Diebold Insider Comments on Voting System Flaw

Call Me Black Cloud writes "A Diebold insider is blowing the whistle on the company's continued lack of concern about security holes in its voting software. The insider wrote to Brad Friedman, a somewhat shrill political blogger, claiming the company is instructing technicians to keep quiet about the security flaws. This is despite the vulnerability being listed on the US-CERT website for the last year. A Diebold company rep admits the software can be remotely accessed via modem, but states, "it's up to a jurisdiction whether they wish to use it or not...I don't know of any jurisdiction that does that." The insider disputes that, claiming several counties in Maryland made use of the feature in 2004." This in addition to the fact that Blackboxvoting already hacked the system using a chimp last year.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Scary

[mysqlrocks]

The CEO of North Canton, Ohio-based Diebold, Inc., Walden O'Dell has been oft-quoted for his 2003 Republican fund-raiser promise to help "Ohio deliver its electoral votes to the president next year." O'Dell himself was a high-level contributor to the Bush/Cheney '04 campaign as well as many other Republican causes.

Is this not a conflict of interest?

Re:Scary

One could postulate that tampering with computer ballots leave much more of a trail than traditional tampering.

One could postulate that the sun will rise in the East. If you postulated that "that tampering with computer ballots could leave much more of a trail than traditional tampering.", you would have an argument (a weak one but something). The facts are:

1) At least one existing system (the Diebold system in the FA) is not only not tamper evident, it appears to have features specifically designed to conceal tampering (a timestamp mod utility, separate DBs and functionality for voting and auditing and no tx sequencing spring to mind).

2) Physical tampering does not scale. In order to affect the presidential outcome, one would need to have a number of people in each of 10000+ locations involved. A single skilled individual can achieve the same effect with electronic voting.

3) Virtually all methods of tampering with physical ballots still work on electronic systems! In light of the fact that in the last election an apparently malfunctioning balloting machine was removed to a private warehouse and returned to service while the polls were open, I'd like to see you justify your implication that somehow e- machines are harder to tamper with than plain ballot boxes.

To give a real world example, there is very strong statistical evidence that Ohio's results were tampered with and in a way that could not be done with physical ballots.

I have a question.

[Sheetrock]

Why are the handful of people who identify problems and try to get them solved "shrill"?

I'm not taking issue with the submitter because I hear the term applied to liberals alot -- but I wonder when the alternative of stubborn complacency and "going along to get along" became ideals in our democracy.

Because you don't get things fixed thinking like that.

Depressing

[Concern]

I don't know what's worse: the frighteningly bizarre concept of a voting machine with no voter-verified paper trail, or the small group of people who defend this literally indefensible practice. It fills me with a sense of dread every time I hear another round of this story hitting the news, and it hasn't involved anyone going to jail yet.

Unfortunately, as geeks know better than journalists, there is no sane, moral, or legal reason for paperless touchscreen voting machines to even exist. Almost everyone who is knowledgable in this discipline gets it pretty quickly - because it's extremely obvious, and also because paper is integral to secure systems everywhere, from secure logging on printers in machine rooms to ATMs and even slot machines... You just don't store things like votes on non-user-verified, let alone rewriteable, media.

In fact, if I recall, the state of Nevada was a little while ago in the awkward position of having vastly superior standards enforced for gambling devices than they had for voting machines... although I think now they are one of many states that has put this craziness under some scrutiny...

Yet there really are a few people out there (I've met some on slashdot for instance) who argue to defend this practice anyway. These days, ignorance and stupidity is no longer funny. It's becoming terrifying.

If we lived in a sane country, the people who made these machines would be prosecuted, since their level of negligence certainly rises to the level of criminal even if they have no intent of their own to rig elections, and all of the politicians and bureaucrats who ordered, "evaluated," "tested," and approved these systems should follow not long after. We would know all this, prima-facie, even if Diebold hadn't had a pants-down security incident and exposed their internal emails to the world, showing us their gaffes in first-person detail. We would know even if direct results of their incompetence weren't widely documented

The simple, bedrock need for secure voting systems, and the absolutely impeccable engineering doctrines involving voter-verified paper, are almost universally accepted among credible experts. All explained many times before, better than I could anyway. It's inconceivable there is any debate at this point. Why would we have a voting machine that was deliberately made insecure?

