Slashdot Mirror
BlackBox Voting Tests California Diebold Machines
Doc Ruby writes "The California Secretary of State has invited Black Box Voting to hack away at some Diebold voting systems. The testing is set for Nov. 30, 2005. Evaluations conducted by Black Box Voting in San Joaquin, Marin, and Alameda counties (Calif.) reveal that a critical paper audit component is missing for all absentee and mail-in ballots, and also for recounts. (Black Box personnel were hired by the Libertarian Party to conduct inspections.)"
Paper trail: the magical words. In Montréal, Québec, the recent municipal election is being contested. Mark-sense ballots were counted by machines, but ballots are kept in sealed boxes after being run through the machine (by the elector). Right now, the ballots are being recounted by hand in the courthouse.
Unless there is third party auditing at the time of voting, or access to the source code with definitive proof that the shown code is compiled on the machines, and the machines haven't been updated, then it's an exercise in futility.
We want a paper ballot. Sure, we could have a computer voting system, but it has to spit out a paper ballot with my choices marked on it. THAT is the ballot that should be counted, either manually, or with an optical scanner.
If the paper trail that I look at is not the same ballot that is counted, I can't be sure that a programmer decided to print one thing and tally another.
Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
What I want to know is:
What happens when you put a Sony Music CD into a Diebold machine?
(you just *know* they've got Autoplay enabled in there. . . )
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
Some people have mentioned that receipts might be valid, however this raises issues of people selling votes (or being harassed). The anonymous paper and pencil system is the best --- while corruption can lead to large numbers of fraudulant ballot papers, if the corruption is at this level, there isn't much that can be done anyhow.
Unpretentious Sydney reviews by unqualified Sydney reviewers
I believe you. And I believe her. I believe everything I read on the internet. Especially accusations of Communism; they tend to ring particularly true.
Sigh.
the layman's guide to computer science
If there's a backdoor of some kind for someone to specifically tamper with the voting results, that would be BAD, but I'd be surprised. I will not, AT ALL, be surprised, however, holes in the operating system, programs underlying the voting software proper, or so-called "middleware" are chock full of holes that someone could use. For that reason, I am very much against this process.
My suggestion to fix the system: There is nothing wrong with filling out (or sending in, for absentee voting) a paper ballot, which, in my opinion, should be produced with anti-counterfeiting and anti-tampering technologies, similar to those employed in our currency. An electronic system could be used to optically scan and process the votes, with individuals verifying the optical scan, and this information should be entered into a database for any kind of processing that the government needs to do, along with the optical scan of the original paper ballot. Most importantly, however, is this: Each paper ballot should have an attached "carbon copy" of some type that the user keeps, which will come with a special user ID and passphrase that the user can use after the election date to log in to a secure site and verify that his individual vote was counted as he intended. This sort of public watchfulness on the voting process will create a situation in which it will become extremely difficult to alter the results.
Bev Harris is NOT a Communist.
He may be a liar, a pig, an idiot, a Communist... but he is *NOT* a porn star.
"What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
/)
I, for one, don't care if they want to. This is about my country, my democracy (I know not a true democaracy, blah blah blah). If they want to sell products that ensure no cheating in elections, people need to KNOW, not assume, KNOW, that it is a system beyond reproach. It's about my democracy not some stupid companies profits.
Androk
Person marks ballot with permanent marker (like the old multiple choice tests but not eraseable). Voting machine is a form reader with a ballot box underneath. This is how municipal elections are done in Nanaimo (and I presume most other municipalities in) BC, Canada. Federal and Provincial elections are still hand-counted with scrutineers seeing (and counting) every ballot.
This is how voting has been done in San Diego County in California for the past couple of elections. I personally don't think that the touch screens are going to be adding much but expense.
No one said it had to be released under the GPL. They're welcome to retain their intellectual "property," they just have to allow public inspection. If anything, this would limit competition for Diebold because it would be a simple matter for them to accuse any upstart undercutting them of having seen the public source code.
I too have felt the cold finger of injustice.
As the democratic process has to be, in essence, totally transparent (during ballot counting, candidates can appoint witnesses who closely watch the ballot tallying process), it is no mystery that voting machines should likewise operate in a totally transparent manner, that is, not only that the source code be available for inspection by anyone who wishes to, but also that there is a verification process to enable anyone to verify that the actual compiled code in the voting machine has actually been compiled from the source code (yes, this is possible - it is being done for slots machines).
