Slashdot Mirror
Chimp Can Hack Diebold Electronic Voting System
rbuysse writes "A million monkeys can write Shakespeare, but it only takes one to mess up an election. Scoop here." Blackboxvoting is behind this demonstration; there's also a lengthy thread on the Bugtraq mailing list.
Am I the only one who thinks that the only adequate punishment that is gonna put a stop to the Diebold-esue shenanigans is to prosecute the company into the ground and then go after every VP/Salesman who lies about the severity of the problems and the coverup?
This Has Got To Stop!
(Yes... been sitting on the sidelines, but I am about fed up)
Go Getem Ahnold!
I
rather than going 'all electronic' there are not more efforts to have a hybrid paper-computer model, off the top of my head:
- the voter comes to the poll, is identified and is given a paper token with a barcode that contains the polling ID station ID and a sequential number (note that the ID is not humanly readable, important for privacy)
- the voter goes in the box, which has a touch screen and an 'easy' UI, voter inserts the paper token in the box which scans it
- voter votes on the touch screen (make it really easy, BIG buttons, BIG text, whatever)
- machine prints out a ballot with the voter's vote in humanly readable form (say, prints out a 'real' ballot with blackened out rectangles on the relevant candidate(s)) and a 2D barcode at the bottom with the vote in machine readable form including the ID on the 'paper token'
- voter looks at the ballot to make sure it's ok, folds it, comes out, puts the ballot in one box and the paper token in the other. If the ballot is not ok there is a shredder right there inside the poll station and the voter votes again.
========= election over ===========
the paper token are shipped to the central office, scanned (should be very fast via the 2d barcodes) and votes tabulated accordingly; for an additional level of security you can always count the votes via the 'human readable' part of the ballot before shipping them.
If a recount or anything is necessary there are several safeguards with this system:
- you can't have ballot box stuffing, because 1 'token' = 1 vote and if those ID are generated 'well' you could even double check that all IDs make sense, sort of like a 'there are only so many valid serial numbers' there. Multiple votes with the same 'ID' will be discarded.
- you can't have doubts on the voter intent, they'll vote on the screen *AND* look at the paper copy before putting it in the ballot box later on
- if there is really no trust in the computers no problem, you can just look at the 'human readable' portion of the ballot as many times as you want: no nonsense about hanging chads or anything.
this (or something like it) would cover all the bases in terms of fast results (via scanning ballots, ship them all to a central location and do it), paper trail and so on. I really can't understand who in their right mind would consider putting the fate of the election in the hands of MS Access, for crying out loud!
-- the cake is a lie
Judging by the fact that most people with the time to volunteer for poll work are our 'seasoned citizens' who, let's be honest, aren't, as a group, too computer savvy, I'd be more worried about the scrupulous people with no computer skills whatsoever messing things up.
I know this makes me an ageist asshat, but how in the heck are all these people going to get up to speed on computers enough to ensure a little 'whoops' doesn't toss a whole county or something?
You know what?
Because Access functions are already built in to the Windows operating system, the totals could be altered even if a computer did not have Access installed on it...
But Maryland election officials agreed with Bear that no hacking can happen unless the hacker is physically at the computer.
How long until somebody writes a virus/worm/trojan that does nothing on most Windows boxes (other than propagate) and on systems where GEMS is detected then around 8:00pm on election day just go wreak havoc with the election results? No physical access to the GEMS systems is needed. If those machines are hooked up to the internet at any time prior to the election (like to get Windoze updates) they could potentially become infected with just such a worm.
Yeah, I know it's a stretch. Just playing devils advocate...
A million monkeys can write Shakespeare...
Perhaps you'd like to visit The Monkey Shakespeare Simulator, which randomly attempts to duplicate Shakespeare's work (don't worry about legal aspects, you can generally assume it's out of copyright).
The current record is 20 letters from "Coriolanus" after 462,060,000,000 billion billion monkey-years. Sent in by Jens Ulrik Jacobsen from Denmark on 31 Aug 2004.
