Slashdot Mirror
Chimp Can Hack Diebold Electronic Voting System
rbuysse writes "A million monkeys can write Shakespeare, but it only takes one to mess up an election. Scoop here." Blackboxvoting is behind this demonstration; there's also a lengthy thread on the Bugtraq mailing list.
"Dacek said Wednesday that she fears that critics of the new voting system may try to physically sabotage the machines."
Wow. That's so..... scaremongering.....
Gentoo Sucks
Was the monkey name Spank, like Spank, the monkey? Or "l33t |-|4xx0R 5P4|\|"?!
When pressing the touchpad I guess his trainer must have said something like:
NO! Bad monkey, BAD monkey, BAD MONKEY!!!! NO!!!!!....... ARGH! Dam Hackers!
I'm european, you know... in this side of the Atlantic we mark a piece of paper with an X on who we vote. And yes, a monkey can also do it, but at least we don't spend billions in tech just to keep all the monkeys voting...
The crock is you thinking all of the rejected stories had anything to do with "TECH".
The Diebold story is interesting because of the computerized voting angle. Not sure where the "news for nerds" aspect is in the "Iraq Diary" story, or the "Quick exit" story.
If I want to read 100 stories about Iraq daily, there's tons of other sites spewing them out by the ton. I come to Slashdot for tech-related stories.
Sure we trust the election officials, but do we trust every contractor or tech who might work on those systems? Especially as Diebold seems so lax in checking backgrounds that people with convictions for fraud, blackmail, and embezzlement have access to their code. I'd bet that their contractors are even less subject to appropriate background checks.
[Set Cain on fire and steal his lute.]
However, most of the rejected stories you listed have nothing to do with technology; they merely describe political news or events. I think the bias Slashdot has toward "news for nerds" is appropriate; we can get our pure political news from other sources.
When I'm reading slashdot, I'm looking for info about tech trends and social impacts therefrom, nothing more.
Although very questionable, and highly inflamitory, the above quote would provide better evidence of a corporate conspiracy (much more likely) than a conspiracy by the Republican party.
Comment removed based on user account deletion
"Quite honestly it's somewhat insulting to elections officials and volunteers," he said to the idea that elections officers would tamper with vote results.
I say "Quite honestly, it's somewhat insulting to the voters," to the idea that the voting public should naively disregard the human factor and that temptation/corruption/bribery "just don't happen."
Never underestimate the power of money, especially in large, unmarked bundles.
Government's idea of a balanced budget: take money from the right pocket to balance...oh who am I kidding?
Isn't it basically unconscionable that the actual process of elections be a for-profit venture? While the military may buy hardware from outside vendors, it does so because certain problems require such specific, high-level technical knowledge and manufacturing know-how which they don't posess in-house. A voting system is, at it's core, a system of adding numbers together that any first-year comp sci student could create. Why is something so basic to the legitimacy of our government being given to for-profit ventures with closed systems?
At the government's disposal are hundreds of public universities with some of the brightest minds in the country, many of whom would gladly work on implementing the great american open-source voting system. Even if these graduate students and professors were paid market rates for their work, it would still be much cheaper than what Diebold systems are costing the US. There is also no competitive advantate go keeping the system closed-source... so what if Austrailia decides they want to run their elections on our software? We've proud of other countries copying our constitution and systems of government, why not our systems of elections too? Especially if they improve it, and give those improvements back to us? What, are we suddenly going to be exporting less consumables to them because they have more legitimate elected officials?
The ______ Agenda
Dacek said Wednesday that she fears that critics of the new voting system may try to physically sabotage the machines. She pointed to a recent incident in which a poll judge had to be ordered to return a voting machine that was used for demonstrations at an suburban folk festival.
Does anyone else find it rather strange they are worried about the "critics" and not the ones who seem to be in a big hurry to get these insecure systems in place? In my mind, the critics are the ones trying to stop a possible hi-jacking of democracy.
This reads like a AM radio talk show host comparing protestors at a convention to terrorists.
But with proper security you can have an audit trail on the system that's rather non-trivial to hack. This is a system with no redundancy, with no way of knowing if it's been tampered with after-the-fact.
"Did windows just eat the votes, or was it malicious?"
Just what I want to deal with. There are MANY security schemes that could make this bullet-proof, but it's obvious that Diebold should have stuck to ATMs. (Actually, makes me wonder what software THEY run inside... But then, the finance industry is apparently a LOT more uptight than voting districts/boards are).
The idea that elections can be entrusted to the Diebold corporation is wholly absured when you consider that democracy is an activity of the people, for the people and by the people. Of course the results will be and ***SHOULD*** be questioned; that's the whole point of a democracy. That's why an open source voting system is and should be the only way to do computerized voting; it's open to scrutiny by anyone and everyone, and such it is, eventually and ultimately, beyond scrutiny when the final vote is out.
