Slashdot Mirror
Critical Security Hole Found in Diebold Machines
ckswift writes "From security expert Bruce Schneier's blog, a major security hole has been found in Diebold voting machines." From the article: "The hole is considered more worrisome than most security problems discovered on modern voting machines, such as weak encryption, easily pickable locks and use of the same, weak password nationwide. Armed with a little basic knowledge of Diebold voting systems and a standard component available at any computer store, someone with a minute or two of access to a Diebold touch screen could load virtually any software into the machine and disable it, redistribute votes or alter its performance in myriad ways."
Well, this seems very insecure to me. BBV criticizes the three layer architecture and states that it would be very easy to target it three different ways (at each layer):
The article talks about a "standard tool you can buy at any computer store" and I believe this is referring to a PCMCIA card (what you use in laptops). I guess these are used to boot, upgrade & ready the machines for use. They do not go into detail but I wager that using a PCMCIA card with a USB port on it, you could load your own data from a thumb/pen drive. This would be small and easy to carry in. If you had access to it outside of the voting window, you could potentially use a PCMCIA card that functions as a NIC (probably with RJ45 cable port) to use cross over cable and a laptop for a 'live' attack.
My work here is dung.
Considering that Walden O'Dell, chief executive of Diebold Inc., was quoted in August of 2003 as saying that he was "committed to helping Ohio deliver its electoral votes to the president next year", this shouldn't be too surprising.
____
~ |rip/\/\aster /\/\onkey
So the closed-source company with apparent links to the incumbent government and a record of blocking any attempts to investigate their code turn out to have security flaws?
Okay - closed-source versus open-source is a non-issue, but I expected something like this from Diebold sooner or later.
I'm seriously worried though. Here in Australia a lot of ATMs have been replaced recently with shiny new Diebold machines. I've no doubt they're harder to hack, but it's not an encouraging sign.
There are shills on slashdot. Apparently, I'm one of them.
REALLY. OMG. Who'd a thunkit.
seriously, that practices going on around this company made me assume that such a thing was possible. security through obscurity was the mantra i kept hearing from diebold, which to me translates as a few people get to have holes that the majority don't know enough about to stop. 3rd party audit people. even if it's not released publicly.
Is the possibility that someone with a little bit of knowledge could determine the outcome of a vote really that bad?
Pi Ran Out
Diebold can make a box that handles your money with no issues. They make a voting machine that is atrocious and faulty. Goes to show where priorities lie across the board.
Installing "Goatse.cx Screensaver", please wait...
- chrish
It's true!
:)
I have officially been double-burned, and I deserve it!
-- http://www.MindBlowingPhotos.com
Photography inspired by music, nature and life itself.
A Finnish computer expert working with Black Box Voting, a nonprofit organization critical of electronic voting, found the security hole in March after Emery County, Utah, was forced by state officials to accept Diebold touch screens, and a local elections official let the expert examine the machines.
Black Box Voting was to issue two reports today on the security hole, one of limited distribution that explains the vulnerability fully and one for public release that withholds key technical details.
The computer expert, Harri Hursti, quietly sent word of the vulnerability in March to several computer scientists who advise various states on voting systems. At least two of those scientists verified some or all of Hursti's findings. Several notified their states and requested meetings with Diebold to understand the problem.
Oh, those plucky Finns and the trouble they cause...
Does anybody get the idea that Diebold simply threw these machines together, cobbled the code together from stuff lying around the shop, slapped some paint on them, and expected states to use them no questions asked? You would think somewhere along the line, someone would have stood up at a development meeting and said, "we'd better make sure these things are secure."
Diebold will of course now hem, haw, blame others, attack the media and anti-electronic voting groups, and reluctantly fix the problem. Just in time for the next one to crop up. Do they have any competition in this market? I don't hear a lot about other companies creating voting machines -- either there aren't any or they do a lot better job.
GetOuttaMySpace - The Anti-Social Network
I have noticed that last time I took some cash from BoA ATM machine.
This is scary.
I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
I'm getting myself elected emporor!
It's good to use your head, but not as a battering ram.
That's right. We've seen this before.
Turns out Diebold has a strong interest in keeping their security systems proprietary.
If my vote gets lost, I can get sued under various laws that come into existence because of this (DMCA/PATRIOT-ACT/etc).
Why go to the trouble to rig a machine when you can just bribe the electoral college? Wouldn't that be a much more effective way to swing an election, since they are the ones that actually do the voting?
stuff |
As the article you quoted states: And as USA Today reported:
My work here is dung.
