More Diebold E-Voting Vulnerabilities

presmike writes "ok, it looks like Diebold has more to worry about now that it is possible to change votes with a 5 line VB script. 'The vulnerabilities involve the Global Election Management System, or GEMS, software that runs on a county's server and tallies votes after they come in from Diebold touch-screen and optical-scan machines in polling places.'"

Blimey

[ackthpt]

vbs script running in the background, well, they don't say it but it seems obvious that GEMS is running in Windows, the most breakable OS in the world. I'd think with that in mind that little scripts are the lease of their worries. If someone compromises their network and server enough to install and run a script, they've got considerably more at their fingertips.

"There's 14,375 votes for Bush, 14,374 for Kerry and 2,793,036 for Mr. Magoo, let's tell the public about this 4 years after the election, OK?"

Re:Blimey

[grub]

If someone compromises their network and server enough to install and run a script, they've got considerably more at their fingertips.

When you have the CEO of Diebold saying "I am committed to helping Ohio deliver its electoral votes to the President next year." why do you think the evilness has to come from outside Diebold?

Re:Blimey

[AKAImBatman]

vbs script running in the background, well, they don't say it but it seems obvious that GEMS is running in Windows, the most breakable OS in the world.

It's worse than that. From this link:

She has no way of knowing that her GEMS program is using multiple sets of books, because the GEMS interface draws its data from an Access database, which is hidden.

Getting a warm and fuzzy feeling yet?

Re:Blimey

[ackthpt]

Getting a warm and fuzzy feeling yet?

I think it's nausea.

You know... Diebold does a lot of work with financial systems. Is this what they call the Harbinger of Doom?

Re:Blimey

[nightcrawler77]

Windows security is hard enough to get right when you try. But it sounds like the Diebold flaws would be present regardless of their platform choice.

Even running the GEMS software on OpenBSD would do nothing to make up for their lousy secuity design.

Re:Blimey

[Phisbut]

But it sounds like the Diebold flaws would be present regardless of their platform choice.

True, this is not a Windows flaw, it is a Dieblod flaw. However, if Diebold ran on another platform, it would probably take more than 5 lines of vbscript written in Notepad to decide who gets elected.

Part of having a stronger security is making it harder for the crackers to do things.

Re:Blimey

[TheLittleJetson]

indeed. if you live in a state with e-voting machines, vote absentee. tell your friends and family.

Re:Blimey

[Marxist+Hacker+42]

Given that- here's the five lines in pseudocode:

1. Set an ADODB Recordset
2. Open recordset with select statement for tables with the totals in them.
3. rs(fieldforcandidate)=new total
4. rs.update
5. rs.close

Or better yet, if you have a copy of access with you, skip the stupid script, open Access, and simply change whatever totals you want to.

Re:Blimey

[merlyn]

At least in Georgia, "vote absentee" won't help. They take those absentee ballots... AND KEY THEM IN ON A DIEBOLD VOTING MACHINE!

Re:Blimey

Here is the only way I see this comming to full public attention. Some haxor changes the votes, not for Dem or Rep (that would be argued as America opinion), so that the green party or the american communist party or something like that won in a landslide then you'd open peoples eyes real quick.

It's kinda ironic that all of us nerds who love technology are the ones saying that this is a really bad idea. If we're saying this technology is bad you'd think they would listen to us....

NOTE to FBI, election officials and readers: This is not a suggestion on things to do. I am not saying that someone needs to hack the voting system, I'm just saying that if the worste case scenerio occurs people would notice. I don't want someone doing this and me ending up in Gitmo.

(For the first time in my /. life I will be posting Anonymously, soon I'll be buying my tinfoil hat...)

Re:Blimey

[Thomas+Miconi]

What I don't get is, why do the US insist on having electronic voting machines ? I presume the 2000 fiasco prompted some kind of overreaction, but why not simply go to a plain paper system ?

In backwards socialist pro-islamofascist hellholes such as France, elections are 100% paper-based. People walk into the local voting point and (after registering and showing their elector card) are presented with a number of bulletins, each of them bearing the name of a candidate. They take several of them, walk into the booth and put the bulletin of their choice in an envelope. Then they walk to the ballot box and drop the envelope.

The integrity of the vote is ensured by the most primitive (and efficient) method around: after the vote is over, bulletins are counted by officials in each voting point in presence of the public. Bulletins are handpicked from the box, the main official reads the name aloud, and shows the ballot to other officials present and to the public. The names are also written down by two other officials. The total figures are then transmitted to a central office in Paris. On the next morning, people can check in the local newspaper that the vote count reported for their precinct corresponds to whatever was announced at the voting point.

This system is simple, efficient, and reasonably fool-/fraud-proof. Can someone explain me the exact problem with it ?

Thomas-

Re:Blimey

[AuMatar]

In perl? More like 5 characters.

Re:Blimey

[John+Courtland]

Can someone explain me the exact problem with it ?

It doesn't ensure victory?

Re:Blimey

[Artifakt]

There are several other companies making voting machines. Some of those alternates appear to be better (not necessarily safe enough for this job, but substantially closer). My own state uses machines that produce a partial paper trail (a copy of the aggregate results, per machine, not per individual voter). It's not the per individual paper trail some have discussed here, but it serves for newspaper reporters, party observers, and the general public to see, and helps block SOME forms of possible election fraud. My own state also still supports paper ballots, and it would take amending the state constitution to take away that alternative.
Right now, the evidence is that one company's voting machines are definitely below any remotely acceptable standard, and that company has indicated a motive for making them flawed deliberately.
It's not evidence that proves all forms of electronic voting should be rejected, or that paper ballots are axiomatically better. It sure doesn't prove that other forms of felonious electioneering, such as getting voters falsely dropped from the rolls, will stop too if we just go back to paper. It IS increasingly solid evidence of a crime. The public will better serve itself if it focuses on what the facts definitely prove about Diebold than what they may tenetively suggest about the overall principles of electronic information security.

Re:Blimey

[AJWM]

The wealthier you are, the higher the likelyhood that it will be republican-leaning.

Well, except in Hollywood.

Re:Blimey

[Wybaar]

Are you thinking what I'm thinking, Pinky?

Yeah Brain, but where would we find enough Diebold programmers who have that much knowledge?

From the first part of the article:
But the vulnerabilities do show incompetence and indicate that Diebold programmers simply don't know how to design a secure system.

Another comment I found particularly interesting occurs on the third page of the article:
But speaking generally on the vulnerabilities Harris mentions, Diebold spokesman David Bear said by phone that no one would risk manipulating votes in an election because it's against the law and carries a heavy penalty.

Suuuuuuuure ... and no one would risk committing securities fraud because it's against the law and carries a heavy penalty *cough*Enron*cough* or would risk driving above the speed limit because it's against the law and carries a penalty (whether it's a heavy penalty depends on just how fast you were driving.)

Re:Blimey

[SpaceLifeForm]

In Missouri, the republicans are asking for lists of voters that have requested absentee ballots. Here's one story.

Re:Blimey

[BigT]

none of which will be alphanumeric.

Re:Blimey

[John2583]

SERIOUSLY! Could he be anymore naive? I was going to quote that part of the article where Diebold's spokesman says no one would do it because it's against the law, but you beat me. Wow.

Here is my take on the whole electronic voting thing. Computer Scientists would generally like to promote the use of computers and technology to solve a problem, say like e-voting. Now if Computer Scientists are coming out in large numbers to say, WAIT! computers might not be the best way to tally votes, it's not secure, there's too much room for false votes, etc etc. Then you know there is something wrong with using electronic voting. It's crazy.

