BlackBox Voting Tests California Diebold Machines

Doc Ruby writes "The California Secretary of State has invited Black Box Voting to hack away at some Diebold voting systems. The testing is set for Nov. 30, 2005. Evaluations conducted by Black Box Voting in San Joaquin, Marin, and Alameda counties (Calif.) reveal that a critical paper audit component is missing for all absentee and mail-in ballots, and also for recounts. (Black Box personnel were hired by the Libertarian Party to conduct inspections.)"

Paper trail...

[Pig+Hogger]

Paper trail: the magical words. In Montréal, Québec, the recent municipal election is being contested. Mark-sense ballots were counted by machines, but ballots are kept in sealed boxes after being run through the machine (by the elector). Right now, the ballots are being recounted by hand in the courthouse.

Re:Paper trail...

Voting machine fraud is the least of our problems these days. In the name of making voting "easier", mail-in ballots are becoming the norm. With a mail-in ballot, there is no reliable way to ensure voters are not coerced (by parents, spouses, employers, political parties, etc.). There is no reliable way to ensure the vote was not cast by an imposter, and the few means of verification that do exist can be subverted to compromise ballot secrecy. Vote against the winner, and somehow Code Enforcement receives an anonymous tip to check up on you. The "grave yard precints" will have record turn-outs. "Vote early, and vote often!"

Too little, too late

[Trigun]

Unless there is third party auditing at the time of voting, or access to the source code with definitive proof that the shown code is compiled on the machines, and the machines haven't been updated, then it's an exercise in futility.

Re:Too little, too late

[Pig+Hogger]

Unless there is third party auditing at the time of voting, or access to the source code with definitive proof that the shown code is compiled on the machines, and the machines haven't been updated, then it's an exercise in futility.

Actually, no. Slot machines and video poker are strictly regulated in regards to the actual object code being executed by the CPU. The various gaming commissions have hardware that is used to perform spot-checks (something like a big clip that you clamp on the CPU, and by pressing a button, it performs some diagnostics [à la CRC] to verify that the firmware has not been tampered with.

The same thing could be effected for voting machines.

Re:Too little, too late

Recently, the state of Connecticut sent mailers to households inviting voters to demo electronic voting machines, and fill out a survey. I decided to attend the one held at a local branch of our state university. There were only three machines to try out. One was a Diebold machine.

On the two non-Diebold machines, I was allowed to vote a sample ballot as if the vote were real. The Diebold demonstrator, however, kept tight control over the Diebold machine, allowing only limited public interaction.

I did see something very interesting about the Diebold machine. Something I didn't like at all. The "proctor" explained that during a real voting session, the voter would get a smart card from election officials, insert it into the reader on the voting machine, vote, then turn back the card. The stated reason for the card was to prevent one person from voting multiple times while standing at the machine. However, the proctor was re-using the same card to restart the session as each new person stepped up. When I asked about this, the proctor claimed that during a real voting session, no-one would have access to a multi-use card. I asked her if that was a promise, but she didn't have an answer.

Re:Too little, too late

[Auckerman]

Problem with this is that the state doesn't generate direct revenues from voting, like it does with slot machines. They'll bitch about where the money comes from, who will do the checks, what districts, what time, ect. What's more, there's a fundamental mentality of "trust us, we're the American voting system. What are you so unamerican?" to overcome.

Is it so much to ask that the machine doesn't do any of the counting and merely prints a paper ballot that the voter can hold, look at, walk over to a voting box and put it in themselves? What are they scared of? Why do the companies that make voting machines resist this idea so much?

It looks suspicous to me. They want to make money off more than selling machines. That kind of loss of trust can't be fixed with lip service and "independant" verification.

Re:Too little, too late

[TubeSteak]

... A specific testing protocol was provided by Diebold and the California Secretary of State's office.

...negotiations remain on the procedures. Black Box Voting contends that the proposed testing violates California Election Code 19202, which governs the request for voting machine testing formally submitted to the state of California by Black Box Voting on June 16, 2005. Also, Black Box Voting identified areas of bias in the proposed procedures, which would violate normal scientific protocol and cause voters to lack confidence in the results.

Diebold knows how f*ed up their machines are and I can't imagine that they'd allow BBV a "fair and balanced" attempt at evaluating the machines + software.

Here are the proposed testing procedures
http://www.bbvdocs.org/records/proposedhurstidemo. pdf

The complete, utter, and repeated failure of the Federal and State certification system disgusts me.

Re:Too little, too late

[Pig+Hogger]

If it's "too expensive" to vote, why do you think they still bother to pay for elections???

No paper trail

[Profane+MuthaFucka]

We want a paper ballot. Sure, we could have a computer voting system, but it has to spit out a paper ballot with my choices marked on it. THAT is the ballot that should be counted, either manually, or with an optical scanner.

If the paper trail that I look at is not the same ballot that is counted, I can't be sure that a programmer decided to print one thing and tally another.

Re:No paper trail

[Sepper]

The machines used in Montréal (the ones I saw) where optical scanners with a sealed box to contain the ballots.

The problems we had, was that the center database that was used either crashed or could not handle the load...

Either way thoses sealed box are getting recounted by hand... In the municipal court... In front of provincial judges...

Re:No paper trail

Are they serving beer?

Re:No paper trail

[Lars+Clausen]

I Denmark, we have all-paper ballots, and it just works. Never heard any accusations of cheating, not even from our most extreme parties (like those to the left of the communists), polls results are in within a few hours, there's a nice big paper trail. And before someone says 'Denmark is just a small country', there's nothing in the system that doesn't scale linearly. And no expensive machines required, either.

-Lars

Re:No paper trail

[Flaming+Foobar]

I Denmark, we have all-paper ballots, and it just works.

And, of course, Denmark is only slightly smaller than the USA...

Re:No paper trail

[Eunuchswear]

So, it should work better in the USA, you have more people to count the votes.

Why don't you read what you're replying to?

Actualy the real reason Americans are obsessed with complicated vote counting systems is the dogcatcher problem - how to deal with an election in which votes for huge numbers of posts are being held at once. Most countries try to avoid this, until people start complaing of voter fatigue.

Re:No paper trail

[mobilemic]

you can read, right?

"And before someone says 'Denmark is just a small country', there's nothing in the system that doesn't scale linearly."

Re:No paper trail

you can read, right?

It was a joke, people. The GP requested that no one say Denmark is small, so the parent said "only slightly smaller". I thought it was funny, anyway.

Way

[mboverload]

The only way to make any election truely free, all procedures, protocols, and source code HAVE to be provided.

There is no other way. Period. So what if we look at their source? What are we going to do, take a library to use in some high school election? Any objection to a release of source code is utter lawyer bullshit.

Re:Way

[nmb3000]

Any objection to a release of source code is utter lawyer bullshit.

You mean like a company wanting to protect it's investments?

People on Slashdot tend to forget that companies spend a LOT of time and money writing software. It makes absolutely no sense for them to do this and then go release it all for free to the public. Microsoft doesn't, IBM doesn't, and even the ever-pure Google doesn't. There really are good reasons why.

Say, for example, that Diebold does what you say. They go and release the source under the GPL and the Slashdot peasants rejoice! Huzzah! Suddenly everybody has access to the code that Diebold spend thousands of hours and millions of dollars writing. All of a sudden there's a whole bunch of other electronic voting companies that start up and offer their machines for less than Diebold because they aren't trying to recoup the costs of writing the voting software.

End result? Diebold either goes out of business or leaves that market because Bob's Voting Machines was able to sell for less and still make a profit.

So remind me, why in the world would they want to do what you're asking?

Re:Way

[Androk]

I, for one, don't care if they want to. This is about my country, my democracy (I know not a true democaracy, blah blah blah). If they want to sell products that ensure no cheating in elections, people need to KNOW, not assume, KNOW, that it is a system beyond reproach. It's about my democracy not some stupid companies profits.

Androk

Re:Way

[dougmc]

The only way to make any election truely free, all procedures, protocols, and source code HAVE to be provided.

That sounds great in theory, and I'd love to agree with you, but I can't.

Ok, supposed that you were provided source code. So how do you know that this is the actual source code that generated the code that's actually being used? (And it's not restricted to source code -- the same argument applies to the procedures and protocols that you mentioned.)

Personally, I'd be happy with a paper trail, where you can visually inspect your paper ballot before it's cast. Sure, the machine can keep tallies internally, but when there's a recount, the paper ballots are counted. Anything more complicated is just too easy to tamper with, source code

As long as voting is anonymous, there will be no way to verify that your vote was cast and counted properly, but allowing you to view a piece of paper before it's put into the locked box is the next best thing that I can think of.

(But we could certainly greatly improve the accuracy of the voting process by removing the absolute anonyminity requirement. Accounting methods (I was going to say `modern', but really, I don't think it's changed much recently) would work very nicely if applied to voting. Yes, your bank may occasionally make an error on your checking account, but it can be found and corrected. Under the current voting system, there's very little room to correct anything.)

Re:Way

[Ph33r+th3+g(O)at]

No one said it had to be released under the GPL. They're welcome to retain their intellectual "property," they just have to allow public inspection. If anything, this would limit competition for Diebold because it would be a simple matter for them to accuse any upstart undercutting them of having seen the public source code.

Re:Way

[Philip+K+Dickhead]

And source to the compiler/libraries.

You can introduce bacdoors here, too!

Re:Way

[Pig+Hogger]

Any objection to a release of source code is utter lawyer bullshit.

You mean like a company wanting to protect it's investments?

In this case, yes, it's bullshit.

As the democratic process has to be, in essence, totally transparent (during ballot counting, candidates can appoint witnesses who closely watch the ballot tallying process), it is no mystery that voting machines should likewise operate in a totally transparent manner, that is, not only that the source code be available for inspection by anyone who wishes to, but also that there is a verification process to enable anyone to verify that the actual compiled code in the voting machine has actually been compiled from the source code (yes, this is possible - it is being done for slots machines).

People on Slashdot tend to forget that companies spend a LOT of time and money writing software. It makes absolutely no sense for them to do this and then go release it all for free to the public. Microsoft doesn't, IBM doesn't, and even the ever-pure Google doesn't. There really are good reasons why.

Some croporate sockpuppets on slashdot tend to forget that "intellectual" "property" is not an absolute thing like gravity or matter, but a convention that is GRANTED and, thus, can be witheld for specific reasons. Like, for example, insuring that the democratic process remains transparent.

Now, if a company does not like the idea of writing open-source software for it's voting machine, it is entirely free to refrain from doing so and leaving the market to those who do not mind.

And, besides, the software would be totally useless without the hardware, so why should one care if anybody can "steal" it???

Finally, since the specifications given by the government for voting machines should clearly state that the source code shall be available for anyone who asks, if the company wants to make money, nothing prevents it from bidding a higher price to allow releasing the software.

Say, for example, that Diebold does what you say. They go and release the source under the GPL and the Slashdot peasants rejoice! Huzzah! Suddenly everybody has access to the code that Diebold spend thousands of hours and millions of dollars writing. All of a sudden there's a whole bunch of other electronic voting companies that start up and offer their machines for less than Diebold because they aren't trying to recoup the costs of writing the voting software.

Diebold is not entitled to an automatic profit. Nor any other business for that matter. If it cannot factor in the fact that the software will be lifted by other companies, and goes bankrupt for this, well it only has itself to blame.

End result? Diebold either goes out of business or leaves that market because Bob's Voting Machines was able to sell for less and still make a profit.

This is bullshit. Others manufacturers would have to make their machines identical to Diebold machines, and there, Diebold would have a very good case for suing them.

So remind me, why in the world would they want to do what you're asking?

To make a profit, given that their software will be released as I pointed out above.

Re:Way

[nmb3000]

They're welcome to retain their intellectual "property," they just have to allow public inspection.

But isn't that part of the problem? Who would pick the "inspectors"? Diebold can't if it's supposed to be a fair study. The government, as a client of Diebold really shouldn't either. In addition, who would pay these inspectors for their time?

Also, the only ways I can see to protect their IP is to keep the number of inspectors small and to force them to sign NDAs. I guarantee this would raise a ruckus and questions about the real legitimacy of the study (I know it would on Slashdot in any case).

How would you protect the company's IP but allow an independent and honest study of the code to take place?

Re:Way

I, for one, don't care if they want to. This is about my country, my democracy (I know not a true democaracy, blah blah blah). If they want to sell products that ensure no cheating in elections, people need to KNOW, not assume, KNOW, that it is a system beyond reproach. It's about my democracy not some stupid companies profits.

Androk

Please quit signing your posts. It is unecessary and obnoxious.

Re:Way

[Jah-Wren+Ryel]

So remind me, why in the world would they want to do what you're asking?

Because, like any halfway-savvy government contractor, they develop the software as a work-for-hire. Thus they are already paid for their effort before the code is released. At that point they don't care who does what with the code because they got their money.

Then the next state/county that they provide machines for, they don't need to charge them for the software development - only software maintenance. Then, like all the other producers of real goods like car manufacturers, clothing manufacturers, etc, Diebold can earn their profit margin on the sale of the actual machines.

If Diebold thinks that their outmoded business model somehow trumps the right of the public to have confidence in their elections, then they can go fuck themselves while we, the public, take our business to a company that does know how to satisify its customers and still make a profit.

Re:Way

[EvanED]

How would you protect the company's IP but allow an independent and honest study of the code to take place?

Have them release the source to the public. Not LICENCE the source to the public, just release it.

Sure, it makes it eaiser for other companies to copy what they're doing, but it is no less legal simply because it's easier. And if we apply the same standards to everyone, any company wanting to get into the elections business would need to release code, so it would be at least sorta easy to detect copying.

Re:Way

How would you protect the company's IP but allow an independent and honest study of the code to take place?

It's call copyright law.

Anyway, what is the relevance of your question? It is up to the state, not Diebold, to set the requirements for voting machines. If California requires open source, Diebold can either open their source, or lose California's business.

Re:Way

[aztracker1]

It doesn't have to have a F/OSS license to allow source code review... they could do so under various contractual arrangements... OpenSource, doesn't necessarily mean "FREE".

Re:Way

[typical]

Look, dude. Diebold is *not* going to sell their US e-voting software to China . This is a (lucrative) one-off deal, plus any followup contracts that they can buy theirselves into. There is no point to the software not being placed in the public domain, like everything *else* the federal government pays for with my money.

Re:Way

[MrAnnoyanceToYou]

I find it a rather disturbing statement that the slot machines are more effectively audited than the vote count in the land of the free.

Re:Way

[swillden]

In this case, yes, it's bullshit.

Maybe, maybe not. In any case, it's completely irrelevant bullshit.

It doesn't matter if the software is open or closed. It doesn't matter if the machines are transparent or opaque. If the integrity and security of the system depends on how the bits get shuffled, the process isn't transparent enough, and it's amenable to manipulation.

Voting machines are fine... I even think they're valuable (though whether or not they're worth what they cost is another question). They can make voting simpler and easier, and more accessible to those with disabilities. But they're not, and never can be trustworthy.

That's okay because they don't have to be trustworthy. It's very simple. The primary purpose of a voting machine should be to generate a clearly-readable, granny-verifiable paper ballot. I should be able to look at the ballot the machine spits out, read all of my choices, printed in large, black, fonts on crisp white paper, and see exactly who I voted for. If I see a mistake, I just use the machine to create another ballot, until I have what I want.

Now, if the machine wants to keep an internal tally, that's fine. And it's even fine if the tallies are added up and used as an unofficial result. It's also good if the printed ballots are machine-readable, so that the first tallies can be cheaply, quickly and automatically checked. The bottom line, however, is that the paper ballots can be counted by people. Slowly. Laboriously. With representatives of the candidates looking over the counters' shoulders, ready and eager to pounce on any irregularity.

I couldn't care less what's *inside* the machine. It's completely irrelevant. What matters is what comes out of the machine. If the voter standing in the booth can't look at his ballot and see exactly how he voted, the system is broken. If he can, nothing about how that ballot was generated matters.

Elections should be done with paper, kept in locked steel boxes, and watched over by mutually adversarial representatives of the candidates. The voting machine selection debate should be about price, convenience, price, ease of use, price, accessibility and price. Security and transparency are red herrings.

Re:Way

[dougmc]

I find it a rather disturbing statement that the slot machines are more effectively audited than the vote count

Votes are supposed to be anonymous. Slot machines really aren't. Remove the absolute anonymous nature of voting, and suddenly they could audit votes down to the exact vote. You could even look up online how your vote was tallied after making it.

(Not that this will ever happen, mind you, but it's still something to consider.)

Where there's money involved, everything is audited VERY carefully. Especially when it's the private sector's money (the government is a lot more lax about things.)

But even so, there's a lot that could be done with voting machines. Hopefully this is a good next (first?) step.

the land of the free.

It's just some words in the Star Spangled Banner. We haven't lived in the `Land of the Free' in quite some time. I'm not sure we ever did (though it's way worse than it ever was.)

Re:Way

[frdmfghtr]

Agreed, 100%.

By eliminating the internal tally which has zero way of being physically verified, you have eliminated the possibility of irregular electronic totals, such as more votes being totaled up than registered voters, etc. Sure there can still be corrupt election officials etc., but at least one weak link has been removed from the chain.

Paper, paper, paper...like another poster before me, I do my best to use an absentee ballot, so that I know that my vote hasn't gotten lost in the bit-bucket-shuffle.

Re:Way

[rastos1]

I don't really disagree with you, but what do you expect the code to be?

unsigned long int votes[NUMBER_OF_CANDIDATES];

void Vote(int ButtonID)
{
votes[ButtonID]++;
}

void PrintResults()
{
for (int i=0;i>NUMBER_OF_CANDIDATES;i++)
printf("Candidate # %d got %ld wotes\n",i,votes[i]);
}

Re:Way

[Catbeller]

Open source, no open source, it doesn't matter! There is no way to know what code is running on the voting machines, the PC card, the accumulator PC at the voting station, the modem box, or the upline accumulators at any one time. No "verification" is possible. Even if the code were open, how would anyone know, in real time, that any piece of this long chain of bit crunching has been altered? And how would you figure it out afterwards?