What's so bad about the optical scanners and the ballots where you fill in a circle? I remember a study that showed they were the most secure, you have a paper trail, and any idiot can figure it out after 13 years of standardized testing. Electronic voting, on the other hand, smacks of boodoggle, fraud & overall shoddiness.
Why does Diebold design these machines in such a way that they *CAN* be hacked? I think that involving an Operating System and software in the design of such a machine is a critical error. As a computer engineer, I realize that overcomplicating things can lead to errors. DSP's can make hardware extremely cheap, but there are places where analog circuits are cheaper and more realiable! Why hasn't Diebold designed a hardwired electronic circuit or a mechanical system with failsafes such that the machine can't be hacked, and the wrong candidate will not be selected if the machine fails? There are so many places where their current design can and will go wrong. I believe that it's time for these loonies (or preferrably someone else who has more sense) to come up with a more rudimentary and failsafe design!
... surely only an EVIL TERR'IST would do such a thing, right?
How come no political party makes this a central campaign argument ?
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
Jeez...what's everyone so paranoid about? How could a hacker possibly get access to a voting machine for a minute or two with enough privacy to load malicious software? He'd need to find one that for some reason or another had a curtain around it and hope no one thinks it's suspicious that he'd be in there alone with the machine.
On the otherhand you could see this working in favour of the geek. After all only someone with sufficient geek knowledge could rig the voting in their favour. Unlike the current paper systems which any f**kwit can abuse.
Maybe the geek will inherit the earth after all
-- "Can't sleep, clowns will eat me!"
Come on. Tell us something we didn't know.
OK. OLN has hired a man named Stanley Cup to promote the NHL playoffs this year.
>> "What would the robut do? Frame someone!"
It's pointless talking about securing something that's inherently a terrible idea. You can't have voting performed by something that is, for most people, magical.
A good way to be certain these machines are sending the correct votes is to have a paper trail. When a person votes, a transaction id and their vote are printed to a piece of card or something, which is then put in a ballot box.
To verify that no votes have been sent by the machine without interaction, a random set of votes is selected from the result the machine sent and these are checked against the paper votes. To check that all votes have been sent correctly, a random set of paper votes are checked against the records sent by the machine. If either of these doesn't correlate, the paper votes are always assumed to be correct.
Even if this were to happen, it would (probably) take almost as much effort as counting the votes by hand!
<sarcasm>Far be it from me to perpetuate Slashdot cliches</sarcasm> but
- Will it run Linux, and
- Imagine a Beowulf cluster of these!
Ladies and gentlemen, I give you President Torvalds...You might get to vote for Tim P Gary K or Gordon E.
"Elect 2006" - A 32 bit patch for a 16 bit interface to an 8 bit OS designed for a 4 bit chip
from a 2 bit company that can't stand 1 bit of democracy.
Domestic spying is now "Benign Information Gathering"
Never attribute to conspiracy what can be easily attributed to greed.
Diebold's marketdroids have, I'm sure, come up with the ideal price point for electronic voting machines. I don't know exactly what it is, but it's got to be something less than the old mechanical "pull the lever" machines, but still substantial.
Since the price is basically fixed, they then have a motivation to produce the cheapest, shoddiest piece of shit that they possibly can, to maximize their profit.
I have no doubt that, if a major company really wanted to, they could probably make a reasonably secure electronic voting machine. We have -- as you pointed out -- reasonably secure ATM machines. There's not something magical about making a voting machine: they could build it like an ATM, run it on the software platform that drives ATMs (OS/2, in many cases, I think), and give it all the same physical and data security. Coupled with procedural safeguards (paper trail, periodic inspections on voting day), I would feel comfortable using one.
However, all this would do one of two things: 1, it would cut into Diebold's profits, or 2, it would cause the machines to be so expensive that municipalities would rethink replacing their existing machines, or rethink using electronic voting as opposed to mechanical machines or other alternatives.
There's no giant right-wing tinfoil hat conspiracy going on. They're just applying the Wal-Mart Method to voting machines: figure out what people are willing to pay, and then deliver them the cheapest piece of shit that barely fills their requirements (but does it poorly), in order to maximize your margins.
To be perfectly honest, I can't fault Diebold for this. People love to demonize them, but they're not the worst actors in all of this. What they're doing ought to come as a surprise to nobody. The people who have every last bit of the blame for the cockup that this situation has turned into -- and it's only going to get worse -- are the local governments who have accepted the shit that Diebold is turning out.
