Slashdot Mirror
Election Officials And Crackers Challenge Diebold
Rick Zeman writes "The Washington Post is reporting that election officials in Florida have manipulated election results in controlled tests. From the article: 'Four times over the past year Sancho told computer specialists to break in to his voting system. And on all four occasions they did, changing results with what the specialists described as relatively unsophisticated hacking techniques. To Sancho, the results showed the vulnerability of voting equipment manufactured by Ohio-based Diebold Election Systems, which is used by Leon County and many other jurisdictions around the country.'"
To err is human, but to really foul things up it takes a computer.
After all - people have been trying to rig results for a long time. But this just makes it so easy for one person to potentially change the outcome of an election....
Michael
There is no cryptographic solution to the problem where the intended receiver and the attacker are the same entity.
"Pay no attention to that man behind the curtain." (http://www.imdb.com/title/tt0032138/quotes)
7 _F.shtml).
North Carolina had the same problem with their voting machines (http://www.techdirt.com/articles/20051130/112120
The only new thing here is the current state finding Diebold non-compliant.
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
Windows XP + network connection + data held in an *Access DB* and then transferred by memory card with no crypographic checksum.
If I prepared work like that for a client, I'd expect to get chucked out by security.
I'll also note the following:
a) Diabold say that a paper trail is not needed for security, but provide one on their own ATMs. Apparently independent verification of election results is less important then $$$ transactions.
b) Both local and remote vulns have been demonstrated on their voting machines, but the ATMs have not been pwned.
c) Diabold refuses to let the source code be reviewed, and chose to run on Windows XP so neither the program or the OS of the box can be verified safe.
d) Diabold machines can have the vote totals rewritten on their memory sticks as they do not cryptographically sign or encrypt the totals. That's plain text on a card that can be removed from the machine and has a standard file format.
e) Diabold security is fucked whether or not they put the same code they have tested on the box. With tested, verfied boxes they cannot add XP security patches for known flaws after te verification date (and if there is one thing worth keeping an 0-day for...). If they do add security patches etc then we are trusting closed source biaries to be added to election counting machines without the possibility of review. One bad actor and the elecetion is up for grabs.
No thanks. I'm not usually a conspiracy theorist but is is as if they were designed to be broken into.
Would a BSD box with one simple program, output to the framebuffer, a results paper trail and a constant SSH tunnel to the FEC be that hard? *sighs*
Fuck Diabold.
"To any truly impartial person, it would be obvious that I am right."
Seriously, if someone has the knowledge of the system you just proposed, why not take the long shot and propose to work for the gov't and put that together? Not only would you be able to demonstrate how insecure Diebold's system is with a tiny PDA that can read/write their memory sticks, but you'd also be able to demonstrate that you can't do that to yours. At least not on the fly with a PDA.
Steps to stopping the stupidity:
1) Put down (favorite game) when you're off work.
2) Write plan, put something together.
3) Get in touch with someone with the power to make the (smart) decision.
4) Show off.
If they did we'd have this problem fixed by now. We've know they were insecure for years now; ever since the accidental release of diebolds e-mails detailing backdoors and holes that were not patched. Who remembers that security researcher who went before congress and said specifically that his code, which was to illustrate a backdoor into the machines, was used to hack the elections in ohio? I forget his name.
:X...
o ry/Contents.html
Fact is, CEO's and friends of voting machine companies get into power. Why? Guess. It isn't the 20% of the vote they need to swing; it's the 6% after they've divided everyone on the issues. Voting laws and policys are consistantly broken, and is anything done about it? The answer lies in the question; Has anyone been taken out of power yet? Dictatorship only works if people are divided; if they stand for something and stand by it for hell or high water.
And I might, just might give credit to the guys who said "well, it's stil the will of the people" if it weren't for that they can't prove their position since there's nothing for them to count. The election board can't even tell them who voted for who so they can go around asking people.
Of course, the best way you can tell the government you don't like what you're doing is to decide you stand for something and stand for it tall. I personally chose the constitution; it ain't perfect, but it's something everyone can agree on. Of course, ever since the civil war and reconstruction the constitution's layed dormant. To make a long story short, if you want to get rid of the current government, the best way is to simply stop working for them; stop giving them your money. How do you do that? Well, basically the 14th amendment set you up to be a federal citizen by the name of a "U.S. citizen" and social security turned you into a corporate legal fiction so that income tax, which worked only on corporations, now works on you. How do you get out? You rescind your federal citizenship, declare your citizenship of your state as it was before reconstruction, rescind your birth certificate (to remove proof of being under the 14th), rescind your social security (to correct your status as a soverign instead of a corporation), then begin rescinding everything else; drivers lisence, fishing lisences, gun lisence, any contract with the federal government and it's munincipal corporations (read; the states are corporations). You can get a non-binding play-ID from the SS office if you want to get a bank account, for example. Then you simply stop paying income and social security taxes, atwhich point you stop giving the government 30% of your income and begin working to reinstate lawful government in your state via holding elections and office and organizing locally. More to the point, if enough people do it quickly enough, the federal government will have about 10 trillion in debt to pay off, and no way repay it back which means a massive collapse.