Re:Blimey

[Le+Marteau]

I know that this is enough to make me never again touch a Diebold ATM if I can help it

Relax. Their money machines are rock-solid. After all, they handle things of importance, namely, money, unlike their voting machines, which handle only illusions.

Re:Blimey

[Our+Man+In+Redmond]

You described the problem yourself. The system is simple, efficient and reasonably fool-/fraud-proof. What elected official is going to be in favor of that?

Re:Blimey

[NuclearDog]

<?
$db = mysql_connect("127.0.0.1", "diebold", "abcdef");
mysql_select_db($db, "votes");

while ($choice!='quit') {
echo "1) George Bush";
echo "2) John Kerry";
echo "3) CowboyNeal";

$vote = readline($vote);

if (!ereg("^[1-3]$", $vote) && $vote!='quit') {
echo "Invalid vote.\n";
} elseif ($vote=='quit') {} else {
$result = mysql_query("UPDATE `votes` SET `votes`=votes+1 WHERE `candidate`='$vote'", $db);
if (!$result) {
echo "Voting failed!\n";
} else {
echo "Vote successful!\n";
}
}

}

mysql_close($db);

?>

Of course, it would require much more error checking and the screen would have to be cleared after each vote, etc. etc.

If I 14 year old can program this in */me checks clock* 4 minutes, I'm sure Diebold could program something much better with the amount of time\money they have. If not, the only reason I can think of is that they are complete and total dumbasses.

Anyways, I know, being Slashdot, 10 other people will pipe up and tell me how I could have done it better. If not, I know someone will correct my grammar, and to you I say: 'telnet nucleardog.com'

That is all.

ND

Re:Blimey

[Peaceful_Patriot]

(For the first time in my /. life I will be posting Anonymously, soon I'll be buying my tinfoil hat...)

Interesting how these days even the most innocuous statements cause Americans to look over thier shoulder to see who is listening. I've been around long enough to see many presidents and administrations. I have cursed and cheered them. But until now, I have never feared them. For all the rhetoric about freedom, this administration is the scariest and most oppressive I can remember.

A Better Voting Machine

After reading all these stories on Slashdot about Diebold voting machines having security holes, I did a little bit of research on my own. I believe I finally found the perfect voting tabulation and candidate selection system, impervious to cheating. Here is the website; it includes video of the machines in operation (Windows ASX format).

Perhaps some of you security experts could evaluate whether this machine is more or less accurate and secure than Diebold's machines, but I'm pretty confident in its ability to surpass Deibold's accuracy. (Note to foreign readers: To interpret the results from the videos: if the red ball 21 or less, that's a vote for Kerry; 22 or more, Bush.)

Re:A Better Voting Machine

[gorbachev]

Business2.0 had an interesting article on an electronic voting machine idea David Chaum has come up with.

Dieblod is taking shortcuts trying to maximize short term profits. Corporate greed at its best.

Re:A Better Voting Machine

[exhilaration]

Unfortunately the lowest bidder gets the contracts.

I think that's the ultimate flaw in this process - why spend money on quality when price is the only thing that matters?

Re:A Better Voting Machine

[lucabrasi999]

why spend money on quality when price is the only thing that matters?

Well, there's the problem. The data can either go directly from each machine to the county elections board, or it can be collected and counted at the precinct level, then sent to the elections board.

There are a couple of reasons why you would keep the preliminary counting to the precinct level: Cost is one.

The cost of centralizing the count would mean that every machine has to be given a secure, direct connection to the central computer. Personally, I wouldn't trust a phone line. Cost? Pretty high, since many counties around the US have thousands of polling places, each with multiple machines.

So, you are almost forced to use collect the data locally. If that is the case, then, that means you need a local election judge handling the data. That local election judge may be very honest, but probably doesn't know anything about computers. And, even though I don't like Windows, I don't think you have much of a choice. You are almost forced to use it. The cost of training all of the election workers on how to use Linux would probably be too high. You might look at Mac, but then you'd end up spending more money on a Mac programmer than you do on a MS programmer.

Don't get me wrong. Diebold obviously never thought about security. If they did, they would have found ways to control for VB scripts updating the data. But, I do understand why they chose Windows and Access. I don't agree with their choice, but I understand why they chose it. Cost.

Re:A Better Voting Machine

And, even though I don't like Windows, I don't think you have much of a choice. You are almost forced to use it. The cost of training all of the election workers on how to use Linux would probably be too high. You might look at Mac, but then you'd end up spending more money on a Mac programmer than you do on a MS programmer.

You don't have to train local election officials to do anything other than click some buttons. Why do they need to know how the underlying system works? Let the guys that write the program worry about that, then have some other guys that know code come in and audit it. It's that simple.

Re:A Better Voting Machine

[rhuntley12]

I actually work for a company that runs the Lottery system for a state and I must say MUSL is crazy about security. I can't get into specifics, but in my opinion they go completely overboard on some rules, which can only be good. Working with MUSL I certainly would trust them with our elections.

Amazing

[AKAImBatman]

You'd think a company who's been making ATMs since their inception, would have a good understanding of cryptographic security and the "gotchas" inherent in such systems. Yet it seems that this multi-billion dollar company is utilizing nothing more than junior level Microsoft programmers. I mean, who in their right mind would write a national voting system in Microsoft Access?!?

Maybe they should claim that all their security experts were hired by Google after they took the GLAT. ;-) Then they could get Congress to sanction Google instead! *rolls eyes*

(BTW, I love the "Politics" section color scheme. Can we do something similar for IT?)

Re:Amazing

[Kenja]

Given that the ATMs run unpatched Windows XP and have in the past been hit by internet worms I fail to see whats so shocking about any of this. I will not use a Diebold ATM, even if that means I dont eat lunch because there's no other source for cash handy.

Re:Amazing

[kiolbasa]

A multi-billion dollar company rushed a voting maching product to market to take advantage of the buzz following the 2000 election. Marketing trumped proper design.

Re:Amazing

[quelrods]

Well, technically the db backend in access, not the system itself. The amusing thing about access is it supports subselects! There isn't a release of mysql that does this yet. As much as we all hate access, it may have been an ok choice for this. At least there isn't a slammer worm for access. Given the choice between access and ms sql server for our voting machines, I guess access isn't so bad. Though, user permissions on the db is probably something to worry about.

Re:Amazing

[Frymaster]

You'd think a company who's been making ATMs since their inception, would have a good understanding of cryptographic security and the "gotchas" inherent in such systems

understanding? sure. motivation to implement it? maybe not. consider:

• if the bank machine borks my transaction i find out about it at month end in my statement. if the voting machine borks my ballot, i never know.
• the atm is just a snazzy client for the bank's server. the banks approves the transaction and returns the balance, the atm just spits out the cash.

remember: in every first year computing science class assignment #2 is "bank machine".

Re:Amazing

[AKAImBatman]

Actually, the Diebold machines were partly responsible for the 2000 election fiasco.

Re:Amazing

[T3kno]

No no no, it's the other way around. You should always use Diebold ATMs in the hope that you get someone elses money :)

Re:Amazing

[XMyth]

Want to buy some tinfoil hats?

Re:Amazing

from the MySQL documentation... http://dev.mysql.com/doc/mysql/en/Subqueries.html "Starting with MySQL 4.1, all subquery forms and operations that the SQL standard requires are supported, as well as a few features that are MySQL-specific."

Re:Amazing

[natoochtoniket]

You'd think a company who's been making ATMs since their inception, would have a good understanding of cryptographic security and the "gotchas" inherent in such systems

I'm sure Diebold poeple do understand security, very well. Clearly, the complete absense of security in the voting systems is not a result of accident, oversight, or incompetence. I am sure the absense of security is absolutely intentional.