If a company turns out a shoddy product, we need to tell them that's not acceptable by refusing to buy it. If they make cheap crap, and we buy it, then we might as well just bend over and say "thank you sir, may I have another!"
It's easy to demonize Diebold because there's only one of them; but really the people you need to be looking at are the asshats that decided to adopt their shitty equipment and use it to record your votes.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Does anyone else think that Diebold invests in the Heisenbergian theory of security? You just have to trust that it's secure, and if you look to see if it really is, then it may not be.
Suppose DieBOLD's ATM machines had a backdoor key sequence that would enable me to get the whole stack of 20's. How long would it take them to slam that door shut?
When the people fear their government, there is tyranny; when the government fears the people, there is liberty.
A little searching here on /. and Google will remind people how these kinds of issues have come up with Diebold Touch Screen Voting Machines before. I have to wonder why they, in particluar, seem to have more problems than other voting maching manufacturers? (no sarcasm intended).
Most of the articles I have read, including this one, point to the fact that it can only be done by someone who knows how the system works and has the correct tools, lending some politicos (including Diebold reps) to say that they really aren't that vulnerable at all or that the problem is not serious. But stakeholders in elections results are precisely the people who could have someone in-the-know and with the correct tools manipulate the results just enough to tip the scales in one candidates favor or another. California realized this and dumped Diebold. Close elections happen all the time, so possible (even plausible) scenarios are not to hard to imagine. If a Diebold machine can be rerogrammed or altered for voting results, even the "verifiable paper trail" could be made to print out alternative results (for those who don't bother to look at the print-out window).
As an Ohio voter who has used one of these machines, I think I am going to have to vote absentee from now on, since a newly passed Ohio law permits me to do so far any reason at all (e.g. I dont want to vote on a vulnerable touch screen machine).
For me, this is one more poignient example of how proprietary voting technology leaves room for problems and the need for transparency with it by proper (preferably Federal) legislation.
uR iGn0ranc3, Their Power
---sung to the tune of Woody Guthrie's Hard Travelling
D
Diebold's stealing elections, I thought you knowed.
Diebold's stealing elections
A7
on machines with closed source code.
D
We dont need no double dealing,
G
electronic vote stealing.
A7
Diebold's stealing elections,
D
Lord.
Diebold's stealing our votes, the right that makes us free.
Diebold's stealing our votes, oh cant you see.
How can they say I'm free if their machines can vote for me?
Diebold's stealing our votes, Lord.
Diebold's stealing our votes, I thoought you knowed.
They've been shredding the paper trail at the end of the road.
It doesn't matter who you choose, when you're sure you're gonna lose.
Diebold's stealing our votes, Lord.
I'm gonna vote with pen and paper I thought you knowed.
I'm gonna see it counted at the end of the road.
I'm gonna vote with pen and paper so I know that there's a record.
And I'm gonna go vote my conscience Lord.
A quick couple of notes (so to speak)...
The chords are right as far as I know. The words are mine, though they dont fit quite right in all the places. Either apply Tom Leherer's rule that "it doesnt even matter if you fit a few extra syllables into a line" or use the folk process to make it fit so you can sing it.
Also, I've got one line with no verse to put around it...
"Voting wont be so scary if the countings not binary"
The main thrust of this song is to educate and protest on the issue of electronic voting. I am a New York State resident and for those who dont know we are being sued by the feds to upgrade our nice mechanical voting machines to electronic voting. If we do not they are going to withhold federal money for the upkeep of our voting system. This is blackmail, the same kind of blackmail that was used to put the 55 mph speed limit in place.
Our voting machines have worked for a century with the same design. We trust them to do the job and know where the flaws and weak spots in the security are. We, as a group, when polled, do not show a desire to change the system at this point and our state voting commission and legeslative review boards have rejected electronic voting as an unsecure and immature technology. The peculiarities of how a state does it's voting is a state's right to decide, which is why different states have different rules about every aspect of the electoral process. Some states are proportional, some are by district. Some states use machines and others use punchcards. Election laws are made at the local level.
The lawsuit by the federal government smacks of blackmail and manipulation. Why is the federal gov trying to control the electoral process at the local level? What do they hope to gain?
Where I am in Ohio we just had news break of a huge voting scam where people were shaving the chads off of the cards for the candidates they wanted to win and leaving the others.
One of the problems I have with democracy is that it's naturally subject to this kind of manipulation. Are there any possible solutions to remedy this? I don't think more oversight will work, because who will watch those that are doing the watching? Any suggestions are welcome, but until I hear of a practical way to stop voting fraud I will treat any election results we have with a huge grain of salt.
