Slashdot Mirror
Diebold Threatens Wary Voting Clerk
An anonymous reader writes "From the Salt Lake Tribune: a wary county clerk called in BlackBoxVoting.org to test the integrity of Diebold voting fraud machines, part of a recent $27 million statewide purchase (to make sure that only the "Right" candidates win). Diebold goon says machines are now jinxed and it may cost up to $40,000 to fly in a company witch-doctor to make sure there were no warranty violations. Since EVERY SINGLE VOTER who uses these machines is a potential hacker looking to alter election results, why is Diebold so concerned? "
Is it me - or did that post make no sense...
With such an effective president-deciding method as the 'Good Old Boys' network, who needs Diebold anyway?
If someone looking at the machines causes them to be compromised then how on earth can you put them in voting booths when hundreds of people will have physical access to them in a private setting? If you depend on completely restricting access to the machines then you've already lost, haven't you? I applaud the clerk for taking this stand. The very idea that the machines can't be inspected by a third party shows just how fragile such systems are. If they were truely secure it wouldn't matter who looked at them or how.
Lasers Controlled Games!
Did perhaps the submitter want to slant the blurb just a little bit more?
And I don't mean just gerrymandering.
I feel kinda sick...is Diebold gonna get away with this?
Is this a case for the ACLU?
Blar.
Witch doctors? Jinxes? I read the entire linked article and didn't see any of that. What I did see was that Diebold wants to make sure the machines still work after a 3rd party possibly tinkered with them. I'd certainly be concerned if I sent a machine out into the wild, a 3rd party took a look at it, and now it may not be functioning properly. Diebold may be a little over the top here, but their concern is certainly warranted.
There were a couple layers of stupidity here. First, testing provisions should have been written into the contract. Second, the clerk should not have just gone off and done their own thing without investigating the ramifications. Diebod ols correct - they don't know what was done to the systems by this random clerk who decided to test. They could have added hardware, modified software... Who knows? Of course Diebold won't guarantee a machine after someone has messed with it. Having said that, test plans and methodoligies should have been agreed upon prior to the purchase. Maybe they were and the clerk didn't know about it, maybe they weren't... In either case, the state and/or clerk screwed up. Diebold's response is exactly as it should be. They aren't threatening anyone, they are stating that they can no longer certify the mchine because physical access (essential to security) has been potentialy compromised and it will require an audit to make sure everything is as it should be.
"Since EVERY SINGLE VOTER who uses these machines is a potential hacker looking to alter election results, why is Diebold so concerned?"
Did you sleep through ALL of yor cynicism classes? Diebold is throwing a fit to discourage anyone from snooping around in the guts of their voting machines.
Someone might, y'know, find something. . . . . . . .
40 grand for flying in techs sounds like a load of BS to scare potential whistle blowers and doubters. It is interesting to see how big corps get away with such blatant strong-arming even after all the controversy over voting accuracy.
According to Diebold, the polling machines are suspect, and it'll cost $40,000 to verify everything.
On the one hand - what if Diebold is purely running a bluff? Then the election board is going to have to pay $40,000 for Diebold to send in someone who will attach some alligator clips somewhere, run something that flashes lights, and generally run some dog and pony show before deciding whether its in their interest to declare the polling machines as sabotaged, just damaged, or just fine.
On the other hand - what if Diebold is honest? Then the election board is going to have to pay $40,000 for Deibold to send in someone who will attach some alligator clips somewhere run something that flashes lights, and generally run some dog and pony show before deciding whether the machines are in fact sabotaged, just damaged, or just fine.
Whether Diebold is bona fide or not, they are likely to claim trade secret privilege to hide the actual workings of their machine or their testing mechanisms... and again, if they're telling the truth, then they would claim that, and if they're not, then their claim would be hard to challenge.
So the fundamental question is this: do you trust Diebold?
Strike while the irony is hot! -- The Freethinker
Man Diebold looks slimier and slimier every passing week, but I'm more disturbed by Joe Demma's, Salt Lake's chief elections officer, response to Bruce Funk's actions. Granted, Funk acted by going around Demma by calling in Black Box Voting to check the Diebold machines, when presumably Demma is supposed to be responsible for that (just my guess as he's the chief elections officer).