The price? Reading a few books; learning how history, governments, and legal documents work. Mabye $500 in books total. A good place to start is here:
http://www.usa-the-republic.com/revenue/true_hist
Do a find for john ainsworth and ed wahler on this page
http://mp3.rbnlive.com/Stadt06.html
They've been preparing a book and an organization to do this on a massive scale. The book comes out in march-ish along with the publicisation of the startup and they hope to do it state-by-state.
My impression is that the Bush family is the most corrupt family every to have political power in the United States. These are people who believe that they are more than 100% right, and that other people don't matter.
It does not surprise me that Jeb Bush's state is involved in voting machine vulnerabilities. Quote from the story "... vendors such as Diebold have too much influence in the administration of elections, a view that resonated with Lida Rodriguez-Taseff, the founder of the Miami-Dade Election Reform Coalition."
The president of Diebold said he would deliver the votes to Bush. And he did.
I wrote short reviews of books and movies about the corruption, but I only barely touched the surface: Unprecedented Corruption: A guide to conflict of interest in the U.S. government. Note that, although Michael Moore's manner of expression is sloppy, other authors supported his main points in the movie Fahrenheit 9/11. For example, George W. Bush does hold hands with Saudi leaders, his father was at a meeting with a brother of Osama bin Laden on the day before 9/11, and so on.
The voter doesn't take the paper with him, as you say that would ruin the whole anonymous ballot thing. The voter gets the paper, looks at the human readable output to verify that his vote was correctly recorded, and drops the paper into a ballot box on his way out. If the paper shows that his vote was incorrectly recorded, he can ask an election official to remove his vote from the machine, destroy that paper ballot, and try again.
The election officials keep the paper ballots, machine printed recepts that is, so that in the event of a dispute they can be hand counted. Since, theoretically, every voter looked at their recept and verified that it recorded what they truly intended to vote for, if someone hacks the machines and falsifies the votes recorded there, the paper ballots get the final say in the event of a dispute.
It also gives you a good indication of where the falsification of the electronic votes got started since you can say: hmmm, district 123 shows 4000 votes for candidate X on the computer, but the paper ballots only show 1000 votes for candidate X, who messed with the machines in district 123?
Essentially we're keeping the old paper method of vote recording as a backup in the event that its suspected that someone hacks the machines.
"Mission Accomplished" -- George W. Bush May 1, 2003
This is my idea for a voting machine. It depends for its operation on the idea that when a current is passed through two solenoids in series, both armatures will pull in. The machine itself has two units: the voting booth unit and the presiding officer's unit, linked by a cable. When not being used for an election, the machines would be made available for public scrutiny.
The voting booth unit {VBU} has a large rotary switch, a pushbutton and a meter with a green zone. The Presiding Officer's unit {POU} contains a power supply, and a column of non-resettable electromechanical counters, all but one of which are covered by a metal plate. This plate is fastened in place with a wire with an aluminium seal bearing the Returning Officer's mark. The counter readings before the start of the election are recorded on a paper label affixed to the underside of the cover plate. There is also a switch labelled "CHARGE" and "VOTE".
Each voter is issued with a unique, identifiable token -- a postcard with their name and address on it. The voter shows the token {Token One} to the Presiding Officer, who first spoils Token One and then moves the switch on the POU to "CHARGE" as the voter steps into the booth. The Presiding Officer then moves the switch to "VOTE". The voter has now traded Token One for a second token, all of which are absolutely anonymous, identical and indistinguible from one another: Token Two is an electrical charge stored in a capacitor contained within the VBU.
The voter spins the rotary switch to their preferred candidate, checks that the meter is in the green zone and depresses the voting button. The VBU capacitor is discharged through the coil of one of the concealed counters in the POU. One terminal of each of these counters is commonned together; the current through any one of the candidate counters also flows through the master counter, and returns to the other plate of the capacitor. The charge in the capacitor is soon exhausted, and cannot be replenished unless the Presiding Officer moves the POU switch to CHARGE. The voter then has the option to move the rotary switch to a different position so as to conceal their preference -- or to leave it there to advertise their preference.