Haven't they yet discover that the screen is also a fingerprint sensor that matches your identity against a database of all your phone calls, everywhere you traveled and everything you bought with your credit card?
Think about it...ATMs are the machines you want to go after, with the large sums of $$$ and all, but besides the obvious security cameras and such, they're typically embedded in a wall; you have access to the slot for the card, the screen, and buttons (if it has buttons). You can't tamper with the machines if you're not given any way to do so. Yes, there are free-standing ATMs but they are like today's voting machines...untrustworthy and I won't use 'em.
So why not design the voting machines in such a way as that you can't get access to anything but the screen? I'm thinking of something like sinking them in a table or somesuch so you can only touch the screen and nothing more. I remember the lever-based voting machines I used kept all the "good stuff" in back, outside the curtain; if you wanted to tamper with that, you did it in the full view of the public.
"Maryland did not go for Bush in the last election, despite using Diebold machines."
The difference is that Maryland didn't matter one bit to the election, whereas Ohio was seen as crucial. So, anyone with a conspiracy theory would see Maryland's results as the Diebold folks covering their asses.
Searching our phone records without a warrant. Torture. Secret Prisons. Lying to get us into a war. Do you think a corporation that has ties to the current administration ginning up the voting machines to rig elections is out of the question? It's probably already too late for elections to make a difference. I'm starting to think only massive civil disobedience along the lines of a general strike will have any effect on us getting our nation back. I understand that anything that threatens to disrupt you playing with your XBox 360 is unthinkable, but it just might be time to take to the streets.
You are welcome on my lawn.
"you wouldn't let a FACT stand in the way of just repeating talking points about how elections were stolen."
*I* didn't make any claims one way or the other, except that using Diebold machines is a horrible idea, which is a claim that is backed up by the article. All I did was ask for the previous poster to support his claims. I most certainly did not say that the election was stolen, and the person I replied to did not post any facts for me to let stand in the way, let alone sources I could use to verify them.
I appreciate your answers to my questions, but they'd be better if:
1. you gave me a link or something else I can use to verify what you're saying, and
2. you weren't being an ass to someone who's merely asking questions. All it does is make me suspicious of your claims.
In my opinion everyone with a decent school education (or even without) should be able to overview (and even hold) an election. You can do this with pen and paper, but not with a complex black box. So we help 5% of the population to vote by locking out 100% (minus 5 diebold engineers) when it comes do counting the votes.
.....kidding
This is a voting machine, not a toaster! Even my mobile phone doesn't allow flashing of unsigned firmware.
But unlike a phone, voting machine is a multi-user device, which should be secure by design at every level.
So, maybe in this case Trusted Computing may find one of a few of its good applications?
Rediculous is ridiculous!
This whole article is a violation of the Digital Millenium Copyright Act. Bruce Schneir, and the terrorist Finn Harry Hursti should both be locked up!
you've got it all wrong. Its going to run Microsoft Windows Election Edition or (Wee). Bill Gates will be included as the default candidate. Any person choosing another candidate will immediately recieve a BSOD.
"When the people fear the government, there is tyranny. When the government fears the people, there is liberty."
is an is an egregiously inappropriate use of technology and only makes fraud easier by increasing the opacity of the system. It is rather like using a remote control laser scalpel to do pedicures and the use of paper reciepts from the computer are like welding a pair of cuticle scissors to the laser scalple, utterly absurd and useless. They will never be used, and are just an added coplexity and another avenue for manipulation.
.
There are only three kinds of people that accept "electronic voting systems"
1) Those that develop and manufacture them (jobs and profit!, (and control where they overlap with #3 below)) as well as those that are simply enamoured of the technological challenge to make it work even though there is NO compelling reason for applying any technology more complex than a paper ballot and a pen to this particular problem.
2) Those who are ignorant enough to believe that "computers can't lie so this must be better, besides it's so much easier to use than wielding a pen or a punch, besides it's prettier and so modern. Also those that just blindly trust the system and go along with "whatever".
3) The people who realise that not only does increased automation reduce the number of people involved in the process and therefore the number of people with an interest in the process but that overt or covert control of the system (now easier becuase of the concentration of control) not only guarantees their success in elections, they can present it both as a means to correct the abuses of the previous system that were so problematic in past elections (without mentioning that the prior/current system is more difficult and costly to manipulate) and as opportunities to most of the people in #1 above.
Yes people can stuff ballot boxes, and vote from the grave etc. with paper ballots. But with paper ballots and physical counts, the electorate must be more involved in the process and oversight. Simplicity in the system is essential for there to be any sembelance of transparancy.