However, Demma seems more incensed at Funk because he may cost the state $40,000 for Diebold's astronomical recertification fee. He doesn't seem to be worried that people might not trust these machines. He doesn't seem to care that a state officer was worried enough to call in a non-profit third party to verify the integrity of these machines. I mean, these things could possibly affect the outcome of a vote, the foundation for a democratic republic! But instead of worrying about these machines he's clearly more upset about the $40,000 and Funk not talking to him about his concerns regarding the voting machines.
And of COURSE Diebold is going to tell you the machines are fine and fair. Sheesh, they want to make money don't they?
Isn't it great that chief elections officers have their priorities straight?
Give me a ballot sheet and a pencil any day over these closed, proprietary black box machines.
I know Slashdot has leanings certain ways on certain issues, and I'm fine with that, but we've just officially completed the smooth transition into a 15-year-old's blog.
Christ, this is sad to see.
First what they do is print confusing ballads in florida to turn people against paper ballets and create an outrage at typical means of voting, then offer a very simple touch screen way of voting without a paper trail. Congratulations, even the symbolic act of picking between the two puppets is on its way out.
Judges and senates have been bought for gold; Esteem and love were never to be sold.
"Then the election board is going to have to pay $40,000 for Deibold to send in someone who will attach some alligator clips somewhere run something that flashes lights, and generally run some dog and pony show before deciding whether the machines are in fact sabotaged, just damaged, or just fine."
Here's where this particular lie is exposed:
1) How can a single voting machine even cost $40K? I want to see the parts breakdown on *that*.
2) Wouldn't you want all the machines recertified before each election? I mean, if they're sitting in warehouse someplace between elections, who knows who poked at them? So each machine costs $40K to use every election?
3) And if this is all T&M, lets assume a generous hourly rate of $250/hour and the guy is staying in a $500 a night hotel. That means this takes about 3 full weeks to certify a machine!
Does anybody understand the implications of Diebold claiming $40K worth of damages here?
You were mistaken. Which is odd, since memory shouldn't be a problem for you
"On the other hand - what if Diebold is honest? "
On the third hand, it is a clear confession from Diebold that third parties can't accurately verify their voting machines and that their voting machines can be rigged.
So any county that thinks it is verifying that the machine isn't rigged by runnig pre-ballot checks is wrong.
They can point to this statement and say "IT ISN'T ENOUGH THAT WE VERIFY IT, BECAUSE DIEBOLD ADMITS THEY CAN BE RIGGED IN WAYS ONLY IT CAN DETECT".
Yes, a third party should examine the machines.
However, it should be a disinterested third party, not an advocacy group. No matter how well meaning and ethical the people in the group are, they can nonetheless be painted as enemies of the vendor.
What should be done is to have a professional firm that specializes in computer security audit the machines and provide a report on whether the machines are secure; if not whether and how they can be suecured. And provided the machines can be secured, what policies and procedures are needed to operate them so that fraud can be discouraged and detected.
This is just like having an independent financial auditor come in and look at your books and your financial control procedures.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
This would appear to be a very one-sided article. There is no detail or statement from blackboxvoting about what was actually done. Only a statement from Diebold about what they think was done. It does seem that the Diebold machine is weak if there is no way to restore to default level without a specialist flying in for $40K. Diebold should learn a few things about customer relations. It is really bad PR if a county official quits rather than certify an election using your machine.
Joe Demma, chief of staff for Lt. Gov. Gary Herbert, the state's chief elections officer, was plainly incensed with Funk for allowing Black Box to probe the machines.
"The problem is that instead of asking us or Diebold, Bruce Funk allowed a third party to put the warranty in jeopardy,"
So let me get this straight.
Election commissioner notices an irregularity in the memory of some voting machines, from whom the owner of the manufacturing company has very clear partisan leanings.
Election commissioner calls in a third party to run testing on the machines.
