Slashdot Mirror
BlackBox Voting Tests California Diebold Machines
Doc Ruby writes "The California Secretary of State has invited Black Box Voting to hack away at some Diebold voting systems. The testing is set for Nov. 30, 2005. Evaluations conducted by Black Box Voting in San Joaquin, Marin, and Alameda counties (Calif.) reveal that a critical paper audit component is missing for all absentee and mail-in ballots, and also for recounts. (Black Box personnel were hired by the Libertarian Party to conduct inspections.)"
Paper trail: the magical words. In Montréal, Québec, the recent municipal election is being contested. Mark-sense ballots were counted by machines, but ballots are kept in sealed boxes after being run through the machine (by the elector). Right now, the ballots are being recounted by hand in the courthouse.
Unless there is third party auditing at the time of voting, or access to the source code with definitive proof that the shown code is compiled on the machines, and the machines haven't been updated, then it's an exercise in futility.
We want a paper ballot. Sure, we could have a computer voting system, but it has to spit out a paper ballot with my choices marked on it. THAT is the ballot that should be counted, either manually, or with an optical scanner.
If the paper trail that I look at is not the same ballot that is counted, I can't be sure that a programmer decided to print one thing and tally another.
Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
What I want to know is:
What happens when you put a Sony Music CD into a Diebold machine?
(you just *know* they've got Autoplay enabled in there. . . )
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
Some people have mentioned that receipts might be valid, however this raises issues of people selling votes (or being harassed). The anonymous paper and pencil system is the best --- while corruption can lead to large numbers of fraudulant ballot papers, if the corruption is at this level, there isn't much that can be done anyhow.
Unpretentious Sydney reviews by unqualified Sydney reviewers
I, for one, don't care if they want to. This is about my country, my democracy (I know not a true democaracy, blah blah blah). If they want to sell products that ensure no cheating in elections, people need to KNOW, not assume, KNOW, that it is a system beyond reproach. It's about my democracy not some stupid companies profits.
Androk
Person marks ballot with permanent marker (like the old multiple choice tests but not eraseable). Voting machine is a form reader with a ballot box underneath. This is how municipal elections are done in Nanaimo (and I presume most other municipalities in) BC, Canada. Federal and Provincial elections are still hand-counted with scrutineers seeing (and counting) every ballot.
This is how voting has been done in San Diego County in California for the past couple of elections. I personally don't think that the touch screens are going to be adding much but expense.
As the democratic process has to be, in essence, totally transparent (during ballot counting, candidates can appoint witnesses who closely watch the ballot tallying process), it is no mystery that voting machines should likewise operate in a totally transparent manner, that is, not only that the source code be available for inspection by anyone who wishes to, but also that there is a verification process to enable anyone to verify that the actual compiled code in the voting machine has actually been compiled from the source code (yes, this is possible - it is being done for slots machines).
Some croporate sockpuppets on slashdot tend to forget that "intellectual" "property" is not an absolute thing like gravity or matter, but a convention that is GRANTED and, thus, can be witheld for specific reasons. Like, for example, insuring that the democratic process remains transparent.Now, if a company does not like the idea of writing open-source software for it's voting machine, it is entirely free to refrain from doing so and leaving the market to those who do not mind.
And, besides, the software would be totally useless without the hardware, so why should one care if anybody can "steal" it???
Finally, since the specifications given by the government for voting machines should clearly state that the source code shall be available for anyone who asks, if the company wants to make money, nothing prevents it from bidding a higher price to allow releasing the software.
Diebold is not entitled to an automatic profit. Nor any other business for that matter. If it cannot factor in the fact that the software will be lifted by other companies, and goes bankrupt for this, well it only has itself to blame. This is bullshit. Others manufacturers would have to make their machines identical to Diebold machines, and there, Diebold would have a very good case for suing them. To make a profit, given that their software will be released as I pointed out above.How would you protect the company's IP but allow an independent and honest study of the code to take place?
Have them release the source to the public. Not LICENCE the source to the public, just release it.
Sure, it makes it eaiser for other companies to copy what they're doing, but it is no less legal simply because it's easier. And if we apply the same standards to everyone, any company wanting to get into the elections business would need to release code, so it would be at least sorta easy to detect copying.