Every voter has a receipt to show that they have voted {the spoiled Token One} but once a vote has been cast, the only record of that vote is the fact that the master counter and one of the candidate counters have advanced by one place. There is thus no way to link a voter with their vote. The master counter is in view of {and the counting mechanism is within earshot of} the PO, who can thus confirm visually and aurally that a vote has been cast {or separately, manually record a "no vote" if the voter leaves the booth without voting for any candidate}. All the candidate counters are concealed until the close of polling, when a few minutes' worth of mental arithmetic will reveal the true count. By virtue of its simplicity, and the fact that it has been subjected to public scrutiny, we can take for granted that the mechanism is behaving as it is supposed to; the Returning Officer need only inspect the tamper-evident seals to determine whether the result is valid or compromised.
{In case the above constitutes a patent claim, I hereby licence it for use royalty-free in all applicable jurisdictions, in the hope that it will be of service to Humankind}.
Je fume. Tu fumes. Nous fûmes!
This was one of Michael Moore's weakest points.
That's funny, it was strong enough of a point for the Bush administration, they had a citizen of Canada "renditioned" to Syria for more than a year for working with the brother of a known terrorist.
If I have been able to see further than others, it is because I bought a pair of binoculars.
Is anyone else disturbed by the racist tone of this story?
There's an organization called the Open Voting Consortium whose mission is "the development, maintenance, and delivery of open voting systems for use in public elections." They are directly opposed to the shenanigans that Diebold has engaged in.
Problem is, they spend their donations on actually developing the system, not in paying off Congressmen to give them lucrative exclusive contracts. Still, one can hope that it changes someday. (And donate to support the effort...)
> If this was about oil, it was a damned stupid financial decision
Ah, but you neglect the distinction between who is going to pay for it and who was supposed to profit from it.
The oil companies were supposed to supposed to benefit from it (by means of the distribution contracts rather than by pwning the oilfields per se), but you and your descendents will be paying for the war, yea unto the seventh generation.
(Saw a news story somewhere this month about a new estimate of the war's total costs to the USA running to the amount of two trillion dollars. Cheney and his cronies won't be picking up the tab; they're already getting tax breaks on their record profits, while the national debt goes ballistic.)
Sheesh, evil *and* a jerk. -- Jade
Canada's national election happens to be tomorrow.....
y stem#Non-partisan_election_officers
"All votes are made on the same standard heavy paper ballot which is inserted in a standard cardboard box, furnished by Elections Canada. The ballot and the box are devised to ensure that no one except the elector knows the individual choice that was made. Counting the ballots is done by hand in full view of the representatives of each candidate. There are no mechanical, electrical or electronic systems involved in this process."
http://en.wikipedia.org/wiki/Canadian_electoral_s
Scandalous!
Cheers,
-b
The reason for this is more than 'apathy', it's active suppression. The major news outlets that aren't actually controlled by the same people who are behind Diebold and its ilk are intimidated by the constant barrage of 'media bias' attacks from the segment of the media that is allied with Diebold & Co. There is a perfectly good book that documents the theft of our last several elections by Mark Crispin Miller, just published a few months ago. But he can't get PBS or NPR (specifically WHYY) to let him appear and promote it. I have submitted stories on this but only get rejected. Can anyone figure how to get this information about censorship onto the main page of slashdot?
Mark Crispin Miller's Blog
The story on his blog noting Joe Bageant's recent essay on his inability to get airtime on WHYY's "Fresh Air"
Joe Bageant is a journalist and recently a very popular blogger of the plight of the 'redneck' culture in the neo-con political machine. His most recent essay is specifically about the refusal of WHYY to allow Mark Crispin Miller to appear on Fresh Air or otherwise promote his book -- Fooled Again: How the Right Stole the 2004 Election and Why They'll Steal the Next One, Too (Unless We Stop Them) He hits tha nail on the head:
It is safe to say that WHYY and the rest of the public media gang are simply scared to death of uttering the book's title on the airwaves. They know that the neocons will jump up all over their asses claiming liberal bias. Maybe even launch one of their infamous letter writing campaigns. The Republican game plan of unrelenting bullshit, that steady grinding away day in day out -- it works. They have managed to wear down those media they don't already control from the top, make them either doubt themselves or make them damned afraid of repercussions. We can well imagine what the GOP assault on public radio and television has created around places like WHYY. Hell, if they can get Bill Moyers they can get anybody. Right?
It's censorship by intimidation. Large numbers of people are never going to hear about htis book because they don't search Amazon.com for new books about election fraud or by Mark Crispin Miller on a regular basis. They rely on the mass media to keep them informed, and it isn't working anymore. I also agree with his suggestion to contact WHYY directly and let them know that their fear of 'conservatives' reactions will attract the wrath of lots of 'liberals' whom they depend on for their funding at least as much as corporations or the government:
By the way, if you wanna give WHYY hell personally, the phone number is (215) 351-1200. Email is talkback@whyy.org