Diebold doesn't have to alter every single result across the country; they can simply tweak a couple dozen districts via the accumulators, and no one would ever know. The machines keep "breaking" during elections, and techs go in to "fix" the totals. This is inexcusable, obvious bull, obvious cheating. Diebold -- which builds ATMs for crissake! -- says that paper records as a backup are unnecessary. Uh, what??!? No one is that dense, especially a company that deals with trillions of dollars in transactions for a living. They don't want a trail, they've fought like maniacs to keep inspectors out. They are cheating. It may only be a select one or three people who know it's happening at Diebold, but they know what the backdoors are. "Exit Polls are unreliable" my aching butt. If they were unreliable, they'd ALWAYS be unreliable, not just in Ohio, in 2004, in the contested districts, where Diebold machines are running.

Re:Way

[mOdQuArK!]

At the very least people ought to be able to opt out of private ballots if they so choose.

That wouldn't be good. If you allow individuals to opt out of anonymous balloting, then they can be intimidated into or paid for showing how they voted to someone ("You'd better show us that you voted the 'right' way, or we'll break your kneecaps").

Making sure that the personal votes of individuals are anonymous is an absolute necessity to avoid coercion. There is no way around it.

There have been plenty of ways proposed to allow anonymous balloting while minimizing "fudge" factors, but the powers-that-be keep rejecting most of them either due to ignorance & laziness, cheapness or corruption.

Re:Way

> So remind me, why in the world would they want to do what you're asking?

Well, some people would think that even a company could care about democracy even if it costs them money. But in the US I'm getting the impression it is considered unethical to think about anything besides money, at least as a company.

Re:Way

[cdrguru]

You seem to be under the impression that it is somehow actionable to build a duplicate of someone else's hardware. It happens all the time, especially in China. One reason you don't see it so much in the US is because it can be very difficult to get the same firmware to go with the easily-discovered hardware parts.

If the software was open and available there would be nothing to stop this form of "competition". And, with a "lowest price rules" mentality, it pretty much means that cheaters win.

Now maybe if the hardware design was patented, or custom chips were used, it could be kept away from this. But today that is just silly. Everybody wants to use off-the-shelf parts and customize the program code. And keeping the code secret is the only way to shut out cheating. Otherwise, people just get the identical hardware made in China and have no R&D costs on the software.

Re:Way

[mOdQuArK!]

Both of those things are illegal and if some type of syndicate tried to do that to enough people to tip an election they would be busted under RICO or similar. If they could get away with it then the system is so flawed and corrupt that you may as well not bother to vote at all.

If you can get the people that you want for writing the laws, how long do you think will be before "RICO or similar" laws are eliminated or made gutless? There's a reason why electing legislators is so important.

And if you think the system is so flawed and corrupt that you don't want to vote at all, then you are just handing control of your life over to the ignorant & corrupt. It is better to try and figure out ways to make the system capable of self-correction and resistant to corruption. Starting with the voting systems is an absolutely required first step.

(What's really pathetic is that a lot of the paper voting systems evolved to be "corruption" resistant _because_ so much corruption was occurring during earlier versions of those systems - but now it seems like the current generation of election officials & legislators are either ignorant or willfully ignoring all of those lessons that were learned during those times. We've basically gone from a situation where we had a reasonable amount of confidence in our voting system to the point where we have to argue about the basic functionality necessary to implement such a system - most of which has been already worked out! It makes me wonder if the basic requirements of a "secure" voting system shouldn't be as important as any other of the structural requirements of the Constitution, so that it doesn't get weakened over time by well-meaning and/or corrupt legislators.

In my view, taking away the privacy of the vote only serves to give people BACK their power rather than take it away.

Your view has been proved wrong many times throughout voting history. If someone _can_ be coerced to vote a certain way, then inevitably there will be someone who will try and force them to vote a way they didn't want to. Anonymous voting is an absolute requirement for a corruption-resistant voting system.

Re:Way

[mOdQuArK!]

Well, I don't have a big list which I can whip out on a moment's notice, but a little Google searching yields a URL that seems to list a number of recent-medium-term historical American voting events where it was fairly apparent that voter "buying" was occurring.

There were also many examples of voter intimidation in the South occurring when blacks were fighting for the right to vote.

Re:Way

[theLOUDroom]

Ok, supposed that you were provided source code. So how do you know that this is the actual source code that generated the code that's actually being used?

It's even worse than that.

What's to stop me from fabbing a custom bios, that ALTERS that known good code?

As an electrical engineer, I believe electrons and voting just don't mix. It's simply not possible to depackage every chip in the system, examine it under an SEM to verify it isn't a custom hacked version of the chip, and repackage it. The cost would be astronomical.

We should be sticking with old-school paper ballots, or mechincal machines. It's much more obvious and harder to cover up tampering when the evidence is visible to the naked human eye. It's much easier to have confidence that a box full of gears with no clock and no internal power source is not going to have a logic bomb that will be actived only on election day.
It would be VERY had not to leave lasting physical evidence in a machincal machine, and you would have to gain physical access to all the machines as opposed to just hacking them via a software update.

Re:Way

[Fujisawa+Sensei]

How would you protect the company's IP but allow an independent and honest study of the code to take place?

I would say the the company needs to be paid for the machines, but everything associated with the machines needs to belong to the voters. Including the software. The conpany needs to be compensated for the labor as a work for hire, but the IP should belong to the American people.

Re:Way

[gnasher719]

>> How would you protect the company's IP but allow an independent and honest study of the code to take place?

That should be easy. If any other company making voting machines copies it, it will turn up when they show _their_ code, and then you can sue their ass off.

My question -

[jafac]

What I want to know is:
What happens when you put a Sony Music CD into a Diebold machine?

(you just *know* they've got Autoplay enabled in there. . . )

Re:My question -

[OakDragon]

What happens when you put a Sony Music CD into a Diebold machine?

Well, if you hold the SHIFT key down, you vote for Pat Buchannon.

Re:My question -

[xstonedogx]

What happens when you put a Sony Music CD into a Diebold machine?

Both Diebold and Sony refuse to admit anything is wrong.

Re:My question -

[M.+Baranczak]

What happens when you put a Sony Music CD into a Diebold machine?

Celine Dion becomes the next US President.

Re:My question -

Congress is replaced by the RIAA

Re:My question -

[sconeu]

Celine Dion becomes the next US President.

<SCREAM type="Anakin Skywalker" subtype="Darth Vader">
NOOOOOOOOOOOOOOOOOOOOO!!!!!!!!
</SCREAM>

Re:My question -

[JedaFlain]

$sys$Johnson is going to be mad when he doesn't get elected.

Re:My question -

[ozmanjusri]

Congress is replaced by the RIAA

No change there then.

Re:My question -

[surprise_audit]

Only if you don't put a bit of sticky tape around the outer tracks on the CD...

Is this how a paper trail should work:

[CrazyJim1]

When a person votes, the paper slides into a view slot: "You voted for Kang". Then they pull a lever, and the paper goes away for the next person. I think that way, you can't reconstruct who voted for who, but voters can watch for voter fraud themselves. Without letting the person view the paper trail, it could create a false paper trail as it goes along, and no one would ever know. Just a thought, I'm no expert. I was wondering how an expert would go about building a tamper proof voting machine.

Re:Is this how a paper trail should work:

[temojen]

Person marks ballot with permanent marker (like the old multiple choice tests but not eraseable). Voting machine is a form reader with a ballot box underneath. This is how municipal elections are done in Nanaimo (and I presume most other municipalities in) BC, Canada. Federal and Provincial elections are still hand-counted with scrutineers seeing (and counting) every ballot.

Re:Is this how a paper trail should work:

[The+Amazing+Fish+Boy]

Also, wouldn't the voter need to put the paper in the box themselves? Otherwise... "You vote for: KANG" ... *pull lever, walk out* ... "You voted for: KODOS" ... *lever goes down automatically* ... "You voted for: KODOS" ... *lever goes down automatically*

Re:Is this how a paper trail should work:

[jumpingfred]

Person marks ballot with permanent marker (like the old multiple choice tests but not eraseable). Voting machine is a form reader with a ballot box underneath. This is how municipal elections are done in Nanaimo (and I presume most other municipalities in) BC, Canada. Federal and Provincial elections are still hand-counted with scrutineers seeing (and counting) every ballot.

This is how voting has been done in San Diego County in California for the past couple of elections. I personally don't think that the touch screens are going to be adding much but expense.

Re:Is this how a paper trail should work:

[Qzukk]

I personally don't think that the touch screens are going to be adding much but expense.

Thats because you're doing it wrong. Computerized voting could be used to give every voter ballots in English, Spanish, Vietnamese, Chinese, Japanese, Swahili, and Mongolian Rock-Talk in their choice of font size. Computerized voting could be used to display the full text of a voting referendum. Computerized voting could do a lot of things.

But it doesn't. Why? All one needs is a machine with blank ballot paper, and pre-configured ballot mark positions, and the machine could print out the entire ballot filled in in a language that the voter can understand... with the right equipment, even in braille (the input phase could be spoken aloud into headphones, then the voter could check the ballot by touch).

Paper trails are essential

[zegebbers]

Without them, there is no way to validate the quality.

Some people have mentioned that receipts might be valid, however this raises issues of people selling votes (or being harassed). The anonymous paper and pencil system is the best --- while corruption can lead to large numbers of fraudulant ballot papers, if the corruption is at this level, there isn't much that can be done anyhow.

Re:Whatever

[Ithika]

I believe you. And I believe her. I believe everything I read on the internet. Especially accusations of Communism; they tend to ring particularly true.

Sigh.

Re:Whatever

[temojen]

Wow, way to make an over the top, unsubstantiatied, and irrelevant ad-hominem attack.

Just wondering...

[The+Amazing+Fish+Boy]

How do you know the source they give makes equals the binary you run?

Re:Just wondering...

[Pig+Hogger]

w do you know the source they give makes equals the binary you run?

It's very easy. Slots machine do.

In Nevada, no slot machine can run unless the manufacturer gives the Nevada Gaming Commission the source code. They can then compile it and get a MD5 checksum for it.

All they have to do then is to go in casinoes and do spot-check on some machines; all they do is plug a special diagnostic box which looks at the firmware and calculates the MD5 checksum, then compares it with the official checksum.

Re:Just wondering...

[OneDeeTenTee]

Hasn't MD5 been cracked?

Of course an exact bit-for-bit compare should be easy enough to do if they're reading the whole firmware anyway.

Re:Just wondering...

[topham]

Yes MD5 has been 'hacked'. But there are alternative hashing algorithms which are more secure.

The point, which had been made by the parent poster was that a standard process already exists, it just happens to be used for Slot machines, not voting machines.

Of course, I think they amount to the same thing myself.

(The way I see it the only difference is, when you get three in a row on a voting machine they are all jokers)

Re:Just wondering...

[JimMarch(equalccw)]

Exactly.

A variant of this for voting machines would involve the distribution of the MD5s or similar on the websites of the vendors, the county governments using it, the Federal Election Commission website and the like, along with a script that will check every file on the voting machine in question for accuracy.

A concerned voter or party rep or one of us at Black Box Voting or whatever can download all that, put it on CD-ROM.

The county can then test the CD you bring in and make sure it contains nothing but the "checker program", mark that CD "approved", you then stick it in the voting machine(s) and run it even with very limited "geek quotient". Now everybody can trust everybody.

--------------

Another big issue is that the data files need to be made public. As God is my witness, Diebold and other major vendors are claiming that the database files (MS-Access in Diebold's case, SQL in most others) are "proprietary trade secrets"(!) and cannot be released by the counties under various public records laws of each state.

This is utter BS. Hell, if you have just ONE set of Diebold data files you know their table layouts and whatnot, and many such have been published all over the net for literally years...with Diebold taking no legal action to make them go away since...well they gave up around Oct. of 2003. See also:

http://www.equalccw.com/dieboldtestnotes.html ...for my personal collection and

http://www.equalccw.com/liebold.html ...for a view of the first and last time they tried to have any of my stuff taken offline.

Diebold MS-Access data files *can* hold forensic traces of vote-hacking if the hack wasn't done very professionally. So why is Diebold fighting to make sure the data files don't end up in public hands, when this "trade secrets" argument is clearly horse manure?

Either they're messing with votes, or they're afraid some of the counties are because Diebold has made it so damned easy.

Jim March
BlackBoxVoting (.org)

Re:Just wondering...

[Pig+Hogger]

...
Jim March BlackBoxVoting (.org)

I see you're in Blackboxvoting.org. Can you e-mail me, I have issues with the voting machines we used since the last 5 years, and I would like to address them at City Hall? (Pig.hogger at gmail.com)

Re:Just wondering...

[penguinbrat]

This will prolly get ignored or flamed like other posts I've made, but what the hell...

With all the potential of rigged elections and such, and everyone here concerned about democracy, and with Diebold (the company that was nailed to the cross a while back for all the corruption and scandels - how are they still around?!?!) making rediculous systems and claims... Why doesnt the open source community make our own - I ***KNOW*** that we could make a system that would out do everything out there 100 fold (duh), and I would think that there is enough backers of OSS that it could be pushed through politically. I was thinking about this the last time /. had its fun with the diebold crap, but I've never started any OSS projects let alone lead one =/

Re:Just wondering...

[ozmanjusri]

Why doesnt the open source community make our own

Most other countries have gone down the FOSS path, and that software and experience is available to the US if it chooses.

http://www.wired.com/news/ebiz/0,1272,61045,00.htm l
http://www.theregister.co.uk/2004/06/23/open_sourc e_voting_software/

Whatever the reason the US decided not to use FOSS voting, it had nothing to do with any difficulty in opting for an open solution, and it certainly has nothing to do with the cost.

Re:Just wondering...

[surprise_audit]

plug a special diagnostic box which looks at the firmware and calculates the MD5 checksum, then compares it with the official checksum

Do you think the Nevada Gaming Commission broke out in a cold sweat when the MD5 Collision Source Code Released story came out??

Verifying a voting machine ought to be easier than verifying a slot machine, as there's not *supposed* to be a random factor in the voting machine. I suppose a voting machine verifier could have a third-party-compiled copy of the code, and some kind of big connector to the address bus in the machine being tested. Run the two in lockstep with an overseer processor verifying that the sequence of instructions being followed is identical. I'm not sure who I'd trust to produce and operate such a device, though. Certainly not the voting machine company, or the current government (of whichever party, BTW).

So we're back to demanding a paper trail, with recounts being handled by live auditors. Forget fancy punches and dangling chads too. Let the paper record be printed clearly, and make it clear to the voter that if the mark doesn't come out, s/he should tell the polling people and get the machine serviced.

Re:Just wondering...

[mOdQuArK!]

All they have to do then is to go in casinoes and do spot-check on some machines; all they do is plug a special diagnostic box which looks at the firmware and calculates the MD5 checksum, then compares it with the official checksum.

Geez, what a useless check. How does the gaming commission discover if the slot machine manufacturer has programmed their diagnostics interface to spoof the checksum they gave to the commission, regardless of what the firmware actually is? Answer: they don't, unless the gaming commission is thoroughly involved with & can monitor closely the design & construction of each machine. I sure hope they have a more secure system for authenticating slot machine behavior than the inadequate system you've described.

Frankly though, I don't think the slot machine manufacturers need to or would really want to risk getting caught breaking the law by rigging their machines, since they & the casinos will make ridiculous amounts of money even following legal gaming limits, but rigged voting machines can result in potentially huge societal damage if corrupt incompetents get into power.

Re:Just wondering...

The county can then test the CD you bring in and make sure it contains nothing but the "checker program", mark that CD "approved", you then stick it in the voting machine(s) and run it even with very limited "geek quotient". Now everybody can trust everybody.

But how will you know the machine is actually booting off your CD?

Re:Just wondering...

[Flaming+Foobar]

Geez, what a useless check. How does the gaming commission discover if the slot machine manufacturer has programmed their diagnostics interface to spoof the checksum they gave to the commission, regardless of what the firmware actually is?

The machine is switched off! The contents of the roms are read directly, and the circuit board is inspected for any tampering. It's not rocket surgery.

Re:Just wondering...

[mOdQuArK!]

The machine is switched off! The contents of the roms are read directly, and the circuit board is inspected for any tampering. It's not rocket surgery.

The diagnostic box has to provide power to get the data out of the firmware, right? There's nothing stopping the machine manufacturer from making sure their hardware provides fake results just for that scenario - heck, it would probably be easier for them to make the fake firmware show up whenever the overall machine didn't have any power, and use the real firmware when the machine was fully powered.

Simply doing a checksum on a box is a useless check. Imagine if you were in charge of QAing a piece of software, where you KNEW that the programmers might be trying to slip backdoors into the product (and for whatever reason you couldn't simply suggest firing the programmers :-). Do you think that you would be able to prevent those backdoors if you simply run the tests that those same programmers tell you will catch any shenanigans?

Re:Just wondering...

[rthille]

I doubt you'd be able to hide the hardware, but I wonder how hard it would be to detect the extra capacitance of the probe and switch back in the 'approved' firmware.

Re:Just wondering...

[Flaming+Foobar]

The diagnostic box has to provide power to get the data out of the firmware, right?

Sure. But it's trivial to design the machine so that it's logic circuits aren't working even if the roms are powered.

There's nothing stopping the machine manufacturer from making sure their hardware provides fake results just for that scenario - heck, it would probably be easier for them to make the fake firmware show up whenever the overall machine didn't have any power, and use the real firmware when the machine was fully powered.

Where do you store the program if not on the roms which are being checked? Don't forget, that the original firmware has to be in the possession of whomever does the inspection. A strong enough (and proprietary) checksum calculator would make it impossible to change the programming afterwards. And in case you are wondering, extra roms would be very difficult to hide. They'd have to be camourflaged or the circuit board altered, and a huge risk to whomever put them there. And in case you are wondering, they can't be simply swapped, because you don't know in advance when the inspectors are coming.

Re:Just wondering...

[mOdQuArK!]

Geez, you just can't let go of a flawed idea can you?

Sure. But it's trivial to design the machine so that it's logic circuits aren't working even if the roms are powered.

You didn't read my response carefully - as I said, it would actually be _easier_ for the manufacturer to design their chips so that when the "logic circuits" weren't powered, then the chip would give the answers that the inspectors were expecting, and when the logic circuits were fully powered then they would behave differently.