Here's the link to the specific post detailing their request
If the editors are listening, it might be worth fixing the
That little mistake puts the issue in a wrong light.
[Fuck Beta]
o0t!
Why are they using machines to count the votes ?
/fetched by the administration.
Here in Germany the voting process is 100% transparent.
The whole country is divided into ~400000 pieces. In each of these pieces, a votingplace is established. Each votingplace is maned by 7 citicens (volunteers prefered. vacant posts are filled by selecting random citicen.).
The voters vote through making a cross on a piece of paper.
After the vote, the whole voting comittee counts the votes two times. After that, the votes are sealed in a bag. The result and the votes are then given to
During the whole process, _every_ citicen has the right to be on place and controll the work of the comittee.
The whole process is FAST:
Usually it only takes ~1 hour to count the votes.
Voters don't need complicated instruction manuals (everybody knows how to use a pen, right ?)
The whole process is reliable:
It is very hard for a political party to man a whole comittee.
As every citisen has the right (and many make use of their right) to be on place and to controll the work, falsifiing is extremely hard.
Because we have a clear paper-trail, every vote can get re-counted.
Ever tried to use a machine when there is a power-outage ? Pens work without electricity.
The whole process is CHEAP:
No expensive machines.
Volunteers & citicens don't get paid.
Let's make a few points clear here.
.cgi?file=/1954/14325.html
1) The Libertarian connection happened as a result of California Election Code 15004, which reads:
---
The county central committee of each qualified political party may employ, and may have present at the central counting place or places, not more than two qualified data processing specialists or engineers to check and review the preparation and operation of the tabulating devices, their programming and testing, and have the specialists or engineers in attendance at any or all phases of the election.
---
So we (Black Box Voting) approached the California Libertarian Party to team up and do up-close inspections of these voting machines, or at least explore what's possible under 15004. They hired us at a buck a day. The main result: we ended up with listings of installed software and drivers that make it obvious Diebold wasn't obeying a court order to shut down networking drivers that weren't necessary. We've complained to the California AG's office about this and Diebold's cross-connection of the San Diego central tabulator box to the Internet (also banned by both the same court order and state regulation). More details at:
http://www.bbvforums.org/cgi-bin/forums/board-auth
This upcoming "test hack" at the California Secretary of State's office is another matter entirely.
This all started when we (Black Box Voting) hired Finnish security consultant Harri Hursti to help out in a "test hack" in Leon County FL where the county elections official (Ion Sancho) was worried about all this "Diebold" controversy.
What Hursti found was pretty wild. In short: before the election, all the precinct memory cards are prepped from the central vote count box with the ballot and candidate data...normal enough. But the cards are also prepped with interpreted BASIC code loaded into all the memory cards to control the output of the summary counter printer at each precinct. Worse, if you mess around with that code loaded first at the central tabulator, you can make that end-of-day-printout read whatever you want...put in a vote-skimming routine, false numbers, whatever. Nothing in the system at the central or precinct ends checks for hashes or whatever to see if the BASIC code is legit. Said code can be date/time sensitive so that the machines will still pass Logic&Accuracy testing before or after the election. With the paper trail at the precinct dickered with, you can use the other major hack available - altering the central database of votes to match the precinct report paper. Not hard - the central database of votes is written in MS-Access so either load a commercial copy of Access and tweak by hand, or load/type a Visual Basic script to monkey with the JET database engine (the "Access back end") on autopilot.
Net result: one thoroughly "pwned" election.
The full report:
http://www.blackboxvoting.org/BBVreport.pdf
Since then, *nobody* has tried to duplicate the Hursti results. If they're true, Diebold would have to do a nationwide recall and the Federally approved testing labs (Ciber Inc. in Huntsville AL and a division of Wyle also in Huntsville) would need a visit by people with badges, guns and search warrants.
After the preliminary report on the Leon County hack was released but before the final report linked above, Bev Harris and I formally asked the California Secretary of State's office to check out the issues Hursti found, under yet another obscure clause of the California elections code, 19202:
---
Any person or corporation owning or being interested in any voting system or part of a voting system may apply to the Secretary of State to examine it and report on its accuracy and efficiency to fulfill its purpose. The Secretary of State shall complete his or her examination without undue delay
Exactly.
