Diebold Insider Comments on Voting System Flaw

Call Me Black Cloud writes "A Diebold insider is blowing the whistle on the company's continued lack of concern about security holes in its voting software. The insider wrote to Brad Friedman, a somewhat shrill political blogger, claiming the company is instructing technicians to keep quiet about the security flaws. This is despite the vulnerability being listed on the US-CERT website for the last year. A Diebold company rep admits the software can be remotely accessed via modem, but states, "it's up to a jurisdiction whether they wish to use it or not...I don't know of any jurisdiction that does that." The insider disputes that, claiming several counties in Maryland made use of the feature in 2004." This in addition to the fact that Blackboxvoting already hacked the system using a chimp last year.

I want my fucking piece of paper

[Dark+Paladin]

I know, I'm asking for a lot. I was told by a coworker that it's a stupid request. After all, if I have an electronic voting system, isn't that suppose to eliminate the need for paper?

Bullshit. I'm sorry, but no - voting is not about how to do it the cheapest and most convienient for the government employees. The John Hummel Voting Ranking System goes:

1. Accuracy
2. Speed/Efficiency
3. Cost

So with that, my dream for the Ultimate Voting System goes like this.

1. Person shows up at the voting center with their ID. They are authenticated (whether this be by picture, or some sort of card reader, not important). If they can not be authenticated, then they get a physical slip of paper to vote with with the mark "Verify ID" and a number. If the ID is later verified, then the vote is counted. If not, then it can be placed in the "not counted" bin. (Not destroyed until 60 months after the election - this is to prevent too many "Whoops - we couldn't authenticate anybody"!) Granted, this ties into the problem with the "secret ballot" idea, but if you can't authenticate the user before voting, this is the next best thing. I'm sure someone could suggest a better method.

2. Assuming that authencated == true, then they are pointed to the voting machine. Voting machine is simple enough - a touch screen for "pick your candidate" with a picture, name, etc. If you're voting on a bill, then you can push a "detail" button to have a copy of it show up for your reading pleasure. Let it be handicap enabled with enlargeable text, comfortable seats (no forcing people to stand) and adjustable screens so folks sitting in wheelchairs can still access the screen.

3. Upon finishing, you are presented with a table of all of your votes and results, and a message reading "Is this correct?" If you select "No", you can change anything, otherwise "yes" means it's all good.

4. When you select "yes", three things happens. The vote is recorded to a local write once ROM device with a unique ID. This ID and voting information is transferred via an encrypted link back to some central location, so election results can be monitored in real time. The third thing that happens is a piece of paper is printed out with this unique ID and the voting information plainly printed out in the same table format you just read, perhaps with a bar code encoding the same vote results for quick tabulation later. You then drop this piece of paper into the voting box. The unique identifier is not related to the voter - just to the vote, so you can't tie in who voted for what, only that "some authenticated person" voted for something, and the unique ID is what they voted for.

5. Votes are now instantly counted. Upon finishing, all of the ROM media is removed and forwarded to a separate voting office - say, a separate division of the government - for validating. If the central office and separate office validate results, then the election is good. Just for kicks, a random sampling of the paper ballots are removed and compared (using the unique identifier) to the votes. If there's a descrepancy, you can pick it out quickly.

6. ROM and paper is stored for 5 years, then thrown out (by then, it's too late anyway), and available for public access by media groups/indepdant analysis.

7. Said above system should be written with GNU software, with MD5 and SHA1 hashes of compiled code made using standard GCC - version agreed upon by government officials at a specific date. Code is locked well before election date, and a copy of source and compiled code used is stored on the same write once ROM system (CD's should be fine) so anyone can compared and complain if they need to.

Whatever happens, no "proprietary" voting code, no "oh, it's secret to protect you dumb little voters" code - open, clear, and simple to validate and completely open to access. Anything less is asking for abuse, and I don't trust either party in the US not to have less-then-honest individuals hoping the screw things in their favor.

Of course, this is just my opinion. I could be wrong.

Lobby Consumer Reports to check this out

[Safe+Sex+Goddess]

When I think about well respected non-partisan organizations, it seems Consumer Reports would be the organization to prove or disprove this.

Let's end the debate once and for all and lobby Consumer Reports to evaluate electronic voting machines. Following is a link to their feedback form.
http://custhelp.consumerreports.org/cgi-bin/consum erreports.cfg/php/enduser/ask.php?

Re:Kerry Won Maryland by 9%

[Daniel_Staal]

If he hadn't, it would have looked odd. Maryland is one of the most Democrat states in the Union.

A good vote-rigger would only swing the votes a few percentage points. Not enough that the 'actual' votes are extremely different from the 'expected' votes. So, you don't win every race and district. You just have to win enough...

If you want to talk conspiracy theory, you could point out that the exit polls were unusually innacurate in the last election. Not quite out of possiblity, but definately out of the ordinary.

Which would be the only sign of a wide-spread, intelegent, vote-fixing scheme.