The most credible argument I've ever heard (relatively speaking) is, "Who would cheat anyway? You're just being paranoid."

But you all know the answer to the question of who would cheat at election time: probably, the first person who thought they could get away with it.

Re:Depressing

[garcia]

The most credible argument I've ever heard (relatively speaking) is, "Who would cheat anyway? You're just being paranoid."

It's very sad that this is such a commonly repeated phrase. I really want to know why people think it's *so* horrifying to be labelled "paranoid" -- especially when it comes to the state of our nation.

I realize that paranoia is looked down upon, especially in a time where everyone is more interested in the voting results of Survivor, American Idol, or (ironically) Big Brother, but it saddens me deeply when I am looked down upon for being behind our country's values.

PARANOIA IS WHAT WE NEED! Especially when people just have NO DESIRE to understand the goings on behind political power.

"Seacrest out!"

Re:Depressing

[ShadeARG]

Questioning the integrity of your democratic process is the most patriotic thing you can do. If you don't (or can't) question it, then your system is fatally broken and bad things will happen.

Perhaps one of the scariest moments imagineable is when paranoia and common sense intersect. That's when you know something obviously isn't right, and there's nothing you can do to reverse the situation since any notion of your dissent will automatically label you paranoid.

The sad thing is that all of this should be redundant, but only a small few realize.

Where is the outrage?

[_am99_]

"In my opinion Diebold's election system is one of the greatest threats our democracy has ever known, and the only way this will be exposed is with a Congressional investigation with subpoenas of not just Diebold officials but Diebold technicians."

Yes, I'd agree with that. But good luck with a congressional investigation, they probably won't even be able to get a real room to have meeting about it. Just like Downing Street. Karl Rove is a genius.

What butthole did the democrats have there heads up when let this scam be part of the 2004 election? They had 4 years! How you can have a company with the contract to build paperless voting machines being run by a loyalist to the incumbant party and not have the opposition do anything about it - IS RIDICULOUS!

I hope there is an upset in 2006, or it is going to be another 2 years of a radical Whitehouse running around unchecked, digging the US into deeper holes at every turn.

But really, were is the outrage? I mean this is your democracy?!

Somebody please tell me

[instantkarma1]

why THE FUCK Diebold can make secure ATM machines but are such blithering idiots when it comes to securing their Voting Machines?

Putting on my tin foil hat, I don't think they are idiots at all. I think it was done on purpose. The bigger question is, why aren't WE doing more about this? The integrity of our democracy is at stake. How can shit like this be allowed to happen? How can we 'help' Iraq setup their new democracy when we are so utterly fucked up?

Yes, I'm mad. Mad at this happening, mad at this not getting more attention, mad at people who think I'm crazy for bringing it up. This is unacceptable.

Re:Somebody please tell me

[keesh]

What makes you think Diebold can make secure ATMs?

Re:Chimp

[hungrygrue]

What recount? Predominately Democratic districts like those in inner city Cleveland and Columbus had too few polling places with people often forced to stand in line for six hours or more. An enormous number of people just couldn't vote at all because they didn't have the option of waiting that long. The sub/ex-urban areas had no lines at all - and are much more Republican. A recount won't do much good because the missing votes are those that never got to be cast to begin with. The media kept painting the long lines as a good sign of great participation and turnout - what it was was a breakdown of the voting system and a desaster that excluded anyone would couldn't afford to lose their job for taking six hours off to go vote or who couldn't afford to find a babysitter on such short notice to watch children too young to wait in line with their parent(s).

I want my fucking piece of paper

[Dark+Paladin]

I know, I'm asking for a lot. I was told by a coworker that it's a stupid request. After all, if I have an electronic voting system, isn't that suppose to eliminate the need for paper?