Also, most modern circuit boards use Flash Memory modules instead of ROMs, and the Flash Memory module can be designed with custom logic circuitry as part of the chip. (Actually, custom ROM chips usually also have logic circuits onchip, although such circuitry usually only resolves bit addressing issues.) It would be quite simple to create a module which provides one set of data when accessed a certain way, and another set of data when accessed another way.

Where do you store the program if not on the roms which are being checked? Don't forget, that the original firmware has to be in the possession of whomever does the inspection. A strong enough (and proprietary) checksum calculator would make it impossible to change the programming afterwards.

Both the "illegal" program and the program that the inspectors are expecting would be on the same ROM/Flash, even in the original firmware. Almost all modern ROM/Flash modules would have plenty of space to store two sets of the data necessary to run a simplistic program like what would be necessary for a slot or voting machine.

The programming wouldn't have to be changed and no chips would have to be swapped, because the illegal program would already be there but would not be visible to the inspectors. The ROM chip would be designed to present one set of data when the inspectors tried to take a checksum, and to provide the other data when the machine was in actual use.

I will reiterate: there are practically an infinite number of ways that a shady manufacturer can create a design that your simple little checksum idea will not be able to catch. The inspectors must either be intimately involved with the design & manufacturing process, or they have to do a full reverse-engineering procedure on the machines to discover any trojans (_very_ time & resource intensive). A simple checksum is not sufficient to catch a crooked manufacturer. And what goes for slot machines goes even more so for voting machines.

How to fix the system.

[rice_burners_suck]

I know there have been conspiracy theories, and thoughts about voting systems being tampered with all over /. and other sites. Personally, I take those with a grain of salt, BUT , since these voting systems are closed, proprietary, and under the control of some organization that may or may not necessarily have the public's best interests at heart, I wouldn't be surprised if holes are found.

If there's a backdoor of some kind for someone to specifically tamper with the voting results, that would be BAD, but I'd be surprised. I will not, AT ALL, be surprised, however, holes in the operating system, programs underlying the voting software proper, or so-called "middleware" are chock full of holes that someone could use. For that reason, I am very much against this process.

My suggestion to fix the system: There is nothing wrong with filling out (or sending in, for absentee voting) a paper ballot, which, in my opinion, should be produced with anti-counterfeiting and anti-tampering technologies, similar to those employed in our currency. An electronic system could be used to optically scan and process the votes, with individuals verifying the optical scan, and this information should be entered into a database for any kind of processing that the government needs to do, along with the optical scan of the original paper ballot. Most importantly, however, is this: Each paper ballot should have an attached "carbon copy" of some type that the user keeps, which will come with a special user ID and passphrase that the user can use after the election date to log in to a secure site and verify that his individual vote was counted as he intended. This sort of public watchfulness on the voting process will create a situation in which it will become extremely difficult to alter the results.

Re:How to fix the system.

[firenurse]

The only problem with you plan, is that it makes sense.

Re:How to fix the system.

[WindBourne]

I have lived all over the United States. One of the more well known voting frauds was in Chicago with Mayor Daily. Even back in the 60's, there was enormous fraud. Some of it was buying voters, others would flat out grab the box and substitute another one in. There are other places in America were this happens as well(democrats in Mississippi, republicans in Texas).

Re:How to fix the system.

>>If there's a backdoor of some kind for someone to specifically tamper with the voting results, that would be BAD, but I'd be surprised.

Such as being able to edit the vote tallies _and_audit_trail_with a stock copy of MS Access w/o a password, in such a way as to be undetectable?

>>Most importantly, however, is this: Each paper ballot should have an attached "carbon copy" of some type that the user keeps, which will come with a special user ID and passphrase that the user can use after the election date to log in to a secure site and verify that his individual vote was counted as he intended.

That is a very, very bad idea; you could verify to someone else which way you voted, allowing for people to apply "pressure" of the carrot or stick variety.

Re:How to fix the system.

If there's a backdoor of some kind for someone to specifically tamper with the voting results, that would be BAD, but I'd be surprised.

*dons a tinfoil hat*

I went to the voting polls and noticed a joypad, just for fun i entered the 'konami' code up up down dow left right left right b a select start as the title screen scrolled by.. i heard a special 'ding' and i got 99 votes.

'easter eggs' because the source is closed, you can't scan the code for them... do you have any idea what it would be worth to know a 'secret code' for computerized voting machines that gave you extra votes? that would take votes away from other canidates and allocate them to the canidate of your choice? hell yeah they 'can't make money' selling voting machines that are tamper proof, because they can't take cash under the table from so and so a labor union, or so and so a political party to get canidate X elected...

90% of the profit of selling a voting machine is the 'after market' value of selling the elections.. if they actually had to open the source code to 'review' so that anyone and their brother could find all the clever tricks they had for rigging the elections that used their machines they'd have to get honest paying jobs... which since their machine elected canditates sent them all overseas they'd be looking pretty long and hard..

Re:How to fix the system.

[Baricom]

Each paper ballot should have...a special user ID and passphrase

This doesn't work because we want the voter to know who they voted for, but we don't want them to be able to prove that to anybody else. If they can, that opens up the potential for intimidation or vote-buying.

Re:How to fix the system.

[firenurse]

The current punch card system does this allready. Your ballot has a number on it and is matched to your nam at the time you receive your ballot. I don't remeber anybody ever trying to intimidate me for whom ar what I voted for so all this nonsense about a paper trail being open for abuse is FUD.

Re:Whatever

[nmb3000]

Bev Harris is NOT a Communist.

He may be a liar, a pig, an idiot, a Communist... but he is *NOT* a porn star.

Libertarians?

[fimbulvetr]

The libertarian party of all parties? I'm not a member, though I did vote libertarian last year, but I like this. I wonder if any of /.'s democrats/republicans can venture to guess why their beloved party didn't sponsor something so crucial to to keeping the corruption out of our voting. Perhaps it's because they (say: democrats) live by the old cliche: "The enemy (republicans) of my enemy (libertarians/other 3rd party) is my friend" ?

These guys account for something like 1-5% of the vote (depending, of course), it makes sense that they're trying to get these things in line. Think I might just go pay my dues.

Re:Libertarians?

[SeaFox]

Perhaps it's because they (say: democrats) live by the old cliche: "The enemy (republicans) of my enemy (libertarians/other 3rd party) is my friend" ?

I don't think the Libertarians are really seen as a threat to the Democrats. But the Republicans are the ones with a support group in the same league as the Democrats' so your cliche really doesn't make any sense in this case. It's just a case of mutual disagreement with the Libertarian party as to whether there is anything to worry about or not.

Perhaps the libertarians are just paranoid twerps and believe their low vote percentage is part of some massive bi-partisan conspiracy and not really the result of almost all Americans disagreeing with their platform.

Once we all stop trying to fit everyone into a narrow laundry list of beliefs and compete on things issue by issue, then we can start to see what sort of individuals America really does want to lead it.

Re:Libertarians?

[TheSync]

I don't think Libertarians believe their low vote percentage is part of a massive bi-partisan conspiracy, but on the other hand there have been real examples of the Libertarian vote, small though it is, being "misplaced."

Also there are elected Libertarians, although generally they win non-partisan elections to city councils, water and land boards, etc.

Re:Libertarians?

[stiggle]

Democrats and Republicans are two sides of the same party. Go back far enough and they were the same party.
They have a nice little system working for their benefit and they don't want anyone else butting in to spoit it with checks and balances.

Re:Libertarians?

Democrats? They started this crap! I wouldn't be surprised if this is exactly the outcome the DNC hoped for when they orchestrated the hue and cry about punch card ballots. All they have to do is throw around accusations (some more or less valid, many not), push a few exit polls, then stand back and watch. Very clever. And no one can call them on it, because the media loves them like Monica loved Bill (or is it the other way around?) and won't print this because it's too real.

What about online voting?

[GuruThrill]

I've launched a website called votemerich.com, where registered users vote someone rich. We've discussed various methods for trying to keep it to one person per vote. Because this isn't a real election, we can make everyone's voting record public so that anyone can search for fraud. What we'll probably end up doing long term is a combination of snail mail and email verification. Any other suggestions for pure online voting?

Thank you!!!

[TheDarkener]

(Black Box personnel were hired by the Libertarian Party to conduct inspections.)

FINALLY. I am *so* happy we finally have (or are at least starting to get) our heads on straight here. PAPER TRAILS. What the HELL were we thinking before? Has the "almighty computer" glazed over the majority of citizens' eyes by now? Are we ready to think LOGICALLY with fault tolerence here? If the DoD could "invent" a fault tolerant network to potentially survive multiple neuclear attacks, do you think we can start putting that line of thinking to how we elect presidents? Too late this time... And look where it's gotten us!!

I applaud and encourage this "inteligent design" and evolution of our checks and balances. Let it go much further in this direction, and may everyone follow suit.

Doesn't matter...

[ichigo+2.0]

While it's true that blackbox voting machines make it easier to rig elections, it doesn't matter if someone is determined to falsify the voting results. Even with purely paper-based voting, they could use the age-old technique of deception and falsify the results and documents. Maybe even put all "wrong" votes in a box and throw them in an incinerator, and make new ones with the right vote on them. Any "conspiracy theorists" could be silenced by force or public ridicule. It's suprisingly easy when you think about it.

Re:Doesn't matter...

[Duhavid]

That is all quite true, but shouldnt we be doing all we can to drive
problems out of the system? To make it harder and not easier to
take an election by fraud?

Re:Doesn't matter...

[cryptoluddite]

You have people attend the voting, watch the people get their voting cards and walk to the private booth, watch them come out and put their card in the box. Repeat until the end of voting, then watch as the boxes are emptied and counted. Then the dictrict totals are printed in the paper. If they don't match, the people watching raise a fuss. Have people in lots of precints doing this, or all of them for that matter, and any cheating is easily prevented.

Countries like Canada have this system. Their elections are completely verifiable by voters, but still anonymous. My polling place usually has about 500 people vote, and I *would* verify the polls, but here in Virginia a normal voter *cannot* watch the voting take place and *cannot* be there to watch the count. It's illegal and you will get arrested for insisting that you should be allowed to verify your local polling. There is no legitimate reason why. The only reasons that aren't nefarious and still make sense are the pollers are lazy and the people want instant results.

And you wonder why it's legal to download music in Canada, or any of the other ways where Canada is a better America than America.

Re:Doesn't matter...

You'd best keep your ideas to yourself, citizen.

We know where you live.

Re:Doesn't matter...

While it's true that blackbox voting machines make it easier to rig elections, it doesn't matter if someone is determined to falsify the voting results. Even with purely paper-based voting, they could use the age-old technique of deception and falsify the results and documents. Maybe even put all "wrong" votes in a box and throw them in an incinerator, and make new ones with the right vote on them. Any "conspiracy theorists" could be silenced by force or public ridicule. It's suprisingly easy when you think about it.

In Quebec, there's a very curious version of democracy. If you tamper with votes, it's a minor crime, even if you happen to screw with half the votes of a polling station. If you spend $1.00 more than the spending cap on a campaign, or spend money on behalf of someone else without registering, or vote at your summer house instead of your main house, you get thrown in jail for years.

In a referendum Quebec, if your X is not properly formed (it must fill the circle, must not extend beyond the circle, must not be a check mark, a slash, a filled in circle, etc) it is rejected if it is not a vote for the (at the time) governing PQ party's position. Or if you happen to be in a district where voters primarily vote against PQ policy. And it is coordinated by PQ officials. The electioneers don't even charge conspiracy, or election fraud in these cases.

Internet voting

[Stupor+Man]

Personally, I think we should be able to vote over the internet. Using a card reader and a smart card (i.e., your voter registration card) in conjuntion with a user supplied password on your home computer. Is it possible to have fraud? Probably, but it wouldn't be more than any other election with paper ballots. (Chads anyone?)

Re:Get over it

What makes you think the Slashdot editors are democrats? Unsafe voting is unsafe votng. The Libertarians seem to agree.

Right to vote

[Device666]

I think virusses should have voting rights to, especially when they are clever.. It would help us not to get into an illegal "preemptive" war.

Re:Whatever

It's the truth. Al-Zarqawi is behind all of it.

Re:Get over it

[//violentmac]

yes, modding down different opinions is why groupthink will always prevail. Congrats!

Re:Whatever

[TubeSteak]

At least nobody's calling anyone a Nazi

I don't think being called a "communist" is such a big deal anymore. Nobody would really take you seriously since it isn't nearly as loaded a term as "nazi" or "fascist"

Check elsewhere as well

[diakka]

It might be better to try and hack any machines that were used in a state that was more of a close call. It also might be very revealing to see if the hardware and software on those machines differs in any way from the machines here in CA. If there was some naughty stuff going on in some of those boxes, it would be better to ship out only a few to reduce the likelihood of getting busted.

Paper can also be tampered with...

[ChePibe]

The big problem here is that paper ballots can still be tampered with - ballot box stuffing, throwing out opposing ballots, even changing ballots. It's possible.

Maybe if there was some sort of (excuse the buzz word here) biometric way of tracking a vote? Paper ballots with a thumbprint? Well... that does make the whole "secret ballot" thing problematic... and everyone's finger prints would then have to be on file to vote, which probably wouldn't fly either... most polling places don't even require a picture ID as far as I know.

Maybe we should drop the idea of a secret ballot? I'm not saying we should make it a matter of public record or anything, but allow votes to be tied to names specifically. Or is that already done?

Sorry, I'll admit I'm quite ignorant about voting procedures (don't mod me down for it - please correct my ignorance), but developing a truly functional and verifiable means of voting seems nearly impossible while votes records are secret.

Re:Paper can also be tampered with...

[n.wegner]

>The big problem here is that paper ballots can still be tampered with
>ballot box stuffing, throwing out opposing ballots, even changing ballots.

But you can have lay people there to observe this going on, whereas you'd need some engineers with logic analyzers to really track everything a totally computerized system is doing.

Re:Paper can also be tampered with...

[Catbeller]

"whereas you'd need some engineers with logic analyzers to really track everything a totally computerized system is doing."

And they couldn't possibly monitor the situation. Are all the voting machines running approved code? Impossible to know. Is the code locked down, or is it being replaced dynamically to cover tracks? Unknown. Is the code, a closed binary, full of triggers and cheats that only activate within certain parameters? Human nature says probably. Have the flash card couriers been tampered with? Who knows. Are the MS Windows machines acting as accumulators tampered with? Shrug. Is the easily modified Access database on the accumulator protected from tampering with Notepad? Impossible. Is there anyone around who is both 1) suspicious 2) knowledgeable enough to spot gross tampering? Nope. Are the vote totals modified when the technicians are called in to fix the machines during elections? Yes, Virginia, they are and it is a fact.

Even paper backups won't work, and here is why: Paper ballots would not be counted unless a recount is triggered when the vote total could go either way because of a minute spread, OR obvious fraud is committed. If one is controlling the vote tallies at a district level, all you have to do, say, if the trigger is 1%, is to make sure the spread is greater than 1% -- and the RECOUNT NEVER HAPPENS. The paper ballots are not manually counted under scrutiny and compared to the computer counted votes.

And this is beyond the maddening fact that Americans don't understand computers, cheating, or how to avoid this mess. The persistent idiocy I always hear from officials or reporters is the "print a receipt to take home with you" concept. Hair. Pull. Out. Receipts are useless! Paper ballots must be printed for each vote, shown the the voter, and placed in a ballot box.

Here's a simple fix for the recount trigger problem: random manual recounts for every election. IF even ONE of the races turn up as fixed, the lid is blown and we go back to hand counts. I can only hope.

Diebold has fought a manual recount system so ferociously that (Occam's Razor) they have indeed fixed elections. Their have been a lot of stories and sources stating that the employees know something is crooked, altho they are afraid for their jobs. Jobs in IT are scarce. The top management is far-rightist and saw it's duty as electing Bush; the details are tiresome.

Notice exit polls are no longer conducted? They "broke" during 2000, so no news organization will have them anymore. This in spite of the fact that statistics don't "break" during only one extremely critical election, and no other. They didn't break, kids, the election totals were altered and no longer matched reality.

Now we have these damned cheating machines in my precinct. I will vote absentee. To stop me, they'll have to "lose" boxes like the last election.

The defunding of public schools has produced a nation of incurious people who can't understand how simple it now is to change election totals to suit those who run the machines.

Re:Paper can also be tampered with...

[Pig+Hogger]

Here's a simple fix for the recount trigger problem: random manual recounts for every election. IF even ONE of the races turn up as fixed, the lid is blown and we go back to hand counts. I can only hope.

Here, recounts are automagically triggered if there is less than 5% difference between two candidates.

Re:Paper can also be tampered with...

[AuMatar]

Then its not a secret ballot. Do you really want the 1800s back, where you can get fired for not voting the way the owner of your company does?

Re:Paper can also be tampered with...

[symbolic]

They didn't break, kids, the election totals were altered and no longer matched reality.

What's ironic here is that in some countries, the exit polls determine the outcome of an election. The voting process itself is more a formality. I think this lends some strong credibility to your comment.

Re:Paper can also be tampered with...

I say that in addition for every election a random sample of machines should be manually counted. You randomly pick some machines (or test centers if you believe tracking individual machines removes too much of the private nature of voting), with higher probability in closely contested areas, and count the paper ballots. If they disagree at all with the electronic results, a full recount is to be performed on all machines. Again, differences are to be checked for on a per machine basis.

The machines would be locked down after elections, with no access allowed to them until the results are certified/calculated (including any recounts). Any machines which show discrepancies are then to be analyzed by an independent team of computer scientists and engineers.

The recounts must be done by hand, or at least some of the recounts. However, in addition you can recount a larger set using some electronic ballot scanner. For extra security the ballot scanner should be made by a different company than the voting machine itself, preferably more than one company.

The paper ballots themselves should be shown to the voter after they vote (through a transparent window) so he/she can verify they contain the correct information. If the paper ballot contains information in a machine only format (bar codes) a separate random recount should be performed to verify that there is no discrepancy between what the machine format says and what the human readable information says. Preferably the information should be stored only in human readable formats (ie: one which is easily human readable and one which is a bit harder to read but easier for a machine to read).

Re:Paper can also be tampered with...

[n.wegner]

>Are all the voting machines running approved code?