Some croporate sockpuppets on slashdot tend to forget that "intellectual" "property" is not an absolute thing like gravity or matter, but a convention that is GRANTED and, thus, can be witheld for specific reasons. Like, for example, insuring that the democratic process remains transparent.Now, if a company does not like the idea of writing open-source software for it's voting machine, it is entirely free to refrain from doing so and leaving the market to those who do not mind.
And, besides, the software would be totally useless without the hardware, so why should one care if anybody can "steal" it???
Finally, since the specifications given by the government for voting machines should clearly state that the source code shall be available for anyone who asks, if the company wants to make money, nothing prevents it from bidding a higher price to allow releasing the software.
Diebold is not entitled to an automatic profit. Nor any other business for that matter. If it cannot factor in the fact that the software will be lifted by other companies, and goes bankrupt for this, well it only has itself to blame. This is bullshit. Others manufacturers would have to make their machines identical to Diebold machines, and there, Diebold would have a very good case for suing them. To make a profit, given that their software will be released as I pointed out above.In Nevada, no slot machine can run unless the manufacturer gives the Nevada Gaming Commission the source code. They can then compile it and get a MD5 checksum for it.
All they have to do then is to go in casinoes and do spot-check on some machines; all they do is plug a special diagnostic box which looks at the firmware and calculates the MD5 checksum, then compares it with the official checksum.
The big problem here is that paper ballots can still be tampered with - ballot box stuffing, throwing out opposing ballots, even changing ballots. It's possible.
Maybe if there was some sort of (excuse the buzz word here) biometric way of tracking a vote? Paper ballots with a thumbprint? Well... that does make the whole "secret ballot" thing problematic... and everyone's finger prints would then have to be on file to vote, which probably wouldn't fly either... most polling places don't even require a picture ID as far as I know.
Maybe we should drop the idea of a secret ballot? I'm not saying we should make it a matter of public record or anything, but allow votes to be tied to names specifically. Or is that already done?
Sorry, I'll admit I'm quite ignorant about voting procedures (don't mod me down for it - please correct my ignorance), but developing a truly functional and verifiable means of voting seems nearly impossible while votes records are secret.
How would you protect the company's IP but allow an independent and honest study of the code to take place?
Have them release the source to the public. Not LICENCE the source to the public, just release it.
Sure, it makes it eaiser for other companies to copy what they're doing, but it is no less legal simply because it's easier. And if we apply the same standards to everyone, any company wanting to get into the elections business would need to release code, so it would be at least sorta easy to detect copying.
Here's the link to the specific post detailing their request
If the editors are listening, it might be worth fixing the
That little mistake puts the issue in a wrong light.
[Fuck Beta]
o0t!
Why are they using machines to count the votes ?
/fetched by the administration.
Here in Germany the voting process is 100% transparent.
The whole country is divided into ~400000 pieces. In each of these pieces, a votingplace is established. Each votingplace is maned by 7 citicens (volunteers prefered. vacant posts are filled by selecting random citicen.).
The voters vote through making a cross on a piece of paper.
After the vote, the whole voting comittee counts the votes two times. After that, the votes are sealed in a bag. The result and the votes are then given to
During the whole process, _every_ citicen has the right to be on place and controll the work of the comittee.
The whole process is FAST:
Usually it only takes ~1 hour to count the votes.
Voters don't need complicated instruction manuals (everybody knows how to use a pen, right ?)
The whole process is reliable:
It is very hard for a political party to man a whole comittee.
As every citisen has the right (and many make use of their right) to be on place and to controll the work, falsifiing is extremely hard.
Because we have a clear paper-trail, every vote can get re-counted.
Ever tried to use a machine when there is a power-outage ? Pens work without electricity.
The whole process is CHEAP:
No expensive machines.
Volunteers & citicens don't get paid.
Let's make a few points clear here.
.cgi?file=/1954/14325.html
1) The Libertarian connection happened as a result of California Election Code 15004, which reads:
---
The county central committee of each qualified political party may employ, and may have present at the central counting place or places, not more than two qualified data processing specialists or engineers to check and review the preparation and operation of the tabulating devices, their programming and testing, and have the specialists or engineers in attendance at any or all phases of the election.
---
So we (Black Box Voting) approached the California Libertarian Party to team up and do up-close inspections of these voting machines, or at least explore what's possible under 15004. They hired us at a buck a day. The main result: we ended up with listings of installed software and drivers that make it obvious Diebold wasn't obeying a court order to shut down networking drivers that weren't necessary. We've complained to the California AG's office about this and Diebold's cross-connection of the San Diego central tabulator box to the Internet (also banned by both the same court order and state regulation). More details at:
http://www.bbvforums.org/cgi-bin/forums/board-auth
This upcoming "test hack" at the California Secretary of State's office is another matter entirely.