The open source community should produce as soon as possible an effective, secure, and open source voting system that's ready for reliable usage. It's one thing to criticize Diebold, it's another thing to question an elected official why an open source solution that's proven and secure and anyone can know the ins and outs of is not implemented and another obscure, closed, and highly questionable one is entrusted.
1-2: Handled by millions of point-of-sale terminals already. This is no large feat of engineering that needs to be reinvented.
3: Scantrons are ancient, and work well, with a very low error rate, at least, lower than hanging chads when you've got machines to properly mark the cards in the first place.
4: He walks out of the booth with it, and right up to the ballot box, just like we do currently. No big deal, and after that, he can have proof he voted, but the card with the actual votes on it is in the box.
=====
I wouldn't be amiss to a mis-vote called whenever the election was indeterminate with a known (low) level of error. Like, 0.01% or less (or some other number, that one was pulled out of thin air). To cover error in the system.
Automatic revote.
1-2: There's a known number of possible votes per polling center, and a known number of booths, therefore there should be more than enough paper available in advance for one day's voting. Same with ink.
Scantrons:
This is where a machine helps, black ink (especially magnetic ink, like financial institutions use(d?)) is much less error prone than a #2 pencil with a student erasing, especially since they aren't going to be erasing the mark. That's what the shredder is for, and a new ballot.
Also, a scantron is probably a bad example, as they read a series of dots, and I've seen them get off before on a read. The 2D barcode (a la postal service and UPS) are very accurate reads. UPS/FedEx/USPS send a LOT of mail daily relying on this sort of thing for tracking. And when things do go amis, you can know (embed CRC data into it), and then cause it to be flagged as "human countable", and with black ink, it shouldn't be hard to determine the right votes.
Then a manual entry station for the vote, using information off both the ballot AND the counter's own id, which needs to be validated, helping to deter ballot-stuffing of "unreadable ballots".
If you truly had an infinity of monkeys and of typewriters, then it should only take O(1) time for them to produce a work of Shakespeare. Or, for that matter, all of the works of Shakespeare, including the ones he didn't write.
In general I like your post and its well intended, but I can't help but think this somewhat incomplete;
"Remember, for a democracy to work as intended there needs to be participation by all of its citizens though voting as well as keeping their elected representatives informed of the citizens wishes."
Would you say that democracy works as intended when powerful media corporations use well tested, well developed advertising-like techniques (which border on hypnosis) to sway public opinion and thereby influence voting patterns?
(Because I believe that this is exactly what happens; human beings are, on the whole, remarkably suggestible (otherwise advertising of products or brands wouldn't be worth the billions that get spent on it)).
In the free world the media isn't government run; the government is media run.
>Judging by the fact that most people with the time >to volunteer
You only need to take one day off work to do it.
What's your real excuse? It's not your age, it's the fact that you really aren't interested.
-fb Everything not expressly forbidden is now mandatory.
What Diebold clearly don't understand (or care about) is that while trust in the election officials has always been very important, never before could one single person change all the votes in seconds leaving no evidence! Its like being able to stick your coat hanger through a stack of 50 million punch-cards and have the chads disappear into thin air. But that's not even half of it - they just assume that it can only be done with physical access to that machine - how can they be sure the data is secure on its way to the machine? What if its already been compromised? With a system as complex as the average computer you have allot of exits to cover. At least with paper it would take an army of people to fake 50 million ballots, with computers it could potentially take a few lines of code and an opportunity. Its not even in Diebolds interests to secure things like verifiable election logs, because, if something does screw up Diebold certainly wont want you to know. This is why we call privatisation "The short-sighted or externally lobbied greed of a government in which an enterprise requiring only better management is aquired by worse management who take all profits and place them in a tax haven or a yacht."
This comment does not represent the views or opinions of the user.
I'm not very concerned because
:-)
(a) By "terrorists", I assume you're talking about al Qaeda. How does al Qaeda gain from the presidential election? Neither Bush nor Kerry is likely to stop hunting them down.
(b) There are lots of groups with more stake in who becomes president and who are better equipped to screw with the election -- either political party, for instance. An activist programmer. A state official involved in the machines. I'm worried about *them* mucking with the election, not with terrorism.
(c) It'd hardly be terrorism to hack a system (producing political influence by inflicting terror on a populace), so from a simple, stupid, logical standpoint, unless someone had already engaged in terrorism, they wouldn't be a terrorist.
Why is this a FOX News issue when all they state the obvious?
Because they're being deliberately misleading. Terrorists "hacking the election" is just not a big concern, but they keep trying to keep terrrorism in people's heads. Terrorism has never been a real top national problem, not on 9/11 and certainly not now. Smoking, car crashes, alcohol -- all of these kill more people and cause vastly more economic damage, and do so on a recurring basis. The only reason people care so much about 9/11 is because of the steady and constant media coverage.
I, for one, would like to hear not at all about Bush and Kerry's war records, little about their stupid "war on terror" initiatives, and more about issues that actually affect American citizens.
May we never see th
Am I the only one who started hearing alarms going off in my head when I read this sentence:
"We probably have the most secure system in the nation," said Lamone...