That's why the hypothetical engineers have logic analyzers, to see what the hardware is actually running. The whole point was that it's not worth it when having the computer print a human- and computer-readable ballot is so much easier to verify and safer.

Re:Paper can also be tampered with...

[HD+Webdev]

Our only hope is that the system still works well enough to allow mass numbers of americans to elect people in other political parties as a check against their inbred corruption.

Sure, but even if you get 16 parties involved, you'll still have the same blocs of power being controlled by the same organizations that have plenty of cash to spread around.

Oh yes, they'll pretend to be independent of influence, but soon there will be the same number of people albeit with different colored pins promoting the same agendas and receiving the same cash as they are now.

They'll still group up together behind closed doors to forge groups of forces to to keep and if possible, gain more power. The necessary ingredient for that is a steady flow of cash so they'll be just as corrupt than they are now.

I do agree that we need to fight corruption, but I also accept the fact that corruption and great power ALWAYS go hand in hand and there isn't any easy fix.

Re:Paper can also be tampered with...

The big problem here is that paper ballots can still be tampered with - ballot box stuffing, throwing out opposing ballots, even changing ballots. It's possible.

Not significantly in a well organized system.

Re-read some of the old posts on this topic talking about the Canadian system or investigate it for yourself. The short story is that the boxes and ballots are always in plain view of anyone who cares making large scale fraud virtually impossible or at least requiring the complicity of a significant number of people proportionate to the number of ballots affected. The system can be easily understood by an untrained individual (not just how to vote but how to monitor the vote). The system preserves anonymity yet produces a virtual guarantee that the ballot removed from the box at the end of the day has the same value as the one that went in. The system is cheap, reliable, and requires no services. Because of the high degree of parallelism and multiple sets of eyes, counting is very fast and accurate (based on US implementations, much faster and much more accurate than electronic systems...).

Electronic voting on the other hand concievably allows a single individual to change every single vote in the country either by modifying the way that votes are registered, modifying the totals reports or even allowing an interested party to view the ballots as cast and make the appropriate changes to meet a desired outcome. The latter case is particularly interesting in light of the 2004 election. Such a process could be nearly undetectable in the final tally since a smart person would minimize the changes, however one could guess at some properties that might be visible if their candidate was likely to lose:
- win by just enough that they get elected
- win with a bare majority of the popular vote
- the "lightning fast" electronic tallies would actually take much longer than the manual tallies (since the team would need to be able to act on those tallies and would also need time to set the adjustments then make them).
- a statistically significant diversion from the exit poll results
- a statistically significant relationship between voting tallies and reporting time for key areas (polls reporting later would favour the chosen candidate).

Ultimately however, the real questions are not whether the election was rigged or why we shouldn't use electronic machines but:

COULD the election have been rigged?

WHY should we use electronic voting?

Re:Paper can also be tampered with...

You need to always have manual recounts.
And, during the election itself, separate records need
to be kept of how many people voted in any given
polling station, so that the number of ballots counted
can be compared against the number of actual voters.

Also, election results must be published down to the smallest counting units, so that anybody can check that no mistakes where made during adding up.

Thomas

Thomas

Re:Paper can also be tampered with...

[Grym]

d they couldn't possibly monitor the situation. Are all the voting machines running approved code? Impossible to know. Is the code locked down, or is it being replaced dynamically to cover tracks? Unknown. Is the code, a closed binary, full of triggers and cheats that only activate...

Guys... it's really not this difficult. Think about it for a second. If the machine prints out a HUMAN-READABLE ticket that the voter can verify and stick in the ballot box, no amount of computerized shenanigans can significantly affect the vote. Then, it's a simple matter of counting up the votes on the tickets (whether automatically or by hand) and comparing that number to the number recorded on the computer.

And that's just a simple system. Far better have been lined out and even discussed at length on slashdot. It can be done.

Diebold has fought a manual recount system so ferociously that (Occam's Razor) they have indeed fixed elections... Their have been a lot of stories and sources stating that the employees know something is crooked, altho they are afraid for their jobs. Jobs in IT are scarce. The top management is far-rightist and saw it's duty as electing Bush; the details are tiresome.

Bullshit. We all hear lots of stories. I want to see evidence to your claims. The whole part about people losing their jobs is such a red herring. There's enough people wanting to know this information that no whistle-blower at Diebold would ever have to worry about getting another job or money for that matter. They'd become an instant hero (with movie rights) and would probably receive vast political and financial support from the great number of people who absolutely hate Bush. Think about it. They'd be bigger than Cindy Sheehan--before she went crazy.

But how about we use Occam's Razor again? The fact that SO many people are looking for tangible proof that fraud occurred and that none has been found leads to the conclusion that no evidence exists--which further leads to the conclusion that no fraud occurred. What's wrong with my logic here?

Don't get me wrong. I'm not saying that some fraud didn't occur (it probably did) or that Diebold isn't a morally bankrupt entity (they're pieces of shit). But making these outrageous claims that fraud, on an unprecedented level, affected the outcome of a national election without any sort of evidence is ridiculous. Not only that, but such accusations are dangerous. Public trust in the elections is paramount in a democracy. You wouldn't want the same kind of accusations being thrown seriously around without evidence if your guy won, would you?

Don't be surprised if your candidates keep losing elections if you (their supporters) keep promoting such ideas. The majority of Americans don't like extremists--and they HATE poor losers. Throwing those accusations without any sort of reliable evidence makes you look like both.

Notice exit polls are no longer conducted? They "broke" during 2000, so no news organization will have them anymore. This in spite of the fact that statistics don't "break" during only one extremely critical election, and no other. They didn't break, kids, the election totals were altered and no longer matched reality.

Maybe you should've paid better attention in STATS 101. Statistics based on unrepresentative samples are worthless. This is a classic problem with statistics.

Nobody is saying that the statistics "broke." It's just that they're inaccurate for one very simple reason: people motivated by different reasons tend to vote at different times. Those highly motivated tend to vote early. Those less motivated vote whenever it's convenient. In other words, the anti-Bush crowd rushed to the polls early in the day, and when polling services extrapolated from this sample set, it got a Kerry win. But later in the day, when the Bush voters showed up, it became clear that Bush was going to win--thus the discrepancy.

What

Re:Paper can also be tampered with...

[Shaper_pmp]

The first poster was paranoid, but you're wilfilly oblivious.

Exit polls have been used the world over to predict election results for decades .

The 2000 and 2004 elections were widely suspected to have been corrupt, and there's a positive litany of discrepancies, sketchy behaviour and incredibly convenient "co-incidences" around the personnel involved and results obtained. Then, after these useful and reliable exit polls disagree strongly with the "official" result, the administration says it doesn't want to do exit polls any more?

Have exit polls returned perfectly usable, useful results for the overwhelming majority of the time they've been used? Yes.

If "exit polls" had suddenly and spontaneously broken in this one case, does that justify not using them in the future? No, because statistical outliers aside, in general they're still very good.

Have we discovered any new maths, or a statistical theory that suddenly proves exit polls are dangerously misleading? No.

Were the exit polls wrong disproportionately more often in districts where Diebold machines were used? Yes.

So we have a single event where the long-working exit polls (which are normally accurate) are suddenly and significantly different from the final official tally. This could be written off as a statistical fluke, but the Diebold and ES&S machines are already suspected of widespread insecurity and/or deliberate tampering, and then when it all hits the media the administration announces it won't be conducting exit polls any more?

Why, when they've been used for decades without problem, are exit polls suddenly considered dangerous or misleading? Apart from, that is, their potential to provide an indication of election-tampering?

Re:Paper can also be tampered with...

> Also, election results must be published down to the smallest counting units, so
> that anybody can check that no mistakes where made during adding up.

What is the smallest unit? That's really a dangerous suggestion to make, since you easily end up making the vote non-secret.
This is also true for the voting machines that print something on paper from a roll. Now somebody only needs to remove the "thing" that cuts the paper into pieces and you have a non-secret vote, because you can see the order in which the votes were given.

Re:Paper can also be tampered with...

[Egregius]

The majority of Americans don't like extremists--and they HATE poor losers.

This is exactly how the Republicans win: they claim victory before anyone else and before results are in, then call the other side 'poor losers' when they attest it.

Re:Paper can also be tampered with...

[QuestorTapes]

> Exit polls have been used the world over to predict election results for
> decades. [link to wikipedia snipped]

With generally good, but less than perfect accuracy. Wikipedia is not the best source of information on a subject this hotly debated.

> So we have a single event where the long-working exit polls (which are
> normally accurate) are suddenly and significantly different from the final
> official tally. This could be written off as a statistical fluke, but the
> Diebold and ES&S machines are already suspected of widespread insecurity
> and/or deliberate tampering, and then when it all hits the media the
> administration announces it won't be conducting exit polls any more?

Tha's somewhat oversimplified, There are -without doubt- problems. The immediate leap to deliberate tampering is not the only explanation, especially in light of historical incompetence of election workers. The reality is that finding, training, and supervising the volunteers who do the work is a large task filled with problems.

Many of the inaccuracies cited in Florida and Ohio in particular are not evidence of election tampering as much as evidence of the fact that election jobs are handed out to party hacks who aren't competent to do any real work.

Many pollsters are changing their methodologies to deal with problems that have been affecting accuracy for some time.

> Why, when they've been used for decades without problem, are exit polls
> suddenly considered dangerous or misleading? Apart from, that is, their
> potential to provide an indication of election-tampering?

The problem is that they can only be used to support a -charge- that the election was botched. They can provide no value in determining the cause of inaccuracies, or determining culpability.

To actually audit the elections, we need an audit trail, not a secondary source of information. I'm not arguing against most of your points. You made some good ones. But you let it fall into simple two-valued logic which I feel weakened the value of your post.

A couple of links people might find useful:

http://www.exit-poll.net/faq.html

http://www.mysterypollster.com/main/2004/12/what_i s_the_sam.html

The one at mystery pollster has some nice links to other sources. I found it very informative.

Re:Paper can also be tampered with...

[quarkscat]

The parent poster's arguments are specious, at best. While opinion polls BEFORE an election may be skewed from reliably predicting the outcome, exit polls on election day never fail (except in cases of vote fraud).

It is not only the voting machine itself whose veracity must be questioned -- it is also the vote tabulators. Having accurate votes counted at the precinct level does not matter one whit if the totals can be tampered with at the data collection (tabulator) point. The entire process needs close scrutiny: from unauthorized software updates at the electronic voting booth, "chain of custody of evidence" procedures for collecting vote data, as well as preserving the sanctity of vote data at the tabulators.

The USA's 2000 national election results came into question with several different (unrelated?) events: the disenfranchisement of tens of thousands of minority voters in Florida precincts through the use of privately generated "felon lists", and the disconnect between the accurate exit polls in Florida and the vote tally results.

The GOP-controlled US Congress then spent $6 Billion USD on "electronic voting machines" without having clearly defined methods for verifying vote tallies and vote recounts. The result has been the US 2004 national election in which vote recounts have been impossible, and exit poll results that did not jibe with "official" vote tallies.

BTW: Many democracies rely upon exit polls in order to ascertain the validity of the vote count. Germany's recent federal elections were determined, not by the vote count but by the exit polls on election day -- those results ARE considered relevant and extremely reliable (except in the USA.)

Re:Paper can also be tampered with...

[rthille]

With electronic voting machines, there are no recounts. Asking the computer to spit the answer back at you again isn't a recount.
If you don't trust the first result, and you get a different result from an electronic result, you are really screwed, since you'll never know which was right. (Probably neither :-)

Re:Paper can also be tampered with...

[Shaper_pmp]

"With generally good, but less than perfect accuracy. Wikipedia is not the best source of information on a subject this hotly debated."

Of course I accept that Wikipedia isn't perfect, but with the greatest respect I don't think you can make a case that exit polls aren't:

i) Used the world over to predict election results, or
ii) Trusted by the majority of democratic processes as at least a good guide to election results.

Fact: Almost every major democratic election in the majority of democratic countries uses exit polls.

Fact: Exit polls have been trusted, ever since they were first invented, as a useful and accurate predictive tool to election results.

Fact: Since the 2000 presidential election, and increasingly, elections results have diverged from the exit-poll predictions. These divergences have closely paralleled the uptake of Diebold (specifically) electronic voting machines.

Fact: The 2000 and (specifically) 2004 elections favoured a party whose popularity was dropping. This is the same party with strong links to the Diebold and ES&S corporations, and the same party that's pushing to have electronic voting machines adopted more widely, while fighting to avoid them having to preserve a paper audit-trail.

Fact: The party pushing for a lack of audit-trail is also the one most opposed to releasing the source-code for the machines, when a right to examine the process by which an election is counted should be you inalienable democratic right to ensure fair play. You can inspect paper-vote counting (in fact, I believe it's required), but not electronic counting?

"Tha's somewhat oversimplified, There are -without doubt- problems. The immediate leap to deliberate tampering is not the only explanation, especially in light of historical incompetence of election workers. The reality is that finding, training, and supervising the volunteers who do the work is a large task filled with problems.

Many of the inaccuracies cited in Florida and Ohio in particular are not evidence of election tampering as much as evidence of the fact that election jobs are handed out to party hacks who aren't competent to do any real work.

Many pollsters are changing their methodologies to deal with problems that have been affecting accuracy for some time."

Granted, it could conceivably be lack of education or training, however:

Since the 2000 elections there hasn't been a radical change in the training processes of exit-pollsters, so the exit polls are unlikely to have suddenly become more or less accurate, meaning the election process itself is somehow at fault.

Given elections using Diebold machines statistically distinctly favour the Republican party, this introduces a party-specific bias which wouldn't be explained by anything to do with the election officials generally, unless Republicans were somehow infiltrating even Democrat-run areas and influencing people's votes somehow. TBH, if this was the case it more like specific and deliberate corruption than incompetence.

Even if pollsters are "changing their methodologies" (Source? Evidence?), the fact remains that nothing happened since 2000 that would cause the exit polls to suddenly (and increasingly) become innacurate compared to a fair, real vote. The only single significant change since then has been the introduction (and increasing adoption) of electronic voting machines, and again, they show a distinct statistical perference for republican wins.

"The problem is that they can only be used to support a -charge- that the election was botched. They can provide no value in determining the cause of inaccuracies, or determining culpability."

Indeed. However, an indication that something's badly wrong should be followed up, not ignored or played down, even by the party in power. And "any indication that something's wrong" is better than "no indication at all", which is what the current right is pushing for by campaigning against

Re:Paper can also be tampered with...

[AK+Marc]

You wouldn't want the same kind of accusations being thrown seriously around without evidence if your guy won, would you?

Ah yes. The one thing that it all boils down to. It's a party issue. I didn't vote for Gore. I didn't vote for Kerry. But I believe that the Republicans did their best to rig the election. I think that their election rigging was probably successful in at least one of the races. Florida was all messed up in 2000. There is also proof of Diebold machines messing up, counting more votes than were registered in the area and such in both.

But in answer to your question, I wouldn't question Diebold if a Democrat won. Diebold would only cheat to put in a Republican, as that is what they pledged to do. However, dead people voting has been a Democratic cheat. But, as far as I know, the only party caught trying to illegally affect a presidentail election did so in one that would have been a landslide (Watergate). Oh, and they were Republican. Fool me once shame on you, fool me twice, you can't fool me again. The party is proven cheats, with an illegal plan and a coverup that spanned the whole party leadership. Oh, and Bush brought back as many people from that administration as were physically able to work. Are you sure you want to make it a party issue with a track record like that?

Re:Paper can also be tampered with...

[QuestorTapes]

>> With generally good, but less than perfect accuracy. Wikipedia is not the
>> best source of information on a subject this hotly debated.

> Of course I accept that Wikipedia isn't perfect, but with the greatest
> respect I don't think you can make a case that exit polls aren't:
> i) Used the world over to predict election results, or
> ii) Trusted by the majority of democratic processes as at least a good
> guide to election results.

I didn't. But the wikipedia article referred to went -much- further in its claims. That's why I suggested going to more neutral sources.

> Fact: Exit polls have been trusted...

No argument. But accuracy is always limited by some margin for error. There are known, -real- problems with all traditional polling methods, as the nature of the society we live in is changing. Exit polls are no exception, though they are still -much- more accurate than other polls, and do not suffer from some of the same problems.

> Fact: Since the 2000 presidential election...

No argument, although I am not comfortable with assigning one and only one cause for the inaccuracies. I don't argue that the Diebold machines are -a- cause. I don't even seriously suggest that something else is the primary cause, although I'd listen to an argument someone else made.

My real concern is that in the quest to find the one and only one cause, we patch one hole in a broken system. I'd like to fix -all- the problems.

> Fact: The 2000 and (specifically) 2004 elections favoured a party whose
> popularity was dropping.

Based on what? I'll accept this as a possibility; but I'll want to see details. From my point of view, -both- parties have lost an enormous amount of popularity and credibility. Again, I am not saying "Republican good, Democrat bad"; I'm saying most people I speak to don't think much of either party.

> This is the same party with strong links to the Diebold...

True, but the other party is an enabler, pushing for fast replacement of fundamentally working punch card and OCR systems with untested touch-screen crap in order to get the public -perception- of addressing the problem. Both parties are at fault for the current debacle.

> Fact: The party pushing for a lack of audit-trail...

Again, based on what? What I have seen is officials of both parties at -all- levels being equally obstructive regarding auditing and paper trails. I'm not arguing about the problem; but I haven't seen the white knight on his white horse battling the dark ogres.

>> Many of the inaccuracies cited in Florida and Ohio in particular are not
>> evidence of election tampering as much as evidence of the fact that election
>> jobs are handed out to party hacks who aren't competent to do any real work.

> Granted, it could conceivably be lack of education or training, however:

> Since the 2000 elections there hasn't been a radical change in the training
> processes of exit-pollsters, so the exit polls are unlikely to have suddenly
> become more or less accurate, meaning the election process itself is somehow
> at fault.

Again, I don't disagree that the process is at fault. Simply that the deviations noted are within the tolerances for error -without- a partisan plot. They are higher than they ought to be, and higher than they would be in a working system, but still possible without a conspiracy. With a broken system, it is quite possible for the errors to not cancel each other out.