...for my personal collection and
...for a view of the first and last time they tried to have any of my stuff taken offline.
A variant of this for voting machines would involve the distribution of the MD5s or similar on the websites of the vendors, the county governments using it, the Federal Election Commission website and the like, along with a script that will check every file on the voting machine in question for accuracy.
A concerned voter or party rep or one of us at Black Box Voting or whatever can download all that, put it on CD-ROM.
The county can then test the CD you bring in and make sure it contains nothing but the "checker program", mark that CD "approved", you then stick it in the voting machine(s) and run it even with very limited "geek quotient". Now everybody can trust everybody.
--------------
Another big issue is that the data files need to be made public. As God is my witness, Diebold and other major vendors are claiming that the database files (MS-Access in Diebold's case, SQL in most others) are "proprietary trade secrets"(!) and cannot be released by the counties under various public records laws of each state.
This is utter BS. Hell, if you have just ONE set of Diebold data files you know their table layouts and whatnot, and many such have been published all over the net for literally years...with Diebold taking no legal action to make them go away since...well they gave up around Oct. of 2003. See also:
http://www.equalccw.com/dieboldtestnotes.html
http://www.equalccw.com/liebold.html
Diebold MS-Access data files *can* hold forensic traces of vote-hacking if the hack wasn't done very professionally. So why is Diebold fighting to make sure the data files don't end up in public hands, when this "trade secrets" argument is clearly horse manure?
Either they're messing with votes, or they're afraid some of the counties are because Diebold has made it so damned easy.
Jim March
BlackBoxVoting (.org)
"whereas you'd need some engineers with logic analyzers to really track everything a totally computerized system is doing."
And they couldn't possibly monitor the situation. Are all the voting machines running approved code? Impossible to know. Is the code locked down, or is it being replaced dynamically to cover tracks? Unknown. Is the code, a closed binary, full of triggers and cheats that only activate within certain parameters? Human nature says probably. Have the flash card couriers been tampered with? Who knows. Are the MS Windows machines acting as accumulators tampered with? Shrug. Is the easily modified Access database on the accumulator protected from tampering with Notepad? Impossible. Is there anyone around who is both 1) suspicious 2) knowledgeable enough to spot gross tampering? Nope. Are the vote totals modified when the technicians are called in to fix the machines during elections? Yes, Virginia, they are and it is a fact.
Even paper backups won't work, and here is why: Paper ballots would not be counted unless a recount is triggered when the vote total could go either way because of a minute spread, OR obvious fraud is committed. If one is controlling the vote tallies at a district level, all you have to do, say, if the trigger is 1%, is to make sure the spread is greater than 1% -- and the RECOUNT NEVER HAPPENS. The paper ballots are not manually counted under scrutiny and compared to the computer counted votes.
And this is beyond the maddening fact that Americans don't understand computers, cheating, or how to avoid this mess. The persistent idiocy I always hear from officials or reporters is the "print a receipt to take home with you" concept. Hair. Pull. Out. Receipts are useless! Paper ballots must be printed for each vote, shown the the voter, and placed in a ballot box.
Here's a simple fix for the recount trigger problem: random manual recounts for every election. IF even ONE of the races turn up as fixed, the lid is blown and we go back to hand counts. I can only hope.
Diebold has fought a manual recount system so ferociously that (Occam's Razor) they have indeed fixed elections. Their have been a lot of stories and sources stating that the employees know something is crooked, altho they are afraid for their jobs. Jobs in IT are scarce. The top management is far-rightist and saw it's duty as electing Bush; the details are tiresome.
Notice exit polls are no longer conducted? They "broke" during 2000, so no news organization will have them anymore. This in spite of the fact that statistics don't "break" during only one extremely critical election, and no other. They didn't break, kids, the election totals were altered and no longer matched reality.
Now we have these damned cheating machines in my precinct. I will vote absentee. To stop me, they'll have to "lose" boxes like the last election.
The defunding of public schools has produced a nation of incurious people who can't understand how simple it now is to change election totals to suit those who run the machines.
They didn't break, kids, the election totals were altered and no longer matched reality.