"1. Citizen. Before w ZgJ 8GPxwFnwvG&iX4tKfo("2ny!3Pp..."
matched
"1. Citizen. Before w e proceed any further, heare me speake All. Speake, speake 1.Cit. You are all resolu'd rather to dy then to famish? All. Resolu'd, resolu'd..."
This reminds me, at the recent ASIMO demonstration that I went to this Thursday at my college, they played a movie. In this movie, they were trying to prove the importance of how the robot looks determines how the public will accept it. And at some point they threw in a picture of a touch screen voting machine and mentioned "Florida" and "elections." I was too caught up in my selective hearing to know why these were mentioned in a video about trusting machines, but my friends and I had a good laugh. After all I have read, I could never trust this failure of a company. They need to fold, tuck their tails and find something else.
Diebold says...
Even if the system could be hacked, he said, it could only be done by a person with "unfettered access to the system." Bear noted that elections are not just the machines, but also the people who work the elections.
"Quite honestly it's somewhat insulting to elections officials and volunteers," he said to the idea that elections officers would tamper with vote results.
At every election I have voted in, the officials and volunteers are retirees who have VCRs flashing 12:00! They would never know it if some young whipper-snapper was farting aroung with the newfangled high-tech whizbang voting machines, nor will they be able to help anyone if the machines screw up.
The Uncoveror: It's the real news.
For all the Americans out there, we live in a democracy where "all decisions are made by representatives who act by [our] consent". However, it is incredibly difficult for an elected representative to follow his/her constituent's wishes if they are not informed of which bills they should vote for by their constituents.
A simple letter (here or here or here or here) is one of the easiest ways to inform your elected representative of your stance in regard to certain bills. If you feel strongly enough about fixing the current state of electronic voting in this country, I highly reccomend writing to your elected representatives to inform them of your concerns and certain bills which they should support.
Remember, for a democracy to work as intended there needs to be participation by all of its citizens though voting as well as keeping their elected representatives informed of the citizens wishes.
Also remember that when contacting your representatives a signed, mailed letter makes a much bigger impact than an e-mail.
"I have a porkchop, you have a porkchop. I have a veal, you have a veal".
It must be an AP story if it got on the FOX site... must be the only true thing on the site.
Nothing for you to see here, Please move along.
The report was fairly critical, but balanced.
-molo
Using your sig line to advertise for friends is lame.
I'm european, you know... in this side of the Atlantic we mark a piece of paper with an X on who we vote. And yes, a monkey can also do it, but at least we don't spend billions in tech just to keep all the monkeys voting...
Not that you're serious, but here, I'll explain it. I'll get modded flamebait like I always do, but so what.
The losers of the 2000 election didn't like the results, which were perfectly valid according to the previously established rules and regulations (and common sense tells you you can't change those after an election, just to get the results you want). So they let fly a thousand (or so) lawsuits, and turned it into the postmodern election, where you don't just count a vote, you deconstruct it.
It almost worked. But anyway, having done that, there's a problem. Unless you just want to chuck out democracy, since you claimed there were all these problems, you kind of have to propose to fix them. That's what all this was about - to pretend that the (completely fabricated) "mess" of 2000 was real, and we need to "do something" about it.
Of course we would just use paper and pencil, if we were solving real technical problems. But that's not what's happening.
+5 insightful? while you troll around in the ocean of generalizations please keep in mind that there are those of us who are state/government employees who work hard and get payed squat for it, and we don't appreciate you private sector assholes who get payed 3 times what we do shitting on us. (I work help desk for a state university getting 5.50 and hour and work for the department of transportation during the summer, making a whopping 8 dollars an hour)
Millions long for immortality who do not know what to do with themselves on a rainy Sunday afternoon. -- Susan Ertz
I used subscribe to the notion this was a Republican conspiracy to steal the election. Maybe it still is but the election was really stolen back in Iowa and New Hampshire when Kerry miraculously went from cellar dweller to winner. The guy is unfortunately a loser, no one in their right mind actually likes him. Most of the people voting for him are voting against Bush and not for Kerry.