This all started when we (Black Box Voting) hired Finnish security consultant Harri Hursti to help out in a "test hack" in Leon County FL where the county elections official (Ion Sancho) was worried about all this "Diebold" controversy.
What Hursti found was pretty wild. In short: before the election, all the precinct memory cards are prepped from the central vote count box with the ballot and candidate data...normal enough. But the cards are also prepped with interpreted BASIC code loaded into all the memory cards to control the output of the summary counter printer at each precinct. Worse, if you mess around with that code loaded first at the central tabulator, you can make that end-of-day-printout read whatever you want...put in a vote-skimming routine, false numbers, whatever. Nothing in the system at the central or precinct ends checks for hashes or whatever to see if the BASIC code is legit. Said code can be date/time sensitive so that the machines will still pass Logic&Accuracy testing before or after the election. With the paper trail at the precinct dickered with, you can use the other major hack available - altering the central database of votes to match the precinct report paper. Not hard - the central database of votes is written in MS-Access so either load a commercial copy of Access and tweak by hand, or load/type a Visual Basic script to monkey with the JET database engine (the "Access back end") on autopilot.
Net result: one thoroughly "pwned" election.
The full report:
http://www.blackboxvoting.org/BBVreport.pdf
Since then, *nobody* has tried to duplicate the Hursti results. If they're true, Diebold would have to do a nationwide recall and the Federally approved testing labs (Ciber Inc. in Huntsville AL and a division of Wyle also in Huntsville) would need a visit by people with badges, guns and search warrants.
After the preliminary report on the Leon County hack was released but before the final report linked above, Bev Harris and I formally asked the California Secretary of State's office to check out the issues Hursti found, under yet another obscure clause of the California elections code, 19202:
---
Any person or corporation owning or being interested in any voting system or part of a voting system may apply to the Secretary of State to examine it and report on its accuracy and efficiency to fulfill its purpose. The Secretary of State shall complete his or her examination without undue delay
Exactly.
...for my personal collection and
...for a view of the first and last time they tried to have any of my stuff taken offline.
A variant of this for voting machines would involve the distribution of the MD5s or similar on the websites of the vendors, the county governments using it, the Federal Election Commission website and the like, along with a script that will check every file on the voting machine in question for accuracy.
A concerned voter or party rep or one of us at Black Box Voting or whatever can download all that, put it on CD-ROM.
The county can then test the CD you bring in and make sure it contains nothing but the "checker program", mark that CD "approved", you then stick it in the voting machine(s) and run it even with very limited "geek quotient". Now everybody can trust everybody.
--------------
Another big issue is that the data files need to be made public. As God is my witness, Diebold and other major vendors are claiming that the database files (MS-Access in Diebold's case, SQL in most others) are "proprietary trade secrets"(!) and cannot be released by the counties under various public records laws of each state.
This is utter BS. Hell, if you have just ONE set of Diebold data files you know their table layouts and whatnot, and many such have been published all over the net for literally years...with Diebold taking no legal action to make them go away since...well they gave up around Oct. of 2003. See also:
http://www.equalccw.com/dieboldtestnotes.html
http://www.equalccw.com/liebold.html
Diebold MS-Access data files *can* hold forensic traces of vote-hacking if the hack wasn't done very professionally. So why is Diebold fighting to make sure the data files don't end up in public hands, when this "trade secrets" argument is clearly horse manure?
Either they're messing with votes, or they're afraid some of the counties are because Diebold has made it so damned easy.
Jim March
BlackBoxVoting (.org)
Paper trails are great so long as they're USED, at least for spot-checking.
Right now, California has one of the better laws on this, saying that 1% of the precincts need to be hand-counted once there's a paper trail in place. And paper trails are mandated beginning in '06.
Great.
But several counties don't assign their absentee ballots to precincts - they treat them as a distinct batch. And since they're not PRECINCTS, these counties claim they don't fall under the 1% manual recount rule.
Los Angeles County (population 12 MILLION) is among these.
So even though absentee voting *always* includes a paper trail (the part people mail in), in LA and elsewhere it doesn't get spot-checked. Hack just that portion of the vote, you're golden.
Sigh.
In six states it's ILLEGAL to recount paper ballots...danged if I know why. Most states don't have a spot-check rule.