What is interesting in Maryland, is that you do not need any ID in order to vote. Just go into your precinct, give your name and address, sign a card and vote. So, if you know the name and address of someone and beat them to the precinct, you can vote in their place (assuming the poll workers don't know you or the person being impersonated). Afterwards, if the real person comes in, they would need to file a provisional ballot and fight to have the other vote somehow taken away.
Why they can't require some form of photo ID is beyond me. Though, I have heard of lawsuits in other states that do require photo ID, as being intrusive and thus somehow impeding voter's rights. I guess they equate having to pay to get a state issued ID card as the same as paying a poll tax. That could be corrected by simply providing the state issued IDs (for those that don't drive) for free.
headline : "National elections rigged!" There. You hooked Bobby. Unethical ? Well give the facts in TFA. If Bobby still believes Iraq had WMDs, I don't see anything unethical in telling him what he must believe before the facts about he doesn't care.
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
One could argue that it may have happened already...in 2004...in Ohio.
Yeah, yeah, I know.... So it's a troll.
I wouldn't say the core problem of voting is faulty machines in itself but voter apathy and centralized voting commitee.
What we really need is either two things:
1. Election Day as a National Holiday (like 4th of July or Christmas) in which everyone gets off of work to go vote. And make a big deal out of Americans participating in the election.
2. Make it easier to vote. During the 2004 election, many places out 2-4 hour waits to vote. If you had to work that day, well... Many people gave up and went to work.
3. Allow internet voting or easier absentee voting. The above two problems would be a moot point if we could simply use our SSN with a pre-registered form of our current verifiable address (with our drivers license or state ID) and then just.
This should be controlled at State and even more local levels... Internet voting should not be controled or regulated at the Federal level.
Still... I doubt any of these things are going to happen any time soon so I'm going to be proactive and just ask work to give me the day off for election day.
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
Footnote 2 in http://www.blackboxvoting.org/BBVtsxstudy.pdf Files found by Bev Harris on Diebold FTP site Jan. 23, 2003 is not referenced in the body - probably refers to the filenames that were redacted. Anybody gone to the site to check what they are?
One of Diebold's competitors, ES&S, has their own troubles, but their machines are far more prorprietary and thus more obscure. You would need more specialized software and equipment to hack the iVotronic.
NB: This is not an endorsement of obscurity-based security. Even if a voting machine is not tampered with by outsiders it is still subject to deliberate and accidental errors introduced by those with legitimate access, up to and including the manufacturer.
As to Federal legislation . . . the source code for voting machines is supposed to be run by independent third-party auditors to ensure that the machines operate as intended. I'm sure everyone here can think of many ways this process could be circumvented, e.g. programming the machine with firmware compiled from non-reviewed source.
I am not a crackpot.
What kind of genius honestly believed going to a computerized system was going to be more secure and solve everyone's problems?
...it's not a "security hole" if it was designed that way to begin with. It provides a great illusion of voting while maintaining the status quo, okay? Everyone's happy this way... Of course there's "security holes" everywhere, they weren't designed to be secure to begin with.
Judges and senates have been bought for gold; Esteem and love were never to be sold.
Yup, the D/R party is a Duopoly. One beast with two heads.
Constitutionally Correct
If there were enough flagrant changes to voting machine records, people might finally start yelling about it. Maybe Bozo the clown should win in a nationwide vote?
I drank what? -- Socrates
1: Saves engineering time and money to use commodity components, both hardware and software.
2. Easy to upgrade/update/patch in the field is a good selling point. In this case, "hack" is s synonym of "upgrade", so hacking is possible, too.
ATMs are more secure because the customers (banks) demand more security. Paper tape transaction logs are an excellent audit tool in case something goes wrong, whether intentional or accidental. If your voting machine had such an audit trail, we wouldn't need to place as much faith in the integrity of the equipment. Of course the equipment's reliability would probably also increase, since an audit trail would eventually catch defective or subversive systems -- a voting machine manufacturer wouldn't like to be in a position of having to explain discrepencies where a paper trail was present.
I am not a crackpot.
The problem with the the current design of voting machines is not the reliability of the machines, but the general design of the voting system. A good design is needed such that even an insider that can internally modify the voting machine is unable to affect the voting outcome. Before a voter leaves the voting booth, their votes should be recorded off-site in multiple locations, and they should get a receipt with an anonymous vote serial number with a validation hash that can be re-checked at a later time so that the voter knows their vote is not currupted. Is that idea too simple? Are there no decent cryptographers on the team? Are the designs being managed by lawyers?