It would be very interesting to have insight in to the machinations in Iowa and New Hampshire that destroyed Dean's candidacy. Did Al Gore and Jimmy Carter endorse him, because they knew it would make him look like an establishment man and hence a hypocrite. About a dozen rich democrats from the DNC and DLC inner circle funded attack ads in Iowa that equated him to Osamm bin Laden, coupled with a couple dumb remarks insured his fall in Iowa. When the media started piling in the race was decided though a tiny fraction of Democrats had actually voted. When Dean was destroyed, that was the point when the American people were actually denied any real choice. Its kind of wasting your time to steal the presidential election with electronic voting since it's already been stolen.
You see, there isn't a dimes worth of difference between Bush and Kerry on the stuff that matters, Iraq, the patriot act, homeland security, the war on islamic terrorism. They are both going to spend the U.S. in to bankruptcy and line the pockets of big corporations and their wealthy shareholders at the expense of working people.
Most telling, they are both Yale grads and Skull and Bones men. You know democracy is dead in America when a secret fraternity of the elite of the elite, which has 800 living members, can count BOTH presidential candidates as members. What are the odds on that unless the whole process is rigged.
Maybe Kerry was maneuvered into the Democratic nomination by the ruling elite to take a fall, or maybe they knew he was such a pathetic candidate that running him insured Bush would be reelected, or maybe they will be happy whichever one wins though I wager Bush is their favorite. The new Forbes billionaire's list is out and Forbes says they overwhelmingly support Bush. Why shouldn't they, he's given them unprecedented windfalls.
Running a shill is about the only way Bush could get reelected, after the deceit and insanity his administration perpetrated in Iraq. If people were to actually stop and look at how pathetic his record has really been over the last 4 years he would be rode back to Texas on a rail. Fortunately people don't have to think about it, they just have to see that loser John Kerry "reporting for duty" and all of sudden Bush doesn't seem so bad. We'll he really is bad but there isn't anything you can do about it so they just resign themselves to it and pretend it doesn't matter.
Maybe riggable electronic voting machines, and the Pentagon's plan to gain control over the military's vote, were insurance to make sure Bush wins but I doubt that will be necessary at this point. The media feeding frenzy has already started and that will insure Kerry will be doomed before the people even weigh in on the subject, the same kind of frenzy that devoured Dean.
If electronic voting machines are going to be used to rig an election the most likely races they will be used on are the Senate races. The Republicans are desperate to get 60 seats in the Senate because at that point they would have a democratically elected and constitutional dictatorship, especially after a few more years of stacking the courts. When that happens the U.S. is going to be a good country to get out of, and the rest of the world really needs to start working on a global alliance to prevent this group of extremist Christians from dominating the entire planet.
The next four years are going to be a dark period for the U.S. no matter what.
As an example, I heard today on CNN and its on
@de_machina
And not to make light of your accomplishments, but how fucking tough could this be? Seems like they want big holes in their security, doesn't it?
To change the subject slightly, at what point does sabotage become a morally acceptable alternative? I'm assuming that a knife dragged across the touch-screen would ruin the machine, but I won't assume that ruining a voting booth for others would help... any thoughts?
"Hell, I'll piss on the spark plugs if that'll help"
Literalism isn't a form of humor, it's you being irritating.
Computers can lie. They can lie The Big Lie. They can lie with a compete deadpan expression, claiming you did X instead of Y. If you ask them to present their documentation, they can lie about that. If you ask to see their code that produces the documentation, they can lie about that.(1) Unlike humans, they will produce perfectly consistent lies, and it's physically impossible to look inside a CPU and RAM chips while the computer is running. All you can do is, you guessed it, ask the computer what those contain, and it can blithly lie about that.
If you take the code to another computer, one that doesn't lie, and scan it, you will get the truth. Of course, at that point, the people making the lying computer will simple move the lies into the hardware, and you won't find anything wrong with the code anymore. You'll have nice clean code on the disk, and a secret chip on the motherboard that alters a known pointer to somewhere else in memory under certain circumstances. And, no, you can't run software to detect this, because...
