Slashdot Mirror

← Back to Stories (view on slashdot.org)

BlackBox Voting Tests California Diebold Machines

Posted by samzenpus on from the too-little-too-late dept.

Doc Ruby writes "The California Secretary of State has invited Black Box Voting to hack away at some Diebold voting systems. The testing is set for Nov. 30, 2005. Evaluations conducted by Black Box Voting in San Joaquin, Marin, and Alameda counties (Calif.) reveal that a critical paper audit component is missing for all absentee and mail-in ballots, and also for recounts. (Black Box personnel were hired by the Libertarian Party to conduct inspections.)"

9 of 238 comments (clear)

  1. Paper trail... by Pig+Hogger · · Score: 5, Informative

    Paper trail: the magical words. In Montréal, Québec, the recent municipal election is being contested. Mark-sense ballots were counted by machines, but ballots are kept in sealed boxes after being run through the machine (by the elector). Right now, the ballots are being recounted by hand in the courthouse.

  2. Paper trails are essential by zegebbers · · Score: 5, Insightful
    Without them, there is no way to validate the quality.

    Some people have mentioned that receipts might be valid, however this raises issues of people selling votes (or being harassed). The anonymous paper and pencil system is the best --- while corruption can lead to large numbers of fraudulant ballot papers, if the corruption is at this level, there isn't much that can be done anyhow.

    --
    Unpretentious Sydney reviews by unqualified Sydney reviewers
  3. Re:Way by Androk · · Score: 5, Insightful

    I, for one, don't care if they want to. This is about my country, my democracy (I know not a true democaracy, blah blah blah). If they want to sell products that ensure no cheating in elections, people need to KNOW, not assume, KNOW, that it is a system beyond reproach. It's about my democracy not some stupid companies profits.

    Androk

  4. Re:Too little, too late by Anonymous Coward · · Score: 5, Interesting

    Recently, the state of Connecticut sent mailers to households inviting voters to demo electronic voting machines, and fill out a survey. I decided to attend the one held at a local branch of our state university. There were only three machines to try out. One was a Diebold machine.

    On the two non-Diebold machines, I was allowed to vote a sample ballot as if the vote were real. The Diebold demonstrator, however, kept tight control over the Diebold machine, allowing only limited public interaction.

    I did see something very interesting about the Diebold machine. Something I didn't like at all. The "proctor" explained that during a real voting session, the voter would get a smart card from election officials, insert it into the reader on the voting machine, vote, then turn back the card. The stated reason for the card was to prevent one person from voting multiple times while standing at the machine. However, the proctor was re-using the same card to restart the session as each new person stepped up. When I asked about this, the proctor claimed that during a real voting session, no-one would have access to a multi-use card. I asked her if that was a promise, but she didn't have an answer.

  5. FYI by TubeSteak · · Score: 5, Informative
    From TFA:
    To put this in context, the California Secretary of State did not originate the idea and suddenly decide to invite us to a test.

    Black Box Voting formally issued a request for replication of the Hursti findings under California Election Code 19202.


    Here's the link to the specific post detailing their request

    If the editors are listening, it might be worth fixing the /. blurb.
    That little mistake puts the issue in a wrong light.
    --
    [Fuck Beta]
    o0t!
  6. Tell me again: WHY MACHINES ? by Anonymous Coward · · Score: 5, Informative

    Why are they using machines to count the votes ?

    Here in Germany the voting process is 100% transparent.

    The whole country is divided into ~400000 pieces. In each of these pieces, a votingplace is established. Each votingplace is maned by 7 citicens (volunteers prefered. vacant posts are filled by selecting random citicen.).

    The voters vote through making a cross on a piece of paper.

    After the vote, the whole voting comittee counts the votes two times. After that, the votes are sealed in a bag. The result and the votes are then given to /fetched by the administration.

    During the whole process, _every_ citicen has the right to be on place and controll the work of the comittee.

    The whole process is FAST:
    Usually it only takes ~1 hour to count the votes.

    Voters don't need complicated instruction manuals (everybody knows how to use a pen, right ?)

    The whole process is reliable:
    It is very hard for a political party to man a whole comittee.

    As every citisen has the right (and many make use of their right) to be on place and to controll the work, falsifiing is extremely hard.

    Because we have a clear paper-trail, every vote can get re-counted.

    Ever tried to use a machine when there is a power-outage ? Pens work without electricity.