Now, I do not see a problem with third parties running audits on the machines used to count my votes. In fact, I want as MANY third parties running tests on thes to insure thier accuracy, as the fate of myself, my family, mmy state, and my country will be affected by what this machine spits out.
However, here we have third party verification being spun by Diebold as being a VERY BAD THING.
Whatever happened to transparency in government and in democratic processes? Is it not one of the core values of America?
You say you want a revolution....
"The problem is that instead of asking us or Diebold, Bruce Funk allowed a third party to put the warranty in jeopardy," Demma said in a telephone interview from Emery County. "If I sound frustrated, it's because I am frustrated. We don't know what they did to the machines. If Bruce would have just asked, we could have saved this forty grand."
First the BS part. If every machine is identical and every machine went through the same testing procedure then there shouldn't be ANY discrepancies in the machines memory. This is presuming that before the elections only that data necessary to perform the tabulation are on the systems. This is total BS to say that the discrepancies are the results of fonts.
As far as the $40,000 to 'fix' whatever is wrong with them, how does anyone know what needs to be fixed if Diebold doesn't allow anyone to test the machines? How does anyone know that Diebold won't surrepticiously make changes which could alter the outcome of an election by performing this fix?
Now for the truth part. By allowing a third party to examine the machines without notifying anyone, Funk did go a bit overboard. This is not to say that he went beyond his mandate to protect the integrity of the voting process. He should be commended for making sure all the i's are dotted and t's crossed before allowing votes to be cast.
However, by not informing the commissioners of his desire to have a third-party examine the machines for flaws or outright corruption, he has invalidated any findings by Black Box since it is true no one knows what they did or did not do.
The correct process would have been to tell the commissioners of his desire for a third-party review and if they objected or if Diebold objected, he could have explained his reasonings why he wanted another set of eyes to check things out (which is pretty much what was said in the article). If they refused the request he would have a much more firm standing to say whether or not the machines will do what the manufacturer claims they will do since by not allowing the examination it would appear that they, either the commissioners or Dieblod (or both), have something to hide.
As it stands now he's shot himself in the foot because he went behind everyones back and secretly had someone else examine the machines.
What is truly interesting is that the commissioners don't appear to be interested in what Black Box found but are more concerned that they'll have to shell out $40,000. That doesn't sound like the people are too interested in ensuring that the machines will work correctly but are more concerned about bean counting.
If Funk does resign I hope he vehemently and vociferously expresses his doubts as to the capabilities of these machines and insist that people use absentee ballots to vote. He should make the rounds on tv so he can clearly explain why he has his doubts so the people can understand what is going on.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
Both Clinton (D) and Nixon (R) were born poor, and made their political careers on their wits. Neither made any significant money outside their political careers, except books published after they left office. Even though they became rich by politics, they came from a disadvantaged underclass, exploiting America's class mobility to get power.
There's lots of class war in America, where capitalism is rigged to preserve its best opportunities for rich families. But the president themself is more of a pawn in that war than an emblem of it.
--
make install -not war
Why hasn't Diebold designed a hardwired electronic circuit or a mechanical system with failsafes such that the machine can't be hacked, and the wrong candidate will not be selected if the machine fails?
Even better, use whatever kind of unsecure computer platform you want for the voting system, but have it print out a piece of paper with the voter's choices.
That way the voter can see how they voted, and it's not necessary for them even to trust a simple hardwired system which, obviously, is still beyond the understanding of most of the population. Most people aren't EEs.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
The fact that using a printed balot as a paper trail is such an obvious solution and the fact that printed recieps are so easy to implement is what makes the chosen convoluted, hackable, no-recount alternative so suspicious. What honest and experienced company would chose anything but the easy and elegant solution of a printout considering that it is already implemented on every ATM and all cash registers if not because they want to open the possibility to election fraud?
No amount of tweaking will make the system secure. There is always a weak link. Even if the company had the best intentions in the world, how can they be certain that a lone partisan coder wouldn't sneak a line of code within what I'm sure are millions of lines? This could be done at any point in the chain of programs that handle the votes; from the user interface, to the final tally, through the individual machine databases, the talying computer, the flash memory files etc. etc. etc. I have plenty programming experience and I can tell you that it would be very easy to implement this "bug" so that it happened ONLY on the day of the election so that previous and following tests would show no bias.