Computers can even lie to themselves. This is why all DRM schemes keep getting broken, this is why all copy protection gets hacked, this is why I can watch DVDs on Linux and ignore the region code, this is how VMWare works. This is why Microsoft wants 'Trusted Computer' where, in theory, a CPU can be put in 'no lie' mode. But that doesn't exist yet, and it's doubtful it won't be hacked if it ever does.
And, with recent stunts by Diebold, where there have been delibrate backdoors installed, it's rather akin to a company trying to break it's own copy protection, one it designed to look pretty but be broke in a few seconds. The only thing that's saved us so far is that Diebold is completely incompetant.
Computers are perfect liars. Three computers could, in theory, fix that, if run by different companies and using different systems. (If you just have two, how do you resolve differences?) But no one seems to be doing that, and it would be rather expensive to stick three computer screens in each booth to show what each system thinks you voted for.
That said, we want redundency. Non-computer redundency. We want a printer, that prints ballots off, which are then counted, either alone or together with the computer count. That's all anyone wants.
You don't solve real world security issues by having multiple people check the same badge against the same database, and you don't solve voting security issues by simple recording a vote in three computers. You solve in by recording a vote outside a computer. If you're really clever, you make that vote human readable and machine readable via OCR.
1) Of course, Diebold machines run Windows, and if you think anyone can check that code you're dreaming anyway.
If corporations are people, aren't stockholders guilty of slavery?
Actually, I believe this system would be pretty much scallable to the US.
You only need X% of the population that count the ballots and (X/10)% of the population that received and tally the votes from the differents ballots...
At 3 person per ballot and 200 ballots for 'voting aera' of 40000, you would only need 1.5% to 2% of the population...
Of course, this is all theory... such a system would never be accepted by americans: it would be perceived as archaic
I live in Soviet Canuckistan you insensitive clod!
Say what you will about the relative scale of the elections in the two countries, one thing is certain - the elections work here. The results are in very quickly, the security protocols surrounding voting and counting are simple enough to be comprehensible and auditable by just about anyone, and the whole thing is done with exemplary transparency.
What is the robbing of a bank, compared to the founding of a bank? -- Bertolt Brecht
I'm sure your proud of yourself playing doorman for America, but I'm already actively working on getting out of the U.S., don't need your help, the Bush administration is way better than you are at making anyone sane want to leave the U.S.
I'd be cool with Christian's in power if they actually adhered to the teachings of Christ. Unfortunately I don't think rampant greed and bloodthirsty militarism are Christian values, and those are the two basic tenants of the so called "Christians" taking over America and the Republican party. Just as extremist Muslims are an abomination to Islam, extremist Christians are an abomination to Christianity. If there was a second coming and Christ appeared in America did the things he did, and said things he said 2000 years ago, he'd be locked up or killed by the "Christians" running the U.S.
I'm working hard to line up a country where I can go and stay, and renounce my citizenship. No point in moving out of the U.S. and keep the passport and keep paying taxes to support the current madness. Its not easy. It takes a lot of work to find a country that will be a good place to live and that isn't completely under the thumb of the U.S. America's shadow has become so long there really aren't many places left in the world where you can escape it. I lost track but I think the U.S. has troops in something like 135 countries and I imagine the FBI and CIA are meddling in the same number or more.
I tried to read your link. It was pretty dumb. Its just further proof of how far off the deep end the right wing fringe in the U.S. has gone. I'm really sure there is a left wing conspiracy to use schools to convert everyone to Islam.
I know you'll hate it but I think it is a good idea if schools teach courses in all the major religions, from a cultural and historical perspective. It might alleviate a lot of ignorance and promote more understanding and tolerance. It might fix the acute case of tunnel vision infecting most Christians in the U.S. Again they seem to regurgitate the New Testment the same way Madrasas regurgitate the Koran. No one actually listens to whats those books say, or connect that those teachings are pretty much the exact opposite of the things most of their political, economic and religious leaders are actually doing in the names of those great teachings.
@de_machina