Bullshit. I'm sorry, but no - voting is not about how to do it the cheapest and most convienient for the government employees. The John Hummel Voting Ranking System goes:

1. Accuracy
2. Speed/Efficiency
3. Cost

So with that, my dream for the Ultimate Voting System goes like this.

1. Person shows up at the voting center with their ID. They are authenticated (whether this be by picture, or some sort of card reader, not important). If they can not be authenticated, then they get a physical slip of paper to vote with with the mark "Verify ID" and a number. If the ID is later verified, then the vote is counted. If not, then it can be placed in the "not counted" bin. (Not destroyed until 60 months after the election - this is to prevent too many "Whoops - we couldn't authenticate anybody"!) Granted, this ties into the problem with the "secret ballot" idea, but if you can't authenticate the user before voting, this is the next best thing. I'm sure someone could suggest a better method.

2. Assuming that authencated == true, then they are pointed to the voting machine. Voting machine is simple enough - a touch screen for "pick your candidate" with a picture, name, etc. If you're voting on a bill, then you can push a "detail" button to have a copy of it show up for your reading pleasure. Let it be handicap enabled with enlargeable text, comfortable seats (no forcing people to stand) and adjustable screens so folks sitting in wheelchairs can still access the screen.

3. Upon finishing, you are presented with a table of all of your votes and results, and a message reading "Is this correct?" If you select "No", you can change anything, otherwise "yes" means it's all good.

4. When you select "yes", three things happens. The vote is recorded to a local write once ROM device with a unique ID. This ID and voting information is transferred via an encrypted link back to some central location, so election results can be monitored in real time. The third thing that happens is a piece of paper is printed out with this unique ID and the voting information plainly printed out in the same table format you just read, perhaps with a bar code encoding the same vote results for quick tabulation later. You then drop this piece of paper into the voting box. The unique identifier is not related to the voter - just to the vote, so you can't tie in who voted for what, only that "some authenticated person" voted for something, and the unique ID is what they voted for.

5. Votes are now instantly counted. Upon finishing, all of the ROM media is removed and forwarded to a separate voting office - say, a separate division of the government - for validating. If the central office and separate office validate results, then the election is good. Just for kicks, a random sampling of the paper ballots are removed and compared (using the unique identifier) to the votes. If there's a descrepancy, you can pick it out quickly.

6. ROM and paper is stored for 5 years, then thrown out (by then, it's too late anyway), and available for public access by media groups/indepdant analysis.

7. Said above system should be written with GNU software, with MD5 and SHA1 hashes of compiled code made using standard GCC - version agreed upon by government officials at a specific date. Code is locked well before election date, and a copy of source and compiled code used is stored on the same write once ROM system (CD's should be fine) so anyone can compared and complain if they need to.

Whatever happens, no "proprietary" voting code, no "oh, it's secret to protect you dumb little voters" code - open, clear, and simple to validate and completely open to access. Anything less is asking for abuse, and I don't trust either party in the US not to have less-then-honest individuals hoping the screw things in their favor.

Of course, this is just my opinion. I could be wrong.

Lobby Consumer Reports to check this out

[Safe+Sex+Goddess]

When I think about well respected non-partisan organizations, it seems Consumer Reports would be the organization to prove or disprove this.

Let's end the debate once and for all and lobby Consumer Reports to evaluate electronic voting machines. Following is a link to their feedback form.
http://custhelp.consumerreports.org/cgi-bin/consum erreports.cfg/php/enduser/ask.php?

Re:Kerry Won Maryland by 9%

[Daniel_Staal]

If he hadn't, it would have looked odd. Maryland is one of the most Democrat states in the Union.

A good vote-rigger would only swing the votes a few percentage points. Not enough that the 'actual' votes are extremely different from the 'expected' votes. So, you don't win every race and district. You just have to win enough...

If you want to talk conspiracy theory, you could point out that the exit polls were unusually innacurate in the last election. Not quite out of possiblity, but definately out of the ordinary.

Which would be the only sign of a wide-spread, intelegent, vote-fixing scheme.