What's ironic here is that in some countries, the exit polls determine the outcome of an election. The voting process itself is more a formality. I think this lends some strong credibility to your comment.
Paper trails are great so long as they're USED, at least for spot-checking.
Right now, California has one of the better laws on this, saying that 1% of the precincts need to be hand-counted once there's a paper trail in place. And paper trails are mandated beginning in '06.
Great.
But several counties don't assign their absentee ballots to precincts - they treat them as a distinct batch. And since they're not PRECINCTS, these counties claim they don't fall under the 1% manual recount rule.
Los Angeles County (population 12 MILLION) is among these.
So even though absentee voting *always* includes a paper trail (the part people mail in), in LA and elsewhere it doesn't get spot-checked. Hack just that portion of the vote, you're golden.
Sigh.
In six states it's ILLEGAL to recount paper ballots...danged if I know why. Most states don't have a spot-check rule.
Voter verifiable paper is a good start but it's only "part of this complete breakfrast" if you know what I mean...
Jim March
Black Box Voting
A few excerpts:
Nevada asked the Gaming Control Board to take a look at voting machines. After that review, Nevada went to a paper trail in 2004.
I understand what you mean, but please ask for "voter-verified paper ballots" instead of a "paper trail".
I was part of the Champaign County Election Equipment Advisory Board in Champaign county Illinois. We were an appointed body whose job was to evaluate voting machines that would make us compliant with the new "Help America Vote Act" law. Our board heard sales pitches from a few vendors (Diebold, HartIntercivic, ES&S) and their local reps, we asked them questions, collected information, and eventually made a recommendation to the County Board (who are elected). We've given the County Board our advice and the County Board will make the final decision and sign the contracts.
We took a field trip to Tippecanoe county Indiana and saw a Diebold voting machine, and our guides were nice enough to give us a demonstration. We were familiar with the Diebold system they demonstrated from a user and administrator's perspective, but we were stunned that the long strip of paper the machine printed was not voter-verified. The Diebold machine we saw produced this paper if the operator had a physical key and pressed the appropriate button (typically the election judge on the site would do this at the end of election day). But no voters got to see what was printed on the paper, therefore there was no way for a voter to make sure that there was any accurate written record of their vote, even a printed record that stayed with the election judges (not a receipt).
Ostensibly, what's on the paper is a record of votes in a pseudo-random order (so as to prevent an election judge from correlating a particular voter with the printed information). But since the paper is not voter-verified, what was written on the paper is completely untrustworthy. Voters were relying on whatever the software says. Tippecanoe county Indiana is a long-time Diebold customer (since before Diebold bought Global Election Systems, if I recall correctly).
This machine compelled me to distinguish between a "paper trail" (which the Diebold reps and the Tippecanoe county demonstrators assured us the machine could generate) and a "voter-verified paper ballot". The former simply isn't good enough.
Digital Citizen
The first poster was paranoid, but you're wilfilly oblivious.
Exit polls have been used the world over to predict election results for decades .
The 2000 and 2004 elections were widely suspected to have been corrupt, and there's a positive litany of discrepancies, sketchy behaviour and incredibly convenient "co-incidences" around the personnel involved and results obtained. Then, after these useful and reliable exit polls disagree strongly with the "official" result, the administration says it doesn't want to do exit polls any more?
Have exit polls returned perfectly usable, useful results for the overwhelming majority of the time they've been used? Yes.
If "exit polls" had suddenly and spontaneously broken in this one case, does that justify not using them in the future? No, because statistical outliers aside, in general they're still very good.
Have we discovered any new maths, or a statistical theory that suddenly proves exit polls are dangerously misleading? No.
Were the exit polls wrong disproportionately more often in districts where Diebold machines were used? Yes.
So we have a single event where the long-working exit polls (which are normally accurate) are suddenly and significantly different from the final official tally. This could be written off as a statistical fluke, but the Diebold and ES&S machines are already suspected of widespread insecurity and/or deliberate tampering, and then when it all hits the media the administration announces it won't be conducting exit polls any more?
Why, when they've been used for decades without problem, are exit polls suddenly considered dangerous or misleading? Apart from, that is, their potential to provide an indication of election-tampering?
Everything in moderation, including moderation itself