Voter verifiable paper is a good start but it's only "part of this complete breakfrast" if you know what I mean...
Jim March
Black Box Voting
A few excerpts:
Nevada asked the Gaming Control Board to take a look at voting machines. After that review, Nevada went to a paper trail in 2004.
Definately a she, not on meds, has no use for Osama Yo Mama, ain't a commie :).
She has however been an action movie star:
http://www.bbvdocs.org/videos/volusia2.mpg
Drop dead funny, taken from a "dumpster dive session" behind an elections department warehouse in Volusia County FL in which all sorts of real voting records (mainly the critical end-of-day polltapes) had been thrown out. Illegally.
("Poll tapes" are printed on older voting machines on "cash register rolls", they basically spit out about 3ft worth of "I took in 345 votes for Bush, 257 for Kerry" type stuff, keeping a "running tally". They're not as good as a voter verified paper trail, they can be "hacked" at least in Diebold's case, but that's not THAT easy and a cheating election official(s) with limited or no techie background would find it easier to just junk them.)
I understand what you mean, but please ask for "voter-verified paper ballots" instead of a "paper trail".
I was part of the Champaign County Election Equipment Advisory Board in Champaign county Illinois. We were an appointed body whose job was to evaluate voting machines that would make us compliant with the new "Help America Vote Act" law. Our board heard sales pitches from a few vendors (Diebold, HartIntercivic, ES&S) and their local reps, we asked them questions, collected information, and eventually made a recommendation to the County Board (who are elected). We've given the County Board our advice and the County Board will make the final decision and sign the contracts.
We took a field trip to Tippecanoe county Indiana and saw a Diebold voting machine, and our guides were nice enough to give us a demonstration. We were familiar with the Diebold system they demonstrated from a user and administrator's perspective, but we were stunned that the long strip of paper the machine printed was not voter-verified. The Diebold machine we saw produced this paper if the operator had a physical key and pressed the appropriate button (typically the election judge on the site would do this at the end of election day). But no voters got to see what was printed on the paper, therefore there was no way for a voter to make sure that there was any accurate written record of their vote, even a printed record that stayed with the election judges (not a receipt).
Ostensibly, what's on the paper is a record of votes in a pseudo-random order (so as to prevent an election judge from correlating a particular voter with the printed information). But since the paper is not voter-verified, what was written on the paper is completely untrustworthy. Voters were relying on whatever the software says. Tippecanoe county Indiana is a long-time Diebold customer (since before Diebold bought Global Election Systems, if I recall correctly).
This machine compelled me to distinguish between a "paper trail" (which the Diebold reps and the Tippecanoe county demonstrators assured us the machine could generate) and a "voter-verified paper ballot". The former simply isn't good enough.
Digital Citizen
"I want to see evidence to your claims."
It's on every diebold machine, just fish it out of the bit-bucket.
Insightfull, WTF? Your whole argument about statistics is based on the administration's official straw men (ie: exit polls were taken only in the morning, sampling is not as reliable as the official total). There were at least three sets of numbers, Rove's predictions, Diebold's count and the Exit poll stat's. Two of them were a very close match but they were not the two sets everyone (except Rove) had expected, the explaination is Rove101, stats101 has it's money on the exit polls.
"The majority of Americans don't like extremists--and they HATE poor losers. Throwing those accusations without any sort of reliable evidence makes you look like both."
Off course if I point out your statistician has no clothes I am a loser extremist and it is every American's patriotic duty to hate me. ( The "hate" bit may one day become the definition of "irony" ).
"Not only that, but such accusations are dangerous."
In other words, allowing people to voice concerns when they have no "evidence" is dangerous, therefore it's better to shun them than to answer their concerns. Modern doublethink: Provided you don't live in a cave with suicidal nutcases, it's ok to start a war without sane reasoning.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
I am disappointed that edjucated engineers are crying out for a paper trail on for voting machines. We can use an all computerized system that lets everybody count the votes, and is secured via asymmetric encryption. Two public lists are maintained by the government. One list contains registered public keys. This list is generated during voter registration, when a person submits their typical voter registration info along with their public key and an optional request to be anonymous. If a person is anonymous, then only their public key is added to the list, and otherwise their name is also added. When people vote, they use their own computer to cast a vote via the web, and their vote consists of a pair:
( public key, encrypt( private key, ( public key, votes ) ) )
Then anybody can have access to both lists. Anything that can be observed using a paper trail is now observable via a purely computerized system. Even better, since anybody has access to both lists, anybody can count the votes and anybody can audit the system.