Translation: "We know nothing about security."
And lo and behold, they're using Microsoft Access. I rest my case.
Why would you trust election officials?
The US (not to mention many other countries) have a long and rich history of election officials tampering with the results. What says that that has suddenly ended in 2004?
A different way than "election officials are corrupt" of framing the issue is to point out that corrupt people who want to influence results will want to become election officials. Especially if there are no checks on their power.
I need to come up with a 'Independently invented the obvious idea that no one's using' award. I, myself, came up with that idea about a year ago. And I wasn't the first, and you won't be the last. So ask yourself a series of questions:
Is it obvious to any intelligent person that black box voting system can be tampered with, and, in fact, are being tampered(1) with?
Do we want systems that can, and have been, tampered with?
There are only two possible answers:
People making the decisions are not intelligent.
or
People making the decisions are want a voting system they can tamper with.
1) That is, tampered to the extent of not being certified and not being physically secured correctly. There's no evidence of vote tampering yet, but there's plenty of incidents of illegal alterations after certification that may or may not have included vote tampering.
In addition, there's plenty of records of precinct officals not knowing what version of software had been certified, there's been stolen machines that we have to assume have been stolen for the explicit purpose of reverse engineering, no one is keeping track of the flash memory cards, they're often just laying around, the entire situtation is a mess. The only reason we don't have evidence of vote tampering is there is no way to have evidence of vote tampering.
In fact, you want to know why Diebold resists printouts? There's every evidence that if they did them, their totals would be wrong. Not delibrately, not slanted one way or another, but just wrong everywhere, because the machines are not operated correctly.
If corporations are people, aren't stockholders guilty of slavery?
How can a country place its economic and political future on such a fucked up database/wanna be database application as MS Access? Are you fuckin kiddin me?
What Diebold clearly don't understand (or care about) is that while trust in the election officials has always been very important, never before could one single person change all the votes in seconds leaving no evidence! [Emphasis added]
The classic case of a cashier who trades tickets for money and a ticket taker shows that you can have a trustworthy system even if you don't trust the participants.
Flim-flam. Make it complicated enough and there's plenty of room for skuldudgery. Sure you run checks and balances, but it needs to be simple and obvious enough that it can be trusted without looking any further. In fact if there is a problem it is more likely to be in those checks and balances.
Think Road Runner and Coyote. You do not want a voting system invented by Wyle E. Coyote, Super Genius.
That's the plain and simple of it. No one has ever been able to demonstrate that they'll save money during an election, nor that they're anywhere close to being secure. Diebold's machines are black-box proprietary and it's essentially impossible to determine if someone (say, a bought-and-paid-for Diebold exec) has tampered with the results.
I used to work with county and city elections. No machines were used, just a supervisory staff of elections officials and a horde of volunteers. All voting locations would count each box of ballots twice, each time by a different person, and if the tallies weren't exact they'd go through the whole process again for that ballot box. This would continue until two separate individuals got the same count for the box.
Afterwards, all of the paper ballots would be boxed and stored in a secure location in case it became necessary to do a recount. And again, all recounts were done by box, twice, and any discrepancies meant starting over from scratch for that box.
This wasn't a terribly expensive way of doing things. The primary cost was in printing and mailing the ballots (for mail-ins). The elections sites themselves were run by volunteers, and the supervisory staff was already paid for. Fraud was rather difficult to pull off on the part of the volunteers and the entire process was 'open source'. Individual citizen groups could demand to have a representative sit in on the recounts, as could any political party that was running a candidate.
Why, exactly, are we dumping a system like this for Diebold machines? It makes no sense at all unless someone is specifically looking for a way to fuck up the elections in their favor, or in favor of whomever happens to be paying them off.
And don't tell me that this system can't be scaled; that's bullshit. The system I'm speaking of here was used on the city, county, and state level. If it can be done by one state, it can be scaled for any state, and it's the STATES who run the elections, not the federal government.
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
that monkeys will be prevented from accessing the machines
Which is un-constutional: Our president has the right to vote too!
don't insult monkeys!
monkeys are intelligent, sympathetic, nice, funny and causes no harm to others.
your president is something else...
The voting machines software must be available for public inspection.
The hardware design for voting machines must be available for public inspection.
The assembley of voting machines must be available for representitive public inspection.
The voting machines security must be based on cryptographicly secure systems.
The voting machine once put into service must not be openable, the case must be sealed and no software route to controll the unit in place.
The voting machine must produce a full tally of all votes for any election it has ever been used in when requested by an authorised key holder.
The voting machine must log all administrative transactions, and produce this with all vote counts.
--
The electoral volentears know how to handle people voting, a secure system would have to be devised for handling of the votes taken from the machines, possibly a small printer device similarly open to public inspection to convert the data into a human readable form from an early point in the chain.
If anyone wants to add any more to this, comment on how it can be done feel free. There's no way I can have total trust without proof that the names on the list tally up to what the clicks on the screen mean.