These machines are designed, from the start, to rig elections.

Re:Amazing

[Anonymous+Writer]

Want to buy some tinfoil hats?

Just make sure they're not made by Diebold.

Re:Amazing

[c13v3rm0nk3y]

They are working for the govt in this case, which is notorious for not paying attention until it becomes and a campain issue.

Dude, I love this word you created:

Campain \Cam*pain"\, n. [F. campaigne, It. campagna, fr. L. Campainia the level country about Naples strewn with band-aids, fr. campus field. See Camp, and cf. Champaign, Champaigne.]

1. An field of pain; a large, open pain without considerable pills. See{Champaign. --Grath.
2. (Mil.) A connected series of military operations which cause significant pain.
3. The feeling one gets during and after a political operations preceding an election; a canvass. [Cant, U. S.]
4. (Metal.) The period during which a blast furnace is continuously in operation while your face is in it.

Re:Amazing

[MoebiusStreet]

To be correct, the system isn't "written in Microsoft Access".

Access is a RAD development system that uses Microsoft's JET database engine for data storage. (Actually, these days it prefers to use MSDE, which is a stripped-down SQL Server, but JET is still supported).

I have developed many departmental-scope apps in Access, and more in "real" languages using the JET engine. But anyone who would choose to use Access for such a large-scale system really needs their head examined. This isn't MS-bashing, they tell you what Access and JET are good for, and I don't think that Microsoft themselves would advocate this usage.

Reading through the Wired article, it appears that the Diebold programmers know very little about the correct usage of relational databases. Anyone who builds a data model that looks like what this article implies should not be entrusted with the keys to our democratic process.

Re:Amazing

[illumin8]

You know what I was thinking just now: Wouldn't it be interesting if, instead of fighting Diebold tooth and nail like all the well educated and technically literate people nowadays seem to be doing (myself included), we simply said "Bring on the voting machines!", and used our superior intellect and computer knowledge to fix our own elections?

I've often felt that some of the more intelligent people on Slashdot could pick better leaders than the average dumb American. Maybe we implement a Slashdot based voting system and have everyone post in a story what their vote is and the reason they're voting for their candidate. The candidate with the most +5 insightful vote posts gets fixed^H^H^H^H^Helected by the VBS meisters.

Re:Amazing

[HiThere]

The people who run them, install them, and sell them have the inside track on making the fix.

Do you think this is all by accident?

Re:Amazing

[Michael+Spencer+Jr.]

About that "making ATMs"... yeah, it strikes me as ironic too, but keep in mind these are two completely different classes of problem, ATMs and eVoting.

In ATM transactions, the ATM machine sitting in front of you is just a terminal -- it doesn't do a lot of work. OTHER COMPANIES than Diebold, who definitely DO understand security and have their own customers' (or their customers' customers') funds on the line when security fails, have created debit network standards. There is a specific kind of protocol that must be followed to conduct a transaction. Diebold would get a standards document, and they would design their terminal to conform to those standards.

Most details of these standards are confidental, but I can share a couple of design elements that Diebold must conform to when making ATMs, which pretty-much make security idiotproof.

First, a debit transaction is request-response. The terminal takes the card, gets all the information they need from the user through various input screens, and prepares a single transaction record. They submit that transaction record. A challenge/response happens for the pin number (more on that later). Then the ATM receives a response record, which tells it to do whatever it needs to do. They don't have access to the entire customer account -- they can only communicate with the bank using specific transactions allowed by the debit network.

Second, pin numbers are handled very carefully. There is tamper-resistant hardware in all ATMs (and even in those pin-pad-on-a-stretchy-cord things you see at some cash registers) which contains some encryption key material, and some tamper detection hardware which erases that key material if it thinks it's being tampered with. As part of the ATM transaction, the server sends a 'challenge' containing more key material, and the pin pad computes the response for that pin number and sends a response. Because the raw pin number never leaves the pin pad, and because Diebold (and other companies) have to conform to specific pin pad design guidelines or...get sued or something (I'm not a lawyer)... (hypothetical) crappy software never gets the opportunity to mishandle the raw pin number.

Third, the debit network describes what transaction data can be stored (for accounting and whatnot), and what transaction data MUST NOT be stored. They have designed the protocol in such a way that it's not possible to use stored data on an ATM to submit new transactions, without breaking the standard the ATM manufacturer agreed to comply with. (and then here come the attack lawyers after the ATM manufacturer again)

For the above reasons, a long history building ATMs doesn't mean much when it comes to eVoting. In eVoting they get to design the entire system, from data storage to communication to auditing. ATM network providers never gave them that kind of power before. In the ATM world, if the terminal blows up in the middle of the business day, existing transactions aren't lost -- they still get paid -- and debit network is smart enough to rebuild the lost information without the terminal. In eVoting, if the terminal blows up in the middle of the business day votes are lost.

And the same types of alleged eVoting problems you hear about in the news -- in the banking world, vicious bank-funded attack lawyers with sharp, pointy teeth would be unleashed as soon as they were needed if these same types of problems happened here.

(*rereads to make sure the above is safe to post non-AC*) (*flips a coin*)

I work for a major credit card processor (First National Merchant Solutions) as a tech support rep for point-of-sale hardware. I do NOT work on ATM machines themselves, but I would provide support for one of those cash registers with a pin-pad-on-a-stretchy-cord. So as part of my job I have to know just enough of how the protocol works to be able to troubleshoot problems with that kind of system -- but not so much that I'm dangerous, or have to treat the information as confidential.

Another good example

[Lord+Grey]

Ha!

[David Jefferson, a computer scientist at Lawrence Livermore National Laboratory said] that he doesn't believe that the vulnerabilities show deliberate malice on Diebold's part to aid fraud, as [voting activist Bev Harris] has sometimes contended in public statements. But the vulnerabilities do show incompetence and indicate that Diebold programmers simply don't know how to design a secure system.

Emphasis mine.

Another excellent example of why electronic voting software should be open source. Having many programmers looking over code doesn't automatically increase security, but it certainly increases the probability of finding and correcting asinine problems like the one discussed in the article.

We all know this. Now to convince the U.S. state governments, or the Feds (who should probably fund and sign off on it). Any representatives reading this?

Re:Another good example

[mrpuffypants]

Any representatives reading this?

No.

Re:Another good example

Any representatives reading this?

If you make a reference to Guybrush Threepwood in your comment I always mod it up. Go Monkey Island!

So what you're saying is, we should elect Guybrush Threepwood for president? Viva la Threepwood!!!

Re:Another good example

[MillionthMonkey]

You want an OSS voting system, write one. Then lobby the government to use it. You've got it all backwards. The government does not fund software projects to reinvent the wheel (at least it shouldn't, not with my money).

"Reinventing the wheel" is a bad analogy in this case. The priority here isn't to save money, it's to correctly count votes. Saving money is a secondary consideration. (This is why we don't fire judges and outsource our courts to India, even though that would save money too.) On a national scale, the amounts of money involved with Diebold are relatively miniscule- they probably wouldn't fund the Iraq War for more than a few hours. (And it isn't even clear that buying Diebold saves money over an in-house solution.) But there is simply no way to know that the votes are being counted if you can't SEE how they are being counted.

DieBold already had a system when the government went looking, the OSS community didn't. Their choices were DieBold, a couple other vendors, or "fantasy vapor product that doesn't exist and even if they funded it's development there's no guarantee the thing will exist by election time".