    The whole process is CHEAP:
    No expensive machines.
    Volunteers & citicens don't get paid.

  7. As one of the two people invited to this shindig.. by JimMarch(equalccw) · · Score: 5, Informative

    Let's make a few points clear here.

    1) The Libertarian connection happened as a result of California Election Code 15004, which reads:

    ---
    The county central committee of each qualified political party may employ, and may have present at the central counting place or places, not more than two qualified data processing specialists or engineers to check and review the preparation and operation of the tabulating devices, their programming and testing, and have the specialists or engineers in attendance at any or all phases of the election.
    ---

    So we (Black Box Voting) approached the California Libertarian Party to team up and do up-close inspections of these voting machines, or at least explore what's possible under 15004. They hired us at a buck a day. The main result: we ended up with listings of installed software and drivers that make it obvious Diebold wasn't obeying a court order to shut down networking drivers that weren't necessary. We've complained to the California AG's office about this and Diebold's cross-connection of the San Diego central tabulator box to the Internet (also banned by both the same court order and state regulation). More details at:

    http://www.bbvforums.org/cgi-bin/forums/board-auth .cgi?file=/1954/14325.html

    This upcoming "test hack" at the California Secretary of State's office is another matter entirely.

    This all started when we (Black Box Voting) hired Finnish security consultant Harri Hursti to help out in a "test hack" in Leon County FL where the county elections official (Ion Sancho) was worried about all this "Diebold" controversy.

    What Hursti found was pretty wild. In short: before the election, all the precinct memory cards are prepped from the central vote count box with the ballot and candidate data...normal enough. But the cards are also prepped with interpreted BASIC code loaded into all the memory cards to control the output of the summary counter printer at each precinct. Worse, if you mess around with that code loaded first at the central tabulator, you can make that end-of-day-printout read whatever you want...put in a vote-skimming routine, false numbers, whatever. Nothing in the system at the central or precinct ends checks for hashes or whatever to see if the BASIC code is legit. Said code can be date/time sensitive so that the machines will still pass Logic&Accuracy testing before or after the election. With the paper trail at the precinct dickered with, you can use the other major hack available - altering the central database of votes to match the precinct report paper. Not hard - the central database of votes is written in MS-Access so either load a commercial copy of Access and tweak by hand, or load/type a Visual Basic script to monkey with the JET database engine (the "Access back end") on autopilot.

    Net result: one thoroughly "pwned" election.

    The full report:

    http://www.blackboxvoting.org/BBVreport.pdf

    Since then, *nobody* has tried to duplicate the Hursti results. If they're true, Diebold would have to do a nationwide recall and the Federally approved testing labs (Ciber Inc. in Huntsville AL and a division of Wyle also in Huntsville) would need a visit by people with badges, guns and search warrants.

    After the preliminary report on the Leon County hack was released but before the final report linked above, Bev Harris and I formally asked the California Secretary of State's office to check out the issues Hursti found, under yet another obscure clause of the California elections code, 19202:

    ---
    Any person or corporation owning or being interested in any voting system or part of a voting system may apply to the Secretary of State to examine it and report on its accuracy and efficiency to fulfill its purpose. The Secretary of State shall complete his or her examination without undue delay

  8. Re:Paper can also be tampered with... by Catbeller · · Score: 5, Insightful

    "whereas you'd need some engineers with logic analyzers to really track everything a totally computerized system is doing."

    And they couldn't possibly monitor the situation. Are all the voting machines running approved code? Impossible to know. Is the code locked down, or is it being replaced dynamically to cover tracks? Unknown. Is the code, a closed binary, full of triggers and cheats that only activate within certain parameters? Human nature says probably. Have the flash card couriers been tampered with? Who knows. Are the MS Windows machines acting as accumulators tampered with? Shrug. Is the easily modified Access database on the accumulator protected from tampering with Notepad? Impossible. Is there anyone around who is both 1) suspicious 2) knowledgeable enough to spot gross tampering? Nope. Are the vote totals modified when the technicians are called in to fix the machines during elections? Yes, Virginia, they are and it is a fact.

    Even paper backups won't work, and here is why: Paper ballots would not be counted unless a recount is triggered when the vote total could go either way because of a minute spread, OR obvious fraud is committed. If one is controlling the vote tallies at a district level, all you have to do, say, if the trigger is 1%, is to make sure the spread is greater than 1% -- and the RECOUNT NEVER HAPPENS. The paper ballots are not manually counted under scrutiny and compared to the computer counted votes.