Consider,
If you were a company and you were designing a voting machine you would have two options:
1)Hire an expensive team of developers responsible for surveying all the code components of your system to make sure each and everyone one of them are 100% secure and bug free. A feat that no leading software company (say MS) has succeeded in doing for their own software even after decades and millions of man-hours of debugging and re-engineering.
Or, 2) add a small printer similar or identical to the ones used for printing lotto tickets or even those good old receipt printers that are part of *every* cash register. These receips would then be hand veryfied by each voter and then put in a ballot box for future verification and recounts.
Which option do you think is less expensive? What rational is there for a company to chose option one?
So in vegas there are these things called "slot machines". You put quarters in and get big money back. They are regulated. Its very hard to tamper with them. You'd think that voting by machine, which some might say is slightly more important, might be at least as equally highly regulated. This of course doesn't mean that its a good idea or that there still wouldn't be problems, just to say there are systems where machines (mostly those that track money) do a pretty good job.
only infrmatn esentil to understandn mst b tranmitd
$40K to re-image a drive and maybe poke around to make sure no key logging hardware is in place (although a lot of good that will do with a touch screen)? Sounds like easy money to me.
Wanted: witty unique signature. Must be willing to relocate.
Comparing this to other countries is pointless - nobody has as fine-grained voting, absurd expectations from the news-watching population and "zero participation". No purely paper system can keep up any longer, not because of "hanging chads" but because the news media will release "results" (real or made up) as soon as they can. Any delay for counting - by non-existent "volunteers" - is reported as potential fraud by the news media.
Sure, some kind of countable paper might be nice, but it leads to silly things. If you sit five people down to count marks on 100,000 pieces of paper you will not get one result. At best, you will get two or three. And, it is not repeatable. We have had close elections recently that have gone through several recounts only to still be decided by one party giving up. I believe it was most recently the Govenor of Washington that was decided this way because the results were less than 1,000 votes different and each count produced different results, with a different winner.
I know paper isn't the answer.
As to the reasonablness of the $40K fee, it is real simple. Diebold is being asked to recertify the machines and they can charge anything they want. Government contracts like this always result in signficant charges like this because there is no option. It is stupid and naive to assume the fee would be anything like time-and-materials for a couple of real workers. There is also virtually unlimited liability if it is done wrong or not done at all. Compare this to recertifying a heart-lung machine for a hospital and consider that it would only be one person dead if it was wrong.
Sorry, but Diebold has had accessory equipment to add a paper trail at the voting station for at least 18 months. Diebold, like many large contract vendors, doesn't list all of their specific products and components on the web site and instead talks about the systems from a general standpoint.
All three major electronic voting manufacturers already have the ability to add permanent, individual voter-verified paper audit trails to their products. Don't believe people who make it seem like companies like Diebold are resisting. They aren't. They'll build - and sell - whatever municipalities will buy.
The roadblock, as it turns out, is often local election boards. First, the new paper verification systems NEED to go through the government certification process - remember, it's the e-voting watchdogs who are chastising non-certified patches/updates being put into place; the paper audit systems need to go through the same certification process. Further, many municipalities can't understand why they should be forcing paper audit trails; after all, they think, they are just getting away from paper ballots - why should they be arguing for paper ballots (and all the headaches that go along with them, ON TOP of the headaches they already have from learning to deal with e-voting), when they just got away from it?
Yes, because as historical elections have shown, paper ballots are tamper-proof. No one has ever been known to rig or steal an election when a paper trail existed.
So, damned if you do, damned if you don't?
The fact is, a paper trail ensures nothing. It can be falsified, albeit with somewhat more difficulty than purely electronic records. Diebold's primary concern shouldn't be a random voter physically tampering with a machine, it should be the people charged with operating and safeguarding the machine. They have access, and as they're working an election, they almost certainly have strong personal political views that could motivate a "correction" of the results.