You are making an assumption without realizing it here- that the Diebold system will be automatically superior to the card-based system that was in place in Florida's 2000 election. Which actually performed remarkably well under the extreme condition of a tie. There is no reason why these new systems have to be in place by 2004 when they may actually compromise the election compared to the system we had before.

I don't want my tax dollars bankrolling OSS dev efforts.

Maybe not GPL software (I'd agree with you that far) but if we're going to use a voting system we should all be allowed to see the code, even if we can't modify or distribute it. Otherwise only Diebold knows who really won, and in fact Diebold is put in a position where they can choose the next president. The key concept is transparency.
Counting votes isn't even a hard problem. Diebold (and the rest of the software industry) has succeeded in convincing the government that

numVotes++

is some ingenious discovery like penicillin. So you aren't allowed to see the code, which might really look like

if (vote equals BUSH || (vote equals KERRY && rnd() < 0.9))
numVotes++

Diebold's right to its "intellectual property" has superceded your right to know your vote was counted. Ironic, considering these mounting revelations that Diebold's intellectual property isn't very "intellectual" to begin with.

Re:Another good example

[LilMikey]

"fantasy vapor product that doesn't exist and even if they funded it's development there's no guarantee the thing will exist by election time"...I don't want my tax dollars bankrolling OSS dev efforts.

Instead we're spending billions on a missile defense system that never existed before the government asked for it. More than that, we're rolling it out and it's not even matured enough to perform a simple f'n test?! It's not like we're talking about a new commission or chair-level position. Slice off a million, hire some of the many talented out of work programmers, and in 3 months build a system vastly superior to the crap churned out by the monkeys at Dibold.

I WANT my tax dollars spent ensuring fair elections. That's step #1 in any real democracy.

And in a related story...

[Weaselmancer]

George Bush and John Kerry sign up for MSDN subscriptions.

Nothing new..

[Manip]

This isn't new at all, just an extreme example of what we have already seen. We already know that they are stored in an insecure access database - changing votes using 'just' a VBS script is nothing new or exceptional.

change to our type

[alatesystems]

Our voting machines are awesome in Louisiana. In my parish we use the AVC model. You go in and press buttons and then hit "cast vote" and it goes "doo doo doo" and it gives me great satisfaction.

I think it does have a paper trail and I've never heard of any vulnerabilities for it, and we have no hanging chads. Completely electronic.

Chris

Re:change to our type

[DAldredge]

IOW, you don't know shit about them and you still think they are safe.

We are fscking doomed!

Re:change to our type

[Idarubicin]

think it does have a paper trail and I've never heard of any vulnerabilities for it, and we have no hanging chads. Completely electronic.

You think it has a paper trail, but you're confident it has no vulnerabilities?

Oh. Well, that's okay then.

After you push the button for Jones, how do you know that the system recorded a vote for Jones? What if the screen says Jones, but (inadvertently or deliberately) incremented the count for Smith, instead?

A real paper trail is one that you can see when you cast your vote. It just has to print 'one vote for Jones' on it, then spit it out. You put that printed record into a sealed ballot box before you leave the polling place. (Otherwise, other people could verify your vote and eliminate the benefits of a secret ballot). Then you've got a real paper trail. If you don't trust the machine count, you count the paper ballots.

A 'paper trail' where the printer spits out whatever number the computer tells it at the end of the day has no verification value whatsoever.

Get rid of E-Voting now!

[NIN1385]

This country wont elect a single representative for themselves until we go back to normal counting of paper ballots! I dont see why we wouldn't do this, it can only help. It is much more reliable and fool-proof and it does nothing but help our economy by having to hire people to count the ballots. In today's world the tech that made the machine is the one who oversees the counting process, not a trustworthy judge that cannot be bribed like it was back in the day.

Re:Get rid of E-Voting now!

[blueg3]

Ah, for the days of taking a pen and a sheet of paper with boxes next to names, and marking an X in the box next to the person you want to vote for.

Simple and relatively free from error. I'm sure optical scanners today should be able to process these damned quick, too.

Hopefully New York is not going to be using paperless electronic voting machines. I don't trust them.

Re:Get rid of E-Voting now!

[Paulrothrock]

The Scientific American article I posted about says that paper ballots are even more subject to jamming than punch card ballots. And while they're human readable, they take much longer to count than electronic ballots.

Their solution: A dual-method system. First, the person fills out a card with their choices. Then they put the card into a slot which reads it, so they get a chance to review their choices. If they want to make changes, the old ballot is stamped with "Void" and shredded, and a new one pops out, ready to use. If they accept the choices, the ballot is placed in a bin *and* recorded electronically.

Re:Get rid of E-Voting now!

[Phisbut]

Why even hire people ?? Here in Canada the counting is does by volunteers of each party.

It's not exactly that way. The counting is done by employees of the government, but it's done out loud, in front of a bunch of witnesses, among which there are up to 2 people representing each party. Only the witnesses are volunteers, the person who does the actual counting (taking the ballot, reading the ballot, saying who the ballots votes for, showing the ballot to all the witnesses) is employed and paid by Election Canada.

P.S. I know all that because my wife did exactly that at the last federal elections.

Worry

[MacGod]

it looks like Diebold has more to worry about

You mean, it looks like the American people (and the rest of the world) have more to worry about. Diebold has been incredibly resistant to being damaged, no matter how many problems arise with their software.

Bow to your next president...

[siskbc]

...Me. After 150,324,123 mysterious write-in votes.

Re:Bow to your next president...

[IronicCheese]

Welcome to Slashdot, Mister Bush.

GEMS

[savagedome]

GEMS runs on the Windows operating system.

Truly a Gem!

But speaking generally on the vulnerabilities Harris mentions, Diebold spokesman David Bear said by phone that no one would risk manipulating votes in an election because it's against the law and carries a heavy penalty.

I am shocked. Shocked.

He also said that election "policies and procedures dictate that no (single) person has access or is in control of a (voting) system," so it would be impossible for anyone to change votes on a machine without others noticing it. And even if someone managed to change the votes, auditing procedures would detect it.

And this just is a killer. What is this guy smoking? Auditing is not done by default anyway. I am pretty certain Cthulhu is going to be elected.

Priceless

[TheJavaGuy]

From Yakov Shafranovich's blog:

Microsoft Windows 2000: $200
Microsoft Access 2000: $200
PC: $500
Hiring an embezzler to put in three set of election results into your voting software controllable by a hidden combination of keys known only to you: $60,000 Changing the election results in favor of your candidate: priceless

"Of course, there are some elections that money can't buy. For everything else, there is Diebold."

Re:Priceless

From Yakov Shafranovich's [shaftek.org] blog...

In Soviet Russia, voting machines el-- oh, wait. My mistake.

diebold, worry?

[Triumph+The+Insult+C]

the ceo is a good buddy of dubya's. what has diebold got to worry about?

all he (Walden O'Dell) needs to worry about is following through on his promise to "help deliver it's electoral votes to Bush"

It's not BREAKABLE!

Why, it's used by the FAA to for radio communications! They wouldn't use something like Windows if it wasn't safe...

uh-oh

[ch3ch2oh]

President CowboyNeal?

What will this do to homecomming?

The only real question is how will this effect the homecomming king and queen selections this fall? If geeks only need five lines to get whoever they want will they nominate their friends and win?

What will become of the High School social scene? Horror or Horrors.

Die, democracy, Die

[Doc+Ruby]

Diebold obviously has nothing to worry about - they're getting away with their demolition of democracy, despite the incontrovertible evidence pouring in for the past several years. It is we who have a lot to worry about. Not only are they destroying the vote, but getting away with it means that those running the system are benefitting, or they'd stop it. The stolen election nightmare in America is getting worse, even when it was already unacceptably bad.