Openvoting.org

[fishfish]

Support -

http://openvoting.org/

Not only open voting, but open source for the firmware that takes your vote.

They have been doing good things in California.

unfortunately people could care less

[moxley]

What's really upsetting is that so many people think all of these things are just coincedences or accidents, or are do to laziness. All of the information about Diebold's lack of security and the ease to which their machines could be tampered with was available to the entire world before the election - as well as the insane conflicts of interest involving the ownership of the company and their promises to deliver certain states to Bush. This, along with all of the reports (by credible sources including city and state governmental workers) of misconduct in Ohio and still ...barely a peep. I mean, really, i'm not a democrat or a republican - but damn - I am sick of the US being run by criminals and corporations (of which many are run by or for the benefit of criminals) - and when I say criminals - these people are criminals - white collar or otherwise. People think Enron was the eception rather than the rule - well, sorry, that's not quite the case - it's more prevalent than that. I'm not saying all corporations are evil or anything like that...I'm just sick of people being in denial about how corrupt America business and politics and the incestuous relationship between them is. Apathy reigns. I know the answer, but I can't help asking: Don't people know their history? When business and government collude to this degree where business basically calls the shots with profit above all else it doesn't end well. There is a word for it actually. Diebold needs to be put in check - seriously. Evoting with no paper trail or verification system is absurb - it pratically guarantees misconduct on some level.

Re:Two words

[lgw]

There is no evidence because there is NO paper trail...

And this is why Diebold must go. I don't for a minute thnk election fraud in 2004 was any more widespread than any other presidential election, but can anyone *prove* it? OK, admittedly, even with a paper trail you can't prove there was no fraud, as ballot boxes can be swapped out in transit and such, but in practice this can't be done on a large scale without it becoming obvious due to screwups by the fraudsters.

With no paper trail, someone committing vote can have a huge impact with a very small chance of being caughtin the act, and no chance at all of finding the fraud afterwards. We absolutely need a system where intense scrutiny after the fact is likely to turn up evidence of the crime. This will be a much greater deterrant, but more importantly will give us a much higher confidence in the system.

Computer *aided* voting is a great idea. Have a touch-screen with pictues to help roor readers, have adjustable finst to help the vision-impaired, have an interface that allows the blind to vote in private, print a ballot that is guarenteed to be properly marked. But the result needs to be a marked ballot, not a set of bits. A completely seperate process can automate counting the ballots -computer-printed optically-scanned ballots work extremely well, with no sacrifice of a paper trail.

Worse than scary

[plover]

Thanks to the electoral college system, all it takes is one state to cheat. As long as it's the right state.

Then, within that one state you just have to swing enough votes to tip the scales.

That means flipping half the difference. Using a made-up example, if the state of Bushsylvania has 10 million likely voters and polls show they'll vote 49% D and 47% R, you have to reverse just over 1% of the votes to push it to the R column. That's only 100,000 fraudulent vote reversals, or 110,000 if you include a 10% safety factor. Hell, it wouldn't even take much money to outright BUY that many votes, much less rig the voting machines. (Note that "ballot box stuffing" is less efficient than "flipping" -- to win Bushsylvania, for example, would require 220,000 phony ballots to be added, which is a much bigger task.)

And you might not even have to spend that much. If there are (say) four undecided states with the power to affect the outcome, go to the two with the narrowest margins, and twiddle theirs.

Remember to limit your exposure as much as possible. Restrict tampering to as few districts as you can. Prefer those with the highest numbers of voters, but with historically low turnouts. (Poverty stricken areas are ideal for this kind of tampering.) You don't even have to make every tampered-with district put in "wins" for your candidate -- you just have to reverse a total of 110,000 votes.

You want to keep it local as much as possible. Run it like a terrorist cell -- tiny groups of insiders who each know very little about the overall plan or about other people. Choose your fall-guys in advance, maybe plant some evidence 'in reserve'; in case someone turns coat you can blame a few overzealous campaign workers, and cut them loose before they start reporting further up the chain.