*Nothing* is ever guaranteed. The key is to arrive at a system that can be ensured to have at least some semblance of accuracy.
But the local county election officials have been the ones running our elections forever, and that hasn't changed. If you're arguing they should prevent tampering with the machines, including *inviting* tampering from third parties (such as was the case here), I'm 100% in agreement.
When was the last time your bank "forgot" that you took money from an ATM? Do you ever hear of problems like that? No? Why does it happen with a vote?
I've become far more cynical about the process as every recount that's happened has had discrepancies. New, uncertified code is loaded on the machines the day before the election. The code is not available for examination by third parties (yet, a slot machine is.)
Why were exit polls so much more accurate in the days of paper ballots? I find it unlikely that the methodology has gotten that much worse, especially considering that similar districts in the same election have varying margins of error that correlate to the voting system in use at the polling location.
-30-
Besides, there should some verification test that can be run independently on the machine to verify it is working as intended, which would not require $40k and a plane trip to use. Clearly, as stated in the article, Diebold is wanting to make this person an example so no other election official will let anyone else take a look at the machine.
The problem with the electronic voting machines is that they can be tampered with ahead of time, without even accessing the machine during or after election day.
A hack to disreguard 3% of the votes for a particular canidate could be set up weeks before, and maybe from the voting machine company themselves (via a 'security hotfix' or something).
A method to have a simultaniously generated and voter verified paper trail does not ensure anything, but it's sure better than having just an excel spreadsheet be the final ground truth of voting records.
You're promoting what I would call a "Wizard of Oz" mentality. Never, ever, ever look behind the curtain because the truth may be more suprising than the threat.
WTF? Do you really live in a world with such a sucker mentality? Perhaps your ivory tower is so high that you don't need to worry about it? "Don't worry, this works exactly the way I say it does, don't ask questions, just trust me..." is the most alarming thing you'll ever hear. If that statement doesn't fire up your suspicion circuits then, I have to say, you are ripe for the picking by every con-man in the world.
The government itself is not stealing your liberties. Their new programs are enabling criminals who will.
Other than the slight bias in the posting.....at least one of the tagging keywords is biased ;)
:) Nothing better change between ANY of those ;)
How many machines is this? They mention $40k, is that to check 4 machines or 40,000 machines. Makes a slight difference in whether the charge is reasonable. Can certainly see diebold point here, i wouldn't certify the machines when you let someone tinker with em.
It said he was suspicious of the memory, so he can see if anything changes between the original, after blackbox, and after double checking by diebold i hope
Our $900 point of sale terminal prints a receipt, don't get why this is sooo hard to get voting terminals to do it when they cost $27,000,000 / x. Then a test run would be simple and not require any tinkering it seems.
What do you do when you don't trust either side?
If it can't be independently verified then it is uncertifable.
The claim in previous elections is that it CAN be verified by running a trial ballot on the machines before the election. This is clearly false, since Diebold now asserts that this test will not detect this 'tinkering' you speak of.
Which means that any Diebold 'tinkering' cannot be detected either. Which means the machines can't be certified as accurate.
> You know, everyday about 100,000 people place their lives
> in the trust of software 'black boxes' on planes and not a
> peep from the newly political geeks.
That's because the black boxes in planes are there to record what happens if something fucks up. The Diebold voting machines, on the other hand, are there to fuck something up and not record it.
I am not american, but don't you think that this kind of things are stupid? I mean when there is an election I'm supposed to think about my choices extensively, to be as sure as possible, and to be able to vote reliably. How can I efficiently error check 15 choices, let alone think every one of them thoroughly?
"The way we can tell it's C# instead of Haskell is because it's nine lines instead of two." -- wadler
Font differences could eat up 20MB without a whole lot of problem, but the real question is why were there any differences at all?
Once a given configuration is tested and certified, it should be frozen and cloned. The machines should run tripwire before every election to insure they are all at this frozen state.
All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)
No, we're not missing that at all. It seems evident that the Chain of Command was either dazzled, baffled, or bribed into accepting these faulty machines from an ethically deficient corporation, and the only way the integrity of the voting process could be preserved was to solicit an independent examination into the machines' trustworthiness.