Re:Die, democracy, Die

[Ba3r]

a couple months ago i was wondering how the hell Bush was going to get more than 20% of the vote. All the conservatives i know are infuriated with a pres that has increased spending, started a purposeless war, and generally increased power of the Federal gov't without limit. And of course every even remotely liberal person is dedicated to vote for the lesser evil this time. I was thinking.. theres no way he is gonna even remotely be elected, despite all the polls. And then i read the blackboxvoting stuff, and I thought "Aha! Of Course! Its the perfect coup!". So, when California votes for Bush.. don't say it wasn't obvious!

Time to start stockpiling (newly legal!) assault rifles for the war with the usurpers!

Re:Die, democracy, Die

[Ba3r]

my grandparent comment was 'in jest'.. but to set the record straight, the number of disenfranchised voters in Florida far exceeded 537 people. Not to mention that no scientist worth their salt would ever rely on a measurement where the determining factor was so far below the margin of error (given, oh, 250 million qualified voters or so, you are saying a valid result can be determined by a margin of 0.0002%) And I think the selection of the leader of the most powerful country in the world should have a little more confidence than two ten-thousandths of a percent.

Re:Die, democracy, Die

[Suidae]

And I think the selection of the leader of the most powerful country in the world should have a little more confidence than two ten-thousandths of a percent.

I agree. When it is that close we should force them to get married and share the oval office. They can alternate days in control and mud-wrestle for the monthly paycheck.

Re:Die, democracy, Die

[Doc+Ruby]

Bush sued Gore to grab the presidency in 2000.

In other news...

[blcamp]

I now have been elected governor in 15 states, plus chief justice in 4 others (but not in Caleefornya). I'm also now hold 22 of the Senate seats, 134 of the House, and I'm the Drain Commissioner in 2/3 of all counties in the US... ...and I am now also the Magistrate and/or District Judge everywhere I normally drive my car.

Blown out of proportion

[pridkett]

This is blown WAY out of proportion. The GEMS system doesn't actually count votes, that is still left up to the board of canvassers for each state. What GEMS does is provide a very fast way to get an UNOFFICIAL vote count for the state. From that aspect it's almost completely designed for the media that wants to know who won right away.

Yes, it's a fact that GEMS is a web based product that utilizes off the shelf software as parts of interfaces (Windows, Access, etc). But it also should be noted, that web based does not mean connected to the web. If you read about the situation in Maryland, you'll see that the GEMS systems can only be connected to via modem and the modems have to be manually enabled to receive data. Thus you'd need to convince someone to turn on the modem and then call in to run this script. (Insert Kevin Mitnick social hacking commentary here.)

That being said, that doesn't excuse the programmers from anything. Yes, it's a bug. Yes, in voting systems it shouldn't be there. Yes, open source would be better. But this is misleading because it doesn't have anything to do with an individual vote or the official vote count for the state.

Re:Blown out of proportion

[xstonedogx]

Here's the problem: Exit polls aren't perfect, but at least, unless the media is lying, they are somewhat representative of how people actually voted. If there is a wide descrepency between the exit polls and the actual election results, we know something is up. With the media getting information from GEMS we don't have that.

What's worse, the media influences how people vote. If non-Bush voters think Bush has already lost they'll be more likely to vote for their desired third parties (if any) rather than Kerry, which could very well result in a win for Bush. So I think it's a genuine problem if even the unofficial tally can be corrupted so easily.

Re:Blown out of proportion

[neitzsche]

Where *did* you get such confidence in your local election poll cronies? Why would you even for a second think that procedures are always followed flawlessly?

Why would you suggest that having the wrong candidate reported as the winner would not have any effect? What about other polls that are still open, or states that are three or more hours behind?

That is precisely what happened in Western Florida in the 2000 fiasco. It had been decades since a single vote even seemed like it could matter - so if you've heard the news that your state has already decided on a candidate, why drive out to the poll?

The combination of many factors (modems? MODEMS!? Web-based? Bugs? Untested? Lack of peer review?!) compromising the security of the system indicates premeditated culpability.

Where *is* my tin-foil hat?

Re:diebold

[ackthpt]

I hope no one uses them again.

'Diebold' is probably some obscure germanic dialect for

Lowest Cost Bidder

Comment removed

[account_deleted]

Comment removed based on user account deletion

VBScript?

[ottergoose]

You have to do:
VoteForGuyA = VoteForGuyA + 1

Instead of:
VoteForGuyA++;

God I hate VBScript.

On another note, how much money does Microsoft stand to make from this? If they're running VBScript, they're using Windows (I suppose they could use DOS, but I doubt they do) - I would imagine MS makes quite a bit when hundreds of thousands of these voting machines all need a copy of Windows.

SciAm

[Paulrothrock]

If you'd like some more in-depth knowledge about voting machines, Scientific American is running a great article in their 10/2004 issue.

Re:SciAm

[birdman17]

Scientific American is running a great article in their 10/2004 issue.

They are, and the title page for the article is great. It says:

Electronic Voting Machines Promise To Make

F I X I N G

Elections More Accurate Than Ever Before

I wanted to scan in the image and post it, or at least post a link to the graphic on SciAm's site, but the former is not currently practical on /. and SciAm does not have the current issue freely available on their site yet.

What they're really saying is two things, interleaved with different colours and fonts. The title of the article is "FIXING THE VOTE". Interleaved is the subtitle, "Electronic Voting Machines Promise To Make Elections More Accurate Than Ever Before, But Only If Certain Problems - With The Machines And The Wider Electoral Process - Are Rectified."

The way they chose to interleave the title and the subtitle results in what I consider to be a much more accurate statement! I almost can't believe that they didn't see this as they were designing the page, and so maybe they are putting out their own subliminal opinion on e-voting without necessarily having to take a lot of heat for it if anyone complains.

Economist article

[rm007]

For those interested, the current issue of The Economist has an article on voting technology. It does not, of course, discuss this latest development, but gives a good overview of the area, with a great deal of attention given to the issue of paper, paper trails, and making the whole system more transparent.

Access

[YrWrstNtmr]

While MSAccess is assuredley not the tool to use on a system like this, probably no tool would be good in the hands of these clueless cube monkeys (I hesitate to use the word programmer).

They appear quite capable of screwing up a wet dream.

Nice Diebold quote

"Diebold spokesman David Bear said by phone that no one would risk manipulating votes in an election because it's against the law and carries a heavy penalty."

Yeah, that's why there's never been any vote fraud in this country...I gotta remember to keep my shotgun loaded this November, that's when the dead people come out to vote in Chicago...

Re:Nice Diebold quote

[spitzak]

Aha! That's why nobody murders or robs anybody else. It's that heavy penalty! Thanks for explaining it, mr Bear!

Well now

[TiggertheMad]

Hey Dibold, you ever hear that old saying, 'Vote early, vote often'?

Well, don't worry, I will...

In Canada

[Sophrosyne]

...we just put an "X" in a "box" on something called a piece of paper. On this piece of paper, which we call a "ballot", there is a list of perhaps 4 or 5 names depending on the number of candidates running. You mark an "X" beside the name of the person you wish to vote for... then you take this "ballot" and place it in a cardboard-box.
It may be a little high-tech but this method could catch on in developing democracies like the U.S.

Re:In Canada

[sylvester]

It's called a spoiled ballot, and you don't count it.

-Rob

Re:In Canada

[Beardo+the+Bearded]

You mark an X or your vote doesn't count. It's a built-in safety mechanism.