I'm not even saying there was no tampering; I'm saying there has been tampering with all elections since the process began, by all parties. I'm saying that deviations in statistics and polls are insufficient in and of themselves to take effective action. To fix the problem, we need an audit trail.

Is it suspicious? Hell yes! Is it a smoking gun? Hell no. You basically have a building that burned and a guy who profited on the insurance.

Re:Paper can also be tampered with...

[HD+Webdev]

You don't know many Libertarians do you?

Considering that 1 out of 1,478 people in the USA take it seriously enough to register as a Libertarian, it's not unusual for people to not know many of them personally.

Just one day? This isn't serious.

[r00t]

It takes a damn long time to fully probe a device for vulnerabilities. You have to write software as you go. This is a type of software testing that must find ALL bugs without the advantage of having source code.

Heck, the task may be provably impossible. A special pattern of button presses (reselecting candidates: Bush Nader Kerry Bush Kerry Nader Bush Nader...) could be a password that lets a voter do something foul. What is the chance of finding a 128-bit password? Uh, approximately zero.

I love that...

[Matti-han]

...my party, the Libertarians, which has enough problems with funding as is, needed to pay for something that the elected officials should have done in the first place.

FYI

[TubeSteak]

From TFA:

To put this in context, the California Secretary of State did not originate the idea and suddenly decide to invite us to a test.

Black Box Voting formally issued a request for replication of the Hursti findings under California Election Code 19202.

Here's the link to the specific post detailing their request

If the editors are listening, it might be worth fixing the /. blurb.
That little mistake puts the issue in a wrong light.

Re:FYI

I made that summary that I submitted by just copying and pasting two brief passages from each of the two BBV pages to which I linked, respectively. Those passages are the first mention of the topic in each of their pages. There is of course lots more to this story, much of which is in those pages, the BBV site to which I linked, and of course all over the Net - not to mention as-yet unrevealed evidence of vote-rigging and fraud. I presented the info as BBV presented it. The omission of specific other details that you personally find relevant is not a mistake. The summary is representative of the story, and an accurate leadin to the pages to which it links for more.

Tell me again: WHY MACHINES ?

Why are they using machines to count the votes ?

Here in Germany the voting process is 100% transparent.

The whole country is divided into ~400000 pieces. In each of these pieces, a votingplace is established. Each votingplace is maned by 7 citicens (volunteers prefered. vacant posts are filled by selecting random citicen.).

The voters vote through making a cross on a piece of paper.

After the vote, the whole voting comittee counts the votes two times. After that, the votes are sealed in a bag. The result and the votes are then given to /fetched by the administration.

During the whole process, _every_ citicen has the right to be on place and controll the work of the comittee.

The whole process is FAST:
Usually it only takes ~1 hour to count the votes.

Voters don't need complicated instruction manuals (everybody knows how to use a pen, right ?)

The whole process is reliable:
It is very hard for a political party to man a whole comittee.

As every citisen has the right (and many make use of their right) to be on place and to controll the work, falsifiing is extremely hard.

Because we have a clear paper-trail, every vote can get re-counted.

Ever tried to use a machine when there is a power-outage ? Pens work without electricity.

The whole process is CHEAP:
No expensive machines.
Volunteers & citicens don't get paid.

Re:Tell me again: WHY MACHINES ?

Im the OP.

What does Hitler have to do with the current system ?
You know that Hitler reigned more than 60 years ago ?

Re:Tell me again: WHY MACHINES ?

You have to understand, America is like the Titanic. It's BIG. But it's also (I truly believe), the greatest experiment in governance the world has ever seen, and it proves that the framers were dead on with their ideas of how a country should be created and run. It's currently filled with the hubris that only comes from doing in a mere 230 years things that have never been done, seen or even imagined. Our politicians are small people with small ideas and near horizons. Where once 'everybody' here wanted to change the world, we now only want to have the smallest cellphone, the biggest SUV and to have seen Janet Jackson's nipples at the Superbowl. We're nowhere close to what we were at the end of WWII; the shining moral, ethical and industrial light of the free world. It has taken us barely seventy years to squander almost all of that, to the point where now just being governor of New York is to be considered 'Presidential Material'. But we're still the biggest and best thing in the world, and someday this country is going to have a tremendous intestinal spasm and spew out all of the people that say they lead us, and the people that believe them. It won't be soon and it won't be bloodless. It also won't be Al-Qaida, or maoists, or hippies or any of the other enemies-du-jour. It will be entirely homegrown, like the last one, and it'll stick. I just hope I live long enough to see it. Sorry to ramble. On the other hand, maybe you grew up with MTV, and I'm not rambling at all.

Re:Tell me again: WHY MACHINES ?

[HermanAB]

"The voters vote through making a cross on a piece of paper."

Well, it is somewhat embarrasing, but that is just far too complicated for an American.

Sorry, I just could not resist it!

Re:Tell me again: WHY MACHINES ?

[innot]

Here in Germany the voting process is 100% transparent.

I wish it was as it used to be, but they are sneaking blackbox voting into german elections as well.

During the last election a few weeks ago 2.100 out of 80.000 polling stations used computers.
Of course they had to use computers without paper trail, computers which an expert team of the irish election commission found to be unfit for use due to the usual issues (secret source code, no code audits etc.)

While small manipulations of the elections would have made no difference in the resulting big coalition, remember that the two parties of the big coalition were only some tenths of a percent from each other, so a few votes in the other direction and Schröder would have remained in Office.

I really doubt that there have been any manipulations (yet), but Germany is not safe from close calls where a smalll manipulation could make all the difference.

Here is an article about two two experts who filed a protest against the results of the last election due to the use of unsafe voting machines.

Re:Tell me again: WHY MACHINES ?

but why Hitler?

because he was bloody voted into office in a democratic election? What's your fucking point?

Re:Tell me again: WHY MACHINES ?

[meringuoid]

You have to understand, America is like the Titanic.

What, gradually sinking, in complete denial about it, and the rich are grabbing all the lifeboats?

Re:Tell me again: WHY MACHINES ?

[BlindRobin]

It's the only way to suck huge amounts of tax revenue and control the election at the same time... jeeeeeeshhh don't you know anything

Re:Tell me again: WHY MACHINES ?

[o'reor]

> > You have to understand, America is like the Titanic.
> >
> What, gradually sinking, in complete denial about it, and the rich are grabbing all the lifeboats?

Ouch. That hurt. Mod parent funny, it really deserves it.

Show me the code

[lheal]

Why is it so difficult for elected officials to see the necessity of full source code disclosure for voting machines?

It can't be that they're all on the take. It must be simple ignorance, so that when Diebold says they need to keep their source code private so they can make a profit, the officials accept it.

Still, it baffles me.

Re:Show me the code

[tomstdenis]

$$$

If there was any sense of justice the government would just pay OSS developers to write something that at the end of the day was public domain open to scrutiny.

But of course $$$ trumps all and if Diebold can't make MILLIONS off faulty voting boxes then the commies win!!!

Tom

Awesome

These guys at BBV have been doing great detective work since the 2000 election at least. Hopefully this will help shed some more credible light on the stolen elections since then.

I have to say I don't agree with the "too little, too late" comments. It is never too late to expose this travesty, and upcoming elections will be just as important as the last couple. We can't afford to let corrupt officials and criminals steal our electoral process any longer.

Diebold is doing a little happy dance!

[MioceneMan]

There are about as many ways Black Box Voting can mess up this test as there are ways to cheat elections that use these easily programmed voting machines and tabulators.

Computers are machines which we use to manipulate data. Votes are not the kind of data we want manipulated. End of case, electronic voting machines are a bad idea.

The "paper trail" some of these machines produce is not the ballot that is actually counted, it is an auditing tool. In California only 1% of these paper votes will be compared to the electronic vote. Unless the audit is very carefully designed, and some very stringent security measures enforced, there will be many opportunites to cheat, since 99% of the electronic votes will not be compared to the paper votes. Paper trails and electronic votes are much easier to mess with than boxes and boxes of voter verified paper ballots. People tend to notice when large bulky ballot boxes are being messed with, but nobody can see what's happening to their votes inside a memory cartridge.

As one of the two people invited to this shindig..

[JimMarch(equalccw)]

Let's make a few points clear here.

1) The Libertarian connection happened as a result of California Election Code 15004, which reads:

---
The county central committee of each qualified political party may employ, and may have present at the central counting place or places, not more than two qualified data processing specialists or engineers to check and review the preparation and operation of the tabulating devices, their programming and testing, and have the specialists or engineers in attendance at any or all phases of the election.
---

So we (Black Box Voting) approached the California Libertarian Party to team up and do up-close inspections of these voting machines, or at least explore what's possible under 15004. They hired us at a buck a day. The main result: we ended up with listings of installed software and drivers that make it obvious Diebold wasn't obeying a court order to shut down networking drivers that weren't necessary. We've complained to the California AG's office about this and Diebold's cross-connection of the San Diego central tabulator box to the Internet (also banned by both the same court order and state regulation). More details at:

http://www.bbvforums.org/cgi-bin/forums/board-auth .cgi?file=/1954/14325.html

This upcoming "test hack" at the California Secretary of State's office is another matter entirely.

This all started when we (Black Box Voting) hired Finnish security consultant Harri Hursti to help out in a "test hack" in Leon County FL where the county elections official (Ion Sancho) was worried about all this "Diebold" controversy.

What Hursti found was pretty wild. In short: before the election, all the precinct memory cards are prepped from the central vote count box with the ballot and candidate data...normal enough. But the cards are also prepped with interpreted BASIC code loaded into all the memory cards to control the output of the summary counter printer at each precinct. Worse, if you mess around with that code loaded first at the central tabulator, you can make that end-of-day-printout read whatever you want...put in a vote-skimming routine, false numbers, whatever. Nothing in the system at the central or precinct ends checks for hashes or whatever to see if the BASIC code is legit. Said code can be date/time sensitive so that the machines will still pass Logic&Accuracy testing before or after the election. With the paper trail at the precinct dickered with, you can use the other major hack available - altering the central database of votes to match the precinct report paper. Not hard - the central database of votes is written in MS-Access so either load a commercial copy of Access and tweak by hand, or load/type a Visual Basic script to monkey with the JET database engine (the "Access back end") on autopilot.

Net result: one thoroughly "pwned" election.

The full report:

http://www.blackboxvoting.org/BBVreport.pdf

Since then, *nobody* has tried to duplicate the Hursti results. If they're true, Diebold would have to do a nationwide recall and the Federally approved testing labs (Ciber Inc. in Huntsville AL and a division of Wyle also in Huntsville) would need a visit by people with badges, guns and search warrants.

After the preliminary report on the Leon County hack was released but before the final report linked above, Bev Harris and I formally asked the California Secretary of State's office to check out the issues Hursti found, under yet another obscure clause of the California elections code, 19202:

---
Any person or corporation owning or being interested in any voting system or part of a voting system may apply to the Secretary of State to examine it and report on its accuracy and efficiency to fulfill its purpose. The Secretary of State shall complete his or her examination without undue delay

Mod parent up

[goldfndr]

I'm not sure a more informative reply (or at least interesting) is available in this discussion.

its already been solved (on /. no less)

[floodo1]

A Secure and Verifiable Voting System

why no one ever remembers this is beyond me :(

paper audit is absolutely crucial

How can anyone trust the results of an election when there is no complete paper audit of every voting machine? This must be a joke!

The fact that Mr. Walden W. O'Dell, the CEO of Diebold Inc. voting machines, is an old friend of one of the candidates(George W. Bush) in this election should be alarming enough. As if that was not enough the independent UN inspectors who had been sent during election time have been denied access to both, the voting machines as well as the software which was running on them and which has ultimately decided this election. Am I the only one here who thinks these facts should be alarming to all citizens as well as the international community?

Can't this be beat ?

[Animaether]

I'm curious.. can't this be beat ?

Wouldn't it be technically possible to detect such a device being attached, and subsequently 'loading' the proper firmware ? The device says it's okay, but a while later (perhaps as soon as the device is detached) the naughty firmware is loaded back ?

If it's not technically possible to detect such a device - I take it the machines need to be opened up, at least. Wouldn't it be possible for whoever opens it up to give off an RF signal to tell the machine to load a different firmware ?

Ditto these voting machines... they could give perfectly correct code all throughout testing - and then on election day (by means of a date check elsewhere in the machine) load code that 'oopses' a few times and makes one candidate have more votes than they should, and another less votes than -they- should.

Re:Can't this be beat ?

[Pig+Hogger]

Wouldn't it be technically possible to detect such a device being attached, and subsequently 'loading' the proper firmware ? The device says it's okay, but a while later (perhaps as soon as the device is detached) the naughty firmware is loaded back ?

From what I understand, verification is done with a clip that clips onto the processor. Recalling a similar process I've seen some 25 years ago, what it does is reset the processor, then toggles a special interrupt line (special in that it is dedicaced to that purpose only) and execute some code that's on the diagnostic box. The diagnostic box also checks that the processor effectively loads the data from the diagnostic box.

The only way this could be fucked with is by tampering with the processor box itself.

If it's not technically possible to detect such a device - I take it the machines need to be opened up, at least. Wouldn't it be possible for whoever opens it up to give off an RF signal to tell the machine to load a different firmware ?

It could be possible, yes, but the attendant circuitry would be bound to be eventually discovered.

Re:Can't this be beat ?

[JimMarch(equalccw)]

Hmmmm.

Yeah, these concepts have been kicked around some.

The single nastiest:

Let's say that in order to avoid "specialty hardware" like this meant to beat such code-checks, we went with open-source software that runs on any reasonably standard PC, bought from Dell, a local clone shop, whatever Best Buy has on sale, etc.

But somebody REALLY wanted to hack elections, on a massive scale.

They find some piece of "motherboard guts chip" that nearly everybody uses, or they infiltrate Intel or something, and put something nasty in that gets called by the voting application software and nothing else. And the various source code reviewers (pro and amateur) all miss the trigger code.

How likely is this?

Well...something sorta similar did happen once before. Remember years ago when there was a speed war between various video card makers, and one of the big magazines (PC Mag?) had a video performance benchmark, and several video card makers were caught doing firmware that looked for that magazine's benchmark and when they found it, they stripped error checking and whatnot to the bare bones and ran balls-to-the-wall just to make pretty numbers on the benchmark?

Sorta similar. But it DID get caught and we even figured out exactly who did it. No crime was committed though.

I don't know...on the one hand, the leadership of the free world is at stake, on the other the penalties for getting caught are pretty nasty.

One thing we can do better (in addition to source code review) is better software test procedures in the elections biz.

Oh man. You're not going to believe this, but it's true: in the "logic and accuracy tests" before and after elections, you know what they do to the various voting machines?

As God is my witness: they set them to "test mode" instead of "election mode".

I mean, the first time I saw that, I knew something Dilbert's-boss-level-stupid was going on.

REAL testing would happen in "election mode", with the date/time set to the actual election(!) and with every other possible parameter same as the real deal, right?

Here's the manual for a real voting machine in use in California, from the SecState's site:

http://www.ss.ca.gov/elections/091404_5a_p.pdf

On page 9:

---
4.3. Pre-Election Logic and Accuracy Test (Pre-LAT)
The local election official shall have the entire system, both machines and central system, tested
to ascertain that it will properly count the votes cast for all offices and all questions. The test
shall be conducted by manually and/or electronically performing Vote Simulation Cartridge in
the Pre-Election Logic and Accuracy Test mode of the voting machine. The test must utilize a
pre-determined test script of at least one vote for each possible selection within an office of
question. To test the central system, a number of results cartridges from the machines will be
tallied. The printed results from the central system are compared to both the machine results
and the test script. If a voting machine or the central system does not accurately count the test
script or test vote, the cause for the error shall be ascertained and corrected and an errorless
count shall be made before the system is approved for use of counting votes.
---

Doh!

Because the system isn't designed to be better

[typical]

Because the only reason we have e-voting is because

(a) election officials are scared of being held responsible for another Bush-Gore style fiasco

and

(b) Diebold has promised them that e-voting will solve this problem. (No hanging chads with a simple binary button!)

What's happening is a massive taxpayer expenditure to buy an inferior product lacking existing safeguards that benefits only (a) Diebold, who can siphon off federal money and (b) the election officials, who can't be personally held responsible for anything.

Re:As one of the two people invited to this shindi

[Ninja+Programmer]

* They want US to do the hack, not them.

Well that's about the only good thing in this list.

* They want us to hack a Diebold optical scan version 1.96.6 system which has never been used or certified in California and has probably been modified *after* the Hursti report was released.

What's the point in auditing something that has never been used, and for which there is not proof that it will ever be used, or that it won't be "upgraded" in the future?

* The test conditions were to be very limited and with a time limit (which they haven't decided on yet).

This is meaningless. The time-limit should be "as long as it takes". (A few days would probably be sufficient.)

* The test machines would be supplied by Diebold.

Who actually owns or posessed the machines used? Are they leased or something? Obviously you want to audit a machine that's actually been used, or which is supposed to be used in the actual election.

This is like a magician telling you to pick a card from the top of a deck that he prepared and didn't shuffle.

* We would not be allowed to do any hacking we don't tell them about ahead of time - in other words, no "tire kicking".

So Diebold gets to rig up a special machine to defeat a few very narrowly described hacks that you have fully described up front? I don't call this an audit.

* They get to videotape everything, we are banned from bringing cameras.

Ridiculous! An audit without a report to all parties concerned is not an audit at all.

* The public isn't invited.

That just sounds punitive and just additional restrictions to let Diebold control everything about the situation.

* Diebold has had five months to prep for this thing, we get less than two weeks.

Prep time should not be relevant. Just bring the real machine in, give experts on both sides time to examine things until the thing can be considered auditted.

Most of these restrictions are ridiculous, superfluous and clearly designed to give Diebold the ability to completely control and direct this "audit". Their purpose is obvious; they want to put out the press release: "We invited the most antagonistic elements to audit our system and they were not able to find any flaw in the system" after convincing you to take part in this charade where obviously you will not find what you are looking for.

I don't know what the right response is for you people, but clearly the state officials are being "handled" by Diebold here. You have to find some way expose or work against or break this down.

Think about it

Think Ohio, 2004. What possible incentive would the current Administration & Congress have to insist upon making the current process transparent and subject to review? The G.A.O. report hammered Ohio and their voting machines. Reaction from our "elected" leaders? None.