.... but it's digitaaaaal!
This too, will end.
...because this device allows Republicans to win races they otherwise would lose. As long as their machines ensure Republican wins there will be no stopping them.
Note that this has nothing to do with whether or not the Republican candidate is the better or worse person. This is about a simple numbers game being played by our President and the corporations that wanted him in power. They want as many Republicans elected as possible to secure their power base and Diebold helps provide that.
Power works very hard to remain powerful and there's no saying that a Democratic government might not try the same dirty tricks. But right now this is a Republican Constitution-Bypass device.
empowers more people to vote. While someone will of course raise the point that these paper ballots
are still counted by OCR machines(computers), there are certified auditors from all parties
allowed to oversee the sorting and counting processes.
Now, vote by mail does introduce several of its own problems unique to mailing paper ballots and verifying signatures....
but I feel so much more confident knowing that my vote is still cast on a piece of paper that can be counted
and recounted if there are any problems. I think that more states should give it some consideration over voting machines.
Here is a basic FAQ: http://www.co.multnomah.or.us/dbcs/elections/elect ion_information/voting_in_oregon.shtml
Item 1 - There is NO SUCH THING AS UNBREAKABLE SECURITY. This is a fact. Get over it.
Item 2 - Most electronic voting does not allow for an adequate paper audit trail. All other electronic transactions have paper counterparts that create an audit trail that can be used to reconstruct the various transactions in the case of file loss, data corruption, hacking, etc. Can you imagine what would have happened in Florida without the paper ballots to go back to??
Item 3 - Since no one from any party is qualified or even allowed to review the code that runs the machines, no one really knows what it's doing. You have to just vote and hope for the best. I find that to be unacceptable.
Item 4 - These machines do not work well and they are not "ready for prime time". Why communities roll them out as the only means avaiable for voting is beyond me. I think that they should be tested carefully by having voters vote on paper and electronically for a period of time. The results from the paper ballots and the eletronic ones should be tested and checked until they match.
Item 5 - The source code for the ballot machines should be posted on the internet for review.
Item 6 - I could build a more secure machine in 15 minutes in my garage than Diebold has, spending millions of dollars in R&D. Who is vetting the designs of these devices before they're foisted off on an ill-informed public?
Just my usual 2 cents,
Queen B
HDGary secures my bank
It seems obvious to me that the Diebold machines will NEVER be secure. They are utterly too complex (and expensive) for the simple task that they are given.
In order for a voting system to provide a sense of validity, it must be simple enough that even the layperson can understand how the entire system works. Replace acryonms TCP/IP, SQL, SSL, PCMCIA, USB, and WinCE with the acronyms ROM, EEPROM, and PIC and you've simplified the system by many orders of magnitude. Not to mention the fact that the system would actually be auditable. Add a failsafe into the overall system that only allows each election worker a small number of votes that he/she could possibly tamper with and we're getting somewhere. Add a reciept printing device that has no hooks into the vote tallying mechanism and we're there.
The Indian model is a step in the right direction. It should be emulated and expanded (by adding the paper audit trail).
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-U
Have the machine beep when an access cover is opened to a port to enable reprogramming. Opening the cover would require breaking tamper resistent tape and require a new code word to reprogram. The code word would be written to a write-once chip. The new code word must be different from prior ones. Code words would change daily and be available over the internet. The machine's Bios would require unsoldering a chip to change, on boot up it would display the last few code words for 10 seconds before beginning the reprogrammable code.
The use of paper ballots offers advantages over any electronic system.
Paper ballots encourage traditional vote stealing, keeping us in touch with our history. The counting of paper ballots can be very slow, providing grist for the 24-hour news cycle. Paper ballots must be protected, providing security work for those who might otherwise be unemployed.
Yup. South Dakota requires a photo ID to vote. Unfortunately that requirement apparently qualifies as "racist," because not all Native Americans have drivers' licenses. All sorts of activists whined about that for a long time after it was enacted 2 years ago.
Of course the best part is, the ID really isn't necessary. If you don't have it you just sign a waiver saying, "Yes I really am so-and-so," and they let you vote. The law basically says: "You must bring a photo ID to the polling place. But if you don't, that's OK too, we'll still let you vote, no problem."
Can anyone give me a good reason that there isn't a FOSS project to do this?
I could see this being written in something like Python, using hash verification of the sources against a central, *published* list.