We believe that if you're too intoxicated, stupid, or incompetent to mark a clear X in a circle, then you shouldn't be voting.

Re:In Canada

[Paulrothrock]

If you can't tell who they voted for, yes. They should have been more careful. Voting is a right; voting correctly is a responsibility.

Re:In Canada

[cybergrue]

Sounds neat. What do you do if the person marks the ballot incorrectly
Any clear mark counts. A X, Check Mark, circle filled in completely, smiley face, etc. The point is that the voters intention is considered to be more important then the method. A ballot is spoiled if the Scruteneers cannot determine the voters intention, ie two or more names are marked somehow.

OK, some background on how a Canadian Federal Election is held. First of all, there is a fedral agency who handles all fedral voting in Canada, called Elections Canada. These guys take their political nutrality very seriously. Every riding is diveded into polling districts. There is a polling station for a max number of elegable voters in a geographic are (1000 I think, I dont think there is a minimum. I saw polls in the last election returning 6 votes)
Many times multiple polls share the same voting station. Upon entering the station, you are directed to the correct poll, where you show your elegable voter card (they mail this to you a few weeks before the election, I don't know why they don't ask for photo ID) and you name is marked off on the voter list. You then get the ballot. Its one issue per ballot, where the candidates are listed in alphabetical order, with party affiliation after the name. The ballots are printed on a brown construction paper with a ballot ID number printed twice, one on a tear off strip. There is a black bar vertically down the right side of the ballot with a blank circle next to each candidates name. After getting the ballot, you walk to a table in an isolated area with a white shield set up for privacy. You mark the ballot, and fold it up before returning to the poll. There the staff take the folded up ballot, rip off the tear off strip in sight of you, and hand it back to you (although I have seen places tear off the strip before giving you the ballot). You then put the ballot in the ballot box (white cardboard again) and the staff puts the strip in a seperate box. This keeps track of the ballots without identifying who cast it. This way if you spoil your ballot, you can ask for annother one with out them worrying about having extra ballots in the box. btw, the person who crossed you name off the voter list is never the person who gives you the ballot, so no one knows which vote you got, or who you voted for. Also, it allows the staff to determine if a bollot has gone missing. (There is a bizzar tradition of people eating their ballots as a form of political protest.)
Besides the poll staff, there are observers (usually from the political parties) These observers are called scruteneers. They observe the balot box is empty before the poll opens, and is not tampered with durring the course of the election. After the poll is closed, the ballot box is opened, and the counting begins. Technically, any scruteener can void any ballot by claiming it is spoiled, however this is rarely the case (Yes this can lead to vote tampering, as happened in the last Qubec referendum where the Yes side began declaring No votes to be spoiled, however the No side began spoiling an equal number of Yes votes to keep things equal, and reported the abuse afterward)
After the votes are counted, the ballots are put back in the box, and it is sealed again (in case a recount is necessary), and the numbers are reported to the riding (the area that a candidate will represent) level, usually by phone. I believe the repults from each polling station are suppost to bepublished somethere so the observers can double check the caounts, but I don't know how exactly this is done. Anyways, because there should only be a few hundred ballots to be counted in each polling area, the results are usually known in a few hours. A Federal judge can order a recount if a candidate shows just cause, and I believe an automatic recount is called if two candidates are within 100 votes of each other.

To sum up, the major difference between Canada and the US in voting is that there is a (non-partisan) Federal agency responsable for setting up and running the election, with standardised ballots. Provincial elections are run similarly to Federal ones, while Local ones have started using electronic vote counters, but using and keeping paper ballots.

Speaking of e-voting vulnerabilities

[bobpence]

Why haven't we heard more about Venezeula, where apparently many machines recorded exactly the same number of pro-recall votes in opposition to Mr. Chavez? Sounds like tampering to me...

As an outside observer

I'm totally stunned to watch what is going on in the US right now.

After the Florida disaster the last time around you would have thought that things would change for the better, but they seem to only get worse.

Soldiers sending in their votes by email and waiving their right of a secret vote.

Yet again the top Florida election official doing everything she can to make sure Bush carries Florida.

And all these stories about Diebold, that would be tremendously funny if they weren't so important.

Wtf is wrong with the US?
Really, this is not meant as an anti-American troll, but I really have a hard time understanding it and most of all I get the impression that most Americans don't really care about these problems and that is probably the scariest part.

why not this

[codepunk]

del stupidaccess.mdb

obligitory plug for blackboxvoting.org

[dogas]

black box voting has 5 (!) different demonstrations on how easy it is to hack these things. There is also an online book (in PDF format) all about how bad the situation really is.

This is serious. Not only are they using a microsoft access (!!) database to store your vote, they are using a non-password protected access database.

Not only are they using a non-password protected access database, you can gain access to the .mdb by hitting a certain key on the touch screen and manipulating at will. Are we living in crazy world?

US Elections 2004: Battle of the Scripts

[Control-Z]

What's the big deal about voting machine fraud? If you see any fraud being commited, just write an NEGATIVE SCRIPT to offset those fraudulent votes. That way we'll keep the election nice and balanced.

BSOD

[sleepnmojo]

I don't see a problem here. No one will be able to use the machines anyway. They will all be blue screened, so we will have to go back to the old way.

Re:BSOD

Speaking of the old way, what the hell is wrong with paper ballots anyways? At least that way you have a hard copy of each vote. I'd rather have the fiasco from Florida than the fiasco I see comming out of these machines in the future. If it's a matter of man power, enlist people for elections and ballot counting like we do for jury duty.

nice to know

[simontek2]

I was trained to fix those here in Georgia. Sad thing I find out bout this thru /. not them.

Voting machines designed by Sting?

[FunWithHeadlines]

"You go in and press buttons and then hit "cast vote" and it goes "doo doo doo"

Then it goes "de da da da," and finally it tells you, "is all I want to say to you."

Oh, no one would do _that_!

[bujoojoo]

But speaking generally on the vulnerabilities Harris mentions, Diebold spokesman David Bear said by phone that no one would risk manipulating votes in an election because it's against the law and carries a heavy penalty.

Yeah, and no one robs banks, or counterfeits, or traffics drugs either.

2 brothers will count 80% of the vote

[puke76]

I submitted this in April, crack mods rejected it.

Two brothers will count 80% of the vote.

In a country where no-bid contracts and the VP's corporate relationships aren't questioned, this is worrying.

What do you want your money going to then?

[TiggertheMad]

I don't want my tax dollars bankrolling OSS dev efforts. If you wan't such a system, go ahead and create it. Put a paypal link on your sourceforge page, maybe someone will send you a buck.

Do you want to pay for buggy, easily exploitable software then? I can understand your desire not to waste money on "fantasy vapor product that doesn't exist..", but you are paying for Diebold's mess. And you are paying for paper voting, recounts, and all the supporting infrastructure. Personally, since money is being spent regardless, I'd like to see it go towards a rock solid solution that will last awhile. It seems that OSS would be an excellent candidate.

Voting machines vs. other machines

[upsidedown_duck]

I wonder what medicine and aviation would be like if their devices were allowed to be built like Diebold builds their machines. Lives on the line vs. the life of our democracy on the line...I don't see that great a distinction.

Re:Voting machines vs. other machines

[fishbowl]

"I wonder what medicine and aviation would be like if their devices were allowed to be built like Diebold builds their machines."

You slept in yesterday.

http://it.slashdot.org/article.pl?sid=04/09/21/2 12 0203&tid=128&tid=103&tid=201

Diebold Execs: Stupid or Crazy?

[Paulrothrock]

Diebold spokesman David Bear said by phone that no one would risk manipulating votes in an election because it's against the law and carries a heavy penalty.