That the Chain of Command is now throwing a hissy fit about "warranty violations" serves only to illustrate that they are paying attention to the wrong things. Of course you independently test the machines. When you're dealing with something this important, you never believe the four-color glossies; you acquire your own facts and test stuff.
Schwab
Editor, A1-AAA AmeriCaptions
Computers are over-used. Why the hell do we need computer-operated toasters (yes, the good ol' simple toaster is often microprocessor-assisted)? Computers are overkill for deciding how light or dark your toast should be.
/, if I didn't think so) but I think we over-use them. Modern society treats the computer as the one-size-fits-all BFH. Computers are possibly the worst solution for elections because:
Likewise, computers are probably the wrong tool for voting. Accountability is removed, we've now put elections at risk of hardware crashes, software hacks, network mishaps, and so forth. Not only that, if the system IS hacked, how does one find that vote I cast against Hillary in the 2008 election? Are votes in hacked disgregarded in districts where the system has been tampered with (bad), or is the final result delayed until another election can be scheduled on a brand-new system (not quite as bad, but still bad?), or on paper (which takes us back to where we were in 2004)?
Computers are great tools (I wouldn't be on
- If networked, can be tampered with remotely, so no amount of police officers guarding over the machines can prevent against crackers
- If wireless, can be interfered with very easily
- Unless hardened, a highly-directional antenna with a moderate-power transmitter can interfere with the box's operation
- Where is the paper trail in the event of the above?
- Paper ballots can be counted under the supervision of both major parties and independents. Not possible with electronically-cast votes.
- If an exploit at the voting console is discovered, what can prevent ballot stuffing? With paper ballots, it's easy; if you drop more than one ballot in, at minimum you will be disallowed from dropping it in the box. Best scanario, you get arrested and charged with a federal crime for being such a dumbass.
In a republic where the representatives are elected democratically, abandoning the paper ballot is folly. Even with the pain of Florida elections arising because a handful of idiots cannot follow very clear arrows and directions, the paper ballot is the very best tool for electing officials. The election is documented with physical evidence, very easily supervised, and tampering is very easily discovered immediately and the idiots responsible being held responsible with very little investigation required.
Leave electronic voting technology up to surveys, unofficial NON-BINDING referenda (e.g., a referendum put forth for representatives to gather official majority public opinion), and the private sector.
Heck, even in IT, computers are not always the best solution for tracking all data or accomplishing all tasks.
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
Diebold shouldn't be worried about voters. They should be worried about volunteers who have access to the system. In that case, it's just as trivial for one of the volunteers to hack the system, and also print out fake paper trails as well.
No, the old ways are the best ways here, and they're adequate. A locked metal box with a slot in the top, where voters drop their ballots under the watchful eyes of multiple volunteers who are not only dedicated to the integrity of the process, but represent different political parties as well, is almost foolproof. In my area, when the polls close, the volunteers (all four of them) seal the box with tamper-evident tape and then sign their names over it. Then the box is transported by guards, accompanied by party reps and stored securely until the counting.
You don't want a paper trail. You want an auditable system. Your instincts tell you that paper is auditable. I don't agree.
I'm a professional security architect; I design and build high-security systems for a living, including designing and implement cryptographic protocols for all sorts of high-security systems. Regardless of what my instincts may or may not tell me, my experience and expertise tells me that bits are not trustworthy. I know just how hard it is to build an electronic system that is truly tight. All electronic security must build, in theory, on some known-good starting point, but with an election system there really isn't any such place to begin.
Actually, there is almost never any such place to begin. The real world doesn't provide those sorts of certainties. In security system design the way we address that issue is by spreading the risk; ensuring that the only way the system could be compromised is through the collusion of multiple parties who have good reasons not to collude. This applies to the designers of the system as well as its owners, operators and users.
Whether with paper in boxes or bits in whatever medium, to secure an election you *have* to provide detailed oversight by all interested parties at every stage. Using complex technology serves no purpose other than to artificially limit the number of people who are capable of understanding and verifying the steps. In contrast, given a paper solution, anyone who wants to can understand each step of the process by which ballots make it from voter to counter.