The reason I'd pick a scripting language is that compilation requires a certain level of trust that the binary came from the same source as the public is able to see. By using a scripting language, this issue is obviated, since the program can be examined directly. The hashes make sure no one fires up a text editor to monkey around. That, coupled with read-only filesystems, and some other basic measures should make this system lots more trustworthy.
People will always say that the python/ruby/perl/whatever binary could have been altered, but that's much more difficult. They can also have their hashes compared against the hashes of the publicly available binaries.
Maybe even have a daemon that re-hashes everything every 15 minutes, use FAM/inode notify/etc to watch the files for changes, stuff like that. Maybe even the machine resets every 20 votes and does an integrity check on startup against a known-good reference copy.
There are so many ways to check and double check -- proactively and reactively -- and these are already available in the OSS world. The only remaining piece is to write the voting software itself. I imagine that this can be accomplished before the 2012 elections -- maybe even have its maiden run in smaller Congressional elections.
I think there are enough people in the public with an interest in making sure this goes well that finding testers ("breakers") shouldn't be too hard. There can be a QA team whose sole purpose is to break the security of the system. If they can do it, the security is fixed and there's one less vector for attack.
After the software matures a few years, takes its beatings from QA, I'm sure it'll be a much better alternative to Diebold -- cheaper, and transparent.
Another thing about the OSS community is that there are all politics involved. Finding a Republican, Democrat, and independent to approve all source checkins shouldn't be too difficult. Their interest is to verify that a given CVS commit wouldn't put them to a disadvantage.
If I had more time, I'd even start this project myself. In fact, I just might anyway, and maybe someone else could be co-lead or something. I wouldn't even mind my company putting in money to buy prototype hardware to run it. I'm sure there'd be lots of donations from the OSS crowd too, so I can't really see hardware being a problem. Once we have something to show, the units can be built to order as they're adopted.
Meh - just brainstorming.Take it for what you will.
The fact that the whole system is much less accountable and more open to abuse and attacks than a physical system is more an issue that not of the involved people (voting officials and Diebold) just don't care about than one that I expect that they intend to personally exploit.
What gets me is that Diebold makes these types of machines for 2 completely different industries - 1) the financial industry, and 2) the Government. From what I understand, the ATM's are pretty secure and yet these voting booth's can't even do 100% of the time what the abacus does, let alone security... What's ironic though is the purpose of these machines is convenience in industry #1, while supposed to provide accuracy if nothing else in industry #2 - which ultimately picks the head honcho of industry #1. Wouldn't this ultimately mean that Diebold is negatively impacting industry #1 to some degree?
The differences is between moving a physical ballot box, and changing an abstract concept stored on a hard drive. Mass changes are easier to make, and harder to trace.
Paper is inherently more secure - and at the very least one will notice when something's "off".
Last post!
I've questioned why we don't do something like this, and have the reading done by OCR.
To reduce errors you'd have to have a few rules: first, no corrections. If you fuck up, new ballot for you. (I'd prefer if you fuck up, no vote for you, but I'm guessing that won't fly.) Second, the marks have to be very distinct. That's why I'd use bingo blotters. They're like really huge magic markers that basically soak through the paper. Every old fart knows how to use one, and you could make them have to color in a fairly substantial area (like a square inch or larger) so that they can't just accidentally touch the blotter to the paper. Important elections (Presidential, Governor, etc.) go on rather largish sheets of paper, and each candidate gets a big area, with dead space in between the marking areas for each candidate equal to 5x the diameter of the marking area. So even if you're a real retard and don't color inside the lines, you've still got a lot of ways to go before you get over to the next candidate's box.
Also, there would be a test box. Just a blank box in the corner that you'd fill out, in order to make sure your marker was working and that you had the hang of things. Also, it gives the reader (human or machine) a comparison point to see what their actual marks will probably look like. (E.g. "Oh, this idiot only likes to circle the box, instead of filling it in; that's why the machine didn't read it.")
Perhaps most importantly, the indicative boxes that you mark are not placed symmetrically on the page. That is, they are placed so that they're not the same distance from the top as they are to the bottom, or from the left as on the right. This is important, since it means you can read the ballot electronically without having to orient them in one way or the other, just by measuring the distance from the mark to the edges of the sheet.
Then, use a dye in the blotters that's UV-reflective (or UV absorbent). That way they're very distinctive and easy to read through a scanning system. I'm pretty sure any pigment based marker/blotter would work here. These systems are already in existence -- the postal service uses them for automatically canceling stamps on letters (stamps are UV reflective). But the point is you can OCR them by just looking at the position on the page of the marks, you don't need punchcard-style index corners (although we'd have those too, for extra security).