WTF?!? Murder is against the law and carries a heavy penalty and people still do it, numbnuts.

Diebold is saying essentially what the Bush administration and, really, all NeoCons. "Trust us, we'll do what's right. Why shouldn't you trust us? We're respected people in power."

Hell, that was an argument a White House attorney made in front of the Supreme Court! When asked whether a chief executive could falsify documents he said something to the effect of "Yes, but *this* chief executive wouldn't do that."

Why not create a system with ways to keep people from doing things that we don't like, instead of *trusting* people you *don't know* to do the right thing. We could call it something like "checks and balances."

Re:Password protection?

[TigerNut]

Even so, I'm not quite sure what they expect any voting machine company to do. Let's say they use Linux and a custom and encrypted database format. All you have to do is have somebody reverse engineer the format, get root access to the Linux box and then run a custom script to update the values.

-If an encrypted database were used, along with a strong password phrase and algorithm, there would be very little for anyone to hook into to reverse engineer the format.
-Getting root access on the Linux box is also not a trivial task, especially if you don't have physical access to the machine.
-If you don't have root access and you write the database access procedure so that root-level or some special group permission is required, then you're not even going to get to the database in the first place.

As Jefferson said in TFA... the coders/designers for that system look like amateurs. Even within a Windows framework there would have been a LOT better ways to implement the database to decrease its vulnerability to casual access by other applications.

Let's blame Microsoft ...

[dioscaido]

... for Diebold's absolutely retarded system design and configuration. Come on people, if you are building a 'secure application', you do not place the interface and the voting data at the same user protection level. Hell, you probably don't want to place the voting data in the same physical location as the interface.

But really, this is somehow Microsoft's fault. I know it!! :)

Re:diebold

I ran "Diebold" through Google's german to english.. got this..

"Thief old"

Exploits in ATMs

[Halo-]

I'm too lazy to find the actual paper, but there is a great one out there about errors made in early ATM design. (Dunno if they were Diebold's or not). For quite some time, the PIN used to access and account was stored on the magnetic stripe on the back of the card. When you "authenticated" to the ATM, it compared the PIN keyed in using the keypad to the PIN on the back of the card! Eventually criminals figured this out, and would steal people's wallets, take the ATM cards, and encode a new, known PIN on the stripe, and access the victims account.

I've worked with banks on other security systems, and in my experience they often "know what they want" but fail to ask the right questions. Of course, as soon as they start losing money, they get the point quickly. :)

(Okay, laziness over, I think this may be the paper I'm thinking of: Why Cryptosystems Fail)

Open Source E-Voting?

[protektor]

Isn't this exactly the kind of project that is perfect for Open Source. Its something a lot people (states/countries/etc.) could/would use and its something that would benefit from lots of people working on it to amke sure it is secure and works well? It doesn't seem like once it is made that there needs to be a ton of extra upgrades or features added to it.

Seems this kind of tool/program is exactly the kind of thing that should be done Open Source and stands a lot better chance of being a better program and more secure due to peer review and public scrutiny. Not to mention the amount of public tax dollars it would save since it would free and costs could be shared by all states for any support or maintance that was needed.

In related news, Diebold denies any backdoors

[Takeel]

Yesterday, Diebold sent out a PR piece over BugTraq saying that "Diebold strongly refutes the existence of any 'back doors' or 'hidden codes' in its GEMS software" in response to a BugTraq post in August that announced the discovery of a backdoor in GEMS. The backdoor announcement wasn't substantiated with any technical details.

While this Slashdot aricle appears to reference a vulnerability rather than a backdoor, I just thought that some might find this to be an interesting related story.

Here it is from the horse's mouth:

http://www.securityfocus.com/archive/1/375954/2004 -09-19/2004-09-25/0

Brazil's Voting System

[gihara]

Why not simply license Brazil's Voting System? I am working as a volunteer in Brazil's city elections this years. The machines are simple and reliable, here are the specs. CPU: Geode National - 200 MHz. RAM: 64mb on board. 2 USB and 1 parallel on board. IDE and Floppy interface. 2 30mb flash disks - one for program and the other for the results. 1 floppy disk drive - sadly that's how we deliver the votes... but its quite error free because the votes are also printed. and theres also the flash disk. 9,4" LCD Here's the new model http://www.procomp.com.br/projesp.asp The only real bug in Brazil's votting system is the elector heehe... We elected a drunk last election for president... well... better than Bush... but still a drunk... ehehee

Re:Brazil's Voting System

[AuMatar]

Still- how do you know your vote counted for whom you wanted it to count for? Do you have a paper trail, and do you check the paper trail? If not, your system is only slightly better, if at all. If you do- why not just skip the easily monkeyed with electronic systems and stick with the millenia old paper system instead? Despite all the FUD, the old chad system worked and only a fraction of a percent were miscounted. Most of them were because the voter was too stupid to check if the chad got punched cleanly. Penciling in boxes is good too, it just takes more time. Putting a computer in the system is just an unnecessary weakness.

Paperless Machines CAN be good. Here's How:

[EaglesNest]

Requirements for paperless machines

Essential: Build the machine and software from the ground up starting with the proposition that you will have to recount the votes. All other considerations are secondary.

Parallel testing. On the day of election, randomly select a machine, pull it out, and run a simulated voting process on it. Compare the results with what they should be. Video the entire process. If the results are wrong, go back and investigate the video tape. It should be done for each polling place. This is expensive. The machines cost $3,000-$5,000.

Test before, during, and after elections.

California requires mandatory recounting for a random 1% sample of all ballots. This was introduced after optical scan ballots. This should be a national law.

New Hamphire allows any candidate to demand a recount for up to a 3% margin. Experts know how to count.

Florida did not know how to count votes correctly like many other states.

Issues like blind access are important to the blind, but remember our priorities! Recounts are the essential priority!

Ways to Cheat

Don't activate the cheating until after the election starts.

Only cheat with a few machines. Only a margin is required to swing a close election.

No verifiable audit trial. Design a paperless machine that counts votes and is not voter verifiable.

Get access to the machine before or after the election. The machines are almost always kept in insecure storage and shipped via insecure delivery.

Randomly change a number of votes each way each time you check the results. Change some votes for Kerry and some votes for Bush. Just weigh the cheating for your candidate. This way, you can't tell whether the cheating is a bug or malicious code.

This is great.

[blueforce]

Diebold is headquartered here in Canton, OH where I work. I have some buddies that are programmers over there.

Unfortunately, none of my buddies work on the voting software but man, oh man, is this gonna be fun.

I especially love the quote about "...incompetence and indicate that Diebold programmers simply don't know how to design a secure system." We've always had the friendly "our programmers are better than your programmers" competition but I guess it's obvious we win.

My e-voting experience last Tuesday

[dtjohnson]

My voting precinct has recently began using an optical scan voting system in which you blacken in little circles on the paper ballot for your choice and then feed your ballot into the vote scanning machine which then tallies the results and records them electronically. At the end of the day, the results get sent electronically to some central point where they are supposedly tallied. Anyway, I voted last Tuesday in a statewide primary and when I arrived about 20 minutes after the polls opened, there was already a long line of people waiting to feed their ballots into the vote scanner machine which was refusing to accept any of them. The voting supervisor guy was a gentleman in his 80s who obviously did not have a clue about what to do to either fix the machine or report the problem. People kept arriving, filling out their votes, and then lining up until the place was jammed. (There were 6 precincts using one vote scanning machine). Finally, one of the poll workers got a cardboard box, wrote 'votes' on the side, and said we could just leave our ballots in the box and they would feed them into the vote scanning machine later when it was 'fixed.' So...that's what everyone did since people had to get on to work and such. My conclusion was that this e-voting system was extremely vulnerable to any sort of problem, easily circumvented with fraud, and, in this case, didn't preserve ballot secrecy. This stuff never even got a mention in a newspaper which reported instead how well the voting went.