Comment removed

[account_deleted]

Comment removed based on user account deletion

If US voting isn't rigged...

[Hosiah]

then doesn't it seem rather strange that the president who only has a 30% approval rating got elected by a majority only a year ago?

Re:Get over it

[Duhavid]

Would you "get over it" if the republicans were to be losing
and there were reasonable questions about the voting procedures?

I suspect not. And I hope not. If the allegations
have a basis, then it should come out. If they dont,
then that too, should come out.

The methodology used in the machines is suspect. I dont
think anyone would want to buy or use an ATM machine
without the ability to audit it's transactions and know
that that audit is sound. Voting seems important enough
to invest the time and energy into getting it right and
above reasonable question.

I dont think it is so much right/left as it is right/wrong.

Re:Whatever

[whitehatlurker]

He may be a ..

unh ... isn't this Bev Harris?

I haven't enough porn films to verify whether this is a porn star, but I rather think I can tell gender.

(Yeah, I know it's a Simpson's quote, but you can still modify these things to reflect the immediate situation.)

Re:As one of the two people invited to this shindi

[JimMarch(equalccw)]

Quoting:

"I don't know what the right response is for you people, but clearly the state officials are being "handled" by Diebold here. You have to find some way expose or work against or break this down."

Well we've "handled" it back so far by proposing a much more reasonable test protocol. No response yet from them.

The thing about us doing the hack is, yes it'll be great if it's fair, but...OK, let's say the SecState's office does it, and it turns out later that what they tested was a classic "lab queen" Diebold Frankensteined up nice and special. Can you say "egg on face"? "Who does the hack" is connected to "who takes the political risk if it's done wrong"...noteworthy especially since state law (EC19202) says it's THEM that does the testing...

At the same moment we replied in EMail to the SecState's office, we put out a press release on this subject...we've had a fair number of responses so far and a few of hits in Google News just today:

http://www.govtech.net/magazine/channel_story.php/ 97374

(and the same story above in another "government news site"...)

http://www.fcw.com/article91533-11-23-05-Web

It's not a lot...but it's had one comical effect: the various reporters we've talked to have all tried to call the guy at the SecState's office engineering this thing (Bruce McDannold, whose phone number we included in our press release) and they all say he hasn't answered phone calls. He also hasn't gotten back to us, which is odd because he's usually very good about returning EMails.

I refuse to speculate on what he's up to and I'll forego the snideness I'm thinking.

To answer your original question: we WILL do this thing even with at least some of their restrictions in place...but we want a basically fair shot here, and what was proposed...well y'all can decide for yourselves what sort of offer they made us.

---

Full disclosure: I helped Bev Harris decipher the massive pile of files she downloaded from a Diebold FTP site in January '03 starting around July '03 on my part. She founded Black Box Voting Inc. as a non-political non-profit (501(c)(3) tax status) in mid-2004, at which time I became a volunteer member of the BBV board of directors. In July I lost my day job and three weeks ago I joined the full-time staff at BBV, resigning from the board of directors and moving up to the Seattle area. BBV has a full-time staff of three, I make $2k a month. Bev and I were the two co-plaintiffs in a consumer protection lawsuit in California that netted the state of California a $2.6mil refund; Bev and I each collected a "bounty" of $76,000. That suit started prior to BBV's formation as a non-profit and was run without any of the non-profit's resources.

Here's your solution...

[MsGeek]

http://www.openvotingconsortium.org/. A 100% F/OSS voting solution that can run on commodity hardware and F/OSS operating systems.

Clicky linky...

[MsGeek]

http://www.openvotingconsortium.org/

At least, I hope that fsckn works...I thought I did it right the first time...

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

Not good enough

To preclude vote-buying (using either positive or negative reinforcement techniques), you need the voter to be unable to convince any other person how they voted.

During the depression (1930s), there was a standard price for votes. You marked your ballot, showed it to the Nice Man outside the window, and deposited it in the box. The Nice Man let you keep the money he'd paid you and all of your teeth.

This is why, In Canada at least, you have to fold your ballot inside the voting booth and keep it folded on the way to the ballot box. If you show it to anyone, they won't let you deposit it.

Someone altering the ballots against the voters' wishes is one very important attack, and certainly would be preferred by an attacker. But influencing a voter is another effective attack that must also be precluded. That's the part that makes it really tricky.

It is about time

[Boap]

Some one has to get these people in line

BBV has strange definition of paper trail

[ugmoe]

Black Box Voting is complaining that there is no paper trail for the counting of mail-in paper ballots.

http://www.bbvforums.org/forums/messages/1954/1303 7.html

"New information obtained by Black Box Voting investigator Jim March shows that mail-in votes in upcoming Nov. 8 elections will lack crucial safeguards. The Diebold "GEMS defect" -- the ability for anyone with access to change vote results on the "mother ship" that tallies and controls election results -- has now been acknowledged by Diebold, but has not been mitigated in most locations, and it is worse for mail-in votes. The GEMS defect has been proven. The risks are significant. Mail-in votes are at exceptional risk because they are counted on a system that lacks protective features found on polling place machines. While the precinct-based optical scan machines made by Diebold produce a results tape, the same machines, when counting mail-in ballots, use a different program and do not store vote tallies on a memory card, nor do they produce an independent results tape. Therefore the defective GEMS program holds the only record for absentee vote totals. "

Hey Black Box dudes - why aren't the mail-in ballots themselves a pretty good paper trail for themselves!?!?

Bad news: paper ain't the whole answer

[JimMarch(equalccw)]

Paper trails are great so long as they're USED, at least for spot-checking.

Right now, California has one of the better laws on this, saying that 1% of the precincts need to be hand-counted once there's a paper trail in place. And paper trails are mandated beginning in '06.

Great.

But several counties don't assign their absentee ballots to precincts - they treat them as a distinct batch. And since they're not PRECINCTS, these counties claim they don't fall under the 1% manual recount rule.

Los Angeles County (population 12 MILLION) is among these.

So even though absentee voting *always* includes a paper trail (the part people mail in), in LA and elsewhere it doesn't get spot-checked. Hack just that portion of the vote, you're golden.

Sigh.

In six states it's ILLEGAL to recount paper ballots...danged if I know why. Most states don't have a spot-check rule.

Voter verifiable paper is a good start but it's only "part of this complete breakfrast" if you know what I mean...

Jim March
Black Box Voting

Good reference: Nevada gaming device standards

[Animats]

The Nevada Gaming Control Board has a set of technical standards for gambling devices. Those are a good, practical reference for something that has to resist tampering. Voting machine standards need to be at least as strong.

A few excerpts:

• A gaming device must exhibit total immunity to human body electrostatic discharges on all player-exposed areas. ... A gaming device may exhibit temporary disruption when subjected to electrostatic discharges of 20,000 to 27,000 volts DC through a network with a series resistance of 150 to 1500 ohms shunted by a capacitance of 100 to 150 picofarads, but must exhibit a capacity to recover and complete an interrupted play without loss or corruption of any stored or displayed information and without component failure.
• Physical security. A gaming device must resist forced illegal entry and must retain evidence of any entry until properly cleared or until a new play is initiated. A gaming device must have a protective cover over the circuit boards that contain programs and circuitry used in the random selection process and control of the gaming device, including any electrically alterable program storage media. The cover must be designed to permit installation of a security locking mechanism by the manufacturer or end user of the gaming device.
• Printer mechanisms on gaming devices must be designed to detect low paper, paper out, and paper jam conditions. The device control program must monitor the printer mechanism for these error conditions in all active game states that do not indicate error conditions.
• All gaming devices which have control programs residing in one or more Conventional ROM Devices must employ a mechanism approved by the chairman to verify control programs and data. The mechanism used must detect at least 99.99 percent of all possible media failures.
• All gaming devices having control programs or data stored on memory devices other than Conventional ROM Devices must: (a) Employ a mechanism approved by the chairman which verifies that all control program components, including data and graphic information, are authentic copies of the approved components. The chairman may require tests to verify that components used by Nevada licensees are approved components. The verification mechanism must have an error rate of less than 1 in 10 to the 38th power and must prevent the execution of any control program component if any component is determined to be invalid. Any program component of the verification or initialization mechanism must be stored on a Conventional ROM Device that must be capable of being authenticated using a method approved by the chairman. (b) Employ a mechanism approved by the chairman which tests unused or unallocated areas of any alterable media for unintended programs or data and tests the structure of the storage media for integrity. The mechanism must prevent further play of the gaming device if unexpected data or structural inconsistencies are found. (c) Provide a mechanism for keeping a record, in a form approved by the chairman, anytime a control program component is added, removed, or altered on any alterable media. The record must contain a minimum of the last 10 modifications to the media and each record must contain the date and time of the action, identification of the component affected, the reason for the modification and any pertinent validation information. (d) Provide, as a minimum, a two-stage mechanism for validating all program components on demand via a communication port and protocol approved by the chairman. The first stage of this mechanism must verify all control components. The second stage must be capable of completely authenticating all program components, including graphics and data components in a maximum of 20 minutes. The mechanism for extracting the authentication information must be stored on a Conventional ROM Device that must be capable of being authenticated by a method approved by the chairman.

Nevada asked the Gaming Control Board to take a look at voting machines. After that review, Nevada went to a paper trail in 2004.

Re:Good reference: Nevada gaming device standards

[Devistater]

Holy crap thats a good comment. Mod the parent up!
GREAT list!

Re:Good reference: Nevada gaming device standards

[JimMarch(equalccw)]

Yeah, I remember that. Actually, the Nevada Secretary of State's office asked the Gaming Control Board to review the Diebold paperless touchscreens in particular. The Board spent about four pages if I recall right, saying basically "it sucks" :).

Jim March
Black Box Voting

Yup. That's my boss :).

[JimMarch(equalccw)]

Definately a she, not on meds, has no use for Osama Yo Mama, ain't a commie :).

She has however been an action movie star:

http://www.bbvdocs.org/videos/volusia2.mpg

Drop dead funny, taken from a "dumpster dive session" behind an elections department warehouse in Volusia County FL in which all sorts of real voting records (mainly the critical end-of-day polltapes) had been thrown out. Illegally.

("Poll tapes" are printed on older voting machines on "cash register rolls", they basically spit out about 3ft worth of "I took in 345 votes for Bush, 257 for Kerry" type stuff, keeping a "running tally". They're not as good as a voter verified paper trail, they can be "hacked" at least in Diebold's case, but that's not THAT easy and a cheating election official(s) with limited or no techie background would find it easier to just junk them.)

Mod up: this wasn't a troll post...

[JimMarch(equalccw)]

c title...

Re:Mod up: this wasn't a troll post...

[Hosiah]

Mod up: this wasn't a troll post

Thanks anyway! (-:

I want a slightly different option.

[khasim]

The paper ballot doesn't have to be scanned or read.

But a percentage of the machines will have their claimed results compared to the paper ballots to verify their results.

The paper ballot is the final ballot. The paper ballot is the ballot used to verify the machines. The paper ballot is the ballot counted in a re-count.

All a computer can really do is make the initial count quicker (and possibly more accurate) and print a paper ballot that the voter can check easier (ie, prints out "YOU ARE VOTING FOR PERSON X" instead of just seeing a dot by a name).

If you cannot get a paper ballot out of the machine, the machine is worthless. You'd do better sticking to regular paper ballots.

Statistical sampling

You could simply take a small random sample from every machine for hand count. If the machine results differ in a statistically significant way from the expected results determined by the sample count, then you could do a full recount for that machine. That way every machine is checked for accuracy. I know lies, damned lies, and statistics.. but it would work as long as the samples are random.

Use the computer system to identify the voter.

[khasim]

There are a limited number of ways to stuff a ballot box.

With a paper ballot, the easiest way to prevent that is to count the number of people who voted there (you have to give your name to vote) against the number of ballots.

In theory, the state should know who is registered to vote and it should be easy to identify that person as appearing at this station at this time. So the number of registered voters appearing at that station should equal the number of ballots collected at that station.

Which leave the ballot stuffers with the problem of getting their person to appear at multiple stations to vote. And that is solved with technology. It should be very simple to check the database of registered voters and mark off the people as they vote.

Any questionable situation (person doesn't appear in database or person's info doesn't match) can be solved by allowing them to cast a provisional ballot and giving them time to fix their data in the system. Hopefully, the number of provisional ballots would be lower than the difference in votes between the candidates so they wouldn't matter anyway.

Simple fix, make the machines also do the Lotto.

[khasim]

Combination voting machine, Lotto machine. Get your Lotto tickets here!

THEN you'd see people sit up and demand 100% accountability.

Please ask for a voter-verified paper ballot.

[jbn-o]

I understand what you mean, but please ask for "voter-verified paper ballots" instead of a "paper trail".

I was part of the Champaign County Election Equipment Advisory Board in Champaign county Illinois. We were an appointed body whose job was to evaluate voting machines that would make us compliant with the new "Help America Vote Act" law. Our board heard sales pitches from a few vendors (Diebold, HartIntercivic, ES&S) and their local reps, we asked them questions, collected information, and eventually made a recommendation to the County Board (who are elected). We've given the County Board our advice and the County Board will make the final decision and sign the contracts.

We took a field trip to Tippecanoe county Indiana and saw a Diebold voting machine, and our guides were nice enough to give us a demonstration. We were familiar with the Diebold system they demonstrated from a user and administrator's perspective, but we were stunned that the long strip of paper the machine printed was not voter-verified. The Diebold machine we saw produced this paper if the operator had a physical key and pressed the appropriate button (typically the election judge on the site would do this at the end of election day). But no voters got to see what was printed on the paper, therefore there was no way for a voter to make sure that there was any accurate written record of their vote, even a printed record that stayed with the election judges (not a receipt).

Ostensibly, what's on the paper is a record of votes in a pseudo-random order (so as to prevent an election judge from correlating a particular voter with the printed information). But since the paper is not voter-verified, what was written on the paper is completely untrustworthy. Voters were relying on whatever the software says. Tippecanoe county Indiana is a long-time Diebold customer (since before Diebold bought Global Election Systems, if I recall correctly).

This machine compelled me to distinguish between a "paper trail" (which the Diebold reps and the Tippecanoe county demonstrators assured us the machine could generate) and a "voter-verified paper ballot". The former simply isn't good enough.

Criminals running the show in USA

The fixed elections in US have become so blatant, one can prove they were fraudulent during 2000 and 2004 from what I have read. As a foreigner living in Finland, I am astonished that Americans haven't been able to get rid of the corruption and blatant fraud in their election systems. What are your Secret Service and FBI doing? Apparently they're part of the system fixing the elections. Who're you gonna call now? U.N.? Well, you threw out the international monitors. NEWSFLASH: You're now officially screwed beyond all ridicule and you need to tell this fact to *everybody* in there. Publicity is the only fix for these sort of fraud and accountability problems. Demand action, answers and investigations, and YOU need to follow up. Jezus Xrist, can't you get these criminals under control? You're the laughing stock of the world, exporting democracies, while failing to uphold your own. No offence, but I pity you.

US Voting Fraud Proof

http://www.cbsnews.com/stories/2005/11/08/politics /main1027281.shtml

Nobody bothers to ask how many other votes there were already in the system or what happened to them? Who was in charge of putting in
the votes? How many people's votes did he input? Who did he have them vote for? Why didn't he purge them after the test? How many other people did the same, and how many votes were left in the systems? Why isn't the media asking these questions? This would be a scandal in any other country in the world. USA election systems are PWNED by the Bush crime cartel.

http://nightweed.com/usavotefacts.html

The US elections are clearly fraudulent and thus should be considered invalid. Even by the lowest of banana-state standards. Why is no accountability taking place? Why don't Americans care if a criminal cartel is running their country? They're paying the bill sooner or later for the shit they are letting these people do to them.

Re:US Voting Fraud Proof

I just love the 'my guy is a hero and the other guy is a scumbag' mentality that seems to flop it's way around here. I mean what, did Mayor Daley have stigmata? Sheesh.

It's probably safer to assume that anyone seeking election to a national public office is there for power, regardless of stated goals and objectives, and understand that some will, regardless of political stripe, stoop to less than noble means to attain the office. That's why the constitution is written like it is.

It's been said before; there are only two parties, the incuments and the rest of us. Our job, as citizens, is to keep our skeptical eyes on both sides of the aisle.

Re:Just wondering...some partial answers.

[JimMarch(equalccw)]

You've asked two questions :).

Starting with Diebold: basically there were FOUR different groups that all made mistakes with this stuff in general, but esp. where Diebold were concerned. No...wait, FIVE. In no particular order:

1) Federal Election Commission: the FEC makes the rules for voting machine certification, the so-called "1990" and "2002" standards. Problem is, they didn't codify them into regulations. They don't have the force of law...they're literally known as "voluntary guidelines". The FEC also approves the testing labs, private companies licenced by the FEC to do source code and functionality reviews paid for by the vendors. The testing labs are called "ITAs" for "Independent Testing Authorities".

2) National Association of State Elections Directors: NASED was in control over how the ITAs did business. They would check over the ITA's paperwork on any particular certification and assign a "NASED number" signifying Federal certification. They didn't happen to notice that the ITAs were acting like a pack of diseased baboons...when it was pretty damned obvious. NASED got some operational support via cash donations from the big vendors.

3) The ITAs themselves, esp. Ciber Inc and the elections division of Wyle Labs, both in Huntsville Alabama. Complete and total wastes of skin. Jam a pocket calculator halfway into a banana, they'll certify it as a voting machine for the right money.

4) The various state certification panels. Some were OK, others said "well hey, as long as it's been Federally certified, well by golly that's good enough for us!" It wasn't. (Oh, and despite NASED's name, the states were NOT able to control NASED much. NASED appears to have gone "rogue" years ago and right now their certification oversight ability is being *stripped* from them and given to the new "Election Assistance Commission"...which isn't functional yet. Shows you how hosed NASED was though.)

5) Various academics and "experts" who were supposed to be checking this stuff out. Even the best of them (Prof. Doug Jones of Iowa) didn't want to get too "vocal" about the issue, esp. early on. Others like Brit Williams and Paul Croft just actively aided and abetted the chaos. There were a small number of notable exceptions such as Dr. Rebecca Mercuri but she was a "voice in the wilderness" drowned out by the "nothing is wrong" crowd. See my other post in this article covering "test mode" for testing and ask yourself if something is wrong.