I think the other thing that would help is if you gave the election officials more time between voting day and when they were expected to certify the results. Like two weeks, at a minimum. There's really no reason people should be rushing with this. Back the election up a little ways if need be, but the idea that the polls should close at 8pm and the results should be certified by 10pm is crap, and it can only lead to bad things happening ("oops! Look at this, we forgot a box of ballots! Oh, well, too late now!"). Elections are too important to rush through.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
This whole electronic voting thing is a fiasco so far. We need to slow this down and do it right. Or just stick to optical scan ballots. They do in fact work.
Ah, but you can game optical scan ballots too.
You can also corrupt the counting machines to incorrectly report the totals. There are several ways to do this that would be fiendishly difficult to detect without manually counting the ballots.
But this isn't just about the machines. We also need to impose some accountability on the whole process, and the people who are abusing it.
-- MarkusQ
It's called the "Pinecone and Birchbark system".
If you want to vote for the guy in power you put a pinecone in the box. If you want to vote for the other guy you put a piece of birchbark in the box.
On the plus side it's ecologically friendly and you don't have to worry about voting machines or loose chads.
Although after a hundred or more people have voted the box can get pretty heavy with all those pinecones and birchbark and weigh a few kilometers.
(with apologies to Rick Mercer)
Shut them down, throw them away, invalidate anything these things touched. Republican partisans own and run the companies that make these damned things, first, and second it doesn't take much to reach out and flip some votes, undetectably. Computer geeks think that computers are cool and any system can be made secure. BUT. NOT IF THE SYSTEM WAS DESIGNED TO BE MANIPULATED FROM THE GETGO. There is no defense against malice. Not open code, not monitors, nothing can stop a system that was made to be gamed. They can be hacked at the terminal, the accumulator, the network, the aggregation boxes. Even if the code is known, the code can be changed in memory on the fly without a trace. Which is the IDEA.
Canada still uses manual counts, and they get the job done in hours. People counting cards are faster than malfunctioning and manipulated boxen. Counting cardboard gets slow when a political party flies in thousands of operative to jam the progress. A full manual recount of Dade would have been completed in less than 24 hours if the Supreme Court hadn't shut it down.
We're being conned, people.
Get rid of these things, or Jeb Bush will be president in 2008.
Is it just me or is this just begging to have someone wander round flashing voting machines to do something useful like play pong?
Wait... WHAT???
I take that to mean that elections officials intend to continue using the machines! Are we insane?
http://outcampaign.org/
I call baloney.
After 2000 I don't recall hearing anybody plead for computer voting machines. Back up your claim - where did anybody cry out for computerized systems after 2000?
The more local the election boards, the less likely that a wide-spread, concerted, and coordinated effort to perpetrate voter fraud can occur. When the original post states that "government" is whom we should be protecting this from, I'm sure the meaning of government is closer to central government than local government. There is an important distinction -- and I don't think it's "anti-government Slashdot pandering" to say so.
quiquid id est, timeo puellas et oscula dantes.
don't use electronic voting machines?
They will be the knife that will (finally) kill democracy in these United States.
Get your Unix fortune now!
the fact remains that Diebold has shown themselves to be capable of making reasonably secure ATM machines.
That run Windows?
BTW, why do I have to post this every freaking time Diebold comes up on slashdot? Well maybe this will brighten your day: Diebold posters, and my favorite
Get your Unix fortune now!
I'm sorry, folks - but this is what you get when you try to apply technology inapproriatly.
KISS - remember that? KEEP IT SIMPLE, STUPID
What you're doing with ANy form of electronic voting machine in unnecessarily complicating the entire process. Why the hell don't you just give out paper ballots, mark them, and count them - they way they do everywhere else in the world?
This is just a self-inflicted injoury
Avi Rubin, one of the original researchers from Johns Hopkins who did the analysis on the Diebold voting machines before, gave a very good talk at Loyola College about Diebold's incompetence.
I filmed it and it is available on Google Video: Election Insecurity
You're ruining it!
*pout*...
Oh, those plucky Finns and the trouble they cause...
Lissen up, Bub -- play a game of "Crazee" with a Finn and you WILL lose. 'Specially the Finns paid up with "Bob"
According to the New York Times. Who do you trust more, the New York Times or Jeb Bush.
Inventions have long since reached their limit, and I see no hope for further development.-- Frontinus, 1st cent. AD
which is a polite word for how voting machine vendors influence election officials