    And this is beyond the maddening fact that Americans don't understand computers, cheating, or how to avoid this mess. The persistent idiocy I always hear from officials or reporters is the "print a receipt to take home with you" concept. Hair. Pull. Out. Receipts are useless! Paper ballots must be printed for each vote, shown the the voter, and placed in a ballot box.

    Here's a simple fix for the recount trigger problem: random manual recounts for every election. IF even ONE of the races turn up as fixed, the lid is blown and we go back to hand counts. I can only hope.

    Diebold has fought a manual recount system so ferociously that (Occam's Razor) they have indeed fixed elections. Their have been a lot of stories and sources stating that the employees know something is crooked, altho they are afraid for their jobs. Jobs in IT are scarce. The top management is far-rightist and saw it's duty as electing Bush; the details are tiresome.

    Notice exit polls are no longer conducted? They "broke" during 2000, so no news organization will have them anymore. This in spite of the fact that statistics don't "break" during only one extremely critical election, and no other. They didn't break, kids, the election totals were altered and no longer matched reality.

    Now we have these damned cheating machines in my precinct. I will vote absentee. To stop me, they'll have to "lose" boxes like the last election.

    The defunding of public schools has produced a nation of incurious people who can't understand how simple it now is to change election totals to suit those who run the machines.

  9. Good reference: Nevada gaming device standards by Animats · · Score: 5, Informative
    The Nevada Gaming Control Board has a set of technical standards for gambling devices. Those are a good, practical reference for something that has to resist tampering. Voting machine standards need to be at least as strong.

    A few excerpts:

    • A gaming device must exhibit total immunity to human body electrostatic discharges on all player-exposed areas. ... A gaming device may exhibit temporary disruption when subjected to electrostatic discharges of 20,000 to 27,000 volts DC through a network with a series resistance of 150 to 1500 ohms shunted by a capacitance of 100 to 150 picofarads, but must exhibit a capacity to recover and complete an interrupted play without loss or corruption of any stored or displayed information and without component failure.
    • Physical security. A gaming device must resist forced illegal entry and must retain evidence of any entry until properly cleared or until a new play is initiated. A gaming device must have a protective cover over the circuit boards that contain programs and circuitry used in the random selection process and control of the gaming device, including any electrically alterable program storage media. The cover must be designed to permit installation of a security locking mechanism by the manufacturer or end user of the gaming device.
    • Printer mechanisms on gaming devices must be designed to detect low paper, paper out, and paper jam conditions. The device control program must monitor the printer mechanism for these error conditions in all active game states that do not indicate error conditions.
    • All gaming devices which have control programs residing in one or more Conventional ROM Devices must employ a mechanism approved by the chairman to verify control programs and data. The mechanism used must detect at least 99.99 percent of all possible media failures.
    • All gaming devices having control programs or data stored on memory devices other than Conventional ROM Devices must: (a) Employ a mechanism approved by the chairman which verifies that all control program components, including data and graphic information, are authentic copies of the approved components. The chairman may require tests to verify that components used by Nevada licensees are approved components. The verification mechanism must have an error rate of less than 1 in 10 to the 38th power and must prevent the execution of any control program component if any component is determined to be invalid. Any program component of the verification or initialization mechanism must be stored on a Conventional ROM Device that must be capable of being authenticated using a method approved by the chairman. (b) Employ a mechanism approved by the chairman which tests unused or unallocated areas of any alterable media for unintended programs or data and tests the structure of the storage media for integrity. The mechanism must prevent further play of the gaming device if unexpected data or structural inconsistencies are found. (c) Provide a mechanism for keeping a record, in a form approved by the chairman, anytime a control program component is added, removed, or altered on any alterable media. The record must contain a minimum of the last 10 modifications to the media and each record must contain the date and time of the action, identification of the component affected, the reason for the modification and any pertinent validation information. (d) Provide, as a minimum, a two-stage mechanism for validating all program components on demand via a communication port and protocol approved by the chairman. The first stage of this mechanism must verify all control components. The second stage must be capable of completely authenticating all program components, including graphics and data components in a maximum of 20 minutes. The mechanism for extracting the authentication information must be stored on a Conventional ROM Device that must be capable of being authenticated by a method approved by the chairman.

    Nevada asked the Gaming Control Board to take a look at voting machines. After that review, Nevada went to a paper trail in 2004.