Bullshit!

[natoochtoniket]

Jefferson added that he doesn't believe that the vulnerabilities show deliberate malice... But the vulnerabilities do show incompetence and indicate that Diebold programmers simply don't know how to design a secure system.

I call bullshit!

I'm sure the Diebold people do understand security, very well. Security is their main business. Clearly, the absense of security in the voting systems is not a result of accident, oversight, or incompetence. I am sure the absense of security is absolutely intentional.

These machines are designed, from the start, to rig elections.

Nothing new.

[ScytheBlade1]

At my school, I was asked to write a voting booth for the school. It's done via PHP and MySQL.

I wrote it. I've got the access which I technically don't have.

Pedro for President, anyone?

Re: "diebold" (German) == "theif old" (English)

[neitzsche]

Oh my, I thought that was pretty funny, and that you were just joking, but NO! translate.google.com really DOES translate that just so.

I blew my mod points a while ago, hopefully someone else will be gracious to you (even though you did post as AC.)

Did anyone notice this part in the article?

[CodeMonkey4Hire]

Harris and the activist stand to make millions from the suit if they and the state win their case.

Why the [fh][eu][cl][kl] would he get any money? This is like a whistleblower suing a company for fleecing its investors and paying all the money to him instead of the investors.

Re:Did anyone notice this part in the article?

[Peyna]

California has a whistleblower statute that would allow them to collect up to 30% of any reimbursement paid to the state.

It makes sense, the state is awarding people for bringing things to their attention which save them money. A lot of employers engage in the same practice.

Good Description with Pics

[canfirman]

Jim Marsh's webpage, http://www.equalccw.com/deandemo.html"The Howard Dean Demo" shows in pictures how easy it is to manipulate the votes. It makes you wonder why the government pushes ahead with electronic voting when they know there are problems.

Where's the NSA when you really need them?

[garyok]

Given that one of the 2 main directorates of the NSA is the Information Assurance Directorate, with the mission statement

IAD's mission involves detecting, reporting, and responding to cyber threats; making encryption codes to securely pass information between systems; and embedding IA measures directly into the emerging Global Information Grid. It includes building secure audio and video communications equipment, making tamper protection products, and providing trusted microelectronics solutions. It entails testing the security of customers' systems, providing OPSEC assistance, and evaluating commercial software and hardware against nationally set standards.

the question is "How come the NSA haven't gone all Enemy of the State on Diebold's collective ass?" I mean we are talking about the most important set of communications in the world's most wealthy democracy: who the people want to run their country.

Someone isn't doing their job.

Mind you, maybe their Signals Intelligence Directorate will intercept this on the way to your servers in the US (I'm in the UK) and they'll take the piss out of the other Directorate until they can't stand the shame and get their fingers out their asses.

Not That Worrying

[angst_ridden_hipster]

Let's face it people, voter fraud is easy with or without computers.

Personal Anecdote:
My polling station got upgraded from the punch-out-the-chad-with-a-stylus system to a poke-the-spot-with-an-ink-stylus system between the last two elections.
My area is heavily Democratic. For efficiency's sake, the polling area has five carrels for Democrats, and two carrels for Republicans. As part of the semi-legendary radical socialist wing of the Republican party, I was waiting for one of the Republican carrels to open up. It was taking a long time, as an elderly Republican neighbor of mine was trying to vote. He complained to the polling place staff that the stylus was not poking out the chads. To demonstrate that it was OK, they pulled a blank ballot off the pad, stuck it in the machine, and stamped a few (possibly) random votes, and pulled it out to show him that the machine was, in fact, working. They then tossed the ballot away. (He was convinced they were trying to invalidate his vote, so he ended up punching each vote all the way through anyway).

But no-one batted an eye that they had just created an illegal ballot. When I called the election office to complain, they gave me a song and dance about how it would have been impossible for them to insert it into the ballot box without raising red flags, how the register would not match, etc. But they don't let you insert you ballot directly into the box yourself; you hand it to someone and you watch them put it into the box. It would be trivial to do a quick palming of one ballot and insertion of another.

With the last election being so close, it would only take a few votes per polling station to throw an election. Bruce Schneier calculated it out in a recent article in terms of cost per vote, and it was quite low. Sure, it would be more expensive and would involve more people to do it in the old-fashioned low-tech way than it would with Diebold's patented cheating system, but the difference is only a factor of two or so. Given the stakes in a national election, that's down in the noise.

So basically, you either have to trust the system and believe that people will not cheat in the election, or assume that cheating is ubiquitous regardless of the physical system used.

#cynicism on
OK: cynicism mode on

In other words, We The People are fucked, we have been fucked, and we will continue to be fucked.

#cynicism off
ERROR: Cynicism mode cannot be disabled.

Re:Not That Worrying

[elpapacito]

Any system can be cheated somehow, given enough motivation to cheat. The big point is how easy it is to cheat ! There's no reason to make a system weaker because the -supposed- future order of difference is one or two points. It smells of apathic depressed behavior, exactly how many politicians would like us to be, apathic and careless.

Maybe you remember the first times newspaper started talking about the "evil computer pirates" (then "hackers" , then "black hat" then god know what they invented) and how they exploited banks' computers.

Remember how people was -totally stunned- by the fact one person could steal millions without actually robbing a bank ? It was fuckinbelievable, yet it was 100% true, it could be done without a trace or a smoking gun. TODAY security is much tighter in many financial systems thanks to hackers exposing or exploiting the loopholes.

So why should we TODAY make the voting system even more cheatable ? We know that computers can be used to manipulate millions of votes in a split second, so for what goddammed reason are we throwing ourself in a predicatable and predicted disaster , with all our past experience with computer abuses ?

The "we must face it" attitude is that of losers.

Patriotism

[Dovregubbens+Hall]

NOTE to FBI, election officials and readers: This is not a suggestion on things to do. I am not saying that someone needs to hack the voting system, I'm just saying that if the worste case scenerio occurs people would notice. I don't want someone doing this and me ending up in Gitmo.

Excuse me for yet again being so anti-american, but I thought that the american concept of patriotism was that you would proudly hack the voting machines if it was needed to demonstrate that the election was easy to steal?

That any patriot would take the risk of being shipped off to Gitmo when it was needed to preserve democracy and freedom?

So WTF happened to patriotism?

The fact is that the voting machines needs to be hacked, at this point the only way to ensure that democracy survives in the US is that CowboyNeal is elected for President.

It means that some patriotic hacker has to do it, and I see nothing wrong with advocating it.

If you want to improve your chances of not going to Gitmo, you may want to hack the machines and hop on a plane to somewhere more free and stage a press conference there just as election officers discover the hack.

Fools.

[Sj0]

The arguement against e-voting is irrelevant, Diebold should have lost the contract after the first two or three security flaws. Overcomplication of the machines by using embedded windows is stupid. If they took security seriously, they would never have tried to use it in the first place.

Linux isn't the answer either. Personally, I'd drop x86 for a cheaper embedded processor, I'd demand engineers with experience in creating hardened systems from scratch, and I'd spend the extra money to make DAMN sure I didn't drop the ball on this projects, which has the potential to be INCREDIBLY profitable for a company willing to do the job right.

Dude - it's the month, not the swamp :)

[JimMarch(equalccw)]

Sheesh :)

(yes, that's my page )