Basically, the FEC created a crappy program and let a total cheezewiz-for-brains name of R. Doug Lewis run it over at NASED. See also:

http://www.equalccw.com/lewisdeconstructed.pdf

Lewis and his minions weren't watching the ITAs. The ITAs missed multiple glaring security holes. The vendors knew nobody was watching the store and Diebold in particular acted like a pack of Goths sacking Rome.

To criticize Diebold is to critique the WHOLE SORRY HOUSE OF CARDS who all generally acted like they were all members of the same big happy club...vendors and ITAs included. It gets worse: people from one part of this structure often relocated to other parts, including back and forth between vendors and government oversight. Diebold, Sequoia and ES&S *all* hired high-level staff from within the California SecState's office to go lobby their former co-workers and bosses, and that's just in California. This was and remains common nationwide.

That's why Diebold has been protected...they go down, people might look too close, the whole thing collapses in scandal.

Mind you, some people in high places are STARTING to get it.

Example: in California, Diebold tried to get approval for a new touchscreen setup in mid-2005. Somebody at the California SecState's office wisely decided to do a "volume test" and without even worrying about security, checked for basic reliability - and found a 30%+ failure rate. In the "aftermath repor

Re:As one of the two people invited to this shindi

[Lehk228]

go in with hidden cameras recording and broadcasting on the web, get a friendly municipality to loan out a "Live" unit. and set up the test to fire off a shiatload of "unauthorized" tests right at the end and post them online instantly.

Re:Way - Good post, good comments...

[JimMarch(equalccw)]

Let me note two things:

1) To hand-count, you have to solve the "where do we get the warm bodies" problem. Hold a school holiday the day of the election and the day after, use high school and college kids is one answer.

2) If you make the electronic record as good as possible, we *might* be able to use it as a fraud-check against the paper ballots in SOME forms of "old fashioned paper fraud" of the type that date back to Tammany Hall and the like (late 19th century). BUT if there's disagreement between paper and electrons and there's no way to tell which is the more honest, the paper wins.

Why?

Paper ballot fraud isn't as dangerous as electronic fraud. Paper fraud requires a massive system of con artists all working together. It IS possible but it's got to be really systematic and obvious...think New York City circa 1900, Chicago of the early 1960s.

Electronic vote fraud allows as little as ONE fraudster to do mass hacks.

Jim March
Black Box Voting

Re:As one of the two people invited to this shindi

[JimMarch(equalccw)]

It is NOT easy to arrange a "test hack" (red team attack) on real live voting machines.

Ion Sancho in Leon County FL took *massive* political flak for allowing us to do one there. One of my posts below I describe why Diebold has been protected for so long ("Re:Just wondering...some partial answers."). This is NOT like the general PC biz where you can buy systems or components to test...you've got to be allowed access to systems that are under lock and key...

Jim March
Black Box Voting

Re:Just wondering...some partial answers.

I appreciate your work on trying to make voting systems more transparent. Just a word of advice though, please refrain from name-calling. It hurts your argument. If you have to resort to name calling, people will see it as proof that your argument can't stand on its own merits. For example:

Basically, the FEC created a crappy program and let a total cheezewiz-for-brains name of R. Doug Lewis run it over at NASED.

I see this and think you are letting your emotions control your thinking. You are so desperate to make Mr. Lewis look bad that you call him names--because you don't have any other evidence to back up your argument. If you're willing to do that, the rest of your argument is suspect as well. It would be much better to illustrate what Mr. Lewis did wrong and let the reader decide what sort of person he is. If you don't have anything to back it up, don't mention it.

Not only does name-calling hurt your credibility, it also makes the transparent-voting crowd look like a bunch of raving lunatics.

Finally, it helps to focus on the positive. Say what should have been done, not just what went wrong.

Re:Get over it

[AndreyF]

I dont think anyone would want to buy or use an ATM machine without the ability to audit it's transactions and know that that audit is sound.

What's funny is that Diebold also makes ATM's - each one of which has a paper record of everything the machine does.

Do you mean something like this?

[imthesponge]

http://www.openvotingconsortium.org/

Exit polls.

[TapeCutter]

"Notice exit polls are no longer conducted? They "broke" during 2000, so no news organization will have them anymore. This in spite of the fact that statistics don't "break" during only one extremely critical election, and no other. They didn't break, kids, the election totals were altered and no longer matched reality."

Yes I did notice the story was dropped very quickly. I watched a documentry about Rove the other day (on the Australian TV station SBS). Early in the day of the election, exit polls were not lining up with Rove's "tally room" predictions and everyone was looking glum. At the end of the day the "real tallies" came into line with Rove's predictions and there were smiles all round.

This was explained as a result of a last minute drive to get republicans to the booths. It was also pointed out that Rove's "tally room" was hooked directly to the "real tally room" so thier numbers were simply ahead of the exit polls. Even if I could swallow that, the FINAL exit polls in question were ALL wrong and ALL against Bush. Statistically this is like all the air in the room suddenly accumulating in one corner, yes it is POSSIBLE but Rove somehow predicted the event and was waiting in the correct corner when it happened.

It is not a lack of skilled statiticians in the US media that is a problem, it is the strange lack of interest & indignation by the US public. I am hoping for some intrepid reporter to catch Rice giving the others a blow job, maybe then you guys will impeach the lot of 'em.

Disclaimer: Don't take this post as US bashing, my country also re-elected a pack of smirking liars. It's like a re-run of the 1950's, everyone is checking for terrorist under the bed.

Re:Get over it

[Duhavid]

Yup. So you would think that they would know process and how their system fits in it.

An ATM hands you a reciept that you can verify for correctness
and walk away with for disputing problems later.

I dont know that voters should walk away with a copy of
the ballot, I understand that there are exit issues with
that. But they should be able to verify that their
vote is cast as they intended.

Re:Way - Good post, good comments...

[Eunuchswear]

To hand-count, you have to solve the "where do we get the warm bodies" problem.

In France they ask you if you want to be in on the count when you vote.

Couldn't do it in the last European elections 'cos it was the England/France match that night. :-)

Re:Just wondering...some partial answers.

[Eunuchswear]

Hello Mr Lewis.

I am a loser extremist.

[TapeCutter]

"I want to see evidence to your claims."

It's on every diebold machine, just fish it out of the bit-bucket.

Insightfull, WTF? Your whole argument about statistics is based on the administration's official straw men (ie: exit polls were taken only in the morning, sampling is not as reliable as the official total). There were at least three sets of numbers, Rove's predictions, Diebold's count and the Exit poll stat's. Two of them were a very close match but they were not the two sets everyone (except Rove) had expected, the explaination is Rove101, stats101 has it's money on the exit polls.

"The majority of Americans don't like extremists--and they HATE poor losers. Throwing those accusations without any sort of reliable evidence makes you look like both."

Off course if I point out your statistician has no clothes I am a loser extremist and it is every American's patriotic duty to hate me. ( The "hate" bit may one day become the definition of "irony" ).

"Not only that, but such accusations are dangerous."

In other words, allowing people to voice concerns when they have no "evidence" is dangerous, therefore it's better to shun them than to answer their concerns. Modern doublethink: Provided you don't live in a cave with suicidal nutcases, it's ok to start a war without sane reasoning.

Re:I am a loser extremist.

[Grym]

Your whole argument about statistics is based on the administration's official straw men (ie: exit polls were taken only in the morning...

No, it's not.

All I'm saying is that the exit polls that everyone complains about were the ones reported mid-election day by the media. Those were the ones that didn't match the results. Once the samples from later in the day came in, the media reported the change results of the polls, which then closely resembled the actual results.

...sampling is not as reliable as the official total...

Strictly speaking, it's not. Polling is a wonderful tool but it does have its flaws. What if the voter lied about who he or she voted for? What if the voter got confused and voted for the wrong candidate? (This happens more than you'd think.) What if the sampler has a bias--such as asking younger or attractive people more often? These aren't just academic questions. Actually obtaining a truly random, representative sample is much harder than you think.

Of course, when polls are used as general approximations (and for elections with larger margins), the effects of such errors can be considered negligible, but that's not what you're doing. You're taking these approximations and claiming they're more valid than the ballots in the box--it doesn't work that way.

There were at least three sets of numbers, Rove's predictions, Diebold's count and the Exit poll stat's. Two of them were a very close match but they were not the two sets everyone (except Rove) had expected, the explaination is Rove101, stats101 has it's money on the exit polls.

I don't get you people. Who the fuck do you think this guy is? David Copperfield? If Karl Rove did what you suggested on a large enough scale to affect a national election there would be at least some evidence of it other than mindless conjecture on liberal blogs and, apparently, slashdot.

Off course if I point out your statistician has no clothes I am a loser extremist and it is every American's patriotic duty to hate me. ( The "hate" bit may one day become the definition of "irony" ).

Flowery, grandiose language won't save a poor point. You're failing to recognize the fact that Americans also hate cheats. If you presented undisputable proof that the Bush administration rigged the last election, I think you'd find that most people would rally behind you. The trouble of course is that you haven't.

In other words, allowing people to voice concerns when they have no "evidence" is dangerous, therefore it's better to shun them than to answer their concerns.

Not surprisingly, you took that quote out of context. Voicing your concerns is fine. Claiming them to be fact without any sort of proof to that effect is an entirely different matter. It's like yelling "Fire!" in a theater solely because your seat is warm. Yes it's dangerous and such behavior should be shunned.

-Grym

Re:I am a loser extremist.

[TapeCutter]

"You're taking these approximations and claiming they're more valid than the ballots in the box--it doesn't work that way."

It does when there are no "ballots in the box" to double check the count (as is the case with diebold). If the Administration do not want to be accused of cheating then they should use a ballot that can be verified after the fact. This is NOT how the objections (in my opinion reasonable) have been handled, the Administration prefer to use exacly the same strategy as you do to deter critics.

Regardless of the truth, the Administration have brought the accusations apon themselves by thier arrogant behaviour and can think of no other course of action than to "shoot the messenger".

I could contine to pull your post apart line by line but life is too short and I have no intention of visiting the US.

Re:I am a loser extremist.

[Grym]

"You're taking these approximations and claiming they're more valid than the ballots in the box--it doesn't work that way."

It does when there are no "ballots in the box" to double check the count (as is the case with diebold).

I agree that Diebold's machines are poorly designed. I agree with the need for a papertrail. (Did I not make that clear enough in my first post?)

If the Administration do not want to be accused of cheating then they should use a ballot that can be verified after the fact.

MOST of the ballots nationally WERE NOT computerized. Moreover, voting machines are determined and bought by the STATE branches of government. There's very little the Bush administration could have done to prevent computerized voting even if they wanted to.

This is NOT how the objections (in my opinion reasonable) have been handled, the Administration prefer to use exacly the same strategy as you do to deter critics.

Which is what? I was just pointing out that the claims being thrown around here as fact were completely unsubstantiated and logically flawed. How isn't that reasonable? I'm really not a diehard defender of the Bush Administration--I'm not. Read my posting history. I just call them like I see them. Forgive me for not allowing this place to become an echochamber of liberal discontent.

Regardless, what are you really expecting out of the Administration anyway? Suspend disbelief for a second and imagine that the election was actually won legitimately. What now? The election is already over--can't change the ballots after the fact. Nothing they can say or do will ever convince some of the conspiracy-theory nuts like the OP of the truth. It wouldn't make sense for them to pursue something so remotely away from their party's platform as election reform. So, what would you have them do?

Regardless of the truth, the Administration have brought the accusations apon themselves by thier arrogant behaviour and can think of no other course of action than to "shoot the messenger".

I'm really at a loss on this point. Sure the Bush Administration is arrogant at times, but to what specific events are you referring?

I could contine to pull your post apart line by line but life is too short and I have no intention of visiting the US.

And I have a plethora of great points and retorts to your hypothetical posts, but I'd rather not waste my time either. There's so much better things I could be doing--like, for instance, making excuses.

-Grym

End of secret vote = end of democracy

[hummassa]

Your boss tells you "vote for X or else you're fired".
Wal-mart (for instance) would elect EVERY official. All they have to do is say "60 discount prices if you vote for Y".

Because it's mainly a site for rich americans

so you have the standard american bias, and on top of that the technocratic bias - these are some of the most heavily propagandised people in the society. Also, as you note, because of slashdot's large readership, paid propagandists are probably at work here - any think-tank that misses something like slashdot really isn't doing it's job properly.

Why a paper trail? Here is a better idea.

[Jagasian]

I am disappointed that edjucated engineers are crying out for a paper trail on for voting machines. We can use an all computerized system that lets everybody count the votes, and is secured via asymmetric encryption. Two public lists are maintained by the government. One list contains registered public keys. This list is generated during voter registration, when a person submits their typical voter registration info along with their public key and an optional request to be anonymous. If a person is anonymous, then only their public key is added to the list, and otherwise their name is also added. When people vote, they use their own computer to cast a vote via the web, and their vote consists of a pair:

( public key, encrypt( private key, ( public key, votes ) ) )

Then anybody can have access to both lists. Anything that can be observed using a paper trail is now observable via a purely computerized system. Even better, since anybody has access to both lists, anybody can count the votes and anybody can audit the system.

Exit polls

[TubeSteak]

Does the "Administration" conduct exit polls... or the major news organizations?

I always assumed it was the latter.

Re:Exit polls

[Shaper_pmp]

Touché, although in the present USA it isn't always easy to tell where the one stops and the other begins.

How complicarted could the source possibly be?

[a_greer2005]

The anti-open voting box folks claim intelectual property, but it is a simple app, one step beond "hellow world!"

select:
case (radio 1)
{camdidate_a_count++}

rince and repeat for every candidate/position.
If this cant be open, they are hiding something.

How to make sure the Diebold systems get fixed:

[Egregius]

You know the shortest way to sort out this whole Diebold mess is to actually temper with the machines in certain states.

And make the Libertarians win the next election in those states, followed closely by the Green Party.

Wanna see how fast the system will be fixed then by both Republicans and Democrats? :)

Re:How to make sure the Diebold systems get fixed:

[Legion303]

I was thinking of something similar, only with more blatant fixing. when 100% of the vote totals go to the communist party in every state, America will go back to paper ballots in no time flat.

Bev Harris here, too lazy to find my password

Heh. Jim March -- good post. As for R. Doug whoever (his resume uder the name "Lewis" doesn't check out and he appears not to have existed, at least with present name, before 1985) -- well, what does it tell you when N.I.S.T finally addresses voting machine hacking head-on, in a summit in Washington D.C. on Oct. 7 this year, and scientists are submitting hack after hack, many of them already through proof of concept testing --

and R. Doug whoever steps up to the mic and says "I feel like hanging myself."

This is a guy who used to sell used computer parts, then took over training of all election officials in the U.S., arranged lobbyists for the vendors, takes money from the vendors (at Black Box Voting we recovered financial documents in a Diebold dumpster dive showing checks written out to Lewis's organization, The Election Center); This is a guy who told me he helps select the testing labs. He hangs up on people when they ask him questions (he also hangs up on reporters, what a bright move -- he hung up on the Los Angeles Times at one point...)

I think Jim's assessment is about right. Saying people look "loony" when they tell the truth about a broken election system is like, as Jim says, tiptoeing around a live battlefield picking up debris for recycling.

Look folks, we wasted billions of dollars in taxpayer money on this noncompliant illegal, designed-for-tampering stuff, and now the perps who foisted these voting machines on us without ever asking for our permission are busy jockeying for positions in the free pass line.

We aren't going to solve this by being politically correct.

Bev Harris
Founder
Black Box Voting
http://www.blackboxvoting.org/

Re:Way - Good post, good comments...

[swillden]

To hand-count, you have to solve the "where do we get the warm bodies" problem. Hold a school holiday the day of the election and the day after, use high school and college kids is one answer.

I think in most cases this isn't a problem, because if there is a solid paper trail, the incentive to try to rig the electronic count is reduced, and the risk of trying to rig it increases.

My ideal system incorporates purely electronic counts, machine counts of the paper ballots and hand counts. The purely electronic count could be announced as soon as the polls close, then over a few days following the election a small number of people could verify those tallies. The verification would include:

1. A statistically significant random sample of ballots across the entire system (probably county) would be hand-checked to see that the human-readable contents of the ballot match what the automatic counting machines see. The sample size should be adjusted to achieve a confidence level higher than that required by the closest race on the ballots. This step is necessary because I'm assuming that the machine-readable portion of the printed ballot is not also human-readable (say, a 2-D barcode vs text). The purpose is to establish confidence in the automatic counting.
2. All ballots are machine-counted, and the purely electronic tallies from each machine are compared with the machine-counted total for that machine. This implies that each ballot must record the specific machine that produced it. That is a mild risk to voter anonymity, but not a great one, since it's already known which voting district each ballot came from, and as long as voters have their choice of booths, rather than being directed to a specific one, the information gained is minimal. The ballots should *not* record the time they were generated.

If the hand verification of individual ballots finds any discrepancy, then it is necessary to conduct a hand recount of all ballots from that machine. In addition to the hand recount of that one machine's ballots, step 1 should be repeated, but with a statistically-valid random sample of ballots from *each* machine. The idea is that since one machine produced bad ballots, we need to check if there are any others. Additional discrepancies on other machines may trigger even more scrutiny. Perhaps it could even be made a term of the purchase contract that the manufacturer of the machine is liable for the cost of any recounts required by this rule. In addition to all of the recounting, an investigation into the source of the error should be conducted, and if it was intentional fraud the responsible should be prosecuted.

Any candidate may request a higher confidence level for step 1, conducted at the government's expense. They may request a confidence level that is up to 1-.1p, where p is the margin of victory for that candidate's race. Alternatively, any candidate may request a full recount, but must pay the costs of performing the recount. In any case, any discrepancy between the hand counts and the machine counts must be fully investigated.