The safer thing to do is reassure the public by explaining the process.
Absolutely. And the safest thing to do is reassure the public by designing a process they can all understand, and then explaining that.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
What's "adequate"? Only "minor" voter fraud? Once every few elections? It's not like paper ballots haven't been forged before. They have. It's happened.
Sure. On a small scale, it will probably always happen. But that's better than making it possible for one person to modify *all* the votes. Much, much better.
Banks don't rely on four guys carrying a locked box of money when they transfer money.
Nope. They rely on 3DES encryption using a ZMK (zone master key) which was exchanged cryptographically separated into three pieces and delivered via three separate couriers to three separate executives at the remote bank, who assembled it in a key ceremony into a crypto box.
Which means, if you didn't catch it, that the three execs can collude, obtain the key and compromise all subsequent transfers. Or, alternatively, the three people on the sending end who obtained the key parts and mailed them.
*Every* real-world security system relies ultimately on people, and people are the weak link. The only protection you have is to spread the risk. Paper ballots allow the risk to be spread more easily and more widely than purely electronic systems.
Don't get me wrong: I love cryptography. I think it's so cool that I've spent a good chunk of my life working with it. But electronic security is really hard because you have so little to count on, and elections are even worse. The stakes are much higher than just about anything in the commercial world, and no one is truly neutral.
But the biggest reason that the techniques applied to banking and other commercial systems don't work is that elections simply cannot be fully auditable. If the three execs above colluded, compromised the key and then started performing fraudulent transactions it would be caught because bank transactions are fully auditable. The origin and destination of every transaction is traceable, and is verified by both sender and recipient (well, some people are lazy, but that's the theory). That sort of auditability is impossible with election systems because of the requirement that votes be anonymous. Since the ultimate originator of the vote *MUST* have no way to verify that his or her individual vote was properly traced throughout the system, we can't apply the same auditing techniques.
Votes have to be aggregated into anonymous lots, then collected together and tallied. With electronic vote represntations, all of that must, perforce, happen invisibly. Sure, we can try applying digital signatures, but those are only as strong as the signing process, the key management process and the systems that apply the signing. There are holes there you can drive a 747 through given people in the right place. And there are *lots* of "right" places.
With paper, on the other hand, lots of independent eyes can be applied at each step. With enough of them, the process is easy to make foolproof. The first, most dangerous, aggregation step is from the voter to the first collection receptacle. If it's done electronically, you have to ensure that the voting machine is guaranteed to be untamperable by anyone. That's VERY, VERY hard. With a paper ballot, on the other hand, the voter him/herself solves that problem, and watchers ensure that the voter doesn't stuff any extra votes in.
I'll put it this way: If you really think you can design an electronic voting system that is secure in the sense of making large-scale manipulations impossible, write up a detailed design and publish it. If you really do it, you'll immediately build yourself a reputation in the security industry because you'll have proven wrong, for example, the members of the National Committee for Voting Integrity, an organization of computer security experts including such people as David Chaum, Avi Rubin, Bruce Schneier, etc. Plus lots of others. In fact, pretty much every serious computer security expert on the planet has come out against pure electronic voting schemes, so you'll have raised yourself in
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
A broad outline of what happened to our state (and my county, Scioto County) because of Diebold machines is here. http://www.freepress.org/departments/display/19/20 05/1593
The article talks about memory cards and their problems, but there were about a dozen or more other problems with the setup, even disregarding the possibility of hacking.
Diebold has sold voting machines to Utah. Diebold is evil. They want to bully a poor innocent election clerk.
Funny as it sounds, that's exactly how it went here in my local county, and I was involved in the contracting process (A losing battle...word from "on high" was that you either choose Diebold or get no money from the state.) I pushed for another company because the Diebold submission was a load of technical crap.
And, best of all, nothing I've seen or read about since then (North Carolina, anyone?) has done anything to change my mind.
Never confuse movement with action. --Hemingway