide support for one of those cash registers with a pin-pad-on-a-stretchy-cord. So as part of my job I have to know just enough of how the protocol works to be able to troubleshoot problems with that kind of system -- but not so much that I'm dangerous, or have to treat the information as confidential.
I actually work for a company that runs the Lottery system for a state and I must say MUSL is crazy about security. I can't get into specifics, but in my opinion they go completely overboard on some rules, which can only be good. Working with MUSL I certainly would trust them with our elections.