If you make the electronic record as good as possible, we *might* be able to use it as a fraud-check against the paper ballots in SOME forms of "old fashioned paper fraud"

You know, I'd never thought of that. That's an *excellent* point. With that in mind, I've added another rule to my ideal verification process:

If the machine count of the paper ballots differs from the purely electronic tallies, the ballot counts are authoritative, but an investigation into the discrepancy will be triggered. In particular, if the electronic tallies reported a higher number of total votes from particular machines or voting districts than the machine counts, it's evidence that ballots have been misplaced. The relevant district should be investigated to determine the source of the error or fraud, and if it turns out to be fraud, the responsible should be prosecuted. The outcome of the election won't be changed, though. Even if the missing ballots can be recovered, it's unlikely that there will be sufficient confidence that they are unmodified to base election results on them.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

Sore Losers' Lament!

[sciop101]

"Black Box Voting wants to test a randomly selected voting system used in the last election -- the machines that elected the California governor and the president.

Franken and Garofalo is on their side! Liberals will not be happy until all are elections won their way in USA.

Re:Tell me again: WHY MACHINES ? by OP

I'm the thread-starter .

What does MTV have to do about this ?
And how is the current state of the country a reason to use amchines for vote-counting ?

Why?

[Cervantes]

I'm a computer geek... I hate paper... I automate everything I can get my hands on. But why, why, why, would you take a system that works, with checks and balances, and replace it with one full of holes?

Paper ballots just plain work... I can see who I've voted for. I put it in a box, under the watchful eye of at least 2 independant people. Even more independant people watch as that box is opened and all the ballots counted and recounted... and then recounted again if the margin is close. Then that number is phoned in to the central office, again under the watchful eye of people who know the total. On the other end, yet more groups of independant people add all these numbers up... and poof, we have a new Prime Minister.
(please note that "independant group" and "individuals from several different parties" are pretty much the same in my books, as far as the "Keeping it honest" factor)

Or, we could have a computer ballot... tap the screen, hope that it records who you REALLY voted for.Hope that the card wasn't preloaded with hundreds of votes. Then the magic box magically talks to another magic box... hope that it tells it the right stuff... or that no one intercepts and feeds a fake number.... or no-one knows how to dial in and override results... or that no-one messed with the voting box itself to delete all votes and reset them.... Then we trust the big magic box to tell us the right number... and if it doesn't, how would we know? In several states, a 2-3% swing of the vote is enough to change who is President... and who's going to know? A piece of paper in your hand saying "You voted for X" is useless, because even if that piece of paper has a unique ID that matches up with the magic box database... well, just because it says "Vote#465213 was for Candidate A" doesn't mean that's what it told the big magic box at the end of the line.

There's no outstanding reason to switch to computers... yes, they reduce required manpower, but (at least up here) many election folks are volunteers, so the cost is minimal. And frankly, I'd rather have dozens of independant eyes watching my vote, and watching who counts my vote, rather than trusting democracy to the magic boxes made by people who publicly promised Ohio to Bush.

Poll Shock, By ROBERT C. KOEHLER

[Catbeller]

http://www.commonwonders.com/

Poll Shock
Off by 40 points, newspaper's predictions may be disturbingly accurate

By ROBERT C. KOEHLER
Tribune Media Services

November 24, 2005

One of the most wildly inaccurate pre-election polls in memory, which was off by over 40 points on some predictions, may prove to be deadly accurate as an indicator of the problems we face as a nation with our voting process -- and democracy itself.

But you won't learn this by reading the Columbus Dispatch, the newspaper that conducted the poll just prior to Ohio's Nov. 8 election. The paper's public affairs editor conceded to me that the poll results the Dispatch wrote about, wrongly indicating massive public support for several proposed constitutional amendments, were, in essence, the journalistic equivalent of the explosion of the space shuttle Challenger.

"Much like the American space program, both our triumphs and our shortcomings are out there for all to see," Darrel Rowland said in an e-mail. Unlike NASA, however, which did manage to find that faulty O-ring, the newspaper's powers that be don't seem particularly interested in learning how their big public flop occurred. "We'll certainly double-check the poll mechanics," he said, "but see no reason to discontinue a methodology that's proven accurate for decades."

And Rowland's right, as far as I can tell: The Columbus Dispatch's survey of voters, conducted by mail, has historically been a reliable poll; it has been cited for its precision in the scholarly journal Public Opinion Quarterly and is considered far more accurate than telephone surveys. There is no faulty O-ring, in other words; the methodology doesn't need changing.

And that's why there's a story here that must not be allowed to vanish.

The story is about how America votes, and evidence that pandemic chaos and perhaps even centrally orchestrated malfeasance are accompanying the spread of electronic voting machines to the nation's precincts. We know there's cause to worry about the state of our democracy because of the historical accuracy of the Columbus Dispatch voter poll.

Of the five proposed amendments on the Ohio ballot, only the first -- a $2 billion state bond initiative to promote high-tech industry -- was not related to the conduct of elections, and oddly enough its results were accurately forecast in the poll (predicted yes vote, 53 percent; final yes vote, 54 percent). Then it gets hairy.

Issue 2 would have made absentee voting easier in the state. It had lots of high-profile support, and the Dispatch poll predicted a cakewalk for it: 59 percent yes, 33 percent no, 9 percent undecided. The actual result: 36 percent yes, a whopping 63 percent no.

Then there was issue 3, which would have lowered the campaign-contribution limits that a lame-duck state legislature had raised a year ago. Prediction: 61 percent yes, 25 percent no, 14 percent undecided. Actual result: 33 percent yes, 66 percent no.

The results of issue 4, to control gerrymandering by establishing an independent board to draw congressional districts, were only slightly less dramatic. Prediction: 31 percent yes, 45 percent no, 25 percent undecided. Result: 30 percent yes, 69 percent no. And for issue 5, to establish an independent board instead of the secretary of state's office to oversee elections, a 41 percent predicted yes vote shrank to 29 percent, while the no vote ballooned from 43 to 70 percent.

Ka-boom goes the Challenger.

Here's the telling thing. The Dispatch, member in good standing of the mainstream media, has no interest in raising doubts about the integrity of the U.S. electoral system, and so hasn't looked in that direction for an explanation of what voting-rights activist Bob Fitrakis called a polling error of "Landon beats FDR" proportions.

Instead, the paper blames the notorious volatility of statewide referendum issues. Rowland hypothesized "a huge shift in the electorate in the last few

Re:Why a paper trail? Here is a better idea.

[theLOUDroom]

I am disappointed that edjucated engineers are crying out for a paper trail on for voting machines. We can use an all computerized system that lets everybody count the votes, and is secured via asymmetric encryption.

There are all sorts of problems with this idea. Just off the top of my head, here's one that makes it a non-starter:
All votes MUST be anonymous. This is the only way to prevent me from paying you or threatening you into voting a particular way. It's actually quite important for you NOT to be able to prove who you voted for.

company's IP ?!?!

[Imazalil]

I don't really get what trade secret there is to protect. I have a ballot, choose choice A, computer scans my ballot, sees that I chose A, adds one vote for A to the database. Take database, tabulate results, tada~ election result. Where in the world do IP rights come into play? It's a box that has a scanner and counts. I can set one up with a cheap dell, ocr scanner and network access to a database. I'm sure there is also at least a half dozen Macromedia Flash tutorials doing the exact thing, choose A or B, add result to database.

On another thought, shouldn't the government just put these machines together themselves? Yeah I'm a commie Canadian, but the election is run by the state/federal governemnt, the staff I am assuming are state/federal employees, for those states that might still use paper ballots, the counters would be someone hired by the state/federal government, why in the world would you outsource such a critical piece of equipment to some third party?!?! I mean do they outsource ballot recounts to india as well? What gives? Shouldn't the government put these machines together, open them up to anyone that asks and whow them exactly how they work. This isn't the Soviet Union or anyth^0103030 carrier lost.

Im.

perfect.

[Imazalil]

Canada's annexation plans are proceeding perfectly. eh. To coerce Celine into joining our plight, we have promised her ze role of national anthem singer - she will provide ze official rendition of the slightly edited star-spangled banner with a guest performance by Michael Bolton - you Americans will tremble in fear every time your own anthem iz played! HAHAHAHAHA

Your new Canadian Toque wearing Overlords.

OT: To the mod who moderated this as a troll...

Overrated I can take, but to the mod who moderated my above post a troll: You should be ashamed of yourself. I'm obviously not trolling. Look at my posting history, I always try to contribute to the conversation--even if it isn't what people want to hear.

I hope meta-moderation catches you for what you are, jerk.

-Grym

Re:Way - Good post, good comments...

[JimMarch(equalccw)]

Just about.

A lot of this is about borrowing the "technologies" to do proper accounting from the world of CPAs, banks and financial accounting systems. It's necessary to track "who did what" in great detail. When massive amounts of money flow through a bank, better believe they know every human being inside and out of the bank who had a hand in the transfer...and they keep a very non-erasable copy of that data.

Many of those ideas can be transferred to tracking the processing of votes. True, the name of the voter gets stripped from the vote real early in the process, and that's one difference from accounting practice, but from that point on "bank grade tracking" is not only possible it's damned necessary.

This isn't all about electronic controls, either. Wells Fargo Bank had proper transaction processing as far back as the 1860s...Lloyd's of London had it right going back to the 1600s.

One KEY element: say you take something away from a tally. You don't erase and toss the data! Instead you record that a deduction was made from the total, who did it, when and a note on why. Then if it turns out the deduction was in error it's fixable. NONE of the major-vendor voting systems act like this. Need a record gone? Erase it. Ghaaa.

Avanti and OVC both have an interesting take on the audit records at the voting terminal: record everything to CD-R as a series of sessions. You end up with a fixed non-erasable record of votes. THAT media is what gets tallied back at county elections HQ. Diebold and the rest use PCMCIA cards or similar read-WRITE (and erasable) media.

Sigh.

Jim March
Black Box Voting

Project Censored article

[fbonnet]

Read this very enlightening article on Project Censored. It mentions facts about paper trails and exit polls. The more I learn about the 2004 presidential election, the more I think it's been stolen even more than in 2000. Even a sincere Republican should have serious doubts about its legitimity.

Re:Project Censored article

[Shaper_pmp]

Cheers for the link.

Indeed, soon after the 2004 election I was quite heartened by the lack of 2000-esque shenanigans.

Since then, however, it appears that the only difference was that in 2000 they got caught more.

Still, we don't need no independant oversight of election processes, and we certainly don't need no stinkin' paper-trail, right?

Other opinions on R. Doug Lewis

[JimMarch(equalccw)]

I mentioned a bit ago a link to an article I wrote citing and debunking R. Doug Lewis' dismissal of voter verified paper trails.

I didn't know it at the time, but Dr. David Jefferson had already seen that same article by Lewis and did his own debunking of it.

Jefferson is a very capable computer security expert and one of the better academics trying to do watchdogging on all this. He's actually gotten better of late at being willing to blow the whistle on various election systems fouls although he could have done better early on.

In any case, here's what Jefferson thought of Lewis:

http://verifiedvoting.org/article.php?id=68

So yeah, Lewis is one person I have just about zero respect for. All the worst stuff happened on his watch. The entire process he screwed up has been taken away from him very publicly and is being given to the new EAC.

The other thing is, hey, this is Slashdot :). We're geeks. We gotta have at least some place where we can tell it like it is, right? :)

Jim March
Black Box Voting

Booting off the CD.

[JimMarch(equalccw)]

Do we need to boot off the test CD?

Rather than booting off it, run the checksum script on the CD which in turn pulls the MD5 numbers off the CD.

Hrrrrmmmmm.

Yeah, I know what you're thinking, I'm thinking the same thing. "Rootkit".

Sigh.

Crap, we might have to boot off CD after all. Have the CD boot process put up some big splash banner?

Jim

Nice try bud...but I voted *Bush*!

[JimMarch(equalccw)]

Look, speaking personally as Republican with strong Libertarian leanings (a "Ron Paul Republican"), I voted Bush over Kerry in '04. I'm not all that enthralled with Dubya, far from it, but I hate Kerry's guts.

So I'm not saying Kerry probably should have won Ohio because I enjoy saying it. Far from it, the words stick in my throat. (It looks to me like it was a combination of electronic vote fraud and "disenfranchisement fraud", messing with voter registration rolls and not putting enough voting stations in college and minority areas with high Democratic turnouts.)

The fact is, we had more election-related violence before and during the 2004 election than any other that I can recall (almost age 40). If public confidence in the vote collapses, it'll be civil war within 10 or 20 years no matter WHO is running things.

We have to have fair elections. Period.

Jim March
Black Box Voting

problem with binary check

in the gaming machines, what they actually take MD5s of is the ENTIRE ROM CHIP.
the diebold machines are a computer, and simply checking the diebold programs
still leaves OTHER PROGRAMS which can do the cheating

no polling shootouts yet

i'm suprised there weren't any polling shootouts,
someone showing up an hour early and shooting all the machines
so they have to vote by paper

Comment removed

[account_deleted]

Comment removed based on user account deletion

GAO report on e-voting technology. We're hosed.

[Catbeller]

www.gao.gov/new.items/d05956.pdf

or html:

http://72.14.203.104/search?q=cache:KoqXAm72WqYJ:w ww.gao.gov/new.items/d05956.pdf+GAO+voting+report& hl=en

Electronic and Paper Fraud

I used an electronic voting machine during the last election.
It had a really handy paper printout on the side. After you vote, it prints out your vote and displays it in a window between spools. You can accept or reject it on the touch screen. All very neat.

Except that after you accept and should have walked out of the booth, it prints a whole bunch of stuff that scrolls past very quickly, but looks like a different ballot printing. It scrolls out of view before you can really see it.

Complaining to the proctor gets you nowhere. They don't know what it is, but they are sure it is ok. They have been assured that it is safe. Even though they didn't actually know about this second printing thing. They are sure that it is ok because it has been approved. People that make a fuss about it are whackos. The proctors know just how to deal with you. The same way they deal with drunks and other disturbances.

With a 35% voter turnout, the machines can fabricate 5-10% synthetic votes, with electronic and paper trail. That 5-10% is huge in an election, but hard to detect as being fabricated.

Re:Why a paper trail? Here is a better idea.

[Jagasian]

What is funny about your reply is that you claim that there are all sorts of problems, and yet you mention an issue, anonymity, which was addressed in the original post, i.e., it is not a problem, as anonymity is optionally available.

The only drawback is that anonymous votes don't look any different compared to fake votes or improperly cast votes. In the case where everybody does this, the system is completely anonymous, yet anybody can re-count the votes. A paper trail provides no advantages.

However, as you may know, or actually apparently you do not. Many people register their party affiliation, and these types of people typically vote straight party tickets. So many people do not care to be anonymous in who they vote for. These people can vote non-anonymously, optionally, as described in my original post. The benefit to doing so is that you can confirm that your vote is properly cast, and your vote can be distinguished by others from a fake vote.

My system also provides a middle ground. You can vote anonymously, yet privately remember your key pair. This will let you independently confirm that your vote is properly cast. A paper trail cannot provide any such feature, let alone the described flexibility. In order to rig a paper trail, all that is needed is for the computer to print a receipt with incorrect data. The problem isn't solved, as recounting will be done against a bunch of fake votes.

1. Any person should be able to re-count the votes.
2. Any person should be able to confirm that their vote is properly recorded.
3. Any person should be able to remain completely anonymous.
4. Non-anonymous votes should be distinguishable from fake votes (e.g. votes by non-existant or dead people).

Please tell me how a paper trail accomplishes any of that. Please tell me how a system that can do all that has "all sorts of problems".

Re:Why a paper trail? Here is a better idea.

[theLOUDroom]

What is funny about your reply is that you claim that there are all sorts of problems, and yet you mention an issue, anonymity, which was addressed in the original post, i.e., it is not a problem, as anonymity is optionally available.

You miss the point. Anonymity must be the ONLY option or I will simply coerce you into not being anonymous at the same time as I coerce you into voting a certain way.

Many people register their party affiliation, and these types of people typically vote straight party tickets.

This is true, but they can never PROVE who they voted for unless 100% of the votes go towards one canidate. Here's an obvious example where that's important:
I want to pay you money to vote a certain way. If you can't prove who you voted for, then you can just take my money and vote however you want. It wouldn't make sense to pay.

The above are really big problems that you don't have solved, and generally don't exist now. You would actually be creating new problems.

There are other significant problems with your scheme as well.

The public/private key pair must be generated by the voter in order for this thing to make any sense at all. Now all of a sudden you're demanding that the voter have the expertise to generate secure cryptographic keys. ...but they're not going to generate the keys in their head, they're going to use a computer. So now you have to trust that computer and all the software running on it. You're actually creating a scenario where someone could rig an election by infecting people's home PC's.

The encryption itself is also a problem. People aren't going to be doing the encryption in their heads. They will be using a machine. This is left out of your postings but is another really big deal.

Crypto is a really cool technology, and I strong advocate its use, but only in places where it makes sense. Voting doesn't NEED crypto. You're not trying to hide who a vote is for, and you want to be sure that you cannot trace votes back to the people who cast them.
At the same time, you're adding unnecessary complexity and equiment, which just creates more ways to compromise the system.

I think if e-voting is to be done (and as an electrical engineer I believe it shouldn't) the best way to do it is with a paper trail as follows:
I walk into the booth, close the door and press the button for who I want. The computer prints out a paper card with my vote(s) on it that I can view from behind a glass window. Once I've read the card and agree with what it says, I press a button and it drops into a locked box.

In order to rig a paper trail, all that is needed is for the computer to print a receipt with incorrect data.

This is only true for the stupidest possible implementation of a paper trail. IMO, it's actually not an implementation of a paper trail, it's just a printer wasting paper. For a paper trail to have value, the piece of paper recording my vote must be visible to me when it records my vote.

1. Any person should be able to re-count the votes.

Well duh. They open up the box full of paper ballots and count them. That should be obvious.

2. Any person should be able to confirm that their vote is properly recorded.

This is one you seem to have a hard time getting. Bob and Alice should not be able to prove WHO they voted for. The ballot should be resistant to tampering, but it is important that I can't prove to you who I voted for.

3. Any person should be able to remain completely anonymous.

Completely is impossible, and I would say you'd typically be LESS anonymous in your scheme. (There are all sorts of real would implementation details that make it impossible to be completely anonymous.) And there's always that nasty special case where everybody votes for the same guy. Consider that in your example, the votes